smobjexport

Policy Server Guides › Policy Server Administration Guide › Policy Server Tools › smobjexport

smobjexport

The smobjexport tool exports the entire policy store or a single policy domain by creating two files: an .smdif (SiteMinder Data Interchange Format) and a .cfg (environment configuration) file. The .smdif file standardizes SiteMinder data so you can import it to a different type of policy store. For example, you can export an .smdif file from an ODBC database and import it to an LDAP directory.

The environment configuration (.cfg) file contains environment-specific properties for the policy store such as IP Addresses, redirection URLs, shared secrets, agent names, logging settings, and .com extensions. Tabs separate the text in the .cfg file, and you can edit it as a tab-delimited file in any text editor or Microsoft Excel.

Note: Using the Command Line Interface, you can write Perl scripts to import and export particular objects rather than all the Policy Store objects. For more information, see the Programming Guide for Perl.

The following table describes the four fields of a sample registration scheme entry from the .cfg file.

Object OID	Object Class	Property Type	Value
<reg scheme OID>	SelfReg	RegistrationURL	http://your.url.com

The Object OID column is represented only by the OID variable since OIDs such as the following are too long to fit:

reg_scheme_OID = 0d-6dc75be0-1935-11d3-95cc-00c04f7468ef

Each entry's fields--Object OID, Object Class, Property Type, Value--can be edited in a text editor or Excel.

Note: For backward compatibility, the smobjexport command line only references the .smdif file. As a result, the corresponding environment configuration file is created according to the following naming convention: if the output file you specify with the smobjexport command has an .smdif extension (for example, file_name.smdif), then the extension is replaced with .cfg (such as file_name.cfg) for the configuration file. However, if the output file you specify does not have an .smdif extension (for example, file_name.txt), then .cfg is appended to file name and extension (such as file_name.txt.cfg).

The smobjexport tool uses the following arguments to supply information required to export the data:

-ofile_name

Specifies the path and file name of the output .smdif file. If this argument is not specified, the default output file names are stdout.smdif and stdout.cfg. This filename should be a name other than the one used for smldapsetup ldgen -ffile_name, otherwise the export will be overwritten.

-f

Overwrites an existing output file.

-sdomain-name

Exports only the specified policy domain.

-edomain-name

Exports the specified policy domain and all system objects used by the policy domain, such as administrators, Agents, authentication schemes, and user directories, including the following:

If one of the system objects is a Host Configuration object, all Host Configuration objects are exported.
If one of the system objects is an Agent Configuration object, all Agent Configuration Objects are exported.
If one of the system objects is an affiliate (when the Policy Server Option Pack is installed), the entire domain to which the affiliate belongs is exported.

-c

Exports sensitive data as clear-text. Exporting data as clear-text allows you to migrate policy data from a SiteMinder deployment that uses one encryption key to another SiteMinder deployment that uses a different encryption key. To use -c, you must enter the credentials of a SiteMinder administrator who can manage all SiteMinder domain objects. Enter credentials using the -d and -w arguments.

-cb

Exports sensitive data encrypted with backward-compatible RC2 cryptography regardless of the FIPS mode of the Policy Server.

-cf

Exports sensitive data encrypted with FIPS-140 compatible AES cryptography regardless of the FIPS mode of the Policy Server.

-dadmin-name

Specifies the login name of a SiteMinder Administrator that can manage all SiteMinder objects in the policy store being exported.

-wadmin-pw

Specifies the password of the SiteMinder Administrator specified using -d.

-k

Exports Agent keys and session ticket keys stored in the policy store along with the rest of the policy store data.

Default: Excluded

-x

Exports only the Agent keys stored in the policy store.

-v

Enables verbose mode.

-t

Enables low level tracing mode. This mode can be used to troubleshoot the export process.

-u

Export variables only.

-l

Creates a log file. Make sure the file_name.smdif file ends with an .smdif and not a .txt or other extension. If the file_name.smdif file ends with an .smdif extension, smobjexport creates a log file with a .log extension. However, if the file_name.smdif file ends with a .txt extension, smobjexport creates a file_name.txt.log file, which is incorrect since the log file must be in the file_name.log format.

-m

Exports IdentityMinder objects only.

-i

Exports specific IdentityMinder objects and all relevant system objects.

-j

Exports a specific IdentityMinder directory and all relevant system objects.

-?

Displays the help message.

Note: If the arguments contain spaces, use double quotes around the entire argument. For example, if the name of the SiteMinder administrator is SiteMinder Admin, the argument for smobjexport would be
-d" SiteMinder Admin"