Instead of using the Profiles population wizard, you can manually populate the
database.
Before you begin
You can populate the Profiles database manually, as described here, or with the help
of the population wizard as described in the Using the Profiles population wizard
topic. You might choose to manually populate the database to take advantage of functionality
not provided by the wizard, such as anonymous LDAP access, large data sets, and property
configuration other than what is provided by the wizard, for example alternate source options.
Note: Additional and related information about configuration and mapping properties may be
available in the Using the Profiles population wizard topic.
Before starting this task, you must complete the steps in the
Mapping fields manually topic. You must set up the mapping file before starting
this task.
(AIX® only). An AIX limitation causes a file naming error when you extract the
tdisol.tar archive. The system renames the
profile-links.xsd to profile-links.xs. To resolve
this issue, use the GNU Tar program, version 1.14 or higher, to extract the archive. Download
the program from ftp://ftp.gnu.org/gnu/tar/ and install it as the default tar utility in the path. The
default location for GNU Tar is /usr/local/bin.
The internal name of the Profiles database is
PEOPLEDB.
About this task
After installing the Profiles database and defining mapping and validation, complete
the following steps to populate the Profiles database:
Procedure
-
Update the profiles_tdi.properties file to specify values for the
following properties.
Note: To locate this file, extract the tdisol.tar|zip file from
the tdisol directory in your IBM® Connections installation media. After extraction, the file is located in the
tdisol.tar|zip/tdisol/TDI
directory.
Note: To locate this file, change to the TDI solution directory that you
created in the Configuring IBM Tivoli® Directory Integratortopic. The file is located in the
TDI_solution_directory/TDI directory.
The following list contains properties that you must review. Edit any
property values that require editing for your configuration.
- source_ldap_url
- Universal resource locator of the LDAP directory. Enables programs to access the
LDAP directory. Use the following syntax to specify the
value:
source_ldap_url=ldap://myldap.enterprise.example.com:389
- source_ldap_user_login
- If you cannot use Anonymous search, a user login name is required . Use the
following syntax to specify the
value:
source_ldap_user_login=uid=wpsbind,cn=users,l=Bedford Falls,
st=New York,c=US,ou=Enterprise,o=Sales Division,dc=example,dc=com
- source_ldap_user_password
- If you cannot use anonymous search, a user password is required, along with user
login name. Use the following syntax to specify the
value:
{protect}-source_ldap_user_password=wpsbind
Note: Tivoli Directory
Integrator automatically encrypts any
properties which have the {protect} prefix. If you do not want to encrypt these
properties, remove the {protect} prefix.
- source_ldap_search_base
- A portion of the LDAP DN that must be part of all entries processed. This base
usually contains the expected organization (o) value, such as
source_ldap_search_base=o=ibm.com
. Use the following syntax to
specify the
value:source_ldap_search_base=l=Bedford Falls,st=New York,c=US,
ou=Enterprise,o=Sales Division,dc=example,dc=com
- source_ldap_search_filter
- A search filter to further refine the entries used. A typical value might be
source_ldap_search_filter=cn=*
. Use the following syntax to specify
the
value:source_ldap_search_filter=(&(uid=*)(objectclass=inetOrgPerson))
- source_ldap_use_ssl
- Required only if you are using SSL to authenticate. Specifies whether to use Secure
Sockets Layer for the connection. Options are
true
or
false
.
- dbrepos_jdbc_driver
- JDBC driver used to access the Profiles database repository. The default value of
the properties file references the DB2® database
provided with Profiles as
follows:
dbrepos_jdbc_driver=com.ibm.db2.jcc.DB2Driver
If you
are using DB2, you do not need to modify this
value. If you are using an Oracle database, change the value to reference an Oracle
database. The following values are
examples:dbrepos_jdbc_driver=oracle.jdbc.driver.OracleDriver
dbrepos_jdbc_driver=oracle.jdbc.pool.OracleConnectionPoolDataSource
If
you are using SQL Server, change the value to reference the SQL Server database. The
following value is an
example:com.microsoft.sqlserver.jdbc.SQLServerDriver
- dbrepos_jdbc_url
- Universal resource locator of the database that you created. This value specifies
the peopledb database, and must include the port number. For example:
- DB2:
jdbc:db2://localhost:50000/peopledb
- Oracle:
jdbc:oracle:thin:@//dbHostname:dbPort/PEOPLEDB_Name
- SQL
Server:
jdbc:sqlserver://enterprise.example.com:1433;DatabaseName=PEOPLEDB
.
- dbrepos_username
- The user name used to authenticate to the database that you created. Use the
following syntax to specify the
value:
dbrepos_username=<db_admin_id>
- dbrepos_password
- The password used to authenticate to the database that you created. Use the
following syntax to specify the
value:
{protect}-dbrepos_password=act1vities
You can provide values for additional properties if necessary, see the topic
IBM Tivoli Directory Integrator solution properties for
Profiles for details.
-
Ensure that you have completed the steps in the Mapping fields manually
task. You must complete the mapping task before continuing.
-
Run the ./collect_dns.sh or collect_dns.bat
script to create a file containing the distinguished names (DNs) to be processed from the
source LDAP directory.
Note: Before starting the script, ensure that you have completed
the steps in the Mapping fields manually task.
Note: If the script does
not run, you might need to enable its Executable attribute by running the
chmod
command first. The Executable attribute of a script can become
disabled after the script is copied from a read-only medium such as DVD.
The new file is named collect.dns by default but you can
rename it if necessary. If you change the file name, update the
source_ldap_collect_dns_file parameter in the
profiles_tdi.properties file.
After the script runs, it creates
a log file called ibmdi.log in the
tdisol.tar|zip/tdisol/TDI directory. Examine this
file to find out whether any errors occurred during the process.
-
Populate the database repository from the source LDAP directory by running the
./populate_from_dn_file.sh or
populate_from_dn_file.bat script.
Depending on how many records you are processing, this step could take many hours.
For example, 5,000 records might take a few minutes, but half a million records might take
a few hours, depending on the speed of your system. Tivoli Directory
Integrator prints a message to the screen after
every 1,000 iterations to inform you of its progress.
Note: If a failure occurs during
processing, such as loss of the network connection to the LDAP directory server, you can
run the populate_from_dn_file script again with no harm. If you want to
save time though, you can start processing the names from where it was interrupted.
Examine the PopulateDBFromDNFile.log file in the logs subdirectory to
find out which distinguished name was last successfully processed. The
ibmdi.log file also tracks the tasks that you run. Edit the
collect.dns file to remove all entries up to and including the last
successfully processed entry. Start the task again. You can repeat this step as many times
as necessary until all the distinguished names are processed.
- Optional:
If you are setting the PROF_IS_MANAGER field based on
PROF_MANAGER_UID references in other employee records, run the
./mark_managers.sh or mark_managers.bat
script.
For more information, see Configuring the Manager designation in user
profiles for details.
Note: Manager identification is not performed as part of
the previous record population step because it must run across all the records and it is
possible that the initial record population step does not complete in a single pass for
large organizations.
Note: If the manager designation was not part of the source
records for your data set, you can run this task to analyze all the records after
population. This task will take each user record and see if it is referenced as the
manager for any other users. If yes, the user will be marked as a manager. If not, the
user will be marked as not a manager. If you need to use this process to set this profile
attribute, you will also need to run it periodically to perform updates. For more
information, see Synchronizing user data between Profiles and the LDAP
directory.
-
Run additional and optional scripts to populate additional
fields. For example, run the Country code script ./fill_country.sh or
fill_country.bat to populate the Country table from the
isocc.csv file. Other scripts include the following:
- Work location code script ./fill_workloc.sh or
fill_workloc.bat
- Organization codes script ./fill_organization.sh or
fill_organization.bat
- Employee type code script ./fill_emp_type.sh or
fill_emp_type.bat
- Department code script ./fill_department.sh or
fill_department.bat
For more information, see Supplemental user data for
Profiles.