|Oracle® Fusion Middleware Upgrade Guide for Oracle WebCenter Interaction
10g Release 4 (10.3.3.0.0) for Unix and Linux
Part Number E14550-05
This chapter includes the following sections:
This chapter also includes the section Advanced Configuration, which includes the following optional advanced procedures for LDAP configuration:
After you have deployed the Oracle WebCenter Interaction Identity Service for LDAP package, you can run a diagnostic utility to verify connectivity among deployment components.
To verify your deployment of the Oracle WebCenter Interaction Identity Service for LDAP package:
In a Web browser, open the URL for the remote server diagnostics utility, for example: http://RemoteServer:port/ldapws/install/index.html
Complete the steps as described in the utility summary page to verify the correct configuration of deployment components.
If you upgraded Oracle WebCenter Interaction Identity Service for LDAP perform the following steps:
Copy any template files you may have created from install_dir/ptldapaws/10.3/settings/ldap/templates to install_dir/ptldapaws/10.3.3/settings/config/ldap/templates.
Import the 10.3 encryption key to your 10.3.3 installation:
In a Web browser, open the remote server diagnostics utility, which can be found at: http://remoteserver:port/ldapws/install/index.html.
Complete the steps as described in the utility summary page in the diagnostics utility.
At the encryption key import step, click Import and browse to the LDAPKeyStore file that was created for your version 10.3 installation and select the key. The file can be found at: JRE_HOME_FOR_YOUR_OLD_APP_SERVER/lib/ext/LDAPKeyStore.
In the portal, go to the remote server object for Oracle WebCenter Interaction Identity Service for LDAP and change the port number to the one you set when you installed version 10.3.3.
Compare the configuration.xml file you backed up before you upgraded to the new version to confirm that all LDAP settings were merged correctly.
If you installed Oracle WebCenter Interaction Content Service for Documentum for the first time, perform the steps in the following sections:
Create a remote authentication source to import users and groups from LDAP:
Log in to the portal as an administrator.
Click the LDAP IDS folder.
From the Create Object menu, choose Authentication Source - Remote.
In the Choose Web Service dialog box, choose LDAP IDS.
Configure the authentication source as described in the online help.
Stay logged in to the portal with the LDAP IDS folder open for the next procedure.
Create a remote profile source to import users' profile information from LDAP. To create a remote profile source, in the LDAP IDS folder of the portal's Administrative Object Directory:
From the Create Object menu, choose Profile Source - Remote.
In the Choose Web Service dialog box, choose LDAP IDS.
Configure the profile source as described in the online help.
To import users, groups, or users' profile information, you must associate the authentication source or profile source with a job and run the job. To create and run a job, perform the following steps in the Oracle WebCenter Interaction Identity Service for LDAP folder of the portal's Administrative Object Directory:
From the Create Object menu, select Job.
Click Add Operation.
Choose the authentication source or profile source that you created.
Choose the scheduling values for the job and click Finish.
Name the job and click OK.
When you are finished creating the job, make sure the Oracle WebCenter Interaction Identity Service for LDAP folder is associated with an automation service. For assistance, see the online help under Select Utilities, then Automation Service.
This section describes the following optional advanced procedures for LDAP configuration:
The ldapws.war file includes the log4j.properties file. The log4j.properties controls the logging settings for the application. You can open the log4j.properties file and edit it within the ldapws.war file.
There are two appenders defined:
A1 is for the authentication source log
A2 is for the profile source log
The default settings for the parameters in this file should be sufficient but there are several settings that you can change:
Determines whether writes to the log file are appended at the end of the file, or if the file is overwritten. This should be set to true.
Specifies the maximum size a log file can be before it is rolled over into a new file if the appender is a
If you choose to roll over based on the date, the
Sets the number of rolled-over files that are saved. The number of roll-over files you set for the
Determines the basis on which files are rolled over if the appender is a
If several synchronization jobs are run once a day use the
In changing the
If you use a
Within the ldapws.war file there is a web.xml file that includes settings for the application session. You can open this file and edit it within the ldapws.war file.
During large synchronizations, the portal must create database objects for all the users and groups returned by the Oracle WebCenter Interaction Identity Service for LDAP. This might cause session time-outs between the calls to GetGroups, GetUsers, and GetMembers.
You can avoid this time-out error by increasing the session-time-out value in the session-config object of web.xml.
LDAP servers allow you to set the maximum return size of a query result as well as the time limit for a query. If the Oracle WebCenter Interaction Identity Service for LDAP log file ever indicates a SizeLimitExceeded or TimeLimitExceeded error it is most likely that you must adjust these values on the LDAP server. Different LDAP server administration consoles have these settings in different locations and you should contact your LDAP system administrator if you have questions about the location of the settings.
to use the Oracle WebCenter Interaction Identity Service for LDAP over SSL there are two connections you must secure. This section includes the following topics:
to connect to the Oracle WebCenter Interaction Identity Service for LDAP from the portal over SSL, you must connect to the remote server on an SSL port and import its trusted certificate.
From a Web browser on the portal server navigate to: https://remote_server:app_server_ssl_port.
If the computer hosting the portal does not already have a certificate from the remote server it prompts you with a Security Alert. Choose to view the certificate and install it to the Trusted Root Certification Authorities store.
When running the installer for Oracle WebCenter Interaction Identity Service for LDAP, choose https protocol and enter the SSL port for the application server. In the portal, when you configure the remote server object, use https and the SSL port.
To connect to the LDAP server over SSL, import the certificate for the LDAP server into the cacerts file in the jre of the application server.
From a Web browser on the remote server navigate to: https://ldap_server:ldap_ssl_port. You should be prompted with a Security Alert.
Choose to view the certificate and import it.
Click Tools, then Internet Options.
Select the Content tab and click Certificates.
Find the certificate for the LDAP server that you just imported and choose to export it as a DER encoded binary. Export it to the APP_SERVER_JAVA_HOME/jre/lib/security folder.
Use the java keytool to import this certificate to the cacerts file at APP_SERVER_JAVA_HOME/jre/lib/security.
For instructions on using the keytool refer to the SunJava documentation.
When you create the authentication source in the portal, enter 2 as the Security Mode. The standard SSL port is 636. If your LDAP server is using a different SSL port, enter this in the Alternate Port box.