Running an online LDIF import
You can run LDIF imports while the server is online from another remote server.
|
The LDIF file must be stored on the file system of the target server. |
The online import is similar to the offline import, except that you must provide information about how to connect and authenticate to the target server.
To schedule an LDIF file to begin importing at a specific time, use the --task and --start YYYYMMDDhhmmss options of the import-ldif tool.
You can also specify email addresses of users to notify when the import process completes. You can notify them regardless of success or failure or only if the import fails.
Before you begin
Performing an online LDIF import requires access to administrative tasks. The administrator performing the online LDIF import needs a particular privilege and the appropriate access rights:
-
The
ldif-importprivilege, described in Working with privileges -
At minimum, a global
allow (add)ACI right targeting thecn=tasksbackend
|
Consider including Users with both the |
The following example gives uid=user.0 the ldif-import privilege:
$ bin/ldapmodify --hostname server1.example.com -port 389 \ --bindDN "uid=admin,dc=example,dc=com" --bindPassword password dn: uid=user.0,ou=People,dc=example,dc=com changetype: modify add: ds-privilege-name ds-privilege-name: ldif-import
The following example gives uid=user.0 the allow (add,read,write) ACI rights for import tasks:
$ bin/dsconfig --hostname server1.example.com -port 389 \ --bindDN "uid=admin,dc=example,dc=com" --bindPassword password \ set-access-control-handler-prop --add 'global-aci:(target="ldap:///cn=tasks") (targetattr="*")(targetfilter="(objectClass=ds-task-import)") (version 3.0; acl "Allow user.0 to manage entries for bulk import"; allow (add,read,write) userdn="ldap:///uid=user.0,ou=People,dc=example,dc=com";)'
|
When adding administrators, create an administrative group and assign access rights to the group. You can create a user-defined virtual attribute to assign a privilege to anyone who’s a member of the administrative group. |
Performing an online LDIF import
Steps
-
Confirm the PingDirectory server is online.
-
To import data from an LDIF, use the
import-ldifcommand.Example:
$ bin/import-ldif --task --hostname server1 --port 389 \ --bindDN uid=admin,dc=example,dc=com --bindPassword password \ --backendID userRoot --ldifFile userRoot.ldif
Scheduling an online import
Steps
-
Confirm the PingDirectory server is online.
-
To import data from an LDIF file at a scheduled time, use the
import-ldifcommand.To specify a time in the UTC time zone, include a trailing
Z. Otherwise, the time zone defaults to the time zone configured on the server.Example:
$ bin/import-ldif --task \ --hostname server1 \ --port 389 \ --bindDN uid=admin,dc=example,dc=com \ --bindPassword password \ --backendID userRoot \ --ldifFile /path/to/data.ldif \ --start 20111026010000 \ --completionNotify import-complete@example.com \ --errorNotify import-failed@example.comResult:
Import task 2011102617321510 scheduled to start Oct 26, 2011 1:00:00 AM CDT
-
To confirm that you successfully scheduled your import task, use the
manage-taskscommand to view a summary of all tasks on the system.Example:
$ bin/manage-tasks --summaryResult:
ID Type Status ----------------------------------------------- 2011102617321510 Import Waiting on start time
-
To monitor the progress of this task, use the
manage-taskstool.Use the task ID of the import task. If you cannot find the task ID, use the
--summaryoption to view a list of all tasks scheduled on the PingDirectory server.Example:
$ bin/manage-tasks --info 2011102617321510Result:
Task Details ----------------------------------------------------- ID 2011102617321510 Type Import Status Waiting on start time Scheduled Start Time Oct 26, 2011 1:00:00 AM CDT Actual Start Time Completion Time Dependencies Failed None Dependency Action None Email Upon Completion admin@example.com Email Upon Error admin@example.com Import Options ---------------------------- LDIF File /path/to/data.ldif Backend ID userRoot