Installation notes for Installing OID standalone a.k.a.

Presentation Notes
Mark Luszczynski Arch Coal, Inc.

Purpose and Scope ................................................................................................................................................2 1 1.1 High level overview of steps .............................................................................................................................2 2 Why a global naming system ................................................................................................................................3 3 Linux Server Requirements ..................................................................................................................................4 3.1 Linux VM settings ............................................................................................................................................4 3.2 Disable selinux ..................................................................................................................................................4 3.3 Firewall issues ( iptables ) .................................................................................................................................4 3.4 Kernel parameters .............................................................................................................................................5 3.5 Create database to hold OID data ......................................................................................................................5 4 Download the OID software .................................................................................................................................6 5 OID Installation ....................................................................................................................................................7 5.1 Getting started screens ......................................................................................................................................7 5.2 Software options ...............................................................................................................................................9 5.3 Start the install ................................................................................................................................................ 14 5.4 Enable anonymous binds................................................................................................................................. 15 6 Manage Service Names ...................................................................................................................................... 16 6.1 sqlnet.ora change ............................................................................................................................................. 16 6.2 ldap.ora............................................................................................................................................................ 16 6.3 Net Manager.................................................................................................................................................... 17 6.3.1 Load OID from tnsnames.ora ...................................................................................................................... 18 6.3.2 Adding a Service Name ............................................................................................................................... 18 6.4 Proving that its working ................................................................................................................................. 22 7 OID Process control............................................................................................................................................ 23 7.1 Environment variables .................................................................................................................................... 23 7.2 OID Management ............................................................................................................................................ 23 8 Patch to 11.1.1.6 ................................................................................................................................................ 24 8.1 Finding the patchset ........................................................................................................................................ 24 8.2 Applying the software patch ........................................................................................................................... 25 8.3 Applying the database schema patch .............................................................................................................. 29 9 Adding Nodes ..................................................................................................................................................... 30 9.1 Set up additional node ..................................................................................................................................... 30 9.2 Configure replication ...................................................................................................................................... 30 9.2.1 Set your environment .................................................................................................................................. 30 9.2.2 Remtool on first node .................................................................................................................................. 30 9.2.3 Seed the 2nd node ........................................................................................................................................ 31 9.3 Start replication on both nodes ........................................................................................................................ 31 9.4 Confirming replication .................................................................................................................................... 32 10 Miscellaneous Topics ......................................................................................................................................... 33 10.1 Auto stop/start for linux .................................................................................................................................. 33 10.2 Using Round Robin DNS ................................................................................................................................ 34 10.3 Manually adding ldap entries .......................................................................................................................... 35 10.4 View all ldap tns entries .................................................................................................................................. 35 10.5 Moving the OID database ............................................................................................................................... 37

Purpose and Scope

The goal is to use Oracle Internet Directory for a centralized naming authority for oracle service names. This document describes, in detail, the steps for the different tasks associated with installing Oracle Internet Directory in a stand-alone configuration without the full Fusion Middleware install. The idea behind this document is to reduce all the pertinent information regarding the install steps into one document to produce a repeatable procedure. The focus is on the steps required to accomplish this objective and not on all the other features and theory of Oracle Identity Management. If you are planning to use Oracle Identity Management for Single Sign-on and the like, do not use this procedure.

1.1 High level overview of steps

The install of Oracle Internet Directory process requires several discrete steps. Below is a summary of the steps that will be discussed in detail in this document. Provision a server Create a database for OID Download OID Install OID 11.1.1.2 Verify operation Patch OID to 11.1.1.6 Add additional nodes (replication) Verify replication and operation

OID Installation

Mark Luszczynski

Why a global naming system

The advantages of managing anything centrally is always a benefit in a fast-changing environment with many configurable end points. In the oracle world, tnsnames.ora files have been around for a long time. As installation sizes grow, it can become very cumbersome to maintain dozens if not hundreds of tnsnames.ora files that sit on individual servers and desktops. The tnsnames.ora file is logically equivalent to an /etc/hosts file on unix or c:\Windows\System32\drivers\etc on windows. Normally for an IP connection the address or url is converted to an IP address by querying a central DNS server. Think of a DNS server as a master /etc/hosts that everybody can access. Your local hosts file would only be used if you wanted to create your own alias for an IP address that is not registered in your companys DNS. For many years, the oracle client has been able to leverage aliases in the DNS. This is known as the host naming method. This works very well if you can live with all the default sqlnet settings. All databases must listen on port 1521 and so on. It is not useful for failover/standby configurations. To resolve a database name via a DNS alias, simply have the DNS administrator add a CNAME alias record for the database name. This cname entry must point to the hosting server for the database. Eg: mydb.com CNAME myhost.com You will also need to make sure that every clients sqlnet.ora file contains a names.directory_path=(hostname,..) line. Oracle Corp created Oracle Names several years ago as a central naming service. This was replaced with Oracle Internet Directory. Oracle Internet Directory is an ldap server that logically functions as the directory for oracle tns information. ( It is capable of much more but that is beyond the scope of this presentation. ) Unlike the host naming method, OID does allow for tns entries with all the optional settings such as failover and load balancing. After the first Oracle Internet Directory node is created, you will want to have one or more additional OID nodes to provide redundancy. Setting this up is also discussed in this document. Oracle also offers a methodology for leveraging an existing Microsoft Active Directory (AD) as the naming authority. This approach is not considered in this presentation.

OID Installation

Mark Luszczynski

Linux Server Requirements

This presentation focuses on using Redhat Linux as the o/s. The procedure should be the same if you choose to use Oracle Enterprise Linux or Centos. OID is not certified against any version of Linux 6 as of this writing. We were unable to use Oracle Enterprise Linux as vmware and OEL 5 do not get along. Oracle says its vmwares problem; Vmware says a patch is due in May 2012. We did not wish to wait so we proceeded with Redhat 5.7.

3.1 Linux VM settings

We used these settings for our OID vms: Memory Software f/s Database f/s 4G 20G 5G

The linux o/s software is installed in the usual fashion. You will later probably need to download additional packages required by OID and the database software.

3.2 Disable selinux

Selinux will get in the way when you are running the install. The simplest solution is to disable it rather than try to work with it. In our project, we did not attempt to work with selinux on. To disable permanently, edit the file /etc/sysconfig/selinux and change the SELINUX line as follows:
SELINUX=disabled

To disable temporarily, then as root:

echo 0 >/selinux/enforce

3.3 Firewall issues ( iptables )

The Linux firewall service is called iptables. If this service is on, by default it will block OID ports. You can add entries to iptables to allow OID traffic but you must be root to do this. ( This example assumes ports 3060 and 3131 for OID )
# iptables -A RH-Firewall-1-INPUT --state NEW -m tcp --dport # iptables -A RH-Firewall-1-INPUT --state NEW -m tcp --dport -p tcp -m state \ 3060 -j ACCEPT -p tcp -m state \ 3131 -j ACCEPT

The other possibility is to turn it off

# service iptables stop

OID Installation

Mark Luszczynski

3.4 Kernel parameters

Kernel parameters can be permanently adjusted by changing the /etc/sysctl.conf file. These settings will be sufficient for OID.
kernel.shmall = 4294967296 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 fs.file-max = 6815744 net.ipv4.ip_local_port_range = 9000 65500 net.core.rmem_default = 262144 net.core.wmem_default = 262144 net.core.rmem_max = 4194304 net.core.wmem_max = 1048576 fs.aio-max-nr = 1048576

After making changes to this file, the easiest thing to do is reboot. This will be a good test to verify that the firewall and selinux changes stick after reboot. ( Linux kernel parameters can also be modified dynamically if you really dont want to reboot )

3.5 Create database to hold OID data

It is recommended to create a separate database which will hold the OID data. You can create this database in any standard fashion you wish but there are three requirements: 1. The character set must be AL32UTF8 2. The nationalcharacter set must be AL16UTF16 3. The spfile parameter, processes, must be a minimum of 500 As the database doesnt have much redo activity, we chose to host the database on the same vm as the OID server. You of course can locate the database anywhere you wish. And of course, you should back up this database. We used the latest and greatest Oracle database which is 11.2.0.3 as of this writing. The OID installer will complain that version 11.2.0.3 is not equal to or higher than 11.1.0.7. You can ignore this warning.

OID Installation

Mark Luszczynski

Download the OID software

Now we are ready to download the software. Downloading the exact correct software isnt as easy as it sounds. The software is available on technet.oracle.com Go to this link: Click the
http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html

as usual.

Here is where the first opportunity to waste time comes in. When the software page appears, one might be led to believe that the most current Identity Management listing is the software to download. However, if you attempt to install OID using Identity Management 11.1.1.3 you will be told by the installer that this is a patchset.

The correct base software to download is further down the page in the Earlier Identity and Access Management section.

After the installation, there is a software patch to apply as well. This will be described in a later step.

OID Installation

Mark Luszczynski

OID Installation

After unzipping etc, change to the Disk1 directory which contains runInstaller for OID. Then type the command: ./runInstaller The Oracle documentation used in this section is the Oracle FMW Installation Guide for Oracle Identity Management: http://docs.oracle.com/cd/E12839_01/install.1111/e12002/oid.htm

5.1 Getting started screens

In a moment or two, the welcome screen appears.

Click the

Button to get started.

Select the Install and Configure Option

OID Installation

Mark Luszczynski

Step 3 is the Prerequisites Check At this point, you may need to install additional linux packages.

The installer will tell you which required linux packages are missing. Consult with your linux administrator on installing the needed packages. If you have the root access yourself, you can either use gui system-config-packages or command line yum to install the oracle required packages. Yum example: yum install gcc-c++.x86_64 Kernel parameters should have already been addressed in section 3.4

OID Installation

Mark Luszczynski

5.2 Software options

After successfully meeting all the Prerequisite Checks the Step 4 screen will start the sequence of prompting for details regarding the OID installation.

Select Configure Without a Domain as we are installing OID without the FMW framework.

Step 5 will prompt you for software locations and the oracle instance name. In this context, oracle instance refers to the software instance, not a database.

You will probably want to change the default locations presented by the installer. Although not required, we have placed the Oracle Instance ( OID instance that is ) inside the middleware home. We left the instance name at the default of asinst_1.

OID Installation

Mark Luszczynski

Step 6 presents the usual Specify Security Updates prompt.

You can choose to enter the information or leave it blank.

The Step 7 screen is probably the most important one. This is where you are going to tell the installer that we are installing OID only.

Make sure your selection matches the above before continuing. Oracle Internet Directory must be the only item with a check mark.

Step 8 OID ports

OID Installation Mark Luszczynski 10

For linux, ports 3060 and 3131 are selected by default.

Step 9 prompts for details about the database that you created earlier. In this example, database oradba4 was created on server oidsrv1.

At this point, the install is prompting for a DBA account signon ( not the ODS schema ). You will be prompted for that later.

OID Installation

Mark Luszczynski

11

If you are using a database newer than 11.1, you get this puzzling message. It can be ignored.

Step 10 prompts for the passwords for the database schemas required for OID.

The ODS schema will contain the data for Oracle Internet Directory. This password will be needed for maintenance operations. Be sure to make a record of it. The ODSSM schema apparently is not used in a stand-alone OID installation. I have not needed the password to date.

OID Installation

Mark Luszczynski

12

Step 11 will prompt for information regarding your ldap configuration.

On this screen, you set the default realm for your OID. The Administrator User Name will be the signon used to maintain your Oracle Internet Directory service name information. This will be the password you use most. For example you will need it when using Net Manager to modify the tns data that it stored in your directory.

OID Installation

Mark Luszczynski

13

5.3 Start the install

You are then presented with the install summary.

Click on the Install button to start

After several minutes, you will be prompted to run a script as root:

Run the script as indicated, then click on OK. The install will now continue through several more steps.

OID Installation

Mark Luszczynski

14

After the installation is complete the status screen should look similar to the following:

The software install is now complete. Your Oracle Internet Directory processes should be up and running. You can go ahead and exit the installer.

5.4 Enable anonymous binds

In order for clients to be able to query the ldap server which contains the OID information, you will have to enable anonymous binds. To do this, you will need an ldif file which are essentially commands for the ldap server. Create a file /tmp/anon.ldif and add these lines
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry changetype: modify replace: orclAnonymousBindsFlag orclAnonymousBindsFlag: 1

Then apply the file

ldapmodify -p 3060 -D cn=orcladmin -w <password> -f /tmp/anon.ldif

OID Installation

Mark Luszczynski

15

Manage Service Names

Now that you have installed Oracle Internet Directory, you are naturally interested to see if it actually works. The easiest way to do this is from your desktop. If you installed a full sqlnet client, then you should already have the Net Manager in the menu. However, you must first make some configuration changes in your pcs network/admin directory so that it will look at the ldap directory. In a typical install, the admin directory is in <something>\product\11.2.0\client_1\network\admin Make a note of these changes as these will also need to be done once on each desktop or server when you are ready to fully deploy OID to your enterprise.

6.1 sqlnet.ora change

In the sqlnet.ora file, you need to ensure that LDAP is one of the search options. In the example below, the names.directory_path line has been changed so that OID will be searched first, prior to looking at any local tnsnames.ora that may exist. NAMES.DIRECTORY_PATH=(LDAP,TNSNAMES)

6.2 ldap.ora
You will also need an ldap.ora file in the same directory. This file tells the oracle client which type of ldap directory is being used as well as the list of servers to query. In the example below, there are two ldap servers listed.
DIRECTORY_SERVERS=( oidsrv1:3060:3131, oidsrv2:3060:3131 ) DEFAULT_ADMIN_CONTEXT = "dc=aci,dc=corp,dc=net" DIRECTORY_SERVER_TYPE = OID

Note that the DEFAULT_ADMIN_CONTEXT must match the Realm that you entered during Step 11 of the OID install. Unfortunately, at this time, the list of ldap servers is processed sequentially. This means that if you distribute this ldap.ora to all clients, everybody will hit oidsrv1. The second server will only see traffic if oidsrv1 is down. It would be nice if the oracle client had an option to pick one at random for pseudo load-balancing. Currently tns entries allow this sort of load-balancing. I have filed an enhancement SR for this feature in ldap.ora.

OID Installation

Mark Luszczynski

16

6.3 Net Manager

Now we are ready to fire up Net Manager. In Windows 7, you will find it in the Oracle OraClient11g_home1 menu tree.

The opening screen appears.

Click on the + next to Directory, then click on the + next to Service Naming. Now you will be prompted for the ldap signon. This will be the same credentials you entered during Step 11 of the install. Service name entries can be added either manually, or by loading in an existing tnsnames.ora file.

OID Installation

Mark Luszczynski

17

6.3.1 Load OID from tnsnames.ora

As you get ready to deploy your Oracle Internet Directory, you probably really do not want to hand enter all the service names. Fortunately, there is a way to load your golden tnsnames.ora into OID using Net Manager.

To load a tnsnames.ora file into OID, you use what Net Manager calls Export. A little confusing at first. Select Command from the menu, then Directory, then Export Net Service Names.

6.3.2 Adding a Service Name

This example demonstrates how to add a new service name directly. This is how you will add new entries.

Although not immediately obvious you must first select Service Naming and then press the green + to start the process of adding an ldap service name entry.

Now you will be prompted for the details regarding your service. You will recognize that these are the same elements that would comprise a corresponding tnsnames.ora entry.

OID Installation

Mark Luszczynski

18

Equivalent to

mark1=

Equivalent to

(PROTOCOL=TCP)

OID Installation

Mark Luszczynski

19

Equivalent to (HOST=devdb1)(PORT=1521)

Equivalent to (SERVICE_NAME=fred1)

OID Installation

Mark Luszczynski

20

Your entry will look like this:

Here is an example of a service name with failover. Notice that there are multiple Address tabs.

OID Installation

Mark Luszczynski

21

6.4 Proving that its working

If youre like me, at this point you will be thinking, Ive loaded my service names into OID and thats all well and good but prove to me that the thing is working. The tnsping utility is what you want to use. Simply issue a tnsping against one of your service names.

If you see Used LDAP Adapter then your OID resolution is working. See section 10.4 if you want to see your entries in ldap form.

OID Installation

Mark Luszczynski

22

OID Process control

When the installer finished, it started the OID processes. Of course, there will come a time when you need to shut these down for patches or whatever. There are several basic commands that stop and start the OID stack.

7.1 Environment variables

Because the stack contains multiple layers, there are several environment variables that have to be in linux for these commands to work seamlessly. One suggestion is to create a oidenv script that you can run to set these.
export export export export export ORACLE_HOME=/orabase/orahomes/oid/Oracle_IDM1 ORACLE_INSTANCE=/orabase/orahomes/oid/asinst_1 INSTANCE_NAME=asinst_1 COMPONENT_NAME=oid1 NLS_LANG=AMERICAN_AMERICA.AL32UTF8

PATH=${ORACLE_HOME}/bin:${ORACLE_HOME}/ldap/bin:${ORACLE_INSTANCE}/bin:${PATH};export PATH

These variable settings must match the entries you made during Step 5 of the install. By adding the paths for each of the bin directories, you can save some typing. Most of the examples presented in this document rely on this script having been run.

7.2 OID Management

The basic command to start, stop and view status are opmnctl and oidctl
opmnctl startall opmnctl stopall opmnctl status

-- starts all components ( including replication once its setup ) -- stops all components ( including replication once its setup ) -- reports status of OID components except for replication

We havent installed replication yet but to view the status of replication there is a separate command.
oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 status

These commands have lots of other options but these are the ones needed for basic management. See section 10.1 for information on having OID start and stop on server bootup and shutdown.

OID Installation

Mark Luszczynski

23

Patch to 11.1.1.6

The base version has a more recent patchset available. As of this writing, it is Version 11.1.1.6. There are two parts. There is a an upgrade for the OID software as well as the ODS database schema.

8.1 Finding the patchset

Log in to Oracle Support. After signing on, click on the tab, Patches and Updates to get to..

.. then select Latest Patchsets.

Mouse over Oracle Fusion Middleware and navigate to your platform and select the second 11.1.1.6
OID Installation Mark Luszczynski 24

A list of Fusion Middleware components appears. We are interested in the patch for Oracle Identity Management:

Download the patch and unzip as usual.

8.2 Applying the software patch

The official documentation for running the patch starts at:
http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_installer.htm#CBHFDHJC

First, shutdown the OID stack using

opmnctl stopall

Change to the directory containing the unzipped patchset, cd to Disk1 and run the runInstaller utility.

Click Next to continue.

OID Installation

Mark Luszczynski

25

The next screen asks about software updates.

Select Skip Software Updates, then Next.

Select Install Software Do Not Configure, then Next

The prerequisites are checked again. There should not be any surprises here. Next to continue.

OID Installation

Mark Luszczynski

26

The following screen gives us an opportunity to mess things up.

IMPORTANT: Notice that the installer does not know where your current middleware home is. You need to retype the correct home. You entered this in Step 5 of the original install. Two confirmation screens appear.

Click Yes to continue.

This next one looks scary but is ok.

click Yes to continue.

OID Installation

Mark Luszczynski

27

The Security Updates nag screen appears again if it isnt configured.

As with other installs, you are presented with the pre-install summary.

Start the install In a few minutes the install will complete:

Then you are prompted to run a script as root.

After running the script, return to the installer and click OK, then Finish.

OID Installation

Mark Luszczynski

28

8.3 Applying the database schema patch

The Fusion Middleware patches use a utility called, psa, to apply patches to schemas. The pertinent manual chapters are:
http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_installer.htm - BABHJBFG and http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_assistant.htm - BABEBGEJ

You can either use psa in GUI mode, or more simply give it a response file to use. NOTE: if you use commandline and a response file, psa still expects to see an X server even though it does not produce any graphical output ( kind of reminds one of the old days when the oracle installer used to need this for silent installs ) Create a response file, such as /tmp/psa_1116.rsp, containing these lines: [GENERAL] fileFormatVersion = 3 [OID.OID11] pluginInstance = 2 OID.databaseType = Oracle Database OID.schemaUserName = ODS OID.dbaUserName = sys as sysdba OID.databaseConnectionString = oidsrv1:1521/oradba4 OID.cleartextDbaPassword = yoursyspassword

The databaseConnectionString is specified using the so called ezconnect syntax: //dbhost:port/dbname. The host name of the database must be specified after the //; the database name containing the ODS schema is specified after the slash. If you are using a listener port other than 1521, that will need to be changed as well. To run psa with the response file, simply issue:
$ORACLE_HOME/bin/psa -response /tmp/psa1116.rsp

This produces output similar to the following:

Oracle Fusion Middleware Patch Set Assistant 11.1.1.6.0 Log file is located at: /orabase/orahomes/oid/oracle_common/upgrade/logs/psa2012-03-28-11-37-47AM.log Using response file /home/oracle/psa1116.rsp for input Oracle Internet Directory schema examine is in progress Oracle Internet Directory schema examine finished with status: succeeded Oracle Internet Directory schema upgrade is in progress Oracle Internet Directory schema upgrade finished with status: succeeded

At this point, restart Oracle Internet Directory to confirm it is all working

opmnctl startall

OID Installation

Mark Luszczynski

29

Adding Nodes

To add high availability and redundancy to our Oracle Internet Directory deployment, we need to add one or more additional nodes. These nodes will replicate amongst each other once everything is set up.

9.1 Set up additional node

On the next server node, apply the steps in chapters 3, 5, and 8

9.2 Configure replication

On the Oracle support site, there is an excellent document which concisely describes the replication set up steps. The document number is 1372095.1. Kudos to the author(s) of the document. The steps in that document are the source material for the steps listed below and were used in our installation. Conventions used in the examples below: First server: oidserver1 Second server: oidserver2 Database: oradba1 Database: oradba2

In this scenario, we have successfully installed OID on server oidserver1. This OID instance uses the database oradba1 as its backend database. Now we want to set up multi-master replication to the second node we just built. This is oidserver2 using database oradba2.

9.2.1 Set your environment

On your first node, set your environment as described in section 7.1

9.2.2 Remtool on first node

Use the remtool utility and answer the prompts
$ remtool paddnode Enter Enter Enter Enter directory details: hostname of host running OID server : oidserver1 port on which OID server is listening : 3060 replication dn password : <ODS password of 1st node>

(See step 10 of the install)

<Output suppressed>
Enter Enter Enter Enter consumer directory details: hostname of host running OID server : oidserver2 port on which OID server is listening : 3060 replication dn password : <ODS password of 2nd node>

OID Installation

Mark Luszczynski

30

Enter replica type [1 - LDAP read-only replica; 2 - LDAP updateable replica; 3 - LDAP multimaster replica] : 3

<Output suppressed>
List of available naming contexts in supplier replica ldap://orasrv02:3060 1. * [replicate whole directory] Enter naming context [Enter "e" to end selection] : * Enter naming context [Enter "e" to end selection] : e Following naming contexts will be included for replication: -----------------------------------------------------------------------------1. * Do you want to continue? [y/n] : y -----------------------------------------------------------------------------Selected naming contexts have been included for replication. ------------------------------------------------------------------------------

( type *, not 1 )

9.2.3 Seed the 2nd node

To get the second OID node to seed itself from the first, we need to create an ldif file. Log on to the second server and set your environment as mentioned previously. Create a text file such as /tmp/seed.ldif
dn: orclreplicaid=oidserver2_oradba2,cn=replication configuration changetype: modify replace: orclreplicastate orclreplicastate: 0

( Notice that the orclreplicaid is comprised of the hostname and the database name of the second OID instance. ) Then apply this file to the second node: ldapmodify -p 3060 -D cn=orcladmin -w <ODS password of 2nd node> \ -f /tmp/seed.ldif

9.3 Start replication on both nodes

On the first OID server issue the command: oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 \ flags="host=oidserver1 port=3060" start On the second OID server issue the command: oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 \ flags="host=oidserver2 port=3060" start

OID Installation

Mark Luszczynski

31

Note: You wont usually need to start the replication this way. From now on, when you issue opmnctl startall, it will also start the replication. Note: the OIDDB refers to a service name entry which exists in OIDs own tnsnames.ora file. It is an alias for the database that you created. When the second node is in synch, you will see an entry in its oidrepld.log like the following:
"[2011-10-26T04:37:52+00:00] [OID] [NOTIFICATION:16] [] [OIDREPLD] [host: oidserver2t] [pid: 27563] [tid: 1] Reader(Transport):: gslrbsbBootStrap: BOOTSTRAP DONE SUCCESSFULLY"

You can query the status of replication on a node with the following:
oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 status

As far as I know, this is the only way to query the status of replication. If you need to stop only the replication, you can use this command to stop the replication component on a given host. oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 \ flags="host=oidserver2 port=3060" stop

9.4 Confirming replication

Since seeing is believing, you can create an entry in one node and verify that it replicates to the other. If you want to use Net Manager for this and you want to change something in the second node, you have to change the order of directory_servers in your ldap.ora ( see section 6.2 ) You can also add ldap entries manually as described in section 10.23

OID Installation

Mark Luszczynski

32

10 Miscellaneous Topics 10.1 Auto stop/start for linux

Here is one approach to creating an autostart script for Oracle Internet Directory on linux servers. This example assumes that the database is co-resident on the same server. It also assumes you have a script (setoidenv) that sets all the environment variables for Oracle Internet Directory as described previously. /etc/init.d/oid:
#!/bin/sh # # oid: Oracle Internet Directory # # chkconfig: - 95 5 # description: Oracle Internet Directory LDAP Server # # Startup/shutdown for Oracle Internet Directory # 02/03/12 Mark Luszczynski #

start () { echo -n $"Starting Oracle Internet Directory: " su - oracle -c "lsnrctl start" su - oracle -c "dbstart" su - oracle -c ". setoidenv ; opmnctl startall" RETVAL=$? return $RETVAL } stop () { # stop daemon echo -n $"Stopping Oracle Internet Directory: " su - oracle -c ". setoidenv; opmnctl stopall" su - oracle -c "dbshut" RETVAL=$? } status () { echo -n $"Querying Oracle Internet Directory: " su - oracle -c ". setoidenv; opmnctl status ; oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 status" RETVAL=$? } restart() { stop start } case $1 in start) start ;; stop) stop OID Installation Mark Luszczynski 33

;; restart) restart ;; status) status RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|status}" exit 3 esac exit $RETVAL

Use the chkconfig command to have this script included in startups and shutdowns /sbin/chkconfig --level 2345 oid on

10.2 Using Round Robin DNS

As mentioned, the standard oracle sqlnet client will not load balance between a list of directory servers that have been specified in the DIRECTORY_SERVERS line of the ldap.ora. ( Although somewhere I read that the jdbc clients do this cant remember where ). In the case of server failure, there is a 30 second ( perhaps 15 ) timeout before the client tries the next server in the list. Unfortunately, if you send the same ldap.ora file to all clients and servers, only the first OID server ever sees any action. DNS provides a way for us to set up one entry that has several possible addresses. This is called Round Robin DNS. www.diapers.com is an example of one. When your tcp client makes the DNS resolve call for www.diapers.com, your client will receive back two possible IP addresses in a random order. Most apps will only use the first one and will be the actual IP you will address when browsing your diapers.
ipconfig /displaydns

www.diapers.com ---------------------------------------Record Name . . . . . : www.diapers.com Record Type . . . . . : 1 Time To Live . . . . : 240 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 72.22.187.68 Record Name . . Record Type . . Time To Live . Data Length . . Section . . . . A (Host) Record . . . . . . . . . . . . . . . . . . : : : : : : www.diapers.com 1 240 4 Answer 75.98.67.132

The one drawback with this method, is that while it gives you good pseudo load balancing, failing over to another address in the list could take as long as the Time To Live setting. The TTL setting tells your dns client how often it needs to go back to the DNS server to refresh the info regarding this entry.
OID Installation Mark Luszczynski 34

The actual DNS entry for your oid might look like this:
oid.archcoal.com oid.archcoal.com 300 300 IN IN A A 10.10.10.1 10.10.10.2

300 is the Time To Live ( TTL ) in seconds.

10.3 Manually adding ldap entries

If you just love your command line and want to add an Oracle Internet Directory service name manually, heres an example of how you would add an entry: Create an ldif file which will be read in by the ldapadd command. Eg: /tmp/addnew.ldif
dn: cn=aci,cn=corp,cn=net objectclass: top objectclass: orclNetService cn: mydb This is the service name orclNetDescString: (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT =1521))) (CONNECT_DATA = (SID = mydb)))

To add this new service name "mydb" to OID, use the "ldapadd" command: ldapadd -D "cn=orcladmin" -w <password> \ -h oidsrv1 -p 389 -v -f /tmp/addnew.ldif

10.4 View all ldap tns entries

If youre more curious and you want to see the contents in ldap form dumped directly from the ldap directory you can use this command:
ldapsearch -h <oidserver> -p 3060 -D cn=orcladmin -w <password> -b "cn=OracleContext,dc=aci,dc=corp,dc=net" \ -s one "objectclass=orclNetService" \

The server name is the hostname of the OID server. The password needed is the password for cn=orcladmin. The b option needs to include your default realm. This produces output like:
cn=ORADBA2,cn=OracleContext,dc=aci,dc=corp,dc=net objectclass=top objectclass=orclNetService cn=ORADBA2 orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=acioem)(PORT =1521)))(CONNECT_DATA=(SERVICE_NAME=ORADBA2))) orclnetdescname=000:cn=DESCRIPTION_0 cn=PRDWHSE1,cn=OracleContext,dc=aci,dc=corp,dc=net objectclass=top objectclass=orclNetService

OID Installation

Mark Luszczynski

35

cn=PRDWHSE1 orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=acidb1)(PORT =1521)))(CONNECT_DATA=(SERVICE_NAME=prdwhse1))) orclnetdescname=000:cn=DESCRIPTION_0

OID Installation

Mark Luszczynski

36

10.5 Moving the OID database

If the occasion should arise that you want to move a database that contains the OID schema, this is fairly easy once you know what to change. Steps: Shut down the OID instance ( opmnctl stopall ) Shut down its database Move the entire database to its new server

Start database on new server

On the OID server, in the directory $ORACLE_INSTANCE/config , modify the tnsnames.ora and tnsnames_copy.ora files. These files have an entry for OIDDB. ( Not sure what the purpose of _copy

is ) Start OID ( opmnctl startall )

OID Installation

Mark Luszczynski

37