5 Upgrading Your Oracle Internet Directory Environment

This chapter describes how to upgrade your existing 10g Release 2 (10.1.2) or 10g (10.1.4) Oracle Internet Directory to Oracle Internet Directory Release 11g.

This chapter contains the following sections:

5.1 Task 1: Understand Your Upgrade Options for SSO and Oracle Delegated Administration Services

If you are using Oracle Single Sign-On or Oracle Delegated Administration Services, then you should be aware that there is no upgrade path to Oracle Fusion Middleware 11g for these components.

Instead, if you are using Oracle Single Sign-On with Oracle Portal, Forms, Reports, and Discoverer, then you upgrade your existing 10g Release 2 (10.1.2) or 10g (10.1.4) Oracle Single Sign-On instance to Oracle Access Manager, for more information see Chapter 11, "Upgrading Oracle Single Sign-On Environment".

Oracle Fusion Middleware offers a new version of Oracle Internet Directory and the Oracle Directory Integration Platform. Oracle recommends that you upgrade your Oracle Internet Directory and Oracle Directory Integration Platform instances to Oracle Fusion Middleware 11g.

5.2 Task 2: If Necessary, Upgrade the Database that Contains the 10g Identity Management Schemas

When you upgrade your Oracle Identity Management components, the Oracle Identity Management schemas in the metadata repository are upgraded "in-place." This means that you do not install the Oracle Fusion Middleware 11g schemas; instead, you upgrade the existing 10g schemas to 11g, using the Upgrade Assistant.

However, you must ensure that the version of the database that will contain the upgraded Oracle Identity Management schemas is supported by Oracle Fusion Middleware 11g.

For instructions on verifying that your database meets the requirements of Oracle Fusion Middleware 11g, as well as instructions for upgrading the database, see "Upgrading and Preparing Your Databases" in the Oracle Fusion Middleware Upgrade Planning Guide.

5.3 Task 3: Install and Configure the Oracle Internet Directory and Oracle Directory Integration Platform 11g Components

The following sections describe how to install and configure your new Oracle Fusion Middleware 11g environment in preparation for upgrading from Oracle Application Server 10g:

Note:

If you are upgrading your Oracle Application Server 10g Oracle Internet Directory and Oracle Directory Integration Platform components to 11g, then you must install the new 11g software on the same host as the Oracle Application Server 10g components.

5.3.1 Understanding the Implications of Installing Oracle Internet Directory 11g Against the Oracle Internet Directory 10g Schema

To upgrade Oracle Internet Directory to 11g, you must install the new Oracle Internet Directory 11g instance against the existing Oracle Internet Directory 10g (ODS) schema. Then, you can you run the Upgrade Assistant to upgrade the Oracle Internet Directory 10g schema to 11g.

Note, however, that until you upgrade the Oracle Internet Directory 10g schema to 11g, the new Oracle Internet Directory instance will be in read-only mode. As a result, be sure you have planned for enough time to not only install the new Oracle Internet Directory instance, but to upgrade the ODS schema, as described in "Task 4: Use Upgrade Assistant to Upgrade Oracle Internet Directory".

Ensure that you do not run the Oracle Internet Directory 10g and Oracle Internet Directory 11g at the same time, this will avoid port conflicts.

5.3.2 Install the Oracle WebLogic Server Software and Creating the Middleware Home

The following sections provide information about installing Oracle WebLogic Server and creating the Middleware home in preparation for an Oracle Identity Management upgrade:

5.3.2.1 When is Oracle WebLogic Server Required?

Before you install Oracle Internet Directory and Oracle Directory Integration Platform 11g, note the following:

  • Oracle Directory Integration Platform 11g requires an existing Oracle WebLogic Server domain.

  • Oracle Internet Directory does not require a domain. However, if you install Oracle Internet Directory without specifying a domain, then you will not be able to manage the Oracle Internet Directory instance with Fusion Middleware Control or Oracle Directory Services Manager.

    Note that you can later use an OPMN command to register the standalone Oracle Internet Directory instance with a domain where Oracle Directory Services Manager is configured. For more information, see "Registering an Oracle Instance or Component with the WebLogic Server" in the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.

When you install the Oracle WebLogic Server software on disk, you create a directory called the Middleware home, which contains the Oracle WebLogic Server software files. Later, you also install an Oracle Identity Management Oracle home inside the Middleware home.

5.3.2.2 Install Oracle WebLogic Server Software and Create the Middleware Home

For information on installing the Oracle WebLogic Server, see "Preparing for Installation" and "Running the Installation Program in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

5.3.3 Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform 11g in Preparation for Upgrade

The following sections provide information about installing Oracle Internet Directory and Oracle Directory Integration Platform in preparation for upgrade:

5.3.3.1 Before You Begin Installing Oracle Internet Directory and Oracle Directory Integration Platform

Before you begin installing and configuring Oracle Internet Directory and Oracle Directory Integration Platform in preparation for an upgrade, consider the following:

  • When you install Oracle Internet Directory and Oracle Directory Integration Platform in preparation for upgrade, the installation is similar to any other 11g installation, except that in this case, you install the Oracle Internet Directory 11g instance against the existing Oracle Internet Directory 10g (ODS) schema.

    Immediately after the installation, you then use the Oracle Fusion Middleware Upgrade Assistant to upgrade the ODS schema to 11g. During the time between the installation and running the Upgrade Assistant, the new Oracle Internet Directory instance is in read-only mode. As a result, it is not fully operational until after you run the Upgrade Assistant.

  • When you make your selections while installing Oracle Internet Directory and Oracle Directory Integration Platform, you should configure the new 11g environment so it matches the topology you configured for Oracle Application Server 10g.

    For example, if you were running both Oracle Internet Directory and Oracle Directory Integration Platform out of the same 10g Oracle home, you should install and configure both components in the same Oracle Fusion Middleware 11g Oracle home.

  • When you install Oracle Internet Directory 11g ensure that you enter the same user credentials as used in the Oracle Application Server 10g components.

  • If you recently upgraded the database that contains your Oracle Application Server Identity Management schemas, be sure to check for invalid objects in the database before proceeding with the upgrade.

    For more information, see "Upgrading and Preparing Your Databases" in the Oracle Fusion Middleware Upgrade Planning Guide.

5.3.3.2 Install Oracle Internet Directory and Oracle Directory Integration Platform 11g Release 1 (11.1.1.6.0)

For installing Oracle Identity Management, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.6.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

5.4 Task 4: Use Upgrade Assistant to Upgrade Oracle Internet Directory

After you install Oracle Internet Directory and Oracle Directory Integration Platform and point the installation to the existing Oracle Identity Management 10g schemas, you can then run the Oracle Fusion Middleware Upgrade Assistant.

The Upgrade Assistant automates the upgrade of the Oracle Internet Directory schema and your Oracle Identity Management 10g middle tier.

The Upgrade Assistant is installed into the bin directory of your Oracle Fusion Middleware Oracle home.

The following sections provide more information:

5.4.1 Task 4a: Perform Required Pre-Upgrade Tasks

Before you start the Upgrade Assistant, perform the following pre-Upgrade tasks that apply to your installation:

5.4.1.1 Verifying the Status of Oracle Application Server Identity Management 10g Schemas

Before you start the Upgrade Assistant to upgrade your Oracle Identity Management components to Oracle Application Server Identity Management 11g, verify that the existing Oracle Identity Management 10g schemas in the database are valid:

Note:

This procedure is especially important to perform after you apply the 10g Release 2 (10.1.2.3) patch set to your 10g Release 2 (10.1.2) environment and before you upgrade our 10g Release 2 (10.1.2.3) components to 11g.
  1. Connect to the database that contains the Oracle Internet Directory 10g schemas using SQLPlus.

  2. Use the following SQL SELECT statement to view the status of the Oracle Internet Directory schemas:

    SELECT comp_id,version,status FROM app_registry where COMP_ID = 'OID';
    
  3. Verify that the status of the schemas is set to VALID.

    If the output from the SELECT command identifies the Oracle Internet Directory schema as INVALID, perform the following steps to fix the issue:

    1. Use a text editor to open the following file in the Oracle Internet Directory 10g Oracle home:

      ORACLE_HOME/ldap/admin/oidi10121.sql
      
    2. Insert the following at the top of the oidi10121.sql file so that it is run as the ODS schema user:

      alter session set current_schema = ODS;
      
    3. Run patchcfg.sql as the SYS user.

      For example:

      cd ORACLE_HOME/ldap/admin/
      sqlplus "connect / as sysdba"
      SQL> @patchcfg.sql 
      
    4. Identify the objects in the database that are owned by SYS and are also owned by ODS.

      patchcfg.sql displays a list of objects from the database, as shown in Example 5-1.

    5. For each of the objects, enter a DROP PACKAGE statement.

      For example:

      drop package OIDMETRICINFO;
      

Example 5-1 Invalid Objects to Drop from the Oracle Identity Management Schema Database

select owner, object_name, object_type from dba_objects 
       where status = 'INVALID' order by owner, object_name;

OWNER      OBJECT_NAME        OBJECT_TYPE
---------- ------------------ ------------
SYS        LDAPBLKMOD         PACKAGE BODY
SYS        LDAPUPGUTLS        PACKAGE BODY
SYS        MODIFYDN           PACKAGE
SYS        MODIFYDN           PACKAGE BODY
SYS        ODIGETDIPINFO      PACKAGE BODY
SYS        OIDCONFIGINFO      PACKAGE BODY
SYS        OIDMETRICINFO      PACKAGE BODY
SYS        OIDPORTINFO        PACKAGE BODY
SYS        OIDREPLSTATUSINFO  PACKAGE BODY
SYS        OIDSTATUSINFO      PACKAGE BODY
SYS        OID_STATS          PACKAGE
SYS        OID_STATS          PACKAGE BODY
SYS        OLADD              PACKAGE BODY
SYS        PURGEADMIN         PACKAGE BODY
SYS        TSPURGE            PACKAGE BODY

5.4.1.2 Backing Up the Database Where the Oracle Application Server Identity Management 10g Schema Resides

Before you upgrade the Oracle Application Server Identity Management 10g schema to 11g, back up your database, in case you need to restore the database to its pre-upgrade state.

For more information, see "Backup Strategies for Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide.

5.4.1.3 Modifying the SSL Port Configuration When Using SSL Authentication Mode on the Windows Operating System

If you are running Oracle Application Server Identity Management components on the Windows operating system, and you have configured Authentication Mode for the SSL port for Oracle Internet Directory 10g, then you must change this configuration to SSL No Authentication Mode prior to the upgrade to 11g.

Similarly, if Oracle Directory Integration Platform 10g is connected to the Oracle Internet Directory SSL port using SSL Server Authentication Mode, then you must also reconfigure Oracle Directory Integration Platform to connect to Oracle Internet Directory using SSL No Authentication Mode mode prior to the upgrade to 11g.

For more information, see Oracle Internet Directory Administrator's Guide and Oracle Identity Management Integration Guide in the 10g (10.1.4.0.1) documentation library:

https://download.oracle.com/docs/cd/B28196_01/index.htm

After the upgrade, reconfigure both Oracle Internet Directory and Oracle Directory Integration Platform for SSL Server Authentication Mode mode using wallets.

For more information, see the following:

These changes are not required on Linux or UNIX-based operating systems.

5.4.2 Task 4b: Start the Upgrade Assistant for an OracleAS Identity Management Upgrade

To start the Upgrade Assistant using the graphical user interface:

Note:

You can also use the Upgrade Assistant command-line interface to upgrade your Oracle Application Server 10g Oracle homes. For more information, see "Using the Upgrade Assistant Command-Line Interface" in the Oracle Fusion Middleware Upgrade Planning Guide.
  1. Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.

  2. Enter the following command to start the Upgrade Assistant.

    On UNIX system:

    ./ua
    

    On Windows systems:

    ua.bat
    

    The Upgrade Assistant displays the Welcome screen as shown in Figure 5-1

    Figure 5-1 Upgrade Assistant Welcome Screen

    Description of Figure 5-1 follows
    Description of "Figure 5-1 Upgrade Assistant Welcome Screen"

  3. Click Next to display the Specify Operation screen (Figure 5-1).

    The options available in the Upgrade Assistant are specific to the Oracle home from which it started. When you start Upgrade Assistant from an Oracle Application Server Identity Management Oracle home, the options shown on the Specify Operation screen are the valid options for an Oracle Application Server Identity Management Oracle home.

    Figure 5-2 Upgrade Assistant Specify Operation Screen for an Oracle Application Server Identity Management Upgrade

    Description of Figure 5-2 follows
    Description of "Figure 5-2 Upgrade Assistant Specify Operation Screen for an Oracle Application Server Identity Management Upgrade"

5.4.3 Task 4c: Upgrade the Oracle Internet Directory and Oracle Directory Integration Platform Instance

When you upgrade Oracle Internet Directory and Oracle Directory Integration Platform, the Upgrade Assistant upgrades the Oracle Application Server Identity Management schemas in the Metadata Repository and the configuration files in the Oracle Internet Directory and Oracle Directory Integration Platform middle tier.

Refer to the following sections for more information:

5.4.3.1 Using the Upgrade Assistant to Upgrade Oracle Internet Directory and Oracle Directory Integration Platform

Note:

This example assumes you have installed Oracle Internet Directory and Oracle Directory Integration Platform in the same Oracle Fusion Middleware 11g Oracle instance. You can also install Oracle Internet Directory and Oracle Directory Integration Platform in separate Oracle instances.

For more information, see Section 4.2, "Oracle Internet Directory and Oracle Directory Integration Platform Topology".

To upgrade Oracle Internet Directory and Oracle Directory Integration Platform when they reside in the same Oracle instance:

  1. Backup the database that contains the Oracle Identity Management schemas.

    For more information, see "Backup Strategies for Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide.

  2. Make sure that both the Oracle Internet Directory 10g instance and the new 11g instance are up and running before you start the Upgrade Assistant.

  3. Start the Upgrade Assistant as described in Task 4b: Start the Upgrade Assistant for an OracleAS Identity Management Upgrade.

  4. Select Upgrade Identity Management Instance on the Specify Operation screen (Figure 5-2).

  5. Refer to Table 5-1 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.

  6. After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:

    • Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.

    • Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.

    • Provides a progress screen so you can see the status of the upgrade as it proceeds.

    • Alerts you of any errors or problems that occur during the upgrade.

      See Also:

      "Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant
    • Displays the End of Upgrade screen, which confirms that the upgrade was complete.

    • Sets the ODSSM schema password to match the existing ODS schema password.

  7. Exit the Upgrade Assistant.

Table 5-1 Upgrade Assistant Screens That Require Input During an Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

Upgrade Assistant Screen Description

Specify Source Home

Select the 10g Release 2 (10.1.2) or 10g (10.1.4) source Oracle home.

If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide.

Specify Destination Instance

Enter the complete path to the 11g Oracle instance, or click Browse to locate the instance directory.

Specify WebLogic Server

Enter the host and Administration Server port for the Oracle WebLogic Server you configured in Section 5.3.2, "Install the Oracle WebLogic Server Software and Creating the Middleware Home".

Note this information is required if you are upgrading Oracle Directory Integration Platform. It is also required if you associated your Oracle Internet Directory 11g installation with Oracle WebLogic Server.

For more information, see Section 5.3.2.1, "When is Oracle WebLogic Server Required?".

Warning Dialog Box

The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance.

This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home. In addition, the 11g upgrade of Oracle Identity Management is for Oracle Internet Directory and Directory Integration Platform. Oracle HTTP Server and WebCache are required for Single Sign-On, so they are not necessary when you are migrating only Oracle Internet Directory and Directory Integration Platform.

If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance.

Specify Upgrade Options

Select the upgrade options you want to apply to the Oracle Identity Management upgrade:

  • Use source Oracle home ports in destination: If you want to migrate the port assignments used by your Oracle Application Server 10g Oracle home to your new Oracle Fusion Middleware Oracle instance. Note if you select this option, you will not be able to run both the 10g and 11g middle tiers at the same time; otherwise, port conflicts will occur.

  • Start destination components after successful upgrade: if you want the Upgrade Assistant to automatically start the components in the destination Oracle home after the upgrade is complete. If you do not select this option, then you will have to manually start the destination instance after the upgrade.

Click Help to display more information about the upgrade options on this screen.

Specify Oracle Internet Directory Details

Use this screen to enter the details required to connect to the Oracle Internet Directory 10g instance, including the password to the Oracle Internet Directory super user account (cn=orcladmin).

For more information, click Help.

Specify Database Details

Use this screen to enter the details required to connect to the database where the Oracle Identity Management schemas reside, including the host, service name, port, and SYS password for the database.

Note the following important information about this screen:

  • You must enter the password for the ODS schema password. The default ODS password is the same as the Oracle Application Server administrator password, but this password can be changed after installation, using the Oracle Internet Directory Database Password Utility.

  • The instructions for identifying a Real Application Clusters (RAC) database are different, depending upon whether you are identifying the RAC database that contains the Oracle Internet Directory (ODS) schema or a RAC database that is being used for Oracle Directory Integration Platform.

    For more information, see Section 5.4.3.2, "About Specifying Real Application Clusters (RAC) Database Details on the Specify Database Details Screen".


5.4.3.2 About Specifying Real Application Clusters (RAC) Database Details on the Specify Database Details Screen

If you are upgrading the Oracle Internet Directory or Oracle Directory Integration Platform schemas that are stored in a RAC database, then you must consider the following important steps when entering the database connection details in the Specify Database Details screen in the Upgrade Assistant:

  • If you are upgrading the Oracle Internet Directory (ODS) schema in a RAC database, enter the details about only one node of the RAC database in the Database Host, Database Port, and Database Service fields. Do not enter any information about the Oracle Internet Directory schema database in the Clustered Database Specification field.

  • If you are upgrading Oracle Directory Integration Platform in a RAC database, then you must select the Clustered Database check box and enter the database connection details for each and every node in the cluster in the Database Cluster Specification field, using the syntax shown in Example 5-2.

    Be sure to use the caret character (^) as a separator between each RAC node in the list.

    Example 5-3 shows an example of how you would use the syntax to connect to a RAC database.

    Example 5-2 Syntax for the Database Connection Details for a RAC Database

    host_name:port:first_instance_name^host_name:port:second_instance_name@db_service_name
    

    Example 5-3 Example of the Database Connection Details for a RAC Database

    host1.example.com:1521:inst1^host3.example.com:1522:inst2@db_service.example.com
    

5.4.3.3 Recovering From an Oracle Internet Directory Error During the Upgrade Assistant Examine Phase

The Upgrade Assistant always examines the components in your source and target environments before performing an upgrade to Oracle Fusion Middleware 11g. After this examination phase, you can then proceed with the upgrade of the selected components.

However, if an error occurs while the Upgrade Assistant is examining an Oracle Internet Directory instance, you might have a problem using Upgrade Assistant to examine the Oracle Internet Directory instance again later.

Specifically, during the examine phase, the Upgrade Assistant checks to see if the Oracle Internet Directory instance is up and running. If the instance is not running, then the examine phase reports the problem. You must start the instance before proceeding to the upgrade phase.After starting the instance, if you then click the Back button or restart the Upgrade Assistant, then the Upgrade Assistant skips the Oracle Internet Directory instance during the examination phase and does not report on its state.

To remedy this problem and to re-examine the Oracle Internet Directory instance after a previous examination error, do the following:

  1. Stop the Upgrade Assistant.

  2. Locate and delete the following temporary file:

    ORACLE_INSTANCE/OID/temp/oidretry.dat
    
  3. Restart the Upgrade Assistant and re-examine the components you want to upgrade.

5.5 Task 5: Complete Any Required Oracle Internet Directory and Oracle Directory Integration Platform Post-Upgrade Tasks

After you upgrade Oracle Internet Directory and Oracle Directory Integration Platform, perform the following post-upgrade tasks:

5.5.1 Recreating Any Non-Default Oracle Internet Directory Instances

When you upgrade Oracle Internet Directory, only the default Oracle Internet Directory instance is upgraded.

If you have additional, non-default Oracle Internet Directory instances in your 10g environment, you must create those manually in the 11g environment, as follows:

  1. Perform the following ldapsearch command to locate the additional Oracle Internet Directory instances:

    ldapsearch 
        -p oidPort
        -h oidHost
        -D cn=orcladmin
        -w adminPasswd
        -b "cn=osdldapd, cn=subconfigsubentry" 
        -s one "cn=config*" dn orclsslport orclnonsslport orclmaxcc orclserverprocs
    
  2. Verify the following before you create the additional Oracle Internet Directory instances:

    • That the following files, which are created during the installation, exist in the ORACLE_INSTANCE/config directory:

      tnsnames.ora
      tnsnames_copy.ora
      
    • Verify that OIDDB appears as an entry in the tnsnames.ora file.

  3. Create each additional Oracle Internet Directory instance with the following command:

    opmnctl createcomponent
       -adminRegistration OFF
       -componentType OID
       -componentName componentName
       -Db_info "DBHostName:Port:DBSvcName"
         [-Ods_Password_File 'File_with_DB_ODS_USER_PASSWORD']
         [-Sm_Password_File 'File_with_DB_ODSSM_USER_PASSWD']
         [-Admin_Password_File 'File_with_OID_Admin_Passwd']
       -Namespace "dc=domain_component1,dc=domain_component2..."
       [-Port nonSSLPortFromAboveSearchCommand]
       [-Sport SSLPortFromAboveSearchCommand]
    
  4. After the new instance of Oracle Internet Directory is created, update the orclmaxcc and orclserverprocs using either Fusion Middleware Control or, as follows, using ldapmodify command:

    ldapmodify -p <oidPort> -D cn=orcladmin -w <adminPaswd> << eof 
    dn: cn=<componentName>,cn=osdldapd,cn=subconfigsubentry
    changetype: modify
    replace: orclmaxcc
    orclmaxcc: <orclMaxxCCValueFrom#1>
    -
    replace: orclserverprocs
    orclserverProcs: <orclServerProcsValueFrom#1>
    eof
    
  5. Start new instances:

    opmnctl startproc ias-component=componentName
    

5.5.2 Disabling the Oracle Internet Directory and Oracle Directory Integration Platform 10g Components

If you are using Oracle Single Sign-On and Oracle Delegated Administration Services, and then you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform components in that environment, then you must disable the Oracle Internet Directory and Oracle Directory Integration Platform components in the Oracle Application Server 10g Oracle home.

This step is necessary because in most cases, you will want to maintain your Oracle Single Sign-On and Oracle Delegated Administration Services 10g components, but not the Oracle Internet Directory and Oracle Directory Integration Platform 10g components. For more information, see Section 4.2, "Oracle Internet Directory and Oracle Directory Integration Platform Topology".

To de-associate the existing 10g Oracle Single Sign-On from Oracle Internet Directory:

  1. Modify the Oracle Internet Directory entry in the OPMN configuration file:

    1. Locate the following file in the Oracle Application Server 10g Oracle home:

      $ORACLE_HOME/opmn/conf/opmn.xml
      
    2. Make a backup copy of the file so you can easily revert to the original version if necessary.

    3. Locate the following entry in the opmn.xml file:

      <ias-component id="OID" status="enabled">
      
    4. Modify the entry so that the Oracle Internet Directory component is disabled:

      <ias-component id="OID" status="disabled">
      
  2. Modify the Oracle Internet Directory and Oracle Directory Integration Platform settings in the ias.properties file:

    1. Locate the following file in the Oracle Application Server 10g Oracle home:

      ORACLE_HOME/config/ias.properties
      
    2. Make a backup copy of the file so you can easily revert to the original version if necessary.

    3. Locate the following entries in the ias.properties file and change them from true to false:

      OID.LaunchSuccess=false
      DIP.LaunchSuccess=false
      
  3. Restart Oracle Single Sign-On in the Oracle Application Server 10g Oracle home.

    Note:

    Do not start any Oracle Internet Directory 10g and Oracle Directory Integration Platform 10g processes after the upgrade.

5.5.3 Configuring OPMN in the 10g Oracle Home After Upgrading Oracle Internet Directory to 11g

Use the information in this section if you are upgrading a distributed Oracle Identity Management environment, where the Oracle Internet Directory instance is on a different host from the Oracle Single Sign-On 10g instance.

In such a distributed environment, after you upgrade Oracle Internet Directory to 11g, you must reconfigure the oc4j_security OC4J instance so it does not continue to attempt to connect to OPMN on the Oracle Internet Directory 10g host. Otherwise, errors will appear in the ons.log file and the oc4j_security instance on the Oracle Single Sign-On host will fail to start.

To reconfigure the oc4j_security instance on the Oracle Single Sign-On host:

  1. Locate the following configuration file in the Oracle Identity Management 10g Oracle home on the Oracle Single Sign-On host:

    ORACLE_HOME/opmn/conf/ons.conf
    
  2. Edit the ons.conf file and remove any references to the Oracle Internet Directory host.

    In the following example, OPMN is using the information in the ons.conf file to communicate with OPMN on both SSOHOST1 and OIDHOST1. To stop OPMN from attempting to connect to the OIDHOST1, remove the OIDHOST1 and post from the file:

    nodes=SSOHOST1.example.com:6200,OIDHOST1.example.com:6200
    

5.5.4 Enabling Oracle Internet Directory Referential Integrity After Upgrade

When you upgrade Oracle Internet Directory to 11g, the referential integrity feature of Oracle Internet Directory is not enabled by default. As a result, if you were using referential integrity in Oracle Internet Directory 10g, perform the following steps after the upgrade to 11g:

  1. Use the Oracle Internet Directory Server Diagnostic command-line tool (oiddiag) to identify and fix any referential integrity violations.

    For more information, see "oiddiag" in the Oracle Fusion Middleware User Reference for Oracle Identity Management.

  2. Enable referential integrity for the upgraded Oracle Internet Directory 11g.

    For more information, see "Configuring Referential Integrity" in the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.

5.5.5 Reviewing Configuration Attributes that are not Upgraded to Oracle Internet Directory 11g

When you upgrade your Oracle Internet Directory 11g instance to Oracle Internet Directory 11g, the following configuration parameter values are not upgraded to the 11g instance.

  • MinConnectionsInPool: The value of this attribute will not be saved if it is zero.

  • PluginName: This attribute identifies the authentication plug-in name; after upgrade, the 11g default values will be used for a particular authentication level.

  • ConnectionIdleTimeout: This parameter is obsolete for Oracle Identity Management 11g.

For more information about the configuration parameters supported in Oracle Internet Directory 11g, see "Attribute Reference" in the Oracle Fusion Middleware User Reference for Oracle Identity Management.

5.5.6 Removing Oracle Internet Directory and Oracle Directory Integration Platform 10g from Application Server Control

After you upgrade to Oracle Internet Directory 11g and Oracle Directory Integration Platform 11g, the 10g versions of these components will still appear in the Oracle Enterprise Manager Application Server Control that is running out of the Oracle Single Sign-On 10g Oracle home.

To remove the Oracle Internet Directory and Oracle Directory Integration Platform targets from 10g Application Server Control:

  1. Locate the following file in the Oracle Single Sign-On 10g Oracle home:

    ORACLE_HOME/sysman/emd/targets.xml
    
  2. Delete the entry that represents the Oracle Internet Directory 10g instance from the targets.xml file.

    Note that the target element is formatted differently in the targets.xml file, depending on whether you are upgrading a 10g Release 2 (10.1.2) or 10g (10.1.4) Identity Management environment:

    • If you are upgrading from Oracle Identity Management 10g Release 2 (10.1.2), refer to Example 5-4 for an example of an entry in the targets.xml file that defines an Oracle Internet Directory target called oid10g.

    • If you are upgrading from Oracle Identity Management 10g (10.1.4), refer to Example 5-5 for an example of an entry in the targets.xml file that defines an Oracle Internet Directory target called oid10g.

    Note that Oracle Directory Integration Platform could not be managed by Oracle Enterprise Manager in 10g Release 2 (10.1.2), so you will not see a Oracle Directory Integration Platform entry in the 10g Release 2 (10.1.2) entry.

  3. If necessary, do the same for the Oracle Directory Integration Platform target in the Oracle Single Sign-On 10g Oracle home.

    Refer to Example 5-6 for an example of any entry in targets.xml that defines an Oracle Directory Integration Platform target. When searching for the target, search for the target type, "oracle_eps_server".

  4. Start Application Server Control.

    Refer to the Oracle Application Server 10g documentation for instructions on stopping and starting Application Server Control.

    Note that these changes require a restart of Application Server Control before they take affect. However, in this case, the Oracle Application Server 10g environment will be down immediately after the upgraded, so there is no need to stop Application Server before starting it in this case.

Example 5-4 Oracle Internet Directory Target Entry in a 10g Release 2 (10.1.2) targets.xml File

<Target TYPE="oracle_ldap" NAME="oid10g.myhost.example.com_LDAP"
        DISPLAY_NAME="Internet Directory" VERSION="2.5"
        ON_HOST="myhost.example.com">
        <Property NAME="OracleHome" VALUE="/oracle/product/inst/ias10g"/>
                    .                    .                    .</Target>

Example 5-5 Oracle Internet Directory Target Entry in a 10g (10.1.4) targets.xml File

<Target TYPE="oracle_ldap" NAME="oid10g.myhost.example.com_LDAP"
               DISPLAY_NAME="OID" VERSION="3.0" ON_HOST="myhost.example.com">
    <Property NAME="OracleHome"
               VALUE="/oracle/product/inst/ias10g"/>
                  .
                  .
                  .
    <CompositeMembership>
               <MemberOf TYPE="oracle_ias"
                      NAME="ias10g.myhost.example.com" ASSOCIATION=" "/>
    </CompositeMembership></Target>

Example 5-6 Oracle Directory Integration Platform Entry in a 10g (10.1.4)

<Target TYPE="oracle_eps_server" 
        NAME="dip1014.myhost.example.com_DIP"
        DISPLAY_NAME="dip1014.myhost.example.com_DIP">
   <Property NAME="OracleHome" VALUE="C:\oracle\products\oim1014"/>
   <Property NAME="UserName" VALUE="013549bf4bf5c73c" ENCRYPTED="TRUE"/>
   <Property NAME="password" VALUE="fdfd90d00d859820" ENCRYPTED="TRUE"/>
   <Property NAME="host" VALUE="myhost"/>
   <Property NAME="ConnectDescriptor"
      VALUE="(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)
      (HOST=bigip41.example.com)
      (PORT=1251))(ADDRESS=(PROTOCOL=TCP)
      (HOST=bigip42.example.com)(PORT=1251))
      (LOAD_BALANCE=yes))(CONNECT_DATA=(SERVICE_NAME=newdb.example.com)))"/>
   <Property NAME="version" VALUE="10.1.4.0.1"/>
   <AssocTargetInstance ASSOC_TARGET="epsldap" 
                     TYPE="oracle_ldap" 
                     NAME="oid10g.myhost.example.com_LDAP"/>
   <CompositeMembership>
      <MemberOf TYPE="oracle_ias" NAME="ias10g.myhost.example.com"/>
   </CompositeMembership></Target> 

5.5.7 Removing Unneeded Oracle Directory Integration Platform Template Profiles After Upgrade

All Oracle Directory Integration Platform 10g template profiles are upgraded to 11g during the upgrade process. These profiles can be deleted using Fusion Middleware Control, depending upon the needs of your environment.

Deleting these profiles is an optional step. Be sure not to delete any profiles that were actively being used in the 10g topology.

5.5.8 Deleting Oracle Internet Directory 10g Audit Log Container

The audit log container is obsolete for Oracle Identity Management 11g. You can delete the audit log container by running bulkdelete on the command-line as follows:

ORACLE_HOME/ldap/bin/bulkdelete connect="connect_string" 
basedn="cn=auditlog"

5.5.9 Updating Oracle Internet Directory 10g Port Number in Oracle Enterprise Manager

You must update the Oracle Internet Directory 10g port numbers in the Oracle Enterprise, by running the following opmnctl command:

opmnctl updatecomponentregistration

For example:

ORACLE_INSTANCE/bin/opmnctl updatecomponentregistration -componentType OID -componentName oid1 -adminHost myoidhostname -adminPort 7001 -adminUsername weblogic -Port 389 -Sport 636 

5.5.10 Configuring Oracle Single Sign-On 10g for Oracle Internet Directory 11g

After upgrading to Oracle Internet Directory 11g, if you want to use the Oracle Single Sign-On 10g then you must open the ias.properties file (Located at Oracle Single Sign-On 10g ORACLE_HOME) in a text editor and update the following parameters:

  • OIDport= Enter the Oracle Internet Directory 11g port number.

  • OIDsslport= Enter the Oracle Internet Directory 11g SSL port number.

5.6 Task 6: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

To verify that your Oracle Internet Directory and Oracle Directory Integration Platform upgrade was successful:

  1. Run the Upgrade Assistant again and select Verify Instance on the Specify Operation page.

    Follow the instructions on the screen for information on how to verify that specific Oracle Fusion Middleware components are up and running.

    Note:

    If the Oracle Internet Directory is configured only for SSL, then you cannot verify the Oracle Internet Directory using the Upgrade Assistant. You must manually verify by running the ldapbind command.
  2. Use the Fusion Middleware Control to verify that the Oracle Internet Directory and Oracle Directory Integration Platform components are up and running.

    For more information, see "Getting Started Using Oracle Enterprise Manager Fusion Middleware Control" in the Oracle Fusion Middleware Administrator's Guide.