fwm dbexport

Description Export the Check Point User Database to a file. The file may be in one of the following formats:

• The same syntax as the import file for fwm dbimport
• LDIF format, which can be imported into an LDAP server using ldapmodify

Syntax

To export the User Database to a file that can be used with fwm dbimport:

> fwm dbexport [ [-g group | -u user] [-d delim] [-a {attrib1, attrib2, ...} ] [-f file] ]

To export the User Database as an LDIF file:

> fwm dbexport -l -p [-d] -s subtree [-f file] [-k IKE-shared-secret]

Parameter	Description
-g group	Specifies a group (group) to be exported. The users in the group are not exported.
-u user	Specifies that only one user (user) is to be exported.
-d	Debug flag
-a {attrib1, attrib2, ...}	Specifies the attributes to export, in the form of a comma-separated list, between {} characters, for example, -a {name,days}. If there is only one attribute, the {} may be omitted.
-f file	file specifies the name of the output file. The default output file is $FWDIR/conf/user_def_file.
-l	Create an LDIF format file for importation by an LDAP server.
-p	The profile name.
-s	The branch under which the users are to be added.
-k	This is the Account Unit's IKE shared secret (IKE Key in the Encryption tab of the Account Unit Properties window.)

Comments

• The IKE pre shared secret does not work when exporting from one machine and importing to another.
• If you use the -a parameter to specify a list of attributes, and then import the created file using fwm dbimport, the attributes not exported will be deleted from the user database.
• fwm dbexport and fwm dbimport (non-LDIF Usage) cannot export and import user groups. To export and import a user database, including groups, proceed as follows:

  * Run fwm dbexport on the source Security Management server.

  * On the destination Security Management server, create the groups manually.

  * Run fwm dbimport on the destination Security Management server.

The users will be added to the groups to which they belonged on the source Security Management server.

• If you wish to import different groups of users into different branches, run fwm dbexport once for each subtree, for example:

  fwm dbexport -f f1 -l -s ou=marketing,o=WidgetCorp,c=us

  fwm dbexport -f f2 -l -s ou=rnd,o=WidgetCorp,c=uk

  Next, import the individual files into the LDAP server one after the other. For information on how to do this, refer to the documentation for your LDAP server.

• The LDIF file is a text file which you may wish to edit before importing it into an LDAP server. For example, in the Check Point user database, user names may be what are in effect login names (such as "maryj") while in the LDAP server, the DN should be the user's full name ("Mary Jones") and "maryj" should be the login name.

Example Suppose the User Database contains two users, "maryj" and "ben".

fwm dbexport -l -s o=WidgetCorp,c=us

creates a LDIF file consisting of two entries with the following DNs:

cn=ben,o=WidgetCorp,c=us

cn=maryj,o=WidgetCorp,c=us