Never re-upload a new ldif without cleaning up entries created by an eventual previous ldif upload. otherwise your wls domain will become corrupted.To upload ldif file active directory please follow below steps.
How to delete users/groups before re-uploading using the LDAP Browser tool
1 – Get the LDAP Browser tool
2 – Create an LDAP connection to the embedded LDAP
2.1 – You need to know the LDAP admin connection credentials. The admin user is cn=Admin.
The password needs to be updated in WLS Console. Go to the WLS Console at <domain_name> -> Security ->Embedded LDAP and type a new password in Credential field.
2.2 – Restart the admin server after that.
3. – The LDAP port is the same as AdminServer’s. Below is an example of LDAP connection entry in LDAP browser.
4. – Log in to the LDAP server
5. – Browse the groups node
6. – Select all groups, except the following: Administrators, Monitors, Operators, CrossDomainConnectors, Deployers, etc which are required for administrative jobs.
7. – Delete selected groups.
8. – If you also want to delete users using LDAP Browser, browse the people node, select all users (except weblogic, SystemUser, operator and deployer, etc which are required for administrative jobs) and delete them.
Re-uploading the ldif file
This should be done in the same way as usual, either through WLS Console or via wlst.sh.
Through WLS console:
1. Go to WLS administrative console and log in as weblogic/weblogic. Tipically, the console URL is http://127.0.0.1:7001/console
2. Navigate to Security Realms -> myrealm -> Providers -> DefaultAuthenticator -> Migration, according to the sequence of screen shots below.
3. Specify the absolute path on the ldif file in the text box “Import File on Server” and click the Save button.
Through WLST script:
Execute the following steps:
1. Download the ldift file to system
2. Run $WLS_HOME/common/bin/wlst.sh to start the wlst command line tool
3. Run Below commands one by one
connect('weblogic', 'weblogic', 't3://localhost:7001') cd('/SecurityConfiguration/DefaultDomain/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator') cmo.importData('DefaultAtn', '/tmp/WLS_Users_and_Groups.ldift', None) disconnect() exit()
Distributing Ldift to all managed servers
1 – After having re-uploaded the ldif file In WLS Console, go to <domain-name> -> Security -> Embbeded LDAP and check the option Refresh Replica At Startup, as in the picture below.
2 – Stop the managed servers.
3 – Stop the Admin server.
4 – Start the Admin server.
5 – Start the managed servers.