|
|
|
The smobjexport tool exports the entire policy store or a single policy domain by creating two files: an .smdif (SOA Security Manager Data Interchange Format) and a .cfg (environment configuration) file. The .smdif file standardizes SOA Security Manager data so you can import it to a different type of policy store. For example, you can export an .smdif file from an ODBC database and import it to an LDAP directory.
The environment configuration (.cfg) file contains environment-specific properties for the policy store such as IP Addresses, redirection URLs, shared secrets, agent names, logging settings, and .com extensions. Only the 5.0, 5.5, and 6.x versions of smobjexport create an environment configuration file, as this feature is not available for previous versions. Tabs separate the text in the .cfg file, and you can edit it as a tab-delimited file in any text editor or Microsoft Excel.
Note: Using the Command Line Interface, you can write Perl scripts to import and export particular objects rather than all the Policy Store objects. For more information, see the API Reference Guide for Perl.
The following table describes the four fields of a sample registration scheme entry from the .cfg file.
|
Object OID |
Object Class |
Property Type |
Value |
|---|---|---|---|
|
<reg scheme OID> |
SelfReg |
RegistrationURL |
http://your.url.com |
The Object OID column is represented only by the OID variable since OIDs such as the following are too long to fit:
reg_scheme_OID = 0d-6dc75be0-1935-11d3-95cc-00c04f7468ef
Each entry's fields--Object OID, Object Class, Property Type, Value--can be edited in a text editor or Excel.
Note: For backward compatibility, the smobjexport command line only references the .smdif file. As a result, the corresponding environment configuration file is created according to the following naming convention: if the output file you specify with the smobjexport command has an .smdif extension (for example, file_name.smdif), then the extension is replaced with .cfg (such as file_name.cfg) for the configuration file. However, if the output file you specify does not have an .smdif extension (for example, file_name.txt), then .cfg is appended to file name and extension (such as file_name.txt.cfg).
smobjexport uses the following arguments to supply information required to export the data:
Specifies the path and file name of the output .smdif file. If this argument is not specified, the default output file names are stdout.smdif and stdout.cfg. This filename should be a name other than the one used for smldapsetup ldgen -ffile_name, otherwise the export will be overwritten.
Overwrites an existing output file.
Exports only the specified policy domain.
Exports the specified policy domain and all system objects used by the policy domain, such as administrators, Agents, authentication schemes, and user directories.
Note: The -e option does not support exporting Affiliate domains.
Exports sensitive data as clear-text. Exporting data as clear-text allows you to migrate policy data from a SOA Security Manager deployment that uses one encryption key to another SOA Security Manager deployment that uses a different encryption key. To use -c, you must enter the credentials of a SOA Security Manager administrator who can manage all SOA Security Manager domain objects. Enter credentials using the -d and -w arguments.
Exports sensitive data encrypted with backward-compatible cryptography.
Exports sensitive data encrypted with FIPS-140 compatible cryptography.
Specifies the login name of a SOA Security Manager Administrator that can manage all SOA Security Manager objects in the policy store being exported.
Specifies the password of the SOA Security Manager Administrator specified using -d.
Exports Agent keys stored in the policy store along with the rest of the policy store data. By default, keys are not included in the export.
Exports only the Agent keys stored in the policy store.
Enables verbose mode.
Enables low level tracing mode. This mode can be used to troubleshoot the export process.
Export variables only.
Creates a log file. Make sure the file_name.smdif file ends with an .smdif and not a .txt or other extension. If the file_name.smdif file ends with an .smdif extension, smobjexport creates a log file with a .log extension. However, if the file_name.smdif file ends with a .txt extension, smobjexport creates a file_name.txt.log file, which is incorrect since the log file must be in the file_name.log format.
Exports IdentityMinder objects only.
Exports specific IdentityMinder objects and all relevant system objects.
Exports a specific IdentityMinder directory and all relevant system objects.
Displays the help message.
Note: If the arguments contain spaces, use double quotes around the entire argument. For example, if the name of the SOA Security Manager administrator is SOA Security Manager Admin, the argument for smobjexport would be
-d" SOA Security Manager Admin"
To export data using smobjexport
Specifies the installed location of SOA Security Manager.
smobjexport -ofile_name.smdif -c -dadmin-name -wadmin-pw -v -t
Specifies the name of the .smdif output file that will contain the exported policy store data
Specifies the name of a SOA Security Manager administrator that can manage all SOA Security Manager objects
Specifies the password for the specified SOA Security Manager administrator.
Note: Ensure the file_name.smdif file ends with a .smdif and not a .txt extension.
Example: smobjexport -opstore.smdif -c -dSOA Security Manager -wpassword -v -t
Note: The -ofile_name argument should use a filename other than the one used for the smldapsetup ldgen -ffile_name; otherwise the export may be overwritten.
| Copyright © 2009 CA. All rights reserved. | Email CA about this topic |