7 Upgrading Oracle Internet Directory High Availability Environments

This chapter describe how to upgrade Oracle Internet Directory high availability environments that were supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4).

This chapter contains the following sections:

• Summary of Oracle Internet Directory High Availability Upgrade Starting Points

• Before You Begin Upgrading Your Oracle Identity Management High Availability Environment

• Upgrading Oracle Internet Directory and Oracle Directory Integration Platform in a High Availability Environment

• Upgrading Oracle Internet Directory and Oracle Directory Integration Platform in a Colocated High Availability Environment

• Upgrading Oracle Internet Directory Only

7.1 Summary of Oracle Internet Directory High Availability Upgrade Starting Points

The following high availability topologies are supported for upgrade from Oracle Identity Management 10g Release 2 (10.1.2) and 10g (10.1.4):

• High Availability Topologies Based on a Distributed Identity Management Environment

• High Availability Topologies Based on a Colocated Identity Management Environment

• High Availability Environments Based on Standalone Oracle Internet Directory Instances

7.1.1 High Availability Topologies Based on a Distributed Identity Management Environment

This type of topology is based on the Oracle Internet Directory and Oracle Directory Integration Platform components when they are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services.

This was the recommended topology for high availability environments in Oracle Application Server 10g. It is sometimes referred to as a distributed Oracle Identity Management environment or a non-colocated Identity Management environment.

Refer to Section 3.2.2, "Upgrading a Non-Colocated Identity Management Environment" for a description the single-node variant of a non-colocated Identify Management high availability environment.

7.1.2 High Availability Topologies Based on a Colocated Identity Management Environment

This type of topology is based on the Oracle Internet Directory and Oracle Directory Integration Platform components when they are installed and configured in the same Oracle home as Oracle Single Sign-On and Oracle Delegated Administration Services.

This type of environment is referred to as a colocated Identity Management environment. For more information, refer to Section 3.2.1, "Upgrading a Colocated Identity Management Environment" for a description of a single-node variant of a colocated Identity Management high availability environment.

Because Oracle Single Sign-On and Oracle Delegated Administration Services are not available in Oracle Fusion Middleware 11g, the upgrade of this topology requires some additional steps.

7.1.3 High Availability Environments Based on Standalone Oracle Internet Directory Instances

This type of topology is based on Oracle Internet Directory when it is upgraded without an associated Oracle Directory Integration Platform instance.

This Oracle Internet Directory topology can be upgraded and associated with a local Oracle WebLogic Server domain, an existing remote domain, or with no Oracle WebLogic Server domain.

For more information, see Section 4.3.2.1, "When is Oracle WebLogic Server Required?".

7.2 Before You Begin Upgrading Your Oracle Identity Management High Availability Environment

Before you begin using the procedures in this chapter, note the following:

• Conventions Used in This Chapter

• Prerequisites for Oracle Identity Management High Availability Upgrade

• Supported High Availability Environments for Upgrade

• Reducing Downtime During Upgrade With Directory Replication

7.2.1 Conventions Used in This Chapter

The procedures in this chapter typically involve two host computers. For the purposes of the examples in this chapter, the two hosts are referred to as IDMHOST1 and IDMHOST2.

Some of the examples in this chapter provide the commands required to perform particular tasks on a UNIX system. The commands for Windows are similar, but you would replace the environment variables with the Windows equivalent (for example, %ORACLE_HOME%).

7.2.2 Prerequisites for Oracle Identity Management High Availability Upgrade

Before you begin the upgrade procedures in this chapter, be sure the following prerequisites have been met.

Oracle Identity Management 10g Components Are Installed and Running on IDMHOST1

It is assumed that the Oracle Identity Management 10g components you are about to upgrade are installed and running on IDMHOST1. This is important because the Oracle Identity Management 11g components that you are upgrading must be installed on the same host as the Oracle Identity Management 10g components.

All Other Oracle Application Server 10g Instances That Use the Same Metadata Repository Are Stopped

Before you begin the upgrade, stop all the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances, except the instances that you are about to upgrade.

In addition, stop all the Oracle Application Server 10g instances that share the same OracleAS Metadata Repository as the Oracle Internet Directory instance you are about to upgrade. For example, if you have any Oracle Portal 10g or other Oracle Identity Management 10g instances running, be sure to stop those instances as well. This will ensure that no other Oracle Application Server components are accessing the repository during the upgrade.

All Instances of Oracle Enterprise Manager Are Stopped

Before you begin any of the high availability procedures documented in this chapter, be sure to stop all instances of Oracle Enterprise Manager that are managing the Oracle Internet Directory instances you are about to upgrade.

This step is important because Oracle Enterprise Manager Application Server Control sometimes accesses the Oracle Internet Directory schema (the ODS schema) when it monitors and configures the Oracle Internet Directory target. To avoid any possibility of conflict when you are upgrading the Oracle Internet Directory middle tier and schema, it is important to stop all instances of Oracle Enterprise Manager during the upgrade proces.

For information on stopping and starting Application Server Control, refer to the Oracle Application Server Administrator's Guide in the Oracle Application Server 10g documentation library.

Load Balancer Is Configured to Route Only to Primary Instance

Before you begin the upgrade, make sure the load balancer virtual servers are routing requests only to the primary instance of the OracleAS Cluster (Identity Management) node.

The primary instance of the OracleAS Cluster is the first node where you installed Oracle Internet Directory.

Any Modifications to ias.properties Have Been Removed

If you have modified the ias.properties file in the Oracle Identity Management Oracle home to redefine port values, then you must update the ias.properties file with the actual, physical port values for each OID instance before upgrade.

Some organizations modify the ias.properties file, for example, to reference specific load balancer ports. If you performed such a customization, be sure to restore the ias.properties to its original state so it references the physical ports of the Oracle Internet Directory instances in your environment.

The Current Version of the Database is Supported by Oracle Fusion Middleware 11g

The procedures in this chapter assume you are storing the Oracle Internet Directory schema (the ODS schema) in a Real Application Clusters (RAC) database that has been upgraded to a database version supported by Oracle Fusion Middleware 11g.

For more information database requirements for upgrade, as well as additional upgrade information for Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware Upgrade Planning Guide.

7.2.3 Supported High Availability Environments for Upgrade

This chapter describe how to upgrade Oracle Internet Directory high availability environments that were supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4).

High Availabilty Configurations for Administration Tools

This chapter does not provide information on configuring the administration tools (such as Oracle WebLogic Server Administration Console, Oracle Enterprise Manager Fusion Middleware Control, or Oracle Directory Services Manager) high availability.

Additional Resources

For information about the supported high availability topologies in Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware High Availability Guide.

Before you begin these procedures, review the procedures and prerequisites available in Chapter 4, "Upgrading Your Oracle Internet Directory Environment".

7.2.4 Reducing Downtime During Upgrade With Directory Replication

The procedures in this chapter assume your organization can support a limited amount of Identity Management downtime.

If your organization has no tolerance for Identity Management downtime, consider the following approach to the upgrade process:

1. Configure your existing Oracle Identity Management 10g environment using Oracle Internet Directory Advanced Replication.

2. Use the upgrade procedures in Section 9.3.2, "Upgrading One Replica at a Time".

When you implement Oracle Internet Directory Advanced Replication, you can route client traffic to one replica while upgrading the other replica. The result is an upgrade procedure that requires little or no downtime while each replica is upgraded.

For more information about using Oracle Internet Directory replication, refer to the following sections in the Oracle Internet Directory Administrator's Guide in the 10g (10.1.4) documentation library on the Oracle Technology Network (OTN):

• "Oracle Internet Directory Replication Concepts"

• "Oracle Internet Directory Replication Installation and Configuration"

The Oracle Identity Management 10g (10.1.4) documentation library is available on OTN at the following URL:

http://www.oracle.com/technology/documenation/

7.3 Upgrading Oracle Internet Directory and Oracle Directory Integration Platform in a High Availability Environment

Perform the following tasks to upgrade an Oracle Internet Directory and Oracle Directory Integration Platform high availability environment when when both components are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services:

• Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home

• Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform and Create the Oracle WebLogic Server Cluster

• Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g

• Task 4: On IDMHOST1, Configure Oracle Directory Integration Platform to Use the Oracle Internet Directory Virtual Host

• Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

• Task 6: On IDMHOST2, Install Oracle WebLogic Server and Create the Middleware Home

• Task 7: On IDMHOST2, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform

• Task 8: Copy the Oracle Directory Integration Platform Directory from IDMHOST1 to IDMHOST2

• Task 9: On IDMHOST2, Set the Anonymous Bind Property to Allow

• Task 10: Start the Managed Server on IDMHOST2

• Task 11: Verify That the Components Are Up and Running on IDMHOST2

7.3.1 Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.

When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.

7.3.2 Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform and Create the Oracle WebLogic Server Cluster

For complete instructions for installing and configuring the Oracle Identity Management 11g components, including all the prerequisites and system requirements, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

The instructions provided here outline the key installation steps required when installing Oracle Internet Directory and Oracle Directory Integration Platform in preparation for an upgrade of your high availability environment.

To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g on IDMHOST1:

1. Locate the Oracle Identity Management CD–ROM.

   Alternatively, you can download and unpack the installation kit from the Oracle Technology Network (OTN):

   http://www.oracle.com/technology/
   

2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

   Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

3. Start Oracle Universal Installer:

   On UNIX systems, enter the following command to install Repository Creation Utility:

   ./runInstaller
   

   On Windows systems, double-click the setup.exe file.

4. Refer to Table 7-1 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.

   For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

5. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

Table 7-1 Summary of Screens for Installing and Configuring Oracle Internet Directory and Oracle Directory Integration Platform on IDMHOST1

Screen	Instructions
Welcome	Click Next.
Select Installation Type	Select Install and Configure. Click Next.
Prerequisite Checks	Click Next.
Select Domain	Select Create New Domain and enter the domain details. For the purposes of this exercise, enter IDMDomain in the Domain Name field. Click Next.
Specify Installation Location	Specify the following values: Middleware Home Location: Enter the complete path to the Middleware home you created in "Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home". Oracle Home Directory: For the purposes of this example, enter idm as the name of the Oracle home directory. WebLogic Server Directory: This is usually the wlserver_10.3 inside the Middleware home. Oracle Instance Location: Enter a path for the Oracle instance. This directory can be any acccessible directory location; unlike the Oracle home, it does not need to be inside the Middleware home. Oracle Instance Name: For the purposes of this example, enter idm_instance1.
Specify Email for Security Updates	Specify the following values: Email Address: Provide the email address for your My Oracle Support (formerly OracleMetaLink) account. You can register for My Oracle Support at the following URL: http://metalink.oracle.com/ Oracle Support Password: Provide the password for your My Oracle Support account. I wish to receive security updates via My Oracle Support: Select this check box.
Configure Components	Select the following components: Oracle Internet Directory Oracle Directory Integration Platform Oracle Directory Services Manager Selected the Clustered check box.
Configure Ports	Select Auto Port Configuration. Click Next.
Specify Schema Database	Select Use Existing Schema. In the Connect String field, enter the connect string to each nodes in the Real Application Clusters (RAC) database. Separate each node with a carot symbol (^). For example: INFRADBHOST1.MYCOMPANY.COM:1521:IDMDB1^INFRADBHOST2.MYCOMPANY.com:1521:IDMDB2@IDMEDG.MYCOMPANY.COM Enter the ODS schema password in the Password field. Note that the ODS schema is used by Oracle Internet Directory. By default, the password for the ODS schema is the ias_admin password you provided when you installed Oracle Internet Directory 10g. However, the password might have been changed using the oidpasswd utility, which is documented in the Oracle Identity Management 10g User Reference. Click Next.
Upgrade Scenario Detected Warning dialog box	Click Yes.
OID Password	Enter the Administrator password for Oracle Internet Directory instance.
Installation Summary	Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
Installation Progress	On UNIX systems, a dialog appears, prompting you to run the oracleRoot.sh script. Open a window and run the script, following the prompts in the window. Click OK.
Configuration	Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the Installation Complete screen appears. Click Finish, and then confirm your choice to exit.

7.3.3 Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g

Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:

1. Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.

2. Enter the following command to start the Upgrade Assistant.

   On UNIX system:

   ./ua
   

   On Windows systems:

   ua.bat
   

   The Upgrade Assistant displays the Welcome screen.

3. Click Next to display the Select Operation screen.

4. Select Upgrade Identity Management Instance on the Select Operation screen.

5. Refer to Table 7-2 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.

6. After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:

   • Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.

   • Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.

   • Provides a progress screen so you can see the status of the upgrade as it proceeds.

   • Alerts you of any errors or problems that occur during the upgrade.

     See Also:

     "Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant

   • Displays the End of Upgrade screen, which confirms that the upgrade was complete.

7. Exit the Upgrade Assistant.

Table 7-2 Upgrade Assistant Screens That Require Input During an Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

Upgrade Assistant Screen	Description
Specify Source Home	Select the 10g Release 2 (10.1.2) or 10g (10.1.4) source Oracle home. If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide.
Specify Destination Instance	Enter the complete path to the 11g Oracle instance, or click Browse to locate the instance directory.
Specify WebLogic Server	Enter the host and Administration Server port for the Oracle WebLogic Server you configured in "Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home". Note this information is required if you are upgrading Oracle Directory Integration Platform. It is also required if you associated your Oracle Internet Directory 11g installation with Oracle WebLogic Server.
Warning Dialog Box	The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance. This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home. If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance.
Specify Upgrade Options	Select the upgrade options you want to apply to the Oracle Identity Management upgrade: Use source Oracle home ports in destination: If you want to migrate the port assignments used by your Oracle Application Server 10g Oracle home to your new Oracle Fusion Middleware Oracle instance. Note if you select this option, you will not be able to run both the 10g and 11g middle tiers at the same time; otherwise, port conflicts will occur. Start destination components after successful upgrade: if you want the Upgrade Assistant to automatically start the components in the destination Oracle home after the upgrade is complete. If you do not select this option, then you will have to manually start the destination instance after the upgrade. Click Help to display more information about the upgrade options on this screen.
Specify OID Details	Use this screen to enter the details required to connect to the Oracle Internet Directory 10g instance, including the physical host and the password to the Oracle Internet Directory super user account (cn=orcladmin). For more information, click Help.
Specify Database Details	Use this screen to enter the details required to connect to the database where the Oracle Identity Management schemas reside, including the host, service name, port, and SYS password for the database. Note the following important information about this screen: You must enter the password for the ODS schema password. The default ODS password is the same as the Oracle Application Server administrator password, but this password can be changed after installation, using the OID Database Password Utility. The instructions for identifying a Real Application Clusters (RAC) database are different, depending upon whether you are identifying the RAC database that contains the Oracle Internet Directory (ODS) schema or a RAC database that is being used for Oracle Directory Integration Platform. For more information, see Section 4.4.3, "About Specifying Real Application Clusters (RAC) Database Details on the Specify Database Details Screen".
Root action required screen	This is only if you are using privileged port on a UNIX system. A configuration script needs to be run as root before upgrade can proceed. Leaving this window open, open another window, and run the upgroot.sh file as root: When the script has completed, return to the Upgrade Assistant and click OK.

7.3.4 Task 4: On IDMHOST1, Configure Oracle Directory Integration Platform to Use the Oracle Internet Directory Virtual Host

After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform instances to 11g, update the dip-config.xml file so it references the Oracle Internet Directory Virtual Host Name (for example, oid.mycompany.com), which is associated with the load balancer that is directing traffic to your Oracle Internet Directory instances.

If the load balancer/virtual host has a different port value than the Oracle Internet Directory physical port value, then you must also change the port.

This task is accomplished using the manageDIPServerConfig command, as described in the following procedure.

Use the following procedure perform this step on IDMHOST1:

1. Make a backup of the dip-config.xml file, which is located under the following directory:

   MW_HOME/user_projects/domains/IDMDomain/servers/
               wls_ods1/stage/DIP/11.1.1.1.0/DIP/configuration
   

2. Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries.

   For example:

   export ORACLE_HOME=/u01/app/oracle/product/11g/mw_home/idm
   

3. Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server. For example:

   export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
   

4. Run the following command to update the value of the Oracle Internet Directory host and port:

   $ORACLE_HOME/bin/manageDIPServerConfig set
        -h hostName
        -p port -D wlsuser 
        -attr oidhostport 
        -val OIDVIRTUALHOSTNAME:PORT
   

   For example, on IDMHOST1, the command and output are shown below:

   $ORACLE_HOME/bin/manageDIPServerConfig set
         -h idmhost1.mycompany.com 
         -p 7005 
         -D weblogic 
         -attr oidhostport 
         val oid.mycompany.com:636
   
         [Weblogic user password]
         Connection parameters initialized.
         Connecting at idmhost1.mycompany.com:7005, with userid "weblogic"..
         Connected successfully
   
         The attribute oidhostport is successfully changed to value
         oid.mycompany.com:636
   

5. Using the WebLogic Server Administration Console, stop and start the wls_ods1 managed server.

7.3.5 Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

Step 1   Verify the Oracle Internet Directory is up and running

Use the following OPMN command to verify that Oracle Internet Directory is up and running:

ORACLE_INSTANCE/opmnctl status

The output of the command should be similar to the following example:

Processes in Instance: oid_instance1
---------------------------------+--------------------+---------+---------
ias-component                    | process-type       |     pid | status  
---------------------------------+--------------------+---------+---------
oid1                             | oidldapd           |   31394 | Alive   
oid1                             | oidldapd           |   31392 | Alive   
oid1                             | oidmon             |   31384 | Alive   

Use the ldapbind command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind tool enables you to determine whether you can authenticate a client to a server.

For non-SSL:

ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q
ldapbind -h idmhost2.mycompany.com -p 389 -D "cn=orcladmin" -q
ldapbind -h oid.mycompany.com -p 389 -D "cn=orcladmin" -q

For SSL:

ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
ldapbind -h idmhost2.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
ldapbind -h oid.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1

where:

• U = SSL authentication mode

• 1 = No authentication required

• 2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).

• 3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).

Step 2   Verify the Oracle Directory Integration Platform is up and running

Validate the Oracle Directory Integration Platform installation by using the WLST dipStatus command. To run this command, follow these steps:

1. Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries. For example:

   export ORACLE_HOME=/u01/app/oracle/product/11g/fmw_home/ods
   

2. Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server.

   For example:

   export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
   

3. Run the following command:

   $ORACLE_HOME/bin/dipStatus -h <hostName> -p <port> -D <wlsuser>
   

   For example, on IDMHOST1, the command and successful output are shown below:

   $ORACLE_HOME/bin/dipStatus
       -h idmhost1.mycompany.com 
       -p 7005 
       -D weblogic
       [Weblogic user password]
        Connection parameters initialized.
        Connecting at idmhost1.mycompany.com:7005, with userid "weblogic"..
        Connected successfully.
        ODIP Application is active at this host and port.
   

Step 3   Verify Oracle Directory Services Manager (ODSM)

Verify the Oracle Directory Services Manager installation by bringing up the ODSM Administration Console in a web browser.

The URL to access the ODSM Administration Console is:

http://hostname.mycompany.com:<port>/odsm/faces/odsm.jspx

For example, on IDMHOST1, enter this URL:

http://idmhost1.us.oracle.com:7005/odsm/faces/odsm.jspx

7.3.6 Task 6: On IDMHOST2, Install Oracle WebLogic Server and Create the Middleware Home

Before you can expand the Oracle WebLogic Server cluster you created on IDMHOST1 to include IDMHOST2, you must install the Oracle WebLogic Server binary files on IDMHOST2 and create Middleware home on IDMHOST2.

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.

7.3.7 Task 7: On IDMHOST2, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform

To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g on IDMHOST1:

1. Locate the Oracle Identity Management CD–ROM.

   Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:

   http://www.oracle.com/technology/
   

2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

   Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

3. Prepare a staticports.ini file that will be used during the installation to configure the ports for the Oracle Internet Directory instance on IDMHOST2.

   This step will ensure that the two Oracle Internet Directory instances on IDMHOST1 and IDMHOST2 use the same ports:

   1. Copy the staticports.ini file from the Disk1/stage/Response directory to a temporary directory.

   2. Edit the staticports.ini file you copied to the temporary directory to assign the following custom ports (uncomment the lines where you specify the port numbers for Oracle Internet Directory):

      # The non-SSL port for Oracle Internet Directory
      Oracle Internet Directory port = oid_port_on_IDMHOST1
      # The SSL port for Oracle Internet Directory
      Oracle Internet Directory (SSL) port = oid_ssl_port_on_IDMHOST1
      

      In this example, replace oid_port_on_IDMHOST1 with the listening port of the Oracle Internet Directory instance you installed and upgraded on IDMHOST1.

      Replace oid_ssl_port_on_IDMHOST1 with SSL port of the Oracle Internet Directory instance you installed and updated on IDMHOST1.

   3. Make a note of the path to this modified staticports.ini file; you will need to enter it on the Configure Ports page of the Oracle Identity Management installer.

4. Start Oracle Universal Installer:

   On UNIX systems, enter the following command to install Repository Creation Utility:

   ./runInstaller
   

   On Windows systems, double-click the setup.exe file.

5. Refer to Table 7-3 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.

   For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

6. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

Table 7-3 Summary of Screens for Installing and Configuring Oracle Internet Directory and Oracle Directory Integration Platform on IDMHOST2

Screen	Instructions
Welcome	Click Next.
Select Installation Type	Select Install and Configure. Click Next.
Prerequisite Checks	Click Next.
Select Domain	Select Expand Cluster and enter the domain details. Enter the host, port, user name, and password for the administration server in the domain you created on IDMHOST1 in "Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform and Create the Oracle WebLogic Server Cluster". Click Next.
Specify Installation Location	Specify the following values: Middleware Home Location: Enter a location for the Middleware home on IDMHOST2. Oracle Home Directory: For the purposes of this example, enter idm as the name of the Oracle home directory. WebLogic Server Directory: This is usually the wlserver_10.3 inside the Middleware home. Oracle Instance Location: Enter a path for the Oracle instance. This directory can be any acccessible directory location; unlike the Oracle home, it does not need to be inside the Middleware home. Oracle Instance Name: For the purposes of this example, enter idm_instance1.
Specify Email for Security Updates	Specify the following values: Email Address: Provide the email address for your My Oracle Support (formerly OracleMetaLink) account. You can register for My Oracle Support at the following URL: http://metalink.oracle.com/ Oracle Support Password: Provide the password for your My Oracle Support account. I wish to receive security updates via My Oracle Support: Select this check box.
Configure Components	Select the following components: Oracle Internet Directory Oracle Directory Integration Platform Oracle Directory Services Manager Selected the Clustered check box.
Configure Ports	Select Specify Ports Using Configuration File and enter the filename for the staticports.ini file that you copied to the temporary directory earlier in this procedure.
Specify Schema Database	Select Use Existing Schema. In the Connect String field, enter the connect string to each nodes in the Real Application Clusters (RAC) database. Separate each node with a carot symbol (^). For example: INFRADBHOST1.MYCOMPANY.COM:1521:IDMDB1^INFRADBHOST2.MYCOMPANY.com:1521:IDMDB2@IDMEDG.MYCOMPANY.COM Enter the ODS schema password in the Password field. Note that the ODS schema is used by Oracle Internet Directory. By default, the password for the ODS schema is the ias_admin password you provided when you installed Oracle Internet Directory 10g. However, the password might have been changed using the oidpasswd utility, which is documented in the Oracle Identity Management 10g User Reference. Click Next.
ODS Schema In Use	This warning indicates that you are selecting an ODS schema that is already being used by an Oracle Internet Directory instance. In fact, in a high availability environment, you want the two Oracle Internet Directory instances to share the same schema. This prompt verifies that you have selected the correct schema. Click Yes to continue.
System Time warning dialog box	When you are using the same ODS schema for multiple Oracle Internet Directory instances, the installer displays this dialog box (Figure 7-1) to warn you that the system time on each system that is sharing the same schema must be synchronized. Various third-party tools are available to help you synchronize clocks across clustered systems, including the Network Time Protocol (NTP), which is a commonly-used tool for synchronizing system clocks. The following URL provides information on NTP and system time synchronization: http://www.ntp.org/
OID Password	Enter the Administrator password for Oracle Internet Directory instance.
Installation Summary	Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
Installation Progress	On UNIX systems, a dialog appears, prompting you to run the oracleRoot.sh script. Open a window and run the script, following the prompts in the window. Click OK.
Configuration	Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the Installation Complete screen appears. Click Finish, and then confirm your choice to exit.

Figure 7-1 System Time Warning When Installing Second Oracle Internet Directory Instance Against the Same ODS Schema

Description of "Figure 7-1 System Time Warning When Installing Second Oracle Internet Directory Instance Against the Same ODS Schema"

7.3.8 Task 8: Copy the Oracle Directory Integration Platform Directory from IDMHOST1 to IDMHOST2

The Oracle Directory Integration Platform application is deployed on IDMHOST1 as an externally staged application. The application must be copied from IDMHOST1 to OIFHOST2; otherwise, the managed server on IDMHOST2 is listed in the Oracle WebLogic Server administration console as being in an "unknown" state:

1. Create a stage directory on IDMHOST2:

   MW_HOME/user_projects/domains/IDMDomain/servers/
          wls_ods2/stage/DIP/11.1.1.1.0/DIP
   

2. Locate the Oracle Directory Integration Platform directory on IDMHOST1:

   MW_HOME/user_projects/domains/IDMDomain/servers/
         wls_ods1/stage/DIP/11.1.1.1.0/DIP
   

3. Copy the directory and its contents to the stage location on IDMHOST2.

7.3.9 Task 9: On IDMHOST2, Set the Anonymous Bind Property to Allow

After you install and configure the second Oracle Internet Directory instance on IDMHOST2, you mustset the the "Anonymous Bind" server property to "allow," so it matches the first, upgraded Oracle Internet Directoryinstance on IDMHOST1.

This property allows the Oracle Single Sign-On 10g and Oracle Delegated Administration Services 10g (specifically, OC4J_Security) to correctly use the second Oracle Internet Directory instance on IDMHOST2. Without this alteration to the second Oracle Internet Directory, the OC4J_Security instance on IDMHOST2 will not start.

To modify the anonymous bind property with Oracle Enterprise Manager Fusion Middleware Control:

1. Log in to Fusion Middleware Control.

2. Navigate to the home page of the Oracle Internet Directory instance on IDMHOST2.

3. From the Oracle Internet Directory menu, select Administration, and then Server Properties.

4. Select Allows from the Anonymous Bind drop-down menu.

5. Click Apply

6. Start Oracle Single Sign-On as you normally would.

7.3.10 Task 10: Start the Managed Server on IDMHOST2

Follow these steps to start the wls_ods2 managed server in a cluster:

1. Open a browser and navigate to the WebLogic Administration Console at:

   http://idmhost1.mycompany.com:port/console
   

2. Login to the WebLogic Administration Console using the administrator credentials.

3. In the left pane of the WebLogic Administration Console, expand Environment and select Clusters.

4. Select the cluster (cluster_ods) containing the managed server (wls_ods2) you want to start.

5. Select Control.

6. Under Managed Server Instances in this Cluster, select the check box next to the managed server (wls_ods2) you want to start and click Start.

7. On the Server Life Cycle Assistant page, click Yes to confirm.

Note:

Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.

7.3.11 Task 11: Verify That the Components Are Up and Running on IDMHOST2

Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.

7.4 Upgrading Oracle Internet Directory and Oracle Directory Integration Platform in a Colocated High Availability Environment

The procedure for upgrading an Oracle Internet Directory high availability enviroment based on colocated Oracle Identity Management components is similar to the procedure described in Section 7.3, "Upgrading Oracle Internet Directory and Oracle Directory Integration Platform in a High Availability Environment".

However, there are additional steps required when upgrading this specific topology. Specifically, after you upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g, you must then disable Oracle Internet Directory and Oracle Directory Integration Platform in the Oracle Application Server 10g Oracle home.

Perform the following tasks to upgrade an Oracle Internet Directory and Oracle Directory Integration Platform high availability environment when when both components are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services:

• Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home

• Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform and Create the Oracle WebLogic Server Cluster

• Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g

• Task 4: On IDMHOST1, Configure Oracle Directory Integration Platform to Use the Oracle Internet Directory Virtual Host

• Task 5: On IDMHOST1, Disable Oracle Internet Directory and Oracle Directory Integration Platform in the 10g Oracle Home

• Task 6: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

• Task 7: On IDMHOST2, Install Oracle WebLogic Server and Create the Middleware Home

• Task 8: On IDMHOST2, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform

• Task 9: Copy the Oracle Directory Integration Platform Directory from IDMHOST1 to IDMHOST2

• Task 10: On IDMHOST2, Set the Anonymous Bind Property to Allow

• Task 11: On IDMHOST2, Disable Oracle Internet Directory and Oracle Directory Integration Platform in the 10g Oracle Home

• Task 12: Start the Managed Server on IDMHOST2

• Task 13: Verify That the Components Are Up and Running on IDMHOST2

7.4.1 Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.

When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.

7.4.2 Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform and Create the Oracle WebLogic Server Cluster

To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g on IDMHOST1:

1. Locate the Oracle Identity Management CD–ROM.

   Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:

   http://www.oracle.com/technology/
   

2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

   Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

3. Start Oracle Universal Installer:

   On UNIX systems, enter the following command to install Repository Creation Utility:

   ./runInstaller
   

   On Windows systems, double-click the setup.exe file.

4. Refer to Table 7-1 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.

   For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

5. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

7.4.3 Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g

Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:

1. Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.

2. Enter the following command to start the Upgrade Assistant.

   On UNIX system:

   ./ua
   

   On Windows systems:

   ua.bat
   

   The Upgrade Assistant displays the Welcome screen.

3. Click Next to display the Select Operation screen.

4. Select Upgrade Identity Management Instance on the Select Operation screen.

5. Refer to Table 7-2 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.

6. After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:

   • Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.

   • Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.

   • Provides a progress screen so you can see the status of the upgrade as it proceeds.

   • Alerts you of any errors or problems that occur during the upgrade.

     See Also:

     "Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant

   • Displays the End of Upgrade screen, which confirms that the upgrade was complete.

7. Exit the Upgrade Assistant.

7.4.4 Task 4: On IDMHOST1, Configure Oracle Directory Integration Platform to Use the Oracle Internet Directory Virtual Host

After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform instances to 11g, update the dip-config.xml file so it references the Oracle Internet Directory Virtual Host Name (for example, oid.mycompany.com). This can be done using the "manageDIPServerConfig" command.

Refer to Section 7.3.4, "Task 4: On IDMHOST1, Configure Oracle Directory Integration Platform to Use the Oracle Internet Directory Virtual Host" for specific instructions for this task.

7.4.5 Task 5: On IDMHOST1, Disable Oracle Internet Directory and Oracle Directory Integration Platform in the 10g Oracle Home

After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform components on IDMHOST1, you cannot start Oracle Internet Directory or use the Oracle Single Sign-On 10g component until you disassociate Oracle Internet Directory from the Oracle Single Sign-On and Oracle Delegated Administration Services components in the 10g Oracle home.

For specific instructions for performing this task, see the following:

• Section 4.5.2, "Disabling the Oracle Internet Directory and Oracle Directory Integration Platform 10g Components"

• Section 4.5.6, "Removing Oracle Internet Directory and Oracle Directory Integration Platform 10g from Application Server Control"

7.4.6 Task 6: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.

7.4.7 Task 7: On IDMHOST2, Install Oracle WebLogic Server and Create the Middleware Home

Before you can expand the Oracle WebLogic Server cluster you created on IDMHOST1 to include IDMHOST2, you must install the Oracle WebLogic Server binary files on IDMHOST2 and create Middleware home on IDMHOST2.

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.

7.4.8 Task 8: On IDMHOST2, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform

To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g on IDMHOST1:

1. Locate the Oracle Identity Management CD–ROM.

   Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:

   http://www.oracle.com/technology/
   

2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

   Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

3. Start Oracle Universal Installer:

   On UNIX systems, enter the following command to install Repository Creation Utility:

   ./runInstaller
   

   On Windows systems, double-click the setup.exe file.

4. Refer to Table 7-3 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.

   For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

5. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

7.4.9 Task 9: Copy the Oracle Directory Integration Platform Directory from IDMHOST1 to IDMHOST2

Copy the Oracle Directory Integration Platform directory and all its contents from IDMHOST1 to IDMHOST2:

• Locate the Oracle Directory Integration Platform directory on IDMHOST1:

  MW_HOME/user_projects/domains/IDMDomain/servers/
          wls_ods1/stage/DIP/11.1.1.1.0/DIP
  

• Copy the directory and its contents to the following location on IDMHOST2:

  MW_HOME/user_projects/domains/IDMDomain/servers/
          wls_ods2/stage/DIP/11.1.1.1.0/DIP
  

7.4.10 Task 10: On IDMHOST2, Set the Anonymous Bind Property to Allow

After you install and configure the second Oracle Internet Directory instance on IDMHOST2, you mustset the the "Anonymous Bind" server property to "allow," so it matches the first, upgraded Oracle Internet Directoryinstance on IDMHOST1.

This property allows the Oracle Single Sign-On 10g and Oracle Delegated Administration Services 10g (specifically, OC4J_Security) to correctly use the second Oracle Internet Directory instance on IDMHOST2. Without this alteration to the second Oracle Internet Directory, the OC4J_Security instance on IDMHOST2 will not start.

To modify the anonymous bind property with Oracle Enterprise Manager Fusion Middleware Control:

1. Log in to Fusion Middleware Control.

2. Navigate to the home page of the Oracle Internet Directory instance on IDMHOST2.

3. From the Oracle Internet Directory menu, select Administration, and then Server Properties.

4. Select Allows from the Anonymous Bind drop-down menu.

5. Click Apply

6. Start Oracle Single Sign-On as you normally would.

7.4.11 Task 11: On IDMHOST2, Disable Oracle Internet Directory and Oracle Directory Integration Platform in the 10g Oracle Home

After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform components on IDMHOST1, you cannot start Oracle Internet Directory or use the Oracle Single Sign-On 10g component until you disassociate Oracle Internet Directory from the Oracle Single Sign-On and Oracle Delegated Administration Services components in the 10g Oracle home.

For specific instructions for performing this task, see the following:

• Section 4.5.2, "Disabling the Oracle Internet Directory and Oracle Directory Integration Platform 10g Components"

• Section 4.5.6, "Removing Oracle Internet Directory and Oracle Directory Integration Platform 10g from Application Server Control"

7.4.12 Task 12: Start the Managed Server on IDMHOST2

Follow these steps to start the wls_ods2 managed server in a cluster:

1. Open a browser and navigate to the WebLogic Administration Console at:

   http://idmhost1.mycompany.com:port/console
   

2. Login to the WebLogic Administration Console using the administrator credentials.

3. In the left pane of the WebLogic Administration Console, expand Environment and select Clusters.

4. Select the cluster (cluster_ods) containing the managed server (wls_ods2) you want to start.

5. Select Control.

6. Under Managed Server Instances in this Cluster, select the check box next to the managed server (wls_ods2) you want to start and click Start.

7. On the Server Life Cycle Assistant page, click Yes to confirm.

Note:

Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.

7.4.13 Task 13: Verify That the Components Are Up and Running on IDMHOST2

Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.

7.5 Upgrading Oracle Internet Directory Only

If you are using Oracle Internet Directory in a high availability environment without Oracle Directory Integration Platform or the other Oracle Identity Management 10g components, then the following procedure applies.

When you upgrade such an environment to Oracle Fusion Middleware 11g, note that you can choose to install Oracle Internet Directory in one of the following topologies:

• Upgrading Oracle Internet Directory With a Local Oracle WebLogic Server Domain

• Upgrading Oracle Internet Directory With a Remote Domain or No Domain

7.5.1 Upgrading Oracle Internet Directory With a Local Oracle WebLogic Server Domain

Perform the following tasks to upgrade an Oracle Internet Directory-only high availability environment to 11g:

• Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home

• Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory

• Task 3: On IDMHOST1, Upgrade Oracle Internet Directory to 11g

• Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance

• Task 5: On IDMHOST2, Install and Configure Oracle Internet Directory

• Task 6: On IDMHOST2, Register the Oracle Internet Directory Instance with the Domain on IDMHOST2

• Task 7: On IDMHOST2, Verify the Oracle Internet Directory Instance

7.5.1.1 Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.

7.5.1.2 Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory

To install and configure Oracle Internet Directory 11g on IDMHOST1:

1. Locate the Oracle Identity Management CD–ROM.

   Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:

   http://www.oracle.com/technology/
   

2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

   Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

3. Start Oracle Universal Installer:

   On UNIX systems, enter the following command to install Repository Creation Utility:

   ./runInstaller
   

   On Windows systems, double-click the setup.exe file.

4. With the following important exceptions, refer to Table 7-1 for instructions about how to respond to each screen in the installation and configuration tool:

   On the Configure Components screen:

   • Select only Oracle Internet Directory.

   • Do not select the Clustered check box.

   For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

5. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

7.5.1.3 Task 3: On IDMHOST1, Upgrade Oracle Internet Directory to 11g

Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory 10g instance on IDMHOST1 to Oracle Internet Directory 11g.

Use the instructions in Section 7.3.3, "Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g" to upgrade the Oracle Internet Directory instance.

7.5.1.4 Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance

Use the following OPMN command to verify that Oracle Internet Directory is up and running:

ORACLE_INSTANCE/opmnctl status

The output of the command should be similar to the following example:

Processes in Instance: oid_instance1
---------------------------------+--------------------+---------+---------
ias-component                    | process-type       |     pid | status  
---------------------------------+--------------------+---------+---------
oid1                             | oidldapd           |   31394 | Alive   
oid1                             | oidldapd           |   31392 | Alive   
oid1                             | oidmon             |   31384 | Alive   

Use the ldapbind command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind tool enables you to determine whether you can authenticate a client to a server.

For non-SSL:

ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q
ldapbind -h idmhost2.mycompany.com -p 389 -D "cn=orcladmin" -q
ldapbind -h oid.mycompany.com -p 389 -D "cn=orcladmin" -q

For SSL:

ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
ldapbind -h idmhost2.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
ldapbind -h oid.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1

where:

• U = SSL authentication mode

• 1 = No authentication required

• 2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).

• 3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).

7.5.1.5 Task 5: On IDMHOST2, Install and Configure Oracle Internet Directory

To install and configure Oracle Internet Directory 11g on IDMHOST1:

1. Locate the Oracle Identity Management CD–ROM.

   Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:

   http://www.oracle.com/technology/
   

2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

   Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

3. Start Oracle Universal Installer:

   On UNIX systems, enter the following command to install Repository Creation Utility:

   ./runInstaller
   

   On Windows systems, double-click the setup.exe file.

4. With the following important exceptions, refer to Table 7-1 for instructions about how to respond to each screen in the installation and configuration tool:

   • On the Select Domain screen, select the No Domain option.

   • On the Specify Installation Screen, provide the Oracle Home Location and the Oracle Instance Location.

   • Select Oracle Internet Directory on the Configure Components Screen. De select all other components

   • Note that the Specify Cluster Details screen does not appear in an Oracle Internet Directory only installation.

   For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

5. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

7.5.1.6 Task 6: On IDMHOST2, Register the Oracle Internet Directory Instance with the Domain on IDMHOST2

Register the Oracle Internet Directory instance on IDMHOST2 with the Oracle WebLogic Server domain on IDMHOST1, using the following OPMN command.

ORACLE_INSTANCE/opmnctl registerinstance 
     -adminHost adminHostName
     -adminPort adminServerPort
     -adminUsername DOMAIN_ADMINISTRATOR_USERNAME
     -oracleInstance ORACLE_INSTANCE_HOME

For example:

ORACLE_INSTANCE/opmnctl registerinstance
     -adminHost IDMHOST1 MYCOMPANY.COM 
     -adminPort 7001 
     -adminUsername weblogic 
     -oracleInstance /u01/app/oracle/product/11g/instances/oid_inst2

7.5.1.7 Task 7: On IDMHOST2, Verify the Oracle Internet Directory Instance

Use the procedure in Section 7.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST2.

7.5.2 Upgrading Oracle Internet Directory With a Remote Domain or No Domain

This section provides the upgrade procedure when you want to use a remote Oracle WebLogic Server domain to register the upgraded Oracle Internet Directory 11g instances.

These steps are also applicable if you do not plan to register the Oracle Internet Directory instances with an Oracle WebLogic Server domain:

• Task 1: On IDMHOST1, Install and Configure Oracle Internet Directory

• Task 2: On IDMHOST1, Upgrade Oracle Internet Directory to 11g

• Task 3: On IDMHOST1, Verify the Oracle Internet Directory Instance

• Task 4: On IDMHOST2, Install and Configure Oracle Internet Directory

• Task 5: Verify the Oracle Internet Directory Instances on IDMHOST1 and IDMHOST2

• Task 6: Optionally, Register the Oracle Internet Directory Instances on IDMHOST1 and OIDHOST2 with an Existing Remote Domain

7.5.2.1 Task 1: On IDMHOST1, Install and Configure Oracle Internet Directory

With the following important exceptions, refer to Table 7-1 for instructions about how to respond to each screen in the installation and configuration tool:

• On the Select Domain screen, select the No Domain option.

• On the Specify Installation Screen, provide the Oracle Home Location and the Oracle Instance Location.

• Select Oracle Internet Directory on the Configure Components Screen. Deselect all other components

• Note that the Specify Cluster Details screen does not appear in an Oracle Internet Directory only installation.

For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

7.5.2.2 Task 2: On IDMHOST1, Upgrade Oracle Internet Directory to 11g

Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory 10g instance on IDMHOST1 to Oracle Internet Directory 11g.

Use the instructions in Section 7.3.3, "Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g" to upgrade the Oracle Internet Directory instance.

7.5.2.3 Task 3: On IDMHOST1, Verify the Oracle Internet Directory Instance

Use the procedure in Section 7.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST1.

7.5.2.4 Task 4: On IDMHOST2, Install and Configure Oracle Internet Directory

To install and configure Oracle Internet Directory 11g on IDMHOST1:

1. Locate the Oracle Identity Management CD–ROM.

   Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:

   http://www.oracle.com/technology/
   

2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

   Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

3. Start Oracle Universal Installer:

   On UNIX systems, enter the following command to install Repository Creation Utility:

   ./runInstaller
   

   On Windows systems, double-click the setup.exe file.

4. With the following important exceptions, refer to Table 7-1 for instructions about how to respond to each screen in the installation and configuration tool:

   • On the Select Domain screen, select the No Domain option.

   • On the Specify Installation Screen, provide the Oracle Home Location and the Oracle Instance Location.

   • Select Oracle Internet Directory on the Configure Components Screen. De select all other components

   • Note that the Specify Cluster Details screen does not appear in an Oracle Internet Directory only installation.

   For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

5. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

7.5.2.5 Task 5: Verify the Oracle Internet Directory Instances on IDMHOST1 and IDMHOST2

Use the procedure in Section 7.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST1.

7.5.2.6 Task 6: Optionally, Register the Oracle Internet Directory Instances on IDMHOST1 and OIDHOST2 with an Existing Remote Domain

Register both Oracle Internet Directory instances on IDMHOST1 and IDMHOST2 with the existing, remote Oracle WebLogic Server domain, using the following OPMN command.

ORACLE_INSTANCE/opmnctl registerinstance 
     -adminHost adminHostName
     -adminPort adminServerPort
     -adminUsername DOMAIN_ADMINISTRATOR_USERNAME
     -oracleInstance ORACLE_INSTANCE_HOME

For example:

ORACLE_INSTANCE/opmnctl registerinstance
     -adminHost IDMHOST1 MYCOMPANY.COM 
     -adminPort 7001 
     -adminUsername weblogic 
     -oracleInstance /u01/app/oracle/product/11g/instances/oid_inst2