Export/Import OID users using DSML xml standard
Posted by John Paul van Helvoort on July 10, 2009
When using the DSML (Directory Service Markup Language) standard we create a representation of directory service information in an XML syntax instead of a ldif syntax.
ldapsearch -h source.example.com -p 389 -X -D “cn=orcladmin” -w “xxx” -b “cn=Users,dc=example,dc=com” -s sub “objectclass=*” > /home/oracle/source_users.xml
To prevent this error when importing ;
adding new entry cn=james, cn=Users, dc=example, dc=com
ldap_add: DSA is unwilling to perform
ldap_add: additional info: You cannot add entries containing authpasswords.
We need to process our source_users.xml to not hold this attribute. To accomplish this we used a xsl template created by mgueury.
del_auth_password.xsl
<!--
File : del_authpassword.xsl
Version : 1.0
Author : mgueury
Description:
Remove the authpassword from the DSML files
-->
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xml:output method="xml"/>
<xsl:template match="*|@*|node()">
<xsl:copy>
<xsl:apply-templates select="*|@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="attr">
<xsl:choose>
<xsl:when test="@name='authpassword;oid'">
</xsl:when>
<xsl:when test="@name='authpassword;orclcommonpwd'">
</xsl:when>
<xsl:otherwise>
<xsl:copy>
<xsl:apply-templates select="*|@*|node()"/>
</xsl:copy>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>
To use this we executed the following command ;
xml -f -s /home/oracle/del_auth_password.xsl -o /home/oracle/target_users.xml /home/oracle/source_users.xml
After this we can fill our target OID with the clean target_users.xml;
ldapadd -h target.example.com -p 389 -D “cn=orcladmin” -w “xxx” -c -X /home/oracle/target_users.xml
adding new entry cn=james, cn=Users, dc=example, dc=com
adding new entry cn=jake, cn=Users, dc=example, dc=com
adding new entry cn=marly, cn=Users, dc=example, dc=com
adding new entry cn=john, cn=Users, dc=example, dc=com
..
