Directory naming configuration and usage (ldap.ora) – part 2

Preamble

We have seen in first part how to install and configure WebLogic application server. This second part is about configuring the database repository with Repository Creation utility (RCU) and installing Oracle Internet Directory (OID).

OID repository creation

Before you can install Oracle Internet Directory (OID) you must first fill your repository database with required schemas. On the Oracle Identity Management 11g Downloads page download below utility:

  • Oracle Fusion Middleware Repository Creation Utility 11g (11.1.1.9.0)

The database I have used is an Enterprise Edition (we use only this edition) in 12.1.0.2.0, set processes and open_cursors parameters to 500 to avoid any warning. I’m not detailing this part as it should be more than obvious for you with, for example, Database Configuration Assistant (DBCA).

The downloaded file (ofm_rcu_linux_11.1.1.9.0_64_disk1_1of1.zip) can be unzip anywhere. In ./rcuHome/bin directory invoke Repository Creation Utility with rcu binary:

directory_naming21
directory_naming21

Choose to create the repository:

directory_naming22
directory_naming22

Supply your database information with, preferably, a SYS connection. After having supplied the connection credentials few checks are performed, if all is good press Ok or correct any raised problems:

directory_naming23
directory_naming23

Choose OID repository creation:

directory_naming24
directory_naming24

Choose a password for the accounts (ODS and ODSSM):

directory_naming25
directory_naming25

I have changed only the temporary tablespace:

directory_naming26
directory_naming26
directory_naming27
directory_naming27

Do not change the default tablespace or you will end up with:

ORA-01917: user or role 'ODS' does not exist

The tablespaces are hard coded in creation scripts so if you change to something else they are not created and RCU will fail… Wondering why they have left the capability to change then…

Summary of what will be done:

directory_naming28
directory_naming28

Ending window if all goes well:

directory_naming29
directory_naming29

OID installation

On the Oracle Identity Management 11g Downloads page download below files:

  • Identity Management (11.1.1.9.0)

Unzip the two files (ofm_idm_linux_11.1.1.9.0_64_disk1_1of2.zip and ofm_idm_linux_11.1.1.9.0_64_disk1_2of2.zip) and execute runInstaller in Disk1 directory:

directory_naming31
directory_naming31

For proxy reason and internet access restriction on my server I usually chose to avoid software update:

directory_naming32
directory_naming32

Choose install and configure:

directory_naming33
directory_naming33

Pre-requisites check, even if OEL 7 is certified I had few warning about too recent packages, I have obviously decided to ignore:

directory_naming34
directory_naming34

Specify credentials for your WebLogic domain:

directory_naming35
directory_naming35

I had this warning that I have also decided to ignore:

directory_naming36
directory_naming36

If you have decided not to install WebLogic you must choose below option instead:

directory_naming68
directory_naming68

Specify installation directories, WebLogic home and application name your have chosen (I kept at maximum default values):

directory_naming37
directory_naming37

The window is slightly different if you have chosen not to install WebLogic:

directory_naming69
directory_naming69

Again I already received plenty of security alerts:

directory_naming38
directory_naming38

Choose OID and I have also chosen Oracle Directory Service Manager (ODSM) but you will see later on that I have not been able to use it so not mandatory at all:

directory_naming39
directory_naming39

The window is much simpler in the case of no WebLogic:

directory_naming70
directory_naming70

Automatic port configuration but if you have special port requirements it can be customized

directory_naming40
directory_naming40

OID database schema that has been created with RCU:

directory_naming41
directory_naming41

OID domain. I have chosen the one I setup with OID 10g for ascending compatibility, choose anything you like that match your company. You also choose the password of LDAP administrator (cn=orcladmin):

directory_naming42
directory_naming42

Summary window:

directory_naming43
directory_naming43

You classically end up installation with execution of /u01/Middleware/Oracle_IDM1/oracleRoot.sh script as root…

directory_naming44
directory_naming44

OID configuration

While configuring all components I got an error saying my WebLogic server was not reachable. When moving to widow where I executed it I discovered it has failed…

Configuration of component follow installation process:

directory_naming45
directory_naming45

Ending successful window:

directory_naming46
directory_naming46

You can now control with Oracle Process Manager and Notification Server (OPMN) tool that everything is started and running well:

[oracle@server1 ~]$ /u01/Middleware/asinst_1/bin/opmnctl status
 
Processes in Instance: asinst_1
---------------------------------+--------------------+---------+---------
ias-component                    | process-type       |     pid | status
---------------------------------+--------------------+---------+---------
oid1                             | oidldapd           |   26401 | Alive
oid1                             | oidldapd           |   26397 | Alive
oid1                             | oidmon             |   26389 | Alive
EMAGENT                          | EMAGENT            |   25953 | Alive

OID is listening on port 3060 (LDAP, insecure) and 3131 (LDAPS, secure):

[oracle@server1 ~]$ netstat -an | grep LISTEN | grep -e 3060 -e 3131
tcp6       0      0 :::3060                 :::*                    LISTEN
tcp6       0      0 :::3131                 :::*                    LISTEN

You have also Oracle Directory Services Manager (ODSM) at http://server1.domain.com:7005/odsm but it was so buggy that I have not been able to really use it:

directory_naming47
directory_naming47

One tool that is nice to configure afterwards is Enterprise Manager. To do so execute the configuration utility of your WebLogic domain with /u01/Middleware/oracle_common/common/bin/config.sh and choose to configure an existing domain:

directory_naming48
directory_naming48

Chose your domain in directory list:

directory_naming49
directory_naming49

Add Oracle Enterprise Manager component:

directory_naming50
directory_naming50

Application location for your domain:

directory_naming51
directory_naming51

Let default:

directory_naming52
directory_naming52

Summary window:

directory_naming53
directory_naming53

I had a warning for an used port that is the one of WebLogic, maybe I should have stopped WebLogic before re-configuring it

directory_naming54
directory_naming54

Ending window:

directory_naming55
directory_naming55

Then stop and restart WebLogic by exiting and restarting /u01/Middleware/user_projects/domains/base_domain/startWebLogic.sh. You should then see at http://server1.domain.com:7001/em Enterprise Manager console that will help us to graphically modify an important setup of OID:

directory_naming56
directory_naming56

We are almost done move on to next part of the series (see references section below) to finally configure directory naming with your clients…

References

One thought on “Directory naming configuration and usage (ldap.ora) – part 2

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>