Skip Headers
Oracle® Fusion Middleware Installation Guide for Oracle Unified Directory
11g Release 2 (11.1.2)

Part Number E23737-05
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

4 Setting Up the Proxy Server

This chapter describes the configuration steps that are necessary to get an Oracle Unified Directory proxy instance up and running. The chapter provides an overview of the tested Oracle Unified Directory proxy deployments. Other deployments are possible, but might not have been tested extensively. For a description of the tested deployments, see Example Deployments Using the Proxy Server, in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

To set up the proxy, you must have one or more remote LDAPv3-compliant directory servers. Oracle Unified Directory proxy has been tested with Oracle Unified Directory and Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1).

Before you start to set up the proxy, determine the type of deployment architecture that you want to implement from the following list:

A global index catalog can be incorporated into any scenario that uses distribution. For information about creating a global index catalog, see Configuring Global Indexes By Using the Command Line in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

You can set up the proxy in two ways:

This chapter covers the following topics:

4.1 Setting Up the Proxy Server by Using the GUI

The following topics present a step by step installation using the oud-proxy-setup graphical interface, including configuration examples for simple deployments.

Before you run the command, make sure that you have determined the best deployment architecture, using the deployment scenarios that are described in Example Deployments Using the Proxy Server, in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

4.1.1 Presentation of the GUI Setup Wizard

The GUI setup wizard is organized as follows:

  • The left hand pane lists the steps of the setup process. The deployment sub-steps change, according to the type of deployment that you select.

  • The arrow in the left hand pane indicates the current step.

  • The main area on the right is the action pane, where you define your deployment.

  • At the bottom of the window you have the option to go back and forth (or quit) to modify and complete your installation.

The remaining tasks in this section walk you through the various types of proxy deployments that can be set up.

4.1.2 To Configure Simple Load Balancing

  1. When you have installed the software, change to the ORACLE_HOME subdirectory.

    (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
    (Windows)      C:\> cd OUD-base-location\ORACLE_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).

  3. Run the oud-proxy-setup command to configure the proxy server installation.

    (UNIX, Linux)  $ oud-proxy-setup
    (Windows)      C:\> oud-proxy-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    The instance is created directly under OUD-base-location by default. To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    
  4. On the Welcome panel, click Next.

  5. On the Server Settings panel, enter the following information:

    • Host Name: Enter the proxy server's host name or IP address.

      The default is the local host name.

    • LDAP Listener Port: Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX platforms, if you run the installer as a non-root user, the default is 1389, if available.

    • LDAP Secure Access: If you want to configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access: Select Enable SSL and enter a valid port for secure LDAP operations.

        The default secure port that is proposed is the first available port that ends with 636. On UNIX platforms, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access: Select Enable StartTLS for LDAP.

      3. Certificate: If you are in a testing environment, select Generate Self-Signed Certificate.

        For production servers, select Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK to continue.

    • Administration Port: Enter the port that will be used for administration traffic.

      The default administration port is 4444. For more information, see Managing Administration Traffic to the Server in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    • Root User DN: Enter the Root User DN, or keep the default, cn=Directory Manager.

    • Password: Enter the root user bind password.

    • Password (confirm): Re-enter the root user bind password.

    Click Next.

    The Deployment Options screen is displayed.

  6. Select Use load balancing on a replicated data set from the Configuration Option drop-down menu.

    Note:

    If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command, or the ODSM interface, to configure your deployment.

    Click Next.

    The Back-End Servers screen is displayed.

  7. Select the remote LDAP servers that hold the corresponding replicated data.

    1. If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.

      • For Oracle Unified Directory servers:

        Select Connect to a replicated Oracle Unified Directory server.

        Enter the hostname, administration port, administration bind DN and password for the remote Oracle Unified Directory server.

        Click Connect.

        Accept the certificate.

        Check the servers that should be part of the load balanced topology.

        When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

        Click OK.

      • For Oracle Directory Server Enterprise Edition servers:

        Select Connect to a DSCC registry.

        Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.

        Check the servers that should be part of the load balanced topology.

        The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

        Click OK.

    2. If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.

    Click Next.

    The Load Balancing Options screen is displayed.

  8. Choose a load balancing algorithm.

    For information about the various load balancing algorithms, see Load Balancing Using the Proxy in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

  9. Set the load balancing algorithm properties or select Default Values.

    When you have completed the installation, the properties can be modified. For more information, see Modifying Load Balancing Properties in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    1. For proportional, set the weight. Requests are distributed between the remote LDAP servers based on the weight indicated.

      For example, if you leave the default value of 1, then all servers will receive the same number of requests.

    2. For failover, indicate the order in which the servers are used.

      The server with a value of 0 is the highest priority server. The other servers are used only if there is a failure on the main server.

    3. For saturation, set the order in which the servers are used as well as the saturation threshold of each server.

      Requests are sent to the server with the highest priority (1) until it reaches the threshold indicated. The saturation threshold is the rate at which the server is considered saturated, or full. Typically this limit should be set lower than 100%.

    4. For optimal, no additional configuration is required.

      The active server is selected based on the saturation index, which is calculated automatically.

  10. Enter the naming context, or suffix.

    If the remote LDAP servers are online, the setup connects to them and displays the naming contexts that are available on the servers.

    If no naming contexts are proposed, enter the DN of the naming context that you want to use, for example, dc=example,dc=com.

    Click Next.

    The Runtime options screen is displayed.

  11. Click Change to configure any specific JVM settings, or click Next to run the server with the default JVM settings.

    The Review screen is displayed.

  12. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

  13. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

  14. Click Finish to complete the installation.

    When the installation is complete, you can use the dsconfig command to modify the installation. For more information, see Managing the Server Configuration With dsconfig in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

4.1.3 To Configure Simple Distribution

  1. When you have installed the software, change to the ORACLE_HOME subdirectory.

    (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
    (Windows)      C:\> cd OUD-base-location\ORACLE_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).

  3. Run the oud-proxy-setup command to configure the proxy server installation.

    (UNIX, Linux)  $ oud-proxy-setup
    (Windows)      C:\> oud-proxy-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    The instance is created directly under OUD-base-location by default. To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    
  4. On the Welcome panel, click Next.

  5. On the Server Settings screen, enter the following information:

    • Host Name: Enter the proxy server's host name or IP address.

      The default is the local host name.

    • LDAP Listener Port: Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX platforms, if you run the installer as a non-root user, the default is 1389, if available.

    • LDAP Secure Access: If you want to configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access: Select Enable SSL and enter a valid port for secure LDAP operations.

        The default secure port that is proposed is the first available port that ends with 636. On UNIX platforms, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access: Click Enable StartTLS for LDAP.

      3. Certificate: If you are in a testing environment, select Generate Self-Signed Certificate.

        For production servers, click Use an Existing Certificate, and then click the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK.

    • Administration Port: Enter the port that will be used for administration traffic.

      The default administration port is 4444. For more information, see Managing Administration Traffic to the Server in the Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    • Root User DN: Enter the Root User DN, or keep the default, cn=Directory Manager.

    • Password: Enter the root user bind password.

    • Password (confirm): Retype the root user bind password.

    • Click Next.

  6. In the Deployment Options panel, select Use distribution on a partitioned data set from the Configuration Option drop-down menu.

    If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command or the ODSM interface to configure your deployment.

  7. Drag the sliding arrow to specify the number of partitions on which the data is separated.

    For the example distribution scenario, select two partitions.

    Click Next.

  8. Define how the data will be partitioned across the LDAP servers.

    1. Select the Partitioning Algorithm from the drop-down list.

      For information about the various partitioning algorithms, see Data Distribution Using the Proxy in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    2. Enter the naming context.

      For example, dc=example,dc=com.

    3. Enter the distribution base DN.

      For example, ou=people. The distribution base DN is the level after which the distribution requests apply.

    4. If you have selected a Lexico or Numeric algorithm, enter the distribution attribute.

      For example,uid.

  9. Depending on the distribution algorithm, define the partition capacities, DN patterns, or boundaries for each partition.

    If you use the Set Default button, the installation wizard sets defaults that might not correspond to your deployment. This feature can, however, be useful for testing purposes.

    1. For capacity, set the maximum number of entries for each partition.

      For example, if you set maximum entries to 1000, only 1000 Add requests will be sent to the LDAP server associated with that partition. If you set maximum entries to 1000 for partition 1 and 2000 for partition 2, the proxy will send twice the number of requests to partition 2.

      Note:

      If you select the capacity algorithm, you must create a global index, as described in the next step.

    2. For DN pattern, set the DN pattern string for each partition.

      For example, cn=[a].* means that requests with a uid that starts with a will be sent to partition 1. For more information about DN pattern strings, see DN Pattern String Syntax in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    3. For lexico, set the alphabetic boundaries for each partition.

      For example, for partition 1, From=A, To=K. This means that uids with values between A and K will be sent to partition 1.

    4. For numeric, set numeric boundaries for each partition.

      For example, for partition 1, From=0, To=1000. This means that uids between 0 and 1000 will be sent to partition 1.

    Note:

    The upper boundary is exclusive. That is, if you set the upper boundary to 1000, only entries up to 999 will be distributed to that partition.

    If you leave one of the boundaries blank, this will be considered as unlimited. In other words, if you set the lower boundary to 1000 and the upper boundary to blank, the partition will include everything after 1000.

    Click Next.

  10. Configure the global index.

    1. Select Enable Global Indexes.

      If you have selected a capacity algorithm, this option will already be selected because Global indexes are mandatory for the capacity algorithm.

    2. Add attributes to be indexed:

    The installation wizard creates a global index catalog, named gi-catalog by default, and populates the global index catalog with global indexes of the selected attributes. All global indexes are associated with the same global index catalog (gi-catalog). The installation wizard also creates a global index replication administrator with the same password as the directory manager.

    For information about configuring and using global indexes, see Configuring Global Indexes By Using the Command Line in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

  11. For each partition, select the remote LDAP server that holds the corresponding partitioned data.

    Note:

    If you add two servers for one partition, you must configure load balancing between these servers. This use case is explained in the example To Configure Distribution with Load Balancing.

    1. If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.

      For Oracle Unified Directory servers:

      1. Select Connect to a replicated Oracle Unified Directory server.

      2. Enter the hostname, administration port, administration bind DN and password for the remote Oracle Unified Directory server.

      3. Click Connect.

      4. Accept the certificate.

        Check the servers that should be part of the load balanced topology.

        When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

      5. Click OK.

      For Oracle Directory Server Enterprise Edition servers:

      1. Select Connect to a DSCC registry.

      2. Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.

      3. Check the servers that should be part of the load balanced topology.

        The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

      4. Click OK.

    2. If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.

      1. Enter the server name, port and security settings.

        The security settings that you set here determine the security between the Oracle Unified Directory proxy and remote LDAP servers. For more information about setting security options, see Configuring Security Between the Proxy and the Data Source, in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

      2. Click Add.

      3. Click Close when you have added all the remote LDAP servers for the distributed topology.

  12. On the Runtime options panel, click Change to configure any specific JVM setting, or click Next to run the server with the default JVM settings.

  13. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

  14. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

  15. Click Finish to complete the installation.

    When the installation is complete, you can use the dsconfig command to modify the installation. For more information, see Managing the Server Configuration With dsconfig in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

4.1.4 To Configure Distribution with Load Balancing

  1. When you have installed the software, change to the ORACLE_HOME subdirectory.

    (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
    (Windows)      C:\> cd OUD-base-location\ORACLE_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).

  3. Run the oud-proxy-setup command to configure the proxy server installation.

    (UNIX, Linux)  $ oud-proxy-setup
    (Windows)      C:\> oud-proxy-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    The instance is created directly under OUD-base-location by default. To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    
  4. On the Welcome panel, click Next.

  5. On the Server Settings panel, enter the following information:

    • Host Name: Enter the proxy server's host name or IP address.

      The default is the local host name.

    • LDAP Listener Port: Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX platforms, if you run the installer as a non-root user, the default is 1389, if available.

    • LDAP Secure Access: If you want to configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access: Select Enable SSL and enter a valid port for secure LDAP operations.

        The default secure port that is proposed is the first available port that ends with 636. On UNIX platforms, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access: Click Enable StartTLS for LDAP.

      3. Certificate: If you are in a testing environment, select Generate Self-Signed Certificate.

        For production servers, click Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK.

    • Administration Port: Enter the port that will be used for administration traffic.

      The default administration port is 4444. For more information, see Managing Administration Traffic to the Server in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    • Root User DN: Enter the Root User DN, or keep the default, cn=Directory Manager.

    • Password: Enter the root user bind password.

    • Password (confirm): Retype the root user bind password.

    Click Next to continue.

    The Deployment Options screen is displayed.

  6. Select Use distribution on a partitioned data set from the Configuration Option drop-down menu.

    If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command or the ODSM interface to configure your deployment.

  7. Drag the sliding arrow to specify the number of partitions on which the data is separated.

    For the example distribution scenario, select two partitions.

    Click Next.

  8. Define how the data will be partitioned across the LDAP servers.

    1. Select the Partitioning Algorithm from the drop-down list.

      For information about the various partitioning algorithms, see Data Distribution Using the Proxy in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    2. Enter the naming context.

      For example, dc=example,dc=com.

    3. Enter the distribution base DN.

      For example, ou=people. The distribution base DN is the level after which the distribution requests apply.

    4. If you have selected a Lexico or Numeric algorithm, enter the distribution attribute.

      For example,uid.

  9. Depending on the distribution algorithm, define the partition capacities, DN patterns, or boundaries for each partition.

    If you use the Set Default button, the installation wizard sets defaults, that might not correspond to your deployment. This feature can, however, be useful for testing purposes.

    1. For capacity, set the maximum number of entries for each partition.

      For example, if you set maximum entries to 1000, only 1000 Add requests will be sent to the LDAP server associated with that partition. If you set maximum entries to 1000 for partition 1 and 2000 for partition 2, the proxy will send twice the number of requests to partition 2.

      If you select the capacity algorithm, you must create a global index, as described in the next step.

    2. For DN pattern, set the DN pattern string for each partition.

      For example, cn=[a].* means that requests with a uid that starts with a will be sent to partition 1. For more information about DN pattern strings, see DN Pattern String Syntax in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    3. For lexico, set the alphabetic boundaries for each partition.

      For example, for partition 1, From=A, To=K. This means that uids with values between A and K will be sent to partition 1.

    4. For numeric, set numeric boundaries for each partition.

      For example, for partition 1, From=0, To=1000. This means that uids between 0 and 1000 will be sent to partition 1.

      The upper boundary is exclusive. That is, if you set the upper boundary to 1000, only entries up to 999 will be distributed to that partition.

      If you leave one of the boundaries blank, this will be considered as unlimited. In other words, if you set the lower boundary to 1000 and the upper boundary to blank, the partition will include everything after 1000.

    Click Next.

  10. Configure the global index.

    1. Select Enable Global Indexes.

      If you have selected a capacity algorithm, this option will already be selected because Global indexes are mandatory for the capacity algorithm.

    2. Add attributes to be indexed:

      1. Select Index the DNs if you want the DNs included in the global index.

      2. Select Index other attributes if you want attributes other than the DNs included.

      3. Select attributes from the Available Attributes list and click Add to include those attributes in the global index.

        All available attributes are listed. Choose only those attributes that contain unique values.

        If necessary, use the split-ldif command to divide LDIF files into files containing the expected data for global indexes. For more information, see To Create a Global Index Catalog Containing Global Indexes in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

      The installation wizard creates a global index catalog, named gi-catalog by default, and populates the global index catalog with global indexes of the selected attributes. All global indexes are associated with the same global index catalog (gi-catalog). The installation wizard also creates a global index replication administrator with the same password as the directory manager.

      For information about configuring and using global indexes, see Configuring Global Indexes By Using the Command Line in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

  11. For each partition, select the remote LDAP server that holds the corresponding partitioned data.

    You must select at least two remote LDAP servers per partition to deploy distribution with load balancing.

    1. If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.

      For Oracle Unified Directory servers:

      1. Select Connect to a replicated Oracle Unified Directory server.

      2. Enter the hostname, administration port, administration bind DN and password for the remote Oracle Unified Directory server.

      3. Click Connect.

      4. Accept the certificate.

      5. Check the servers that should be part of the load balanced topology.

        When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

      6. Click OK.

      For Oracle Directory Server Enterprise Edition servers:

      1. Select Connect to a DSCC registry.

      2. Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.

      3. Check the servers that should be part of the load balanced topology.

        The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

      4. Click OK.

    2. If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.

      1. Enter the server name, port and security settings.

        The security settings you set here will determine the security between the Oracle Unified Directory proxy and remote LDAP servers. For more information about setting security options, see Configuring Security Between the Proxy and the Data Source, in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

      2. Click Add.

      3. Click Close when you have added all the remote LDAP servers for the distributed topology.

  12. For each partition, set load balancing.

    1. Choose the load balancing algorithm.

      For example, select Proportional with default values.

    2. Set the load balancing algorithm properties or select Default Values.

      When you have completed the installation, the properties can be modified. For more information, see Modifying Load Balancing Properties in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

      • For proportional load balancing, set the weight. Requests are distributed between the remote LDAP servers based on the weight indicated.

        For example, if you leave the default value of 1, all servers will receive the same number of requests.

      • For failover, indicate the order in which the servers are used.

        The server with a value of 1 will be the main server. The other servers will only be used if there is a failure on the server with a priority of 1.

      • For saturation, set the order in which the servers are used as well as the saturation threshold of each server.

        Requests are sent to the server with the highest priority (1) until it reaches the threshold indicated. The saturation threshold is the rate at which the server is considered saturated, or full. Typically this limit should be set lower than 100%.

      • For optimal, no additional configuration is required.

        The active server is selected based on the saturation index, which is calculated automatically.

  13. On the Runtime options panel, click Change to configure any specific JVM setting, or click Next to run the server with the default JVM settings.

    For more information, see Configuring the Java Runtime Settings During Installation.

    The Review screen is displayed.

  14. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

  15. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

  16. Click Finish to complete the installation.

When the installation is complete, you can use the dsconfig command to modify the installation. For more information, see Managing the Server Configuration With dsconfig in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

4.1.5 To Configure Enterprise User Security

  1. When you have installed the software, change to the ORACLE_HOME subdirectory.

    (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
    (Windows)      C:\> cd OUD-base-location\ORACLE_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).

  3. Run the oud-proxy-setup command to configure the proxy server installation.

    (UNIX, Linux)  $ oud-proxy-setup
    (Windows)      C:\> oud-proxy-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    The instance is created directly under OUD-base-location by default. To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    
  4. On the Welcome panel, click Next.

    The Server Settings screen is displayed.

  5. Enter the following information:

    • Host Name: Enter the proxy server's host name or IP address.

      The default is the local host name.

    • LDAP Listener Port: Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX platforms, if you run the installer as a non-root user, the default is 1389, if available.

    • LDAP Secure Access: Click Configure, to configure SSL.

      Complete the following information:

      1. SSL Access: Select Enable SSL and enter a valid port for secure LDAP operations.

        The default secure port that is proposed is the first available port that ends with 636. On UNIX platforms, if you run the installer as a non-root user, the default is 1636, if available.

      2. Certificate: If you are in a testing environment, select Generate Self-Signed Certificate.

        For production servers, select Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      3. Click OK.

    • Administration Port: Enter the port that will be used for administration traffic.

      The default administration port is 4444. For more information, see "Managing Administration Traffic to the Server" in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    • Root User DN: Enter the Root User DN or keep the default, cn=Directory Manager.

    • Password: Enter the root user bind password.

    • Password (confirm): Re-enter the root user bind password.

    Click Next to continue.

    The Deployment Options screen is deployed.

  6. Select Configure EUS from the Configuration Option drop-down menu.

    Note:

    If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command, or the ODSM interface, to configure your deployment.

    Click Next.

    The Back-End Server Type screen is displayed.

  7. Select the type of LDAP server storing the user identities.

    Click Next.

    The Back-End Server screen is displayed.

  8. Select the remote LDAP servers that hold the corresponding replicated data.

    • If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.

      1. For Oracle Unified Directory servers:

        Select Connect to a replicated Oracle Unified Directory server.

        Enter the hostname, administration port, administration bind DN and password for the remote Oracle Unified Directory server.

        Click Connect.

        Accept the certificate.

        Check the servers that should be part of the replicated topology.

        When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

        Click OK.

      2. For Oracle Directory Server Enterprise Edition servers:

        Select Connect to a DSCC registry.

        Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.

        Check the servers that should be part of the replicated topology.

        The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

        Click OK.

    • If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.

      1. Enter the server name, port and security settings.

        The security settings you set here will determine the security between the Oracle Unified Directory proxy and remote LDAP servers. For more information about setting security options, see Configuring Security Between the Proxy and the Data Source, in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

      2. Click Add.

      3. Click Close when you have added all the remote LDAP servers for the load balanced topology.

    Click Next.

    The Load Balancing Options screen is displayed.

    This screen appears only if you have selected multiple LDAP servers.

  9. Set the load balancing algorithm properties or select default values.

    When you have completed the installation, the properties can be modified. For more information, see Modifying Load Balancing Properties in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    • For proportional, set the weight. Requests are distributed between the remote LDAP servers based on the weight indicated.

      For example, if you leave the default value of 1, then all servers will receive the same number of requests.

    • For failover, indicate the order in which the servers are used.

      The server with a value of 0 is the highest priority server. The other servers are used only if there is a failure on the main server.

    • For saturation, set the order in which the servers are used as well as the saturation threshold of each server.

      Requests are sent to the server with the highest priority (1) until it reaches the threshold indicated. The saturation threshold is the rate at which the server is considered saturated, or full. Typically this limit should be set lower than 100%.

    • For optimal, no additional configuration is required.

      The active server is selected based on the saturation index, which is calculated automatically.

    For information about the various load balancing algorithms, see Load Balancing Using the Proxy in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

    The Naming Contexts screen is displayed.

  10. Enter the naming context, or suffix.

    If the remote LDAP servers are online, the setup connects to them and displays the naming contexts that are available on the servers.

    If no naming contexts are proposed, enter the DN of the naming context that you want to use, for example, dc=example,dc=com. Click Add.

    Click Next.

    The Runtime options screen is displayed.

  11. On the Runtime options panel, click Change to configure any specific JVM settings, or click Next to run the server with the default JVM settings.

  12. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

  13. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

  14. Click Finish to complete the installation.

    When the installation is complete, you can use the dsconfig command to modify the installation. For more information, see Managing the Server Configuration With dsconfig in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

Configure EUS Context

You must configure the EUS context for each EUS suffix that you have defined as follows:

  1. Create a copy of eusData.ldif file located at OUD_INSTALL_ROOT\OracleUnifiedDirectory\config\EUS\ (Windows) or OUD_INSTALL_ROOT/OracleUnifiedDirectory/config/EUS/ (Unix).

    For example, the Root User DN is cn=directory manager and the following EUS suffixes are created:

    • dc=eus A

    • dc=eus B

    The file /tmp/password.txt contains the password of the Root User DN and 4444 is the default administration port of the OUD instance.

    Create two copies of eusData.ldif file as follows:

    • /tmp/eusDataA.ldif

    • /tmp/eusDataB.ldif

  2. Open the eusData.ldif file in a text editor and do the following:

    • Replace the occurrence of dc=example and dc=com by the DN of the EUS suffix.

    • Replace the occurrence of cn=orcladmin by the Root User DN that you provided during the setup.

    For example, you must do the following:

    • Replace cn=orcladmin with cn=directory manager in eusDataA.ldif and eusDataB.ldif files.

    • In the eusDataA.ldif file replace dc=example and dc=com with dc=eus A.

    • In the eusDataB.ldif file replace dc=example and dc=com with dc=eus B.

  3. You must import the content of the files by running the following command:

    Windows:

    OUD_INSTANCE_ROOT\OUD\bin\import-ldif -n oraclecontextSUFFIX_NUMBER -l \
    PATH_OF_THE_EDITED_FILE -F --hostname OUD_HOST_NAME --port OUD_ADMINISTRATION_PORT \
    --bindDN OUD_ROOT_USER_DN --bindPasswordFile PATH_OF_FILE_WITH_OUD_ROOT_USER_PASSWORD
    

    Unix:

    OUD_INSTANCE_ROOT/OUD/bin/import-ldif -n oraclecontextSUFFIX_NUMBER -l /
    PATH_OF_THE_EDITED_FILE -F --hostname OUD_HOST_NAME --port OUD_ADMINISTRATION_PORT /
    --bindDN OUD_ROOT_USER_DN --bindPasswordFile PATH_OF_FILE_WITH_OUD_ROOT_USER_PASSWORD
    

    For example, import the content of eusDataA.ldif file as follows:

    Note:

    The backend ID is 1. For example, oraclecontext1.

    Windows:

    <OUD_INSTANCE_ROOT>\OUD\bin\import-ldif -n oraclecontext1 -l 
    \tmp\eusDataA.ldif -F --hostname localhost --port 4444 --bindDN "cn=directory 
    @ manager" --bindPasswordFile \tmp\password.txt 
    

    Unix:

    <OUD_INSTANCE_ROOT>/OUD/bin/import-ldif -n oraclecontext1 -l 
    /tmp/eusDataA.ldif -F --hostname localhost --port 4444 --bindDN "cn=directory 
    @ manager" --bindPasswordFile /tmp/password.txt
     
    

    Import the content of eusDataB.ldif file as follows:

    Note:

    The backend ID is 2. For example, oraclecontext2.

    Windows:

    <OUD_INSTANCE_ROOT>\OUD\bin\import-ldif -n oraclecontext2 -l 
    \tmp\eusDataB.ldif -F --hostname localhost --port 4444 --bindDN "cn=directory 
    @ manager" --bindPasswordFile \tmp\password.txt 
    

    Unix:

    <OUD_INSTANCE_ROOT>/OUD/bin/import-ldif -n oraclecontext2 -l 
    /tmp/eusDataB.ldif -F --hostname localhost --port 4444 --bindDN "cn=directory 
    @ manager" --bindPasswordFile /tmp/password.txt 
    

4.2 Setting Up the Proxy by Using the CLI

Running the oud-proxy-setup in command-line mode defines the proxy port, host name, and security configuration.

To complete the deployment and to configure load balancing or distribution, you must use dsconfig, as described in Managing the Proxy Configuration With dsconfig in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory, or the ODSM interface, as described in Managing the Proxy Configuration With ODSM in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

You can also use a common properties file to provide default values for options. For more information, see Using a Properties File With Server Commands in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

4.2.1 To Set Up the Proxy by Using the CLI

If you have previously used the graphical wizard to set up the proxy, you can copy the commands that are launched by the wizard prior to completing the installation. The commands displayed by the install wizard are a good starting point for scripting an installation. For information about how to do this, see Section 4.3, "Duplicating a Proxy Installation,".

  1. When you have installed the software, change to the ORACLE_HOME subdirectory.

    (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
    (Windows)      C:\> cd OUD-base-location\ORACLE_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).

  3. Type oud-proxy-setup with the --cli option, specifying the server details as follows:

    Unix, Linux
    $ oud-proxy-setup --cli -p 1389 --adminConnectorPort 4444 -D "cn=Directory Manager" -j pwd-file 
    Windows
    C:\> oud-proxy-setup.bat -cli -p 1389  --adminConnectorPort 4444 -D "cn=Directory Manager" -j pwd-file 
    

    In the preceding example, -p is the proxy LDAP port that is used to send data between the client and the proxy, --adminConnectorPort is the proxy administration port, -D is the bind DN, and -j is the file containing the proxy LDAP bind password.

    The utility launches the command—line installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    The instance is created directly under OUD-base-location by default. To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    

    Note:

    You can configure EUS in cli mode, by specifying the following option while launching the installer:

    oud-proxy-setup --eusContext {namingContext}

    For example:

    oud-proxy-setup --eusContext dc=example,dc=com

  4. To complete the proxy deployment, you must configure workflow elements, workflows, network group and so on.

    The list of components to be configured will depend on your deployment architecture. For examples based on the supported use cases, see Example Proxy Configurations, in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

4.3 Duplicating a Proxy Installation

To set up a replicated Oracle Unified Directory proxy, you must duplicate your Oracle Unified Directory proxy installation.

4.3.1 To Duplicate a Proxy Installation Using the GUI

If you are using the graphical install wizard to set up Oracle Unified Directory proxy, you can copy the commands that are launched by the wizard prior to completing the installation. The commands displayed by the install wizard are a good starting point for scripting an installation.

  1. Using the graphical install wizard, define the proxy installation but do not click Finish.

  2. On the Review page, select the Show Commands button from the top right.

  3. Copy the commands that are displayed.

  4. Paste them into a text file.

    You can now complete your first installation by clicking Finish.

  5. Edit the commands to modify the port, the hostname, and the password.

    Replace the generic asinst variable with the appropriate instance name, either by anticipating the instance name, or by setting the INSTANCE_NAME variable. You might also need to quote certain arguments, depending on your shell scripting language.

  6. Save the updated file as a script.

  7. On the machine where you want to host the next Oracle Unified Directory proxy instance, install the Oracle Unified Directory software, as described in Installing Oracle Unified Directory.

  8. Change to the ORACLE_HOME subdirectory.

    (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
    (Windows)      C:\> cd OUD-base-location\ORACLE_HOME
    
  9. Run the script that you saved in Step 5.

4.3.2 To Duplicate a Proxy Installation Using the Installation Log File

When you have completed a proxy installation, a log file named oud-setup saves the commands of the installation. You can use this file to duplicate an Oracle Unified Directory proxy instance.

  1. Change to the logs directory.

    $ cd OUD-base-location/instance-name/OUD/logs
    
  2. Open the file oud-setup.

  3. Edit the commands to modify the port, the hostname, and the password file of the new proxy instance.

    Replace the generic asinst variable with the appropriate instance name, either by anticipating the instance name, or by setting the INSTANCE_NAME variable. You might also need to quote certain arguments, depending on your shell scripting language.

  4. Save the updated file as a script.

  5. On the machine where you want to host the next Oracle Unified Directory proxy instance, install the Oracle Unified Directory software, as described in Installing Oracle Unified Directory.

  6. Change to the ORACLE_HOME subdirectory.

    (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
    (Windows)      C:\> cd OUD-base-location\ORACLE_HOME
    
  7. Run the script that you saved in Step 4.

4.4 Ensuring Redundancy

To avoid a single point of failure in your deployment, the proxy should be redundant. You can ensure redundancy by using multiple replicated proxy server instances. For more information, see Multiple Replicated Proxies in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.