Migrating User objects (and userpassword) in OID


Legacy OID SID = infra1

New OID SID = orcl1


Step 1. Export All Objects from the Root realm:


Export the data from, the root realm, out of the legacy directory:

ldifwrite -c infra1 -b “o=xxx,c=yy” -f out.ldif


Remove the userpassword attribute:

sed ‘/userpassword:/d’ out.ldif > tmp.ldif


Replace the output file with the updated file (passwords removed)

mv temp.ldif out.ldif


Stop the OID process of the new OID (opmnctl stopall)


Use bulkload to check the schema and generate an intermediate file:

bulkload -connect=orcl -check=true -generate=true -file=out.ldif


Assuming there are no errors, use bulkload to load the data into the new directory.

Bulkload -connect=orcl -load=true -file=out.ldif


Restart the OID process of the new OID (opmnctl startall)


Step 2. Migrate userpassword attribute


Export the dn and userpassword attribute from each object that has userpassword:

ldapsearch -h hostname –port -D “cn=orcladmin” -w password –s sub -b “” “objectclass=*” dn userpassword > ./pwdout.ldif


Import the user passwords into the new directory

ldapmodify -h hostname -p port -D “cn=orcladmin” -w password -f ./pwdout.ldif

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top