Oid installation presentation notes

Installation notes for Installing OID standalone
a.k.a.
Presentation Notes

Mark Luszczynski
Arch Coal, Inc.

1 Purpose and Scope ................................................................................................................................................2
1.1 High level overview of steps .............................................................................................................................2
2 Why a global naming system ................................................................................................................................3
3 Linux Server Requirements ..................................................................................................................................4
3.1 Linux VM settings ............................................................................................................................................4
3.2 Disable selinux ..................................................................................................................................................4
3.3 Firewall issues ( iptables ) .................................................................................................................................4
3.4 Kernel parameters .............................................................................................................................................5
3.5 Create database to hold OID data ......................................................................................................................5
4 Download the OID software .................................................................................................................................6
5 OID Installation ....................................................................................................................................................7
5.1 Getting started screens ......................................................................................................................................7
5.2 Software options ...............................................................................................................................................9
5.3 Start the install ................................................................................................................................................ 14
5.4 Enable anonymous binds................................................................................................................................. 15
6 Manage Service Names ...................................................................................................................................... 16
6.1 sqlnet.ora change ............................................................................................................................................. 16
6.2 ldap.ora............................................................................................................................................................ 16
6.3 Net Manager.................................................................................................................................................... 17
6.3.1 Load OID from tnsnames.ora ...................................................................................................................... 18
6.3.2 Adding a Service Name ............................................................................................................................... 18
6.4 Proving that it’s working ................................................................................................................................. 22
7 OID Process control............................................................................................................................................ 23
7.1 Environment variables .................................................................................................................................... 23
7.2 OID Management ............................................................................................................................................ 23
8 Patch to 11.1.1.6 ................................................................................................................................................ 24
8.1 Finding the patchset ........................................................................................................................................ 24
8.2 Applying the software patch ........................................................................................................................... 25
8.3 Applying the database schema patch .............................................................................................................. 29
9 Adding Nodes ..................................................................................................................................................... 30
9.1 Set up additional node ..................................................................................................................................... 30
9.2 Configure replication ...................................................................................................................................... 30
9.2.1 Set your environment .................................................................................................................................. 30
9.2.2 Remtool on first node .................................................................................................................................. 30
9.2.3 Seed the 2nd node ........................................................................................................................................ 31
9.3 Start replication on both nodes ........................................................................................................................ 31
9.4 Confirming replication .................................................................................................................................... 32
10 Miscellaneous Topics ......................................................................................................................................... 33
10.1 Auto stop/start for linux .................................................................................................................................. 33
10.2 Using Round Robin DNS ................................................................................................................................ 34
10.3 Manually adding ldap entries .......................................................................................................................... 35
10.4 View all ldap tns entries .................................................................................................................................. 35
10.5 Moving the OID database ............................................................................................................................... 37

1 Purpose and Scope
The goal is to use Oracle Internet Directory for a centralized naming authority for oracle service names.

This document describes, in detail, the steps for the different tasks associated with installing Oracle
Internet Directory in a stand-alone configuration without the full Fusion Middleware install. The idea
behind this document is to reduce all the pertinent information regarding the install steps into one
document to produce a repeatable procedure.

The focus is on the steps required to accomplish this objective and not on all the other features and theory
of Oracle Identity Management.

If you are planning to use Oracle Identity Management for Single Sign-on and the like, do not use this
procedure.

1.1 High level overview of steps
The install of Oracle Internet Directory process requires several discrete steps. Below is a summary of
the steps that will be discussed in detail in this document.

• Provision a server
• Create a database for OID
• Download OID
• Install OID 11.1.1.2
• Verify operation
• Patch OID to 11.1.1.6
• Add additional nodes (replication)
• Verify replication and operation

OID Installation Mark Luszczynski 2

2 Why a global naming system
The advantages of managing anything centrally is always a benefit in a fast-changing environment with
many configurable end points.

In the oracle world, tnsnames.ora files have been around for a long time. As installation sizes grow, it can
become very cumbersome to maintain dozens if not hundreds of tnsnames.ora files that sit on individual
servers and desktops.

The tnsnames.ora file is logically equivalent to an /etc/hosts file on unix or
c:WindowsSystem32driversetc on windows. Normally for an IP connection the address or url is
converted to an IP address by querying a central DNS server. Think of a DNS server as a master
‘/etc/hosts’ that everybody can access. Your local hosts file would only be used if you wanted to create
your own alias for an IP address that is not registered in your company’s DNS.

For many years, the oracle client has been able to leverage aliases in the DNS. This is known as the host
naming method. This works very well if you can live with all the default sqlnet settings. All databases
must listen on port 1521 and so on. It is not useful for failover/standby configurations.

To resolve a database name via a DNS alias, simply have the DNS administrator add a ‘CNAME’ alias
record for the database name. This cname entry must point to the hosting server for the database.
Eg: mydb.com CNAME myhost.com

You will also need to make sure that every client’s sqlnet.ora file contains a
names.directory_path=(hostname,..) line.

Oracle Corp created Oracle Names several years ago as a central naming service. This was replaced with
Oracle Internet Directory.

Oracle Internet Directory is an ldap server that logically functions as the directory for oracle tns
information. ( It is capable of much more but that is beyond the scope of this presentation. ) Unlike the
host naming method, OID does allow for tns entries with all the optional settings such as failover and load
balancing.

After the first Oracle Internet Directory node is created, you will want to have one or more additional
OID nodes to provide redundancy. Setting this up is also discussed in this document.

Oracle also offers a methodology for leveraging an existing Microsoft Active Directory (AD) as the
naming authority. This approach is not considered in this presentation.


3 Linux Server Requirements
This presentation focuses on using Redhat Linux as the o/s. The procedure should be the same if you
choose to use Oracle Enterprise Linux or Centos.

OID is not certified against any version of Linux 6 as of this writing. We were unable to use Oracle
Enterprise Linux as vmware and OEL 5 do not get along. Oracle says it’s vmware’s problem; Vmware
says a patch is due in May 2012. We did not wish to wait so we proceeded with Redhat 5.7.

3.1 Linux VM settings
We used these settings for our OID vm’s:

Memory 4G
Software f/s 20G
Database f/s 5G

The linux o/s software is installed in the usual fashion. You will later probably need to download
additional packages required by OID and the database software.

3.2 Disable selinux
Selinux will get in the way when you are running the install. The simplest solution is to disable it rather
than try to work with it. In our project, we did not attempt to work with selinux on.

To disable permanently, edit the file /etc/sysconfig/selinux and change the SELINUX line as follows:
SELINUX=disabled

To disable temporarily, then as root:
echo 0 >/selinux/enforce

3.3 Firewall issues ( iptables )
The Linux firewall service is called iptables.

If this service is on, by default it will block OID ports.

You can add entries to iptables to allow OID traffic but you must be root to do this.
( This example assumes ports 3060 and 3131 for OID )

# iptables -A RH-Firewall-1-INPUT -p tcp -m state
--state NEW -m tcp --dport 3060 -j ACCEPT
# iptables -A RH-Firewall-1-INPUT -p tcp -m state
--state NEW -m tcp --dport 3131 -j ACCEPT

The other possibility is to turn it off

# service iptables stop


3.4 Kernel parameters
Kernel parameters can be permanently adjusted by changing the /etc/sysctl.conf file.

These settings will be sufficient for OID.

kernel.shmall = 4294967296
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 6815744
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_max = 1048576
fs.aio-max-nr = 1048576

After making changes to this file, the easiest thing to do is reboot. This will be a good test to verify that
the firewall and selinux changes ‘stick’ after reboot. ( Linux kernel parameters can also be modified
dynamically if you really don’t want to reboot )

3.5 Create database to hold OID data
It is recommended to create a separate database which will hold the OID data. You can create this
database in any standard fashion you wish but there are three requirements:

1. The character set must be AL32UTF8
2. The nationalcharacter set must be AL16UTF16
3. The spfile parameter, processes, must be a minimum of 500

As the database doesn’t have much redo activity, we chose to host the database on the same vm as the
OID server. You of course can locate the database anywhere you wish. And of course, you should back
up this database.

We used the latest and greatest Oracle database which is 11.2.0.3 as of this writing. The OID installer
will complain that version 11.2.0.3 is not ‘equal to or higher than 11.1.0.7’. You can ignore this warning.


4 Download the OID software
Now we are ready to download the software. Downloading the exact correct software isn’t as easy as it
sounds. The software is available on technet.oracle.com

Go to this link: http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html

Click the as usual.

Here is where the first opportunity to waste time comes in. When the software page appears, one might
be led to believe that the most current Identity Management listing is the software to download.

However, if you attempt to install OID using Identity Management 11.1.1.3 you will be told by the
installer that this is a patchset.

The correct base software to download is further down the page in the ‘Earlier Identity and Access
Management’ section.

After the installation, there is a software patch to apply as well. This will be described in a later step.


5 OID Installation

After unzipping etc, change to the Disk1 directory which contains runInstaller for OID.
Then type the command: ./runInstaller

The Oracle documentation used in this section is the Oracle FMW Installation Guide for Oracle Identity
Management: http://docs.oracle.com/cd/E12839_01/install.1111/e12002/oid.htm

5.1 Getting started screens
In a moment or two, the welcome screen appears.

Click the Button to get started.

Select the ‘Install and Configure’ Option


Step 3 is the Prerequisites Check

At this point, you may need to install additional linux packages.

The installer will tell you which required linux packages are missing. Consult with your linux
administrator on installing the needed packages. If you have the root access yourself, you can either use
gui system-config-packages or command line yum to install the oracle required packages.

Yum example: yum install gcc-c++.x86_64

Kernel parameters should have already been addressed in section 3.4


5.2 Software options

After successfully meeting all the Prerequisite Checks the Step 4 screen will start the sequence of
prompting for details regarding the OID installation.

Select ‘Configure Without a Domain’ as we are installing OID without the FMW framework.

Step 5 will prompt you for software locations and the ‘oracle instance’ name. In this context, oracle
instance refers to the software instance, not a database.

You will probably want to change the default locations presented by the installer. Although not required,
we have placed the ‘Oracle Instance’ ( OID instance that is ) inside the middleware home. We left the
instance name at the default of asinst_1.


Step 6 presents the usual ‘Specify Security Updates’ prompt.

You can choose to enter the information or leave it blank.

The Step 7 screen is probably the most important one. This is where you are going to tell the installer that
we are installing OID only.

Make sure your selection matches the above before continuing.
Oracle Internet Directory must be the only item with a check mark.

Step 8 – OID ports

For linux, ports 3060 and 3131 are selected by default.

Step 9 prompts for details about the database that you created earlier.
In this example, database oradba4 was created on server oidsrv1.

At this point, the install is prompting for a DBA account signon ( not the ODS schema ). You will be
prompted for that later.


If you are using a database newer than 11.1, you get this puzzling message. It can be ignored.

Step 10 prompts for the passwords for the database schemas required for OID.

The ODS schema will contain the data for Oracle Internet Directory. This password will be needed for
maintenance operations. Be sure to make a record of it.

The ODSSM schema apparently is not used in a stand-alone OID installation. I have not needed the
password to date.


Step 11 will prompt for information regarding your ldap configuration.

On this screen, you set the default ‘realm’ for your OID.

The ‘Administrator User Name’ will be the signon used to maintain your Oracle Internet Directory
service name information. This will be the password you use most. For example you will need it when
using Net Manager to modify the tns data that it stored in your directory.


5.3 Start the install
You are then presented with the install summary.

Click on the Install button to start

After several minutes, you will be prompted to run a script as root:

Run the script as indicated, then click on OK.

The install will now continue through several more steps.


After the installation is complete the status screen should look similar to the following:

The software install is now complete. Your Oracle Internet Directory processes should be up and
running. You can go ahead and exit the installer.

5.4 Enable anonymous binds
In order for clients to be able to query the ldap server which contains the OID information, you will have
to enable anonymous binds.

To do this, you will need an ldif file which are essentially commands for the ldap server.

Create a file /tmp/anon.ldif and add these lines

dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclAnonymousBindsFlag
orclAnonymousBindsFlag: 1

Then apply the file

ldapmodify -p 3060 -D cn=orcladmin -w <password> -f /tmp/anon.ldif


6 Manage Service Names
Now that you have installed Oracle Internet Directory, you are naturally interested to see if it actually
works.

The easiest way to do this is from your desktop. If you installed a full sqlnet client, then you should
already have the Net Manager in the menu.

However, you must first make some configuration changes in your pc’s network/admin directory so that it
will look at the ldap directory.

In a typical install, the admin directory is in <something>product11.2.0client_1networkadmin

Make a note of these changes as these will also need to be done once on each desktop or server when you
are ready to fully deploy OID to your enterprise.

6.1 sqlnet.ora change
In the sqlnet.ora file, you need to ensure that LDAP is one of the search options. In the example below,
the names.directory_path line has been changed so that OID will be searched first, prior to looking at any
local tnsnames.ora that may exist.

NAMES.DIRECTORY_PATH=(LDAP,TNSNAMES)

6.2 ldap.ora
You will also need an ldap.ora file in the same directory. This file tells the oracle client which type of
ldap directory is being used as well as the list of servers to query. In the example below, there are two
ldap servers listed.

DIRECTORY_SERVERS=( oidsrv1:3060:3131, oidsrv2:3060:3131 )
DEFAULT_ADMIN_CONTEXT = "dc=aci,dc=corp,dc=net"
DIRECTORY_SERVER_TYPE = OID

Note that the DEFAULT_ADMIN_CONTEXT must match the ‘Realm’ that you entered during Step 11
of the OID install.

Unfortunately, at this time, the list of ldap servers is processed sequentially. This means that if you
distribute this ldap.ora to all clients, everybody will hit oidsrv1. The second server will only see traffic
if oidsrv1 is down. It would be nice if the oracle client had an option to pick one at random for pseudo
load-balancing. Currently tns entries allow this sort of load-balancing. I have filed an enhancement SR
for this feature in ldap.ora.


6.3 Net Manager
Now we are ready to fire up Net Manager.

In Windows 7, you will find it in the Oracle – OraClient11g_home1 menu tree.

The opening screen appears.

Click on the + next to Directory, then click on the + next to Service Naming.

Now you will be prompted for the ldap signon.
This will be the same credentials you entered during Step 11 of the install.

Service name entries can be added either manually, or by loading in an existing tnsnames.ora file.


6.3.1 Load OID from tnsnames.ora

As you get ready to deploy your Oracle Internet Directory, you probably really do not want to hand enter
all the service names. Fortunately, there is a way to load your ‘golden’ tnsnames.ora into OID using Net
Manager.

To load a tnsnames.ora file into OID, you use what Net Manager calls ‘Export’. A little confusing at first.

Select Command from the menu, then Directory, then Export Net Service Names.

6.3.2 Adding a Service Name

This example demonstrates how to add a new service name directly. This is how you will add new
entries.

Although not immediately obvious you must first select ‘Service Naming’ and then press the green + to
start the process of adding an ldap service name entry.

Now you will be prompted for the details regarding your service. You will recognize that these are the
same elements that would comprise a corresponding tnsnames.ora entry.


Equivalent to mark1=

Equivalent to (PROTOCOL=TCP)


Equivalent to (HOST=devdb1)(PORT=1521)

Equivalent to (SERVICE_NAME=fred1)


Your entry will look like this:

Here is an example of a service name with failover. Notice that there are multiple Address tabs.


6.4 Proving that it’s working

If you’re like me, at this point you will be thinking, “I’ve loaded my service names into OID and that’s all
well and good but prove to me that the thing is working”.

The tnsping utility is what you want to use.

Simply issue a tnsping against one of your service names.

If you see ‘Used LDAP Adapter’ then your OID resolution is working.

See section 10.4 if you want to see your entries in ldap form.


7 OID Process control
When the installer finished, it started the OID processes.

Of course, there will come a time when you need to shut these down for patches or whatever. There are
several basic commands that stop and start the OID stack.

7.1 Environment variables
Because the stack contains multiple layers, there are several environment variables that have to be in
linux for these commands to work seamlessly.

One suggestion is to create a oidenv script that you can run to set these.

export ORACLE_HOME=/orabase/orahomes/oid/Oracle_IDM1
export ORACLE_INSTANCE=/orabase/orahomes/oid/asinst_1
export INSTANCE_NAME=asinst_1
export COMPONENT_NAME=oid1
export NLS_LANG=AMERICAN_AMERICA.AL32UTF8
PATH=${ORACLE_HOME}/bin:${ORACLE_HOME}/ldap/bin:${ORACLE_INSTANCE}/bin:${PATH};export PATH

These variable settings must match the entries you made during Step 5 of the install.

By adding the paths for each of the bin directories, you can save some typing.

Most of the examples presented in this document rely on this script having been run.

7.2 OID Management
The basic command to start, stop and view status are opmnctl and oidctl

opmnctl startall -- starts all components ( including replication once it’s setup )
opmnctl stopall -- stops all components ( including replication once it’s setup )

opmnctl status -- reports status of OID components except for replication

We haven’t installed replication yet but to view the status of replication there is a separate command.

oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 status

These commands have lots of other options but these are the ones needed for basic management.

See section 10.1 for information on having OID start and stop on server bootup and shutdown.


8 Patch to 11.1.1.6

The base version has a more recent patchset available. As of this writing, it is Version 11.1.1.6.
There are two parts. There is a an upgrade for the OID software as well as the ODS database schema.

8.1 Finding the patchset
Log in to Oracle Support. After signing on, click on the tab, ‘Patches and Updates’ to get to…..

.. then select ‘Latest Patchsets’.

Mouse over ‘Oracle Fusion Middleware’ and navigate to your platform and select the second 11.1.1.6


A list of Fusion Middleware components appears. We are interested in the patch for Oracle Identity
Management:

Download the patch and unzip as usual.

8.2 Applying the software patch
The official documentation for running the patch starts at:
http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_installer.htm#CBHFDHJC

First, shutdown the OID stack using

opmnctl stopall

Change to the directory containing the unzipped patchset, cd to Disk1 and run the runInstaller utility.

Click ‘Next’ to continue.


The next screen asks about software updates.

Select ‘Skip Software Updates’, then Next.

Select ‘Install Software – Do Not Configure’, then Next

The prerequisites are checked again. There should not be any surprises here. Next to continue.


The following screen gives us an opportunity to mess things up.

IMPORTANT: Notice that the installer does not know where your current middleware home is.
You need to retype the correct home. You entered this in Step 5 of the original install.

Two confirmation screens appear.

Click ‘Yes’ to continue.

This next one looks scary but is ok….

… click ‘Yes’ to continue.


The Security Updates nag screen appears again if it isn’t configured.

As with other installs, you are presented with the pre-install summary.

Start the install

In a few minutes the install will complete:

Then you are prompted to run a script as root.

After running the script, return to the installer and click ‘OK’, then ‘Finish’.


8.3 Applying the database schema patch
The Fusion Middleware patches use a utility called, psa, to apply patches to schemas.

The pertinent manual chapters are:

http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_installer.htm - BABHJBFG
and
http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_assistant.htm - BABEBGEJ

You can either use psa in GUI mode, or more simply give it a response file to use. NOTE: if you use commandline
and a response file, psa still expects to see an X server even though it does not produce any graphical output ( kind
of reminds one of the old days when the oracle installer used to need this for silent installs )

Create a response file, such as /tmp/psa_1116.rsp, containing these lines:

[GENERAL]
fileFormatVersion = 3

[OID.OID11]
pluginInstance = 2

OID.databaseType = Oracle Database
OID.schemaUserName = ODS
OID.dbaUserName = sys as sysdba
OID.databaseConnectionString = oidsrv1:1521/oradba4
OID.cleartextDbaPassword = yoursyspassword

The databaseConnectionString is specified using the so called ‘ezconnect’ syntax: //dbhost:port/dbname.
The host name of the database must be specified after the //; the database name containing the ODS
schema is specified after the slash. If you are using a listener port other than 1521, that will need to be
changed as well.

To run psa with the response file, simply issue:

$ORACLE_HOME/bin/psa -response /tmp/psa1116.rsp

This produces output similar to the following:

Oracle Fusion Middleware Patch Set Assistant 11.1.1.6.0
Log file is located at:
/orabase/orahomes/oid/oracle_common/upgrade/logs/psa2012-03-28-11-37-47AM.log
Using response file /home/oracle/psa1116.rsp for input
Oracle Internet Directory schema examine is in progress
Oracle Internet Directory schema examine finished with status: succeeded
Oracle Internet Directory schema upgrade is in progress
Oracle Internet Directory schema upgrade finished with status: succeeded

At this point, restart Oracle Internet Directory to confirm it is all working

opmnctl startall


9 Adding Nodes
To add high availability and redundancy to our Oracle Internet Directory deployment, we need to add one
or more additional nodes. These nodes will replicate amongst each other once everything is set up.

9.1 Set up additional node
On the next server node, apply the steps in chapters 3, 5, and 8

9.2 Configure replication
On the Oracle support site, there is an excellent document which concisely describes the replication set up
steps. The document number is 1372095.1. Kudos to the author(s) of the document.

The steps in that document are the source material for the steps listed below and were used in our
installation.

Conventions used in the examples below:

First server: oidserver1 Database: oradba1
Second server: oidserver2 Database: oradba2

In this scenario, we have successfully installed OID on server oidserver1. This OID instance uses the
database oradba1 as its backend database.

Now we want to set up multi-master replication to the second node we just built. This is oidserver2 using
database oradba2.

9.2.1 Set your environment
On your first node, set your environment as described in section 7.1

9.2.2 Remtool on first node

Use the remtool utility and answer the prompts

$ remtool –paddnode

Enter directory details:
Enter hostname of host running OID server : oidserver1
Enter port on which OID server is listening : 3060
Enter replication dn password : <ODS password of 1st node> (See step 10 of the install)

<Output suppressed>
Enter consumer directory details:
Enter hostname of host running OID server : oidserver2
Enter port on which OID server is listening : 3060
Enter replication dn password : <ODS password of 2nd node>


Enter replica type [1 - LDAP read-only replica; 2 - LDAP updateable replica; 3 - LDAP
multimaster replica] : 3

<Output suppressed>

List of available naming contexts in supplier replica ldap://orasrv02:3060
1. * [replicate whole directory]

Enter naming context [Enter "e" to end selection] : * ( type *, not 1 )

Enter naming context [Enter "e" to end selection] : e

Following naming contexts will be included for replication:
------------------------------------------------------------------------------
1. *
Do you want to continue? [y/n] : y
------------------------------------------------------------------------------
Selected naming contexts have been included for replication.
------------------------------------------------------------------------------

9.2.3 Seed the 2nd node
To get the second OID node to seed itself from the first, we need to create an ldif file.

Log on to the second server and set your environment as mentioned previously.

Create a text file such as /tmp/seed.ldif

dn: orclreplicaid=oidserver2_oradba2,cn=replication configuration
changetype: modify
replace: orclreplicastate
orclreplicastate: 0

( Notice that the orclreplicaid is comprised of the hostname and the database name of the second OID
instance. )

Then apply this file to the second node:

ldapmodify -p 3060 -D cn=orcladmin -w <ODS password of 2nd node>
-f /tmp/seed.ldif

9.3 Start replication on both nodes
On the first OID server issue the command:

oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1
flags="host=oidserver1 port=3060" start

On the second OID server issue the command:

flags="host=oidserver2 port=3060" start


Note: You won’t usually need to start the replication this way. From now on, when you issue opmnctl
startall, it will also start the replication.

Note: the OIDDB refers to a service name entry which exists in OID’s own tnsnames.ora file. It is an
alias for the database that you created.

When the second node is in synch, you will see an entry in its oidrepld.log like the following:

"[2011-10-26T04:37:52+00:00] [OID] [NOTIFICATION:16] [] [OIDREPLD] [host:
oidserver2t] [pid: 27563] [tid: 1] Reader(Transport):: gslrbsbBootStrap:
BOOTSTRAP DONE SUCCESSFULLY"

You can query the status of replication on a node with the following:

oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 status

As far as I know, this is the only way to query the status of replication.

If you need to stop only the replication, you can use this command to stop the replication component on a
given host.

flags="host=oidserver2 port=3060" stop

9.4 Confirming replication

Since ‘seeing is believing’, you can create an entry in one node and verify that it replicates to the other.

If you want to use Net Manager for this and you want to change something in the second node, you have
to change the order of directory_servers in your ldap.ora ( see section 6.2 )

You can also add ldap entries manually as described in section 10.23


10 Miscellaneous Topics
10.1 Auto stop/start for linux
Here is one approach to creating an autostart script for Oracle Internet Directory on linux servers.
This example assumes that the database is co-resident on the same server. It also assumes you have a
script (setoidenv) that sets all the environment variables for Oracle Internet Directory as described
previously.

/etc/init.d/oid:

#!/bin/sh
#
# oid: Oracle Internet Directory
#
# chkconfig: - 95 5
# description: Oracle Internet Directory LDAP Server
#
# Startup/shutdown for Oracle Internet Directory
# 02/03/12 Mark Luszczynski
#

start () {
echo -n $"Starting Oracle Internet Directory: "
su - oracle -c "lsnrctl start"
su - oracle -c "dbstart"
su - oracle -c ". setoidenv ; opmnctl startall"
RETVAL=$?
return $RETVAL
}

stop () {
# stop daemon
echo -n $"Stopping Oracle Internet Directory: "
su - oracle -c ". setoidenv; opmnctl stopall"
su - oracle -c "dbshut"
RETVAL=$?
}

status () {
echo -n $"Querying Oracle Internet Directory: "
su - oracle -c ". setoidenv; opmnctl status ; oidctl connect=OIDDB
server=oidrepld instance=1 componentname=oid1 status"
RETVAL=$?
}

restart() {
stop
start
}

case $1 in
start)
start
;;
stop)
stop


;;
restart)
restart
;;
status)
status
RETVAL=$?
;;
*)

echo $"Usage: $prog {start|stop|restart|status}"
exit 3
esac

exit $RETVAL

Use the chkconfig command to have this script included in startups and shutdowns

/sbin/chkconfig --level 2345 oid on

10.2 Using Round Robin DNS
As mentioned, the standard oracle sqlnet client will not load balance between a list of directory servers
that have been specified in the DIRECTORY_SERVERS line of the ldap.ora. ( Although somewhere I
read that the jdbc clients do this – can’t remember where ).

In the case of server failure, there is a 30 second ( perhaps 15 ) timeout before the client tries the next
server in the list. Unfortunately, if you send the same ldap.ora file to all clients and servers, only the first
OID server ever sees any action.

DNS provides a way for us to set up one entry that has several possible addresses. This is called Round
Robin DNS. www.diapers.com is an example of one. When your tcp client makes the DNS resolve call
for ‘www.diapers.com’, your client will receive back two possible IP addresses in a random order. Most
apps will only use the first one and will be the actual IP you will address when browsing your diapers.

ipconfig /displaydns

www.diapers.com
----------------------------------------
Record Name . . . . . : www.diapers.com
Record Type . . . . . : 1
Time To Live . . . . : 240
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 72.22.187.68

Record Name . . . . . : www.diapers.com
Record Type . . . . . : 1
Time To Live . . . . : 240
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 75.98.67.132

The one drawback with this method, is that while it gives you good pseudo load balancing, failing over to
another address in the list could take as long as the “Time To Live” setting. The TTL setting tells your
dns client how often it needs to go back to the DNS server to refresh the info regarding this entry.


The actual DNS entry for your oid might look like this:

oid.archcoal.com 300 IN A 10.10.10.1
oid.archcoal.com 300 IN A 10.10.10.2

300 is the Time To Live ( TTL ) in seconds.

10.3 Manually adding ldap entries
If you just love your command line and want to add an Oracle Internet Directory service name manually,
here’s an example of how you would add an entry:

Create an ldif file which will be read in by the ldapadd command.

Eg: /tmp/addnew.ldif

dn: cn=aci,cn=corp,cn=net
objectclass: top
objectclass: orclNetService
cn: mydb This is the service name
orclNetDescString: (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL =
TCP)(HOST = myhost)(PORT =1521))) (CONNECT_DATA = (SID = mydb)))

To add this new service name "mydb" to OID, use the "ldapadd" command:

ldapadd -D "cn=orcladmin" -w <password>
-h oidsrv1 -p 389 -v -f /tmp/addnew.ldif

10.4 View all ldap tns entries
If you’re more curious and you want to see the contents in ldap form dumped directly from the ldap
directory you can use this command:

ldapsearch -h <oidserver> -p 3060 -D cn=orcladmin -w <password>
-b "cn=OracleContext,dc=aci,dc=corp,dc=net"
-s one "objectclass=orclNetService"

The server name is the hostname of the OID server.
The password needed is the password for cn=orcladmin.
The –b option needs to include your default realm.

This produces output like:

cn=ORADBA2,cn=OracleContext,dc=aci,dc=corp,dc=net
objectclass=top
objectclass=orclNetService
cn=ORADBA2
orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=acioem)(PORT
=1521)))(CONNECT_DATA=(SERVICE_NAME=ORADBA2)))
orclnetdescname=000:cn=DESCRIPTION_0

cn=PRDWHSE1,cn=OracleContext,dc=aci,dc=corp,dc=net
objectclass=top
objectclass=orclNetService


cn=PRDWHSE1
orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=acidb1)(PORT
=1521)))(CONNECT_DATA=(SERVICE_NAME=prdwhse1)))
orclnetdescname=000:cn=DESCRIPTION_0


10.5 Moving the OID database
If the occasion should arise that you want to move a database that contains the OID schema, this is fairly easy once
you know what to change.

Steps:

• Shut down the OID instance ( opmnctl stopall )
• Shut down its database
• Move the entire database to its new server
• Start database on new server
• On the OID server, in the directory $ORACLE_INSTANCE/config , modify the tnsnames.ora and
tnsnames_copy.ora files. These files have an entry for OIDDB. ( Not sure what the purpose of _copy
is )
• Start OID ( opmnctl startall )


Oid installation presentation notes

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Oid installation presentation notes

Similar to Oid installation presentation notes (20)

Oid installation presentation notes