|Oracle® Fusion Middleware Upgrade Guide for Oracle Identity Management
11g Release 1 (11.1.1)
Part Number E10129-01
This chapter describes how to upgrade your existing Oracle Virtual Directory 10g (10.1.4.3) to Oracle Virtual Directory 11g.
This chapter contains the following sections:
Before you install Oracle Virtual Directory 11g, consider the topology you currently have in Oracle Application Server 10g (10.1.4.3), as well as any requirements for your Oracle Fusion Middleware 11g environment.
Note that you can configure Oracle Virtual Directory with Oracle WebLogic Server domain or you can configure it without a domain.
For more information, refer to Chapter 3, "Oracle Virtual Directory Topologies".
The following sections describes how to install and configure new Oracle Fusion Middleware 11g middle tier instances in preparation for an upgrade to Oracle Fusion Middleware 11g:
To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.
Installing and configuring Oracle Virtual Directory in preparation for an upgrade is similar to any other 11g installation. Later, you use the Oracle Fusion Middleware Upgrade Assistant to copy configuration information from the 10g environment to the new 11g environment.
To install and configure Oracle Virtual Directory, in preparation for upgrade:
Locate the Oracle Identity Management CD–ROM.
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the
Disk1 directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
On Windows systems, double-click the
Follow the instructions in the installer to install Oracle Virtual Directory.
For complete details, as well as prerequisite information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
The Oracle Fusion Middleware Upgrade Assistant automates the upgrade of many aspects of your Oracle Application Server 10g environment.
The Upgrade Assistant is installed automatically into the
bin directory of your Oracle Fusion Middleware Oracle home.
The following sections provide more information:
To start the Upgrade Assistant using the graphical user interface:
Note:You can also use the Upgrade Assistant command-line interface to upgrade your Oracle Application Server 10g Oracle homes. For more information, see "Using the Upgrade Assistant Command-Line Interface" in the Oracle Fusion Middleware Upgrade Planning Guide.
Change directory the
/bin directory of the Oracle Fusion Middleware installation.
Enter the following command to start the Upgrade Assistant.
On UNIX system:
On Windows systems:
The Upgrade Assistant displays the Welcome screen as shown in Figure 5-1
Click Next to display the Select Operation screen (Figure 5-2).
The options available in the Upgrade Assistant are specific to the Oracle home from which it started. When you start Upgrade Assistant from an Oracle Application Server Identity Management Oracle home, the options shown on the Select Operation screen are the valid options for an Oracle Application Server Identity Management Oracle home.
Figure 5-2 Upgrade Assistant Select Operation Screen for an Oracle Virtual Directory Upgrade
To upgrade Oracle Virtual Directory:
Start the Upgrade Assistant as described in Task 3a: Start the Upgrade Assistant for an Oracle Virtual Directory Upgrade.
Select Upgrade Identity Management Instance on the Select Operation screen (Figure 5-2).
Refer to Table 5-1 for a description of the Upgrade Assistant screens that require input from you during an Oracle Virtual Directory upgrade.
After you provide all required input, the Upgrade Assistant performs the following tasks and provides the progress on each task:
Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.
Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.
Provides a progress screen so you can see the status of the upgrade as it proceeds.
Alerts you of any errors or problems that occur during the upgrade.
See Also:"Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant
Displays the End of Upgrade screen, which confirms that the upgrade was complete.
Table 5-1 Upgrade Assistant Screens That Require Input During an Oracle Virtual Directory Upgrade
|Upgrade Assistant Screen||Description|
Select the 10g (10.1.4.3) source Oracle home.
If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide.
Enter the complete path to the destination 11g Oracle instance that you installed inside the middleware home. This is the Oracle instance that contains the Oracle Virtual Directory software.
Alternatively, click Browse to select the Oracle instance.
Enter the host, Administration Server port, and administration user credentials for the Oracle WebLogic Server domain you configured in Section 5.2.1, "Installing the Oracle WebLogic Server Software and Creating the Middleware Home".
This screen appears only if you chose to associate the Oracle Virtual Directory 11g instance with Oracle WebLogic Server during the Oracle Virtual Directory installation.
It does not appear if you selected to install Oracle Virtual Directory without an Oracle WebLogic Server domain.
Warning Dialog Box
The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance.
This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home.
If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance.
This screen offers these upgrade options:
Click Help to display more information about the upgrade options on this screen.
After you upgrade Oracle Virtual Directory by running the Upgrade Assistant, you must perform the following post-upgrade tasks:
Oracle Virtual Directory 10g (10.1.4.3) and later LDAP SSL listeners supports anonymous ciphers (in no-auth SSL mode) by default. The list of enabled cipher suites are set in OVD start-up scripts:
The list of ciphers can be modified by editing the
-D Java system property
vde.ldap.ciphers in these start-up scripts. This list is applicable across all LDAP SSL listeners. There was no option to enable different cipher suites for each LDAP listener.
In Oracle Virtual Directory 11g, the
vde.ldap.ciphers Java system property is no longer supported. Instead, you can enable different cipher suites for each Oracle Virtual Directory listener when configuring SSL with Oracle Enterprise Manager Fusion Middleware Control or with the WLST command-line tool.
Anonymous cipher suites are disabled on Oracle Virtual Directory SSL listeners for security, by default. For information on enabling anonymous ciphers as part of configuring SSL security for your Oracle Virtual Directory environment, see "SSL Configuration in Oracle Fusion Middleware" in the Oracle Fusion Middleware Administrator's Guide.
If you select the Use source Oracle home ports in destination option when upgrading an Oracle Virtual Directory 10g instance that is configured to listen on privileged ports, then the Upgrade Assistant cannot start Oracle Virtual Directory 11g after the upgrade.
Instead, the following error message appears in the Oracle Virtual Directory log file:
Cannot start Oracle Virtual Directory server: Permission denied.
To start an Oracle Virtual Directory 11g instance that is listening on privileged ports, perform the following steps:
Stop Oracle Process Manager and Notification Server (OPMN) and its managed processes, by using the following command in the Oracle instance directory where Oracle Virtual Directory 11g is configured:
Execute following commands as root:
To start OPMN :
Start Oracle Virtual Directory 11g:
In this example, replace OVDCompName with the name of the Oracle Virtual Directory instance.
For more information, see "Managing Oracle Virtual Directory Server Processes" in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
After upgrading Oracle Virtual Directory, you might encounter situations where the performance metrics and charts do not display properly when you are monitoring Oracle Virtual Directory in Oracle Enterprise Manager Fusion Middleware Control.
If this problem occurs, perform the following task to modify the monitoring properties in Fusion Middleware Control:
Login to Fusion Middleware Control.
Click the Configure icon for the Oracle Virtual Directory target that you just upgraded.
On the Configuration page, change the following fields so they match the values required for the upgraded Oracle Virtual Directory instance:
Virtual Directory Admin Port
Virtual Directory LDAP Port
Click OK to save the changes.
Log in to the system where Oracle Virtual Directory was installed and navigate to the Oracle Virtual Directory Oracle home:
Run the following commands to import the Oracle Virtual Directory listener keystore certificates into the Fusion Middleware Control agent wallet:
Export Oracle Virtual Directory server certificate:
Add the Oracle Virtual Directory server certificate to Oracle Management Agent wallet
ORACLE_HOME/bin/orapki wallet add -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet -trusted_cert -cert OVD_SERVER_CERT_FILE -pwd WALLET_PASSWD
For example, if you're using default values configured at installation time, you would use the following values for the variables in the above example:
Replace OVD_KEY_STORE_FILE with:
Replace OVD_SERVER_CERT_ALIAS with
Replace passwd with the password for the Oracle Virtual Directory administrator account.
For more information about configuring Agent-monitored targets, see "Troubleshooting the Display of Performance Metrics and Charts in Fusion Middleware Control" in the Oracle Fusion Middleware Administrator's Guide.
When you ugprade Oracle Virtual Directory, the logging settings you configured in Oracle Virtual Directory 10g are not upgraded.
Instead you will find that after upgrade:
The log levels in the upgraded Oracle Virtual Directory 11g instance are set to "Notification", and the access log is enabled by default after upgrade, irrespective of its configuration in Oracle Virtual Directory 10g.
To disable the access log, modify log level of logger name
com.octetstring.accesslog to "ERROR:1".
For more information, see "Managing Oracle Virtual Directory Logging and Auditing" in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
If the Oracle Virtual Directory Dump Transactions plug-in is configured, then the log level for the plug-in must be changed to one of the following values: SEVERE, WARNING, INFO, FINE, FINER, or FINEST.
For more information, see "Using the Dump Transactions Plug-In to Gather Information About Data Transformation Errors" in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
To verify that your Oracle Virtual Directory upgrade was successful:
Follow the instructions on the screen for information on how to verify that specific Oracle Fusion Middleware components are up and running.
For more information, see "Getting Started Using Oracle Enterprise Manager Fusion Middleware Control" in the Oracle Fusion Middleware Administrator's Guide.