This chapter explains how to configure Oracle Directory Integration Platform (ODIP). You must configure Oracle Directory Integration Platform after installing the software, as described in Installation Roadmap and Installing Oracle Identity Management (11.1.1.5.0).
This chapter discusses the following topics:
ODIP with Fusion Middleware Control in a New WebLogic Domain
Configuring ODIP when OID is Running in SSL Mode 2 - Server Only Authentication
This topic describes how to configure Oracle Directory Integration Platform (ODIP) with Fusion Middleware Control in a new WebLogic administration domain. It includes the following sections:
The configuration described in this topic is appropriate if there is no WebLogic Administration Server managing other 11g Release 1 (11.1.1) Oracle Directory Services components and Oracle Internet Directory is installed without a domain.
Performing the configuration in this section deploys the following components:
WebLogic Managed Server
Oracle Directory Integration Platform
WebLogic Administration Server
Fusion Middleware Control
The configuration in this section depends on the following:
Oracle WebLogic Server
Oracle Internet Directory
Oracle Database for Oracle Internet Directory
Identity Management - Oracle Internet Directory schema existing in the Oracle Internet Directory database.
Perform the following steps to configure Oracle Directory Integration Platform with Fusion Middleware Control in a new domain:
Ensure that Oracle Directory Integration Platform is installed, as described in Installation Roadmap and Installing Oracle Identity Management (11.1.1.5.0).
Run <ORACLE_HOME>/bin/config.sh (On UNIX) or <ORACLE_HOME>\bin\config.bat to start the Oracle Identity Management Configuration Wizard. Click Next to continue.
On the Select Domain screen, select Create New Domain and enter the following information:
Enter the user name for the new domain in the User Name field.
Enter the user password for the new domain in the User Password field.
Enter the user password again in the Confirm Password field.
Enter a name for the new domain in the Domain Name field.
Click Next. The Specify Installation Location screen appears.
Identify the Homes, Instances, and the WebLogic Server directory by referring to Identifying Installation Directories. After you enter information for each field, click Next. The Specify Security Updates screen appears.
Choose how you want to be notified about security issues:
If you want to be notified about security issues through email, enter your email address in the Email field.
If you want to be notified about security issues through My Oracle Support (formerly MetaLink), select the My Oracle Support option and enter your My Oracle Support Password.
If you do not want to be notified about security issues, leave all fields empty.
Click Next. The Configure Components screen appears.
Select only Oracle Directory Integration Platform. The Fusion Middleware Control management component is automatically selected for this installation.
Ensure no other components are selected and click Next. The Configure Ports screen appears.
Choose how you want the Installer to configure ports:
Select Auto Port Configuration if you want the Installer to configure ports from a predetermined range.
Select Specify Ports using Configuration File if you want the Installer to configure ports using the staticports.ini file. You can click View/Edit File to update the settings in the staticports.ini file.
Click Next. The Specify OID Details screen appears.
Identify the Oracle Internet Directory for Oracle Directory Integration Platform by entering the following information:
Hostname: Enter the hostname or IP address of the Oracle Internet Directory host.
Port: Enter the Oracle Internet Directory LDAP SSL port.
User Name: Enter the user name of the Oracle Internet Directory Administrator.
Password: Enter the password for the user name Oracle Directory Integration Platform will use to connect to Oracle Internet Directory.
Click Next. The Specify Schema Database screen appears.
Enter the following information about the Oracle Internet Directory schema:
Connect String: Enter the database connection information. The connection string must be in the form of hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form of hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Password: Enter the password for the ODSSM schema in the Password field.
Click Next. The Installation Summary screen appears.
Complete the installation by performing all the steps in "Completing an Installation".
This topic describes how to configure only Oracle Directory Integration Platform (ODIP) in an existing WebLogic administration domain. It includes the following sections:
The configuration described in this topic is appropriate for the following environments:
An environment that has the following condition:
A WebLogic Administration Server is managing an 11g Release 1 (11.1.1) Oracle Internet Directory component and you want Oracle Directory Integration Platform to join that domain.
An environment that has the following condition:
A WebLogic Administration Server is managing other 11g Release 1 (11.1.1) Oracle Directory Services—but not Oracle Internet Directory, which is installed without a domain.
Performing the configuration in this section deploys the following components:
WebLogic Managed Server
Oracle Directory Integration Platform
The configuration in this section depends on the following:
Oracle WebLogic Server
Oracle Internet Directory
Oracle Database for Oracle Internet Directory
Identity Management - Oracle Internet Directory schema existing in the Oracle Internet Directory database.
Perform the following steps to configure only Oracle Directory Integration Platform in an existing domain:
Ensure that Oracle Directory Integration Platform is installed, as described in Installation Roadmap and Installing Oracle Identity Management (11.1.1.5.0).
Run <ORACLE_HOME>/bin/config.sh (On UNIX) or <ORACLE_HOME>\bin\config.bat to start the Oracle Identity Management Configuration Wizard. Click Next to continue.
On the Select Domain screen, select Extend Existing Domain and enter the following information:
Enter the name of the host that contains the domain in the Host Name field.
Enter the Oracle WebLogic Server listen port in the Port field.
Enter the user name for the domain in the User Name field.
Enter the password for the domain user in the User Password field.
Click Next. The Specify Installation Location screen appears.
Identify the Homes, Instances, and the WebLogic Server directory by referring to Identifying Installation Directories.
Note:
To configure Oracle Identity Management components in an existing Oracle WebLogic Server administration domain, each Oracle WebLogic Server Home, Oracle Middleware Home, and Oracle Home directory in the domain must have identical directory paths and names.After you enter information for each field, click Next. The Specify Security Updates screen appears.
Choose how you want to be notified about security issues:
If you want to be notified about security issues through email, enter your email address in the Email field.
If you want to be notified about security issues through My Oracle Support (formerly MetaLink), select the My Oracle Support option and enter your My Oracle Support Password.
If you do not want to be notified about security issues, leave all fields empty.
Click Next. The Configure Components screen appears.
Select only Oracle Directory Integration Platform. Ensure no other components are selected and click Next. The Configure Ports screen appears.
Choose how you want the Installer to configure ports:
Select Auto Port Configuration if you want the Installer to configure ports from a predetermined range.
Select Specify Ports using Configuration File if you want the Installer to configure ports using the staticports.ini file. You can click View/Edit File to update the settings in the staticports.ini file.
Click Next. The Specify OID Details screen appears.
Identify the Oracle Internet Directory for Oracle Directory Integration Platform by entering the following information:
Hostname: Enter the hostname or IP address of the Oracle Internet Directory host.
Port: Enter the Oracle Internet Directory LDAP SSL port.
User Name: Enter the user name of the Oracle Internet Directory Administrator.
Password: Enter the password for the user name Oracle Directory Integration Platform will use to connect to Oracle Internet Directory.
Click Next. The Specify Schema Database screen appears.
Enter the following information about the Oracle Internet Directory schema:
Connect String: Enter the database connection information. The connection string must be in the form of hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form of hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Password: Enter the password for the ODSSM schema in the Password field.
Click Next. The Installation Summary screen appears.
Complete the installation by performing all the steps in Completing an Installation.
You cannot install and configure Oracle Directory Integration Platform (ODIP) 11g Release 1 (11.1.1) when Oracle Internet Directory (OID) is already installed and running in SSL Mode 2 - Server Only Authentication.
If Oracle Internet Directory is already installed and running in SSL Mode 2 - Server Only Authentication, you must perform the following steps to configure Oracle Directory Integration Platform 11g Release 1 (11.1.1):
Configure Oracle Internet Directory to temporarily run in SSL Mode 1 - No Authentication.
Refer to the "Configuring Secure Sockets Layer (SSL)" chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory for complete information.
Install Oracle Directory Integration Platform, as described in Installation Roadmap and Installing Oracle Identity Management (11.1.1.5.0).
Configure Oracle Internet Directory to run in SSL Mode 2 - Server Only Authentication again. Refer to the "Configuring Secure Sockets Layer (SSL)" chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.
Configure Oracle Directory Integration Platform to run in SSL Mode 2 by referring to the following sections in the Oracle Fusion Middleware Integration Guide for Oracle Identity Management:
Verify the Oracle Directory Integration Platform (ODIP) installation using the dipStatus command, which is located in the $ORACLE_HOME/bin/ directory.
Note:
You must set the WL_HOME and ORACLE_HOME environment variables before executing thedipStatus command.The following is the syntax for the dipStatus command:
$ORACLE_HOME/bin/dipStatus -h HOST -p PORT -D wlsuser [-help]
-h | -host identifies the Oracle WebLogic Server where Oracle Directory Integration Platform is deployed.
-p | -port identifies the listening port of the Oracle WebLogic Managed Server where Oracle Directory Integration Platform is deployed.
-D | -wlsuser identifies the Oracle WebLogic Server login ID.
Note:
You will be prompted for the Oracle WebLogic Server login password. You cannot provide the password as a command-line argument.Best security practice is to provide a password only in response to a prompt from the command. If you must execute dipStatus from a script, you can redirect input from a file containing the Oracle WebLogic Server password. Use file permissions to protect the file and delete it when it is no longer necessary.
After you install Oracle Directory Integration Platform (ODIP), no additional configuration is needed. The next step is to create synchronization profiles.
The Oracle Fusion Middleware Integration Guide for Oracle Identity Management explains how to manage Oracle Directory Integration Platform. For information about creating synchronization profiles using Oracle Enterprise Manager Fusion Middleware Control Console, refer to the "Managing Synchronization Profiles Using Fusion Middleware Control" section in that guide.