|Oracle® Access Manager Installation Guide
Part Number B25353-01
This chapter provides important information you need when removing Oracle Access Manager components. Topics include:
Note:Failure to complete all steps may adversely affect the removal and any subsequent installation. For details about removing cloned components or com;ponents installed in silent mode, see Chapter 15, "Replicating Components".
During Oracle Access Manager component installation, information is saved after certain operations. Until information is saved, you may return and restate details. However, after you are informed that a component is being installed, Oracle Access Manager files are added to the file system.
Note:If you cancel the installation process after receiving the message that a component is being installed and before completing all procedures, you must restore the system to it's previous condition to remove Oracle Access Manager-related information.
There are several steps you need to complete to remove an Oracle Access Manager component, as outlined in the discussion that follows. Some changes made for Oracle Access Manager are not handled automatically and must be manually removed when the Uninstaller program finishes:
Language Packs: Each installed Language Pack must be removed individually using appropriate file in the component's uninstall directory: Component_install_dir\identity|access\_uninstComponentLP_langtag\uninstaller.exe. For example, suppose you have an Identity Server and the WebPass installed with a Korean Language Pack. After uninstalling the Korean Language Pack on each component host, you must stop and restart both the Identity Server Service and the WebPass Web server instance. This will re-initialize corresponding components with the proper language support. Removing the Language Pack associated with the default Administrator language selected during installation is not supported.
Do not remove (uninstall) the Language Pack associated with the default Administrator language selected during installation. If you accidentally remove the Language Pack associated with the default Administrator language selected during installation, see "Language Issues".
Schema and Data Changes: If Oracle Access Manager will be removed and reinstalled with the same directory instance, only the Oracle Access Manager configuration tree(s) need be deleted. In this case, there is no need to remove the Oracle Access Manager schema from the directory instance. When reinstalling the Identity Server, select ÒNoÓ when asked if you want to update the schema (which is already present). Selecting ÒYesÓ results in an error message "schema already exists".
If, however, you plan to remove and reinstall Oracle Access Manager a different directory instance (or not reinstall at all) then configuration data must be removed manually from the directory server and Oracle Access Manager schema extensions must also be removed using cleanup files provided for your directory server. You must remove data from the Identity Server and Policy Manager.
Depending on the type of directory server, you may have one or two cleanup files. For instance, schema extension cleanup files are provided for user data only for VDS. However schema extension cleanup files are provided for both user data and Oblix (configuration data) for NDS, IPlanet, and Oracle Internet Directory. Schema extension cleanup file names begin with an abbreviation that identifies the type of directory, followed by the type of data to be removed.
As an example, look for the files similar to the following in the Identity Server and Policy Manager installation directories:
DirectoryName_user_schema_delete.ldif—Oracle Access Manager user data cleanup file for the specific named directory—removes user data that resides on a separate directory instance from configuration data
DirectoryName_oblix_schema_delete.ldif—Oracle Access Manager configuration data cleanup file for the specific named directory—removes both user and configuration data when both reside on the same directory instance
OID_oblix_schema_index_delete.ldif—Oracle Access Manager cleanup file for Oracle Internet Directory only—removes the Oracle Access Manager attribute index from Oracle Internet Directory before or after you use corresponding Oracle Access Manager data and schema cleanup files.
Some directory vendors do not provide schema cleanup files. For instance, no such files are provided for ActiveDirectory, and Active Directory Application Mode (ADAM).
Note:If Oracle Access Manager will be removed and reinstalled with the same directory instance, only the Oracle Access Manager configuration tree must be deleted. In this case, there is no need to remove the Oracle Access Manager schema from the directory instance. When reinstalling the Identity Server, select ÒNoÓ when asked if you want to update the schema (which is already present). Selecting ÒYesÓ results in an error message "schema already exists".
For details about removing then reinstalling Oracle Access Manager with Oracle Internet Directory, see "Reinstalling Oracle Access Manager with Oracle Internet Directory".
Web Server Configuration Changes: Web server configuration changes that occur during installation must be manually reverted after uninstalling the Oracle Access Manager component (WebPass, Policy Manager, WebGate). For example, the ISAPI transfilter will be installed for IIS WebPass. However, when you uninstall WebPass this is not removed automatically. Also, the created Web service extension and the link to the identity directory will not be removed. This type of information must be removed manually. These are examples of information to remove, not a complete list. Further, you must remove any changes that you manually made to your Web server configuration file for the Oracle Access Manager component (WebPass, Policy Manager, WebGate) should be removed. For more information about what is added for each component, see Part VI, "Web Server Configuration".
Turn off the Identity or Access Server service (or WebPass, Policy Manager, WebGate Web server) for the component you will remove.
Note:If you don't turn off the Web server, uninstall may not succeed and the backup folder won't be removed. If this happens, you need to manually remove the backup folder.
Locate the appropriate Language Pack file in the component's uninstall directory. For example:
Run the Language Pack Uninstaller program to remove the files.
Repeat this process to remove the same Language Pack from associated components.
Stop and restart both the Identity Server Service and the WebPass Web server instance to re-initialize components with the proper language support.
Repeat this process to remove each Language Pack (except the one selected as the default Administrator language (locale)). For example:
Complete the following steps to remove all Oracle Access Manager configuration data from the directory server instance, then remove Oracle Access Manager schema extensions from your directory server, if needed:
Remove the Oracle Access Manager configuration tree from the directory server instance using instructions from your directory vendor.
All Directories: Using the ldapmodify tool, upload the appropriate schema cleanup files for your directory server from the following directory, then remove Oracle Access Manager schema extensions from your directory. For example:
where Component_install_dir refers to the installation directory for the specific Oracle Access Manager component (Identity Server or Policy Manager for example), and DirectoryName_*_schema_delete.ldif refers to the clean up file for your specific directory and data type.
Oracle Internet Directory: After completing the preceding activity to remove Oracle Access Manager schema extensions from Oracle Internet Directory, use the ldapmodify tool to upload the Oracle Internet Directory attribute index cleanup file and remove the Oracle Access Manager attribute index. For example:
If you have only one instance of an Oracle Access Manager component, complete step 4 to remove it. If you have multiple instances of a component, see also step 5.
and so on.
Note:On Unix systems, use uninstall.bin
Windows: The last component can be uninstalled from Add/Remove programs. Others can be uninstalled by running the uninstall program from the \identity or \access \uninstComponent directory.
Unix: You must always run uninstall.bin.
Remove Oracle Access Manager-related updates to your Web server configuration. For information about specific Web servers, see Part VI, "Web Server Configuration".
Restart the Web server, if needed.
Remove the component installation directory if it remains, especially if you plan to reinstall the product.
Under certain circumstances, you may want to reuse an existing Identity Server name. For example, you may want to use an existing Identity Server name if you are rolling Oracle Access Manager out from a test environment to a production environment or if you need to remove an Identity Server for some reason.
If you do not delete the original Identity Server name from the System Console, a login following the set up of a new instance may result in the message "Application has not been set up". Special steps must be taken to ensure you can set up the application and login when recycling an Identity Server name.
The steps that follow presume that you have another Identity Server and WebPass setup within the same installation.
Delete the Identity Server name in the directory server under:
Oblix, Policies, WebResrcDB, name
Re-run Identity Server setup, as described in Chapter 6, "Setting Up the Identity System".
Go to the Identity System Console, delete the inoperable Identity Server instance. For example:
Identity System Console, System Configuration, Identity Server
From the List all Identity Servers page, re-create the instance using the same ID, as described in the Oracle Access Manager Identity and Common Administration Guide. For example: