This will help you when AD to OID connection is broken and users are waiting to be loaded to SSO:
Get the User extract from AD :
ldapsearch -h <dummy.ad.srv.com> -p 389 -D "CN=ORASSO,CN=Users,DC=us,DC=dummy,DC=com" -w "passwd" -b "dc=us,dc=dummy,dc=com"
-s sub sAMAccountName="*astathom*" dn sAMAccountName cn displayName title mail description employeeid objectclass sn manager description title userprincipalname whenCreated whenChanged
CN=Andrew.Stathom,OU=Users,DC=us,DC=dummy,DC=com
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=user
cn=Andrew.Stathom
sn=Andrew
title=Collections Rep
description=Collections Rep
displayName=Stathom, Andrew
employeeID=2393661
sAMAccountName=astathom
userPrincipalName=astathom@ironmountain.com
mail=Andrew.Stathom@ironmountain.com
manager=CN=Kent_Bob,CN=Users,DC=us,DC=dummy,DC=com
Use the below as a Template for creating a ldif file for loading the user into SSO :
dn:
orclsourceobjectdn:
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: orcluserv2
objectclass: orcladuser
objectclass: orcladobject
objectclass: person
objectclass: top
cn:
orclsamaccountname:
uid:
sn:
title:
description:
displayName:
facsimiletelephonenumber:
employeenumber:
mail:
krbprincipalname:
manager:
Prepare ldif file using the extract from AD & the above template :
vi user_Andrew.ldif
dn: cn=Andrew.Stathom,ou=users,cn=adus,cn=users,dc=dummy,dc=com (as per the tree strcuture in your OID)
orclsourceobjectdn: CN=Andrew.Stathom,OU=Users,DC=us,DC=dummy,DC=com # (dn from AD)
objectclass: inetorgperson # mandatory attribute
objectclass: organizationalperson # mandatory attribute
objectclass: orcluserv2 # mandatory attribute
objectclass: orcladuser # mandatory attribute
objectclass: orcladobject # mandatory attribute
objectclass: person # mandatory attribute
objectclass: top # mandatory attribute
cn: Andrew.Stathom # cn from AD
orclsamaccountname: dummy\astathom # domain\<sAMAccountName from AD>
uid: dummy.astathom # domain.sAMAccountName
sn: Andrew # from AD
title: Collections Rep # from AD
description: Collections Rep # from AD
displayName: Stathom, Andrew # from AD
facsimiletelephonenumber: 23646 # employeeID from AD
employeenumber: 23646 # employeeID from AD
mail: Andrew.Stathom@dummy.com # mail from AD
krbprincipalname: astathom@dummy.com # userPrincipalName from AD
manager: CN=Kent_Bob,CN=Users,DC=us,DC=dummy,DC=com # from AD
Load the User to SSO :
ldapadd -h oidapp.dummy.com -p 3060 -D "cn=orcladmin" -w "passwd" -f user_Andrew.ldif
or
You can as well load from ODSM console using User Import option .
Get the User extract from AD :
ldapsearch -h <dummy.ad.srv.com> -p 389 -D "CN=ORASSO,CN=Users,DC=us,DC=dummy,DC=com" -w "passwd" -b "dc=us,dc=dummy,dc=com"
-s sub sAMAccountName="*astathom*" dn sAMAccountName cn displayName title mail description employeeid objectclass sn manager description title userprincipalname whenCreated whenChanged
CN=Andrew.Stathom,OU=Users,DC=us,DC=dummy,DC=com
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=user
cn=Andrew.Stathom
sn=Andrew
title=Collections Rep
description=Collections Rep
displayName=Stathom, Andrew
employeeID=2393661
sAMAccountName=astathom
userPrincipalName=astathom@ironmountain.com
mail=Andrew.Stathom@ironmountain.com
manager=CN=Kent_Bob,CN=Users,DC=us,DC=dummy,DC=com
Use the below as a Template for creating a ldif file for loading the user into SSO :
dn:
orclsourceobjectdn:
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: orcluserv2
objectclass: orcladuser
objectclass: orcladobject
objectclass: person
objectclass: top
cn:
orclsamaccountname:
uid:
sn:
title:
description:
displayName:
facsimiletelephonenumber:
employeenumber:
mail:
krbprincipalname:
manager:
Prepare ldif file using the extract from AD & the above template :
vi user_Andrew.ldif
dn: cn=Andrew.Stathom,ou=users,cn=adus,cn=users,dc=dummy,dc=com (as per the tree strcuture in your OID)
orclsourceobjectdn: CN=Andrew.Stathom,OU=Users,DC=us,DC=dummy,DC=com # (dn from AD)
objectclass: inetorgperson # mandatory attribute
objectclass: organizationalperson # mandatory attribute
objectclass: orcluserv2 # mandatory attribute
objectclass: orcladuser # mandatory attribute
objectclass: orcladobject # mandatory attribute
objectclass: person # mandatory attribute
objectclass: top # mandatory attribute
cn: Andrew.Stathom # cn from AD
orclsamaccountname: dummy\astathom # domain\<sAMAccountName from AD>
uid: dummy.astathom # domain.sAMAccountName
sn: Andrew # from AD
title: Collections Rep # from AD
description: Collections Rep # from AD
displayName: Stathom, Andrew # from AD
facsimiletelephonenumber: 23646 # employeeID from AD
employeenumber: 23646 # employeeID from AD
mail: Andrew.Stathom@dummy.com # mail from AD
krbprincipalname: astathom@dummy.com # userPrincipalName from AD
manager: CN=Kent_Bob,CN=Users,DC=us,DC=dummy,DC=com # from AD
Load the User to SSO :
ldapadd -h oidapp.dummy.com -p 3060 -D "cn=orcladmin" -w "passwd" -f user_Andrew.ldif
or
You can as well load from ODSM console using User Import option .