Following on from my previous post on OpenDJ password schemes , a common requirement is often to migrate users into the OpenDJ profile store from an existing database. There are numerous ways to do this, such as LDIF file imports or using OpenIDM reconciliation and livesync . However, both methods only really do a like for like comparison – no data cleansing takes place - unless you start to configure some logic processing in there. This might be fine, but if your existing repositories contain millions of entries, some of which you don't know are live, a quick way to migrate across only active users, is to use OpenAM, with it's Dynamic Profile creation feature. The above describes the process at a high level. Basically there are 3 authentication modules in a chain, using the flexibility of sufficient and optional modules . In this flow, there are basically 3 states. User in MySQL User in OpenDJ Authentication Works Against Password Captured 1st Run Yes
Recipes for Digital Identity & Security