8 Managing Oracle Internet Directory Instances

This chapter describes how to create and manage server instances. It contains these topics:

8.1 Introduction to Managing Oracle Internet Directory Instances

This introduction contains the following topics:

8.1.1 The Instance-Specific Configuration Entry

In 11g Release 1 (11.1.1), configuration information for an Oracle Internet Directory instance resides in an instance-specific configuration entry, which has a DN of the form:

cn=componentname,cn=osdldapd,cn=subconfigsubentry

where componentname is the name of a Oracle Fusion Middleware system component of Type=OID, such as oid1 or oid2.

You do not manually create an instance-specific configuration entry. Instead, you create a Oracle Fusion Middleware system component of Type=OID, which automatically generates an instance-specific configuration entry named oid1.

Figure 8-1 shows the configuration entries for two Oracle Internet Directory components in the DIT. The DNs for the instance-specific configuration entries are:

cn=oid1,cn=osdldapd,cn=subconfigsubentry
cn=oid2,cn=osdldapd,cn=subconfigsubentry

Figure 8-1 DIT Showing Two Instance-Specific Configuration Entries

This illustration is described in the text.

The attributes in the instance-specific configuration specify information such as hostname, ports, events to be audited, number of child processes, and security configuration. For a complete list, see Section 9.1.3, "Attributes of the Instance-Specific Configuration Entry."

8.1.2 Creating the First Oracle Internet Directory Instance

When you install Oracle Internet Directory on a host computer, the Oracle Identity Management 11g Installer creates an Oracle Fusion Middleware system component of Type=OID in a new or existing Oracle instance (ASINST).

A default instance-specific configuration entry named oid1 is created for the OID component, as follows:

cn=oid1,cn=osdldapd,cn=subconfigsubentry

This default oid1 configuration entry is created for both of these scenarios:

  • You run the Installer using the "Install and Configure" option.

  • You run the Installer using the "Install Software - Do Not Configure" option and then later run the Configuration Wizard (config.sh or config.bat script) to configure the OID component.

The Oracle Internet Directory component contains an OIDMON process and an Oracle Internet Directory instance (inst=1). The instance name is chosen during the installation, usually asinst_1. The Oracle Internet Directory instance consists of a dispatcher process and one or more OIDLDAPD processes.

Beginning with Oracle Internet Directory 11g Release 1 (11.1.1.7.0), the OIDLDAPD process is separated as the OIDDISPD (dispatcher) process and the OIDLDAPD (server) process. On UNIX and Linux systems, however, the ps -ef command will continue to show both of these processes as OIDLDAPD at runtime.

In addition, the Oracle Identity Management 11g Installer creates some file system directories under the Oracle instance directory. Some of the pathnames it creates are are specific to the component name. For example, the pathnames under your Oracle instance on UNIX or Linux include:

ORACLE_INSTANCE/config/OID/oid1
ORACLE_INSTANCE/diagnostics/logs/OID/oid1

If you selected Create New Domain or Extend Existing Domain during installation, the Oracle Internet Directory component is registered with a WebLogic domain. If you selected Configure Without a Domain during installation, the Oracle Internet Directory component is not registered with a domain. You can register it later from the command line. Registering with a domain in this case is optional.

Note:

Oracle Internet Directory is frequently configured in a cluster where instances on different hosts are all connected to the same Oracle Database. Oracle Identity Management 11g Installer detects that other OID components are using the same Oracle Database and increments the component name for the new component by 1. That is, successive installations in the cluster will have the component names oid2, oid3, and so forth.

8.1.3 Creating Additional Oracle Internet Directory Instances

The recommended way to add another Oracle Internet Directory instance is to add an additional system component of Type=OID in the Oracle instance.

To do this, you use opmnctl createcomponent, specifying the component type Type=OID, the component name for the new component, and the instance name of the Oracle instance. This new Oracle Internet Directory component consists of an OIDMON process, an OIDLDAPD dispatcher process, and one or more OIDLDAPD server processes. For example, see ias_component=oid2 at the bottom of Figure 8-2.

Figure 8-2 Oracle Internet Directory Process Control

Surrounding text describes Figure 8-2 .

You use an OPMN command, opmnctl createcomponent, to create a new instance-specific configuration entry in the DIT. If the new component name is oid2, the new entry looks like this:

cn=oid2,cn=osdldapd,cn=subconfigsubentry

You can change the values of attributes in this entry to customize the instance.

The opmnctl command also creates additional pathnames in the file system under the ORACLE_INSTANCE directory for the Oracle instance asinst_1. If the new component name is oid2, the pathnames include:

ORACLE_INSTANCE/config/OID/oid2
ORACLE_INSTANCE/diagnostics/logs/OID/oid2

You can use opmnctl process control commands to manage the components oid1 and oid2 individually. You can register the new Oracle Internet Directory instance with the WebLogic domain, either at creation time or later.

Note:

You can use oidctl to create an instance if you are running Oracle Internet Directory as a standalone server, not part of a WebLogic domain. When you create an instance with oidctl, you must use oidctl to stop and start the instance. An Oracle Internet Directory instance created with oidctl cannot be registered with a WebLogic server, so you cannot use Oracle Enterprise Manager Fusion Middleware Control to manage the instance. See Appendix B, "Managing Oracle Internet Directory Instances by Using OIDCTL."

See Also:

8.1.4 Registering an Oracle Instance or Component with the WebLogic Server

If you want to manage an Oracle Internet Directory component with Oracle Enterprise Manager Fusion Middleware Control, you must register the component and the Oracle instance that contains it with a WebLogic domain. You can register an Oracle instance with a WebLogic domain during installation or Oracle instance creation, but you are not required to do so. If an Oracle instance was not previously registered with a WebLogic domain, you can register it by using opmnctl registerinstance.

If the Oracle instance is already registered, and you are adding a new Oracle Internet Directory system component to the Oracle instance, opmnctl automatically registers the component as part of that Oracle instance.

If you change the configuration of a registered component, you must update the information by running opmnctl updatecomponentregistration. See Managing Oracle Internet Directory Components by Using opmnctl.

8.2 Managing Oracle Internet Directory Components by Using Fusion Middleware Control

You can view, stop, and start Oracle Internet Directory components by using Oracle Enterprise Manager Fusion Middleware Control. This section contains the following topics:

8.2.1 Viewing Active Server Information by Using Fusion Middleware Control

To view information about any Oracle Internet Directory component—including type, debug level, host name, and configuration parameters—use Oracle Enterprise Manager Fusion Middleware Control. To do this:

  1. Connect to Oracle Enterprise Manager Fusion Middleware Control as described in Section 7.3, "Using Fusion Middleware Control to Manage Oracle Internet Directory."

  2. The Domain Home Page displays the status of components, including Oracle Internet Directory.

  3. Select the Oracle Internet Directory component you want to view.

  4. View the status information on the Oracle Internet Directory Home page.

8.2.2 Starting the Oracle Internet Directory Server by Using Fusion Middleware Control

Start the Oracle Internet Directory server as follows:

  1. Go to the Oracle Internet Directory home page in Oracle Enterprise Manager Fusion Middleware Control.

  2. From the Oracle Internet Directory menu, select Control, then Start Up.

  3. When the confirmation dialog appears, click OK.

If Fusion Middleware Control cannot start the server, an error dialog appears.

8.2.3 Stopping the Oracle Internet Directory Server by Using Fusion Middleware Control

Stop the Oracle Internet Directory server as follows:

  1. Go to the Oracle Internet Directory home page in Oracle Enterprise Manager Fusion Middleware Control.

  2. From the Oracle Internet Directory menu, select Control, then Shut Down.

  3. When the confirmation dialog appears, click OK.

If Fusion Middleware Control cannot stop the server, an error dialog appears.

8.2.4 Restarting the Oracle Internet Directory Server by Using Fusion Middleware Control

Restart the Oracle Internet Directory server as follows:

  1. Go to the Oracle Internet Directory home page in Oracle Enterprise Manager Fusion Middleware Control.

  2. From the Oracle Internet Directory menu, select Control, then Restart.

  3. When the confirmation dialog appears, click OK.

If Fusion Middleware Control cannot restart the server, an error dialog appears.

8.3 Managing Oracle Internet Directory Components by Using opmnctl

You can perform the following Oracle Internet Directory-related tasks from the command line by using opmnctl:

Note:

Arguments to opmnctl are case sensitive. Be sure to type them exactly as shown. For example, createcomponent must be in all lower case and -adminUsername must have only the letter U in upper case.

For more information about options to an opmnctl command, type:

ORACLE_INSTANCE/bin/opmnctl usage command  

For example:

$ORACLE_INSTANCE/bin/opmnctl usage createcomponent

See Also:

8.3.1 Creating an Oracle Internet Directory Component by Using opmnctl

You create an Oracle Internet Directory system component in an Oracle instance by using opmnctl createcomponent. This command automatically registers the component with a WebLogic domain at the time you create the component, as long as the instance is in a registered state. The syntax is:

ORACLE_INSTANCE/bin/opmnctl createcomponent 
   -componentType OID 
   -componentName componentName 
   -adminHost webLogicHostName   
   -adminPort webLogicPort
   [-adminUsername weblogicAdminUsername]
   [-adminPasswordFile text_file_containing_admin_password]
   -Db_info "DBHostName:Port:DBSvcName" 
   [-Ods_Password_File 'File_with_DB_ODS_USER_PASSWORD'] 
   [-Sm_Password_File 'File_with_DB_ODSSM_USER_PASSWD']
   [-Admin_Password_File 'File_with_OID_Admin_Passwd']
   -Namespace "dc=domain_component1,dc=domain_component2..."
   [-Port nonSSLPort]
   [-Sport SSLPort]

The DBHostName:Port:DBSvcName argument to the -DB_info parameter must be the same as that provided during installation. If it is not, the command will fail. You can find this value in the file ORACLE_INSTANCE/config/tnsnames_copy.ora.

If the Oracle Database is based on Real Application Clusters, the argument to the -DB_info parameter is of the form:

DBHostName1:Port1^DBHostName2:Port2@DBSvcName

The opmnctl command prompts for the WebLogic administrator's user name if you do not supply it. It also prompts for the passwords if you do not supply password file names on the command line. The opmnctl command also uses available ports if you do not specify -Port or -Sport, as described in Section 3.1.3, "Oracle Internet Directory Ports."

8.3.2 Registering an Oracle Instance by Using opmnctl

During an Oracle Internet Directory installation, Oracle Identity Management 11g Installer requests domain information. If you choose Configure Without a Domain, your Oracle Internet Directory instance is not registered with a WebLogic domain. After the installation is complete, you can choose to register an Oracle instance and all the components in that Oracle instance by using opmnctl registerinstance. The syntax is:

ORACLE_INSTANCE/bin/opmnctl registerinstance 
 -adminHost hostname 
 -adminPort weblogic_port 
 -adminUsername weblogic_admin_username 

You are prompted for the WebLogic administrator's user name and password.

For example:

ORACLE_INSTANCE/bin/opmnctl registerinstance \
 -adminHost myhost \
 -adminPort 7001 \
 -adminUsername weblogic \

The default administrative port on the WebLogic Administration Server is 7001.

8.3.3 Unregistering an Oracle Instance by Using opmnctl

If you registered an Oracle instance with a WebLogic domain during installation, you can unregister it after the install is complete. You might want to do this if you decide to use Oracle Internet Directory in standalone mode. (In standalone mode, you cannot use Fusion Middleware Control or wlst to manage Oracle Internet Directory.)

To unregister an Oracle instance and all the components in that Oracle instance, you use opmnctl unregisterinstance. The syntax is:

ORACLE_INSTANCE/bin/opmnctl unregisterinstance 
 -adminHost hostname 
 -adminPort weblogic_port 
 -adminUsername weblogic_admin 

you are prompted for the WebLogic administrator's user name and password if you do not supply them.

For example:

$ORACLE_INSTANCE/bin/opmnctl unregisterinstance \
 -adminHost myhost \
 -adminPort 7001 \
 -adminUsername weblogic \

The default administrative port on the WebLogic Administration Server is 7001.

8.3.4 Updating the Component Registration of an Oracle Instance by Using opmnctl

You must update the registration of an Oracle Internet Directory component in a registered Oracle instance whenever you change any of the configuration attributes in Table 8-1. If you do not update the component registration, you will be unable to use Fusion Middleware Control or wlst to manage that component.

To update the registration of an Oracle Internet Directory component, you use opmnctl updatecomponentregistration. The syntax is:

ORACLE_INSTANCE/bin/opmnctl updatecomponentregistration 
   -adminHost hostname 
   -adminPort weblogic_port 
   -adminUsername weblogic_admin 
   -componentType OID  
   -componentName compName
   -Port non-sslport 
   -Sport sslport

For example:

$ORACLE_INSTANCE/bin/opmnctl updatecomponentregistration \
 -adminHost myhost \
 -adminPort 7001 \
 -adminUsername weblogic \
 -componentType OID  \
 -componentName oid2 \
 -Port 3061 \
 -Sport 3131

You are prompted for the WebLogic administrator's user name and password if you do not supply them.

The default administrative port on the WebLogic Administration Server is 7001.

You must supply both a non-SSL port and an SSL port.

8.3.5 Deleting an Oracle Internet Directory Component by Using opmnctl

You remove an Oracle Internet Directory component by using opmnctl deletecomponent. This also unregisters the component with the WebLogic server. The syntax is:

$ORACLE_INSTANCE/bin/opmnctl deletecomponent
  -adminHost webLogicHostName
  -adminPort webLogicPort
  -adminUsername weblogicAdminUsername
  -adminPasswordFile text_file_containing_admin_password
  -componentType OID
  -componentName componentName

you are prompted for the WebLogic administrator's user name and password if you do not supply them.

8.3.6 Viewing Active Server Instance Information by Using opmnctl

To view the status of components and processes by using opmnctl, type:

opmnctl status -l

For example:

$ ./opmnctl status -l

Processes in Instance: asinst_2
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ias-component                    | process-type       |     pid | status   |        uid |  memused |    uptime | ports---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
oid2                             | oidldapd           |   24760 | Alive    |  988238800 |   102744 |   0:01:12 | N/A
oid2                             | oidldapd           |   24756 | Alive    |  988238799 |    55052 |   0:01:12 | N/A
oid2                             | oidmon             |   24745 | Alive    |  988238796 |    48168 |   0:01:14 | LDAPS:6789,LDAP:6788

oid1                             | oidldapd           |   21590 | Alive    |  988238048 |   103716 |  19:51:48 | N/A
oid1                             | oidldapd           |   21586 | Alive    |  988238047 |    54420 |  19:51:49 | N/A
oid1                             | oidmon             |   21577 | Alive    |  988238046 |    48168 |  19:51:49 | LDAPS:3133,LDAP:3060

8.3.7 Starting the Oracle Internet Directory Server by Using opmnctl

The component name of the first Oracle Internet Directory component is oid1.

To start the first Oracle Internet Directory instance, type:

opmnctl startproc ias-component=oid1

To start all Oracle Internet Directory instances, type

opmnctl startproc process-type=OID

To start all components, type

opmnctl startall 

8.3.8 Stopping the Oracle Internet Directory Server by Using opmnctl

To stop the first Oracle Internet Directory server component, type:

opmnctl stopproc ias-component=oid1

To stop all Oracle Internet Directory instances, type

opmnctl stopproc process-type=OID

To stop all components, type

opmnctl stopall 

8.3.9 Restarting the Oracle Internet Directory Server by Using opmnctl

To restart the first Oracle Internet Directory instance, type:

opmnctl restartproc ias-component=oid1

To restart all Oracle Internet Directory instances, type

opmnctl restartproc process-type=OID

8.3.10 Changing the Oracle Database Information in opmn.xml

By default, ORACLE_INSTANCE/config/OPMN/opmn/opmn.xml contains an XML snippet that opmnctl uses when it attempts to start the default Oracle Internet Directory LDAP server instance. Occasionally, you might need to edit the opmn.xml file. For example, if you change the Oracle Database instance in ORACLE_INSTANCE/config/tnsnames.ora, you must add the Oracle Database DB_CONNECT_STR to ORACLE_INSTANCE/config/OPMN/opmn/opmn.xml. You can use a text editor to edit opmn.xml.

8.4 Starting an Instance of the Replication Server by Using OIDCTL

To configure an instance of Oracle Internet Directory Replication Server, use the oidctl start command with server=oidrepld. Best practice is to create a separate instance of Oracle Internet Directory to use for replication.

First create a new instance of Oracle Internet Directory as described in Section 8.1.3, "Creating Additional Oracle Internet Directory Instances." Then, ensure that the environment variable ORACLE_INSTANCE is set and type:

oidctl connect=connStr server=oidrepld inst=1 componentname=Component_Name \
   name=Instance_Name start

The componentname value must be the component name of the running oidldapd server. The name value must be the instance name of the running oidldapd server.

Do not start more than one instance of oidrepld on a host. Do not start oidrepld on more than one Oracle Internet Directory instance sharing the same Oracle Database.

Note:

The environment variables ORACLE_INSTANCE, ORACLE_HOME, and COMPONENT_NAME must be set before you run the oidctl command to start or stop the replication server.