3
Preliminary Tasks

Before you can run the administration tools and begin configuring and deploying the directory, you need to start OID Monitor and start a directory server instance. You also need to reset the default security configuration.

This chapter discusses topics in the following sections:

Step One: Start the OID Monitor Daemon

The OID Monitor daemon must be running to process the start-server and stop-server commands that you initiate through the OID Control Utility.

This section covers topics in the following subsections:

Starting the OID Monitor Daemon

To start the OID Monitor:

Set the following environment variable to the appropriate language setting. The default language set at installation is AMERICAN_AMERICA.
```
NLS_LANG=APPROPRIATE_LANGUAGE.UTF8
```
See Also:
Chapter 11.

At the system prompt, type:

oidmon [connect=net_service_name] [sleep=seconds] start

Argument Description net_service_name Connect string of the database to which you want to connect. This is the network service name set in the tnsnames.ora file. This argument is optional. seconds Number of seconds after which the OID Monitor should check for new requests from OID Control and for requests to restart any servers that may have stopped. The default sleep time is 10 seconds. This argument is optional. start Starts the OID Monitor process

Argument	Description
net_service_name	Connect string of the database to which you want to connect. This is the network service name set in the tnsnames.ora file. This argument is optional.
seconds	Number of seconds after which the OID Monitor should check for new requests from OID Control and for requests to restart any servers that may have stopped. The default sleep time is 10 seconds. This argument is optional.
start	Starts the OID Monitor process

For example:

oidmon connect=dbs1 sleep=10 start

Stopping the OID Monitor Daemon

To stop the OID Monitor daemon, at the system prompt, type:

oidmon connect=net_service_name sleep=seconds stop

Argument Description

net_service_name

Name of the database to which you want to connect. This is the network service name set in the tnsnames.ora file.

seconds

Number of seconds after which the OID Monitor should check for new requests from OID Control and for requests to restart any servers that may have stopped. The default sleep time is 10 seconds.

stop

Stops the OID Monitor process

Argument	Description
net_service_name	Name of the database to which you want to connect. This is the network service name set in the `tnsnames.ora` file.
seconds	Number of seconds after which the OID Monitor should check for new requests from OID Control and for requests to restart any servers that may have stopped. The default sleep time is 10 seconds.
stop	Stops the OID Monitor process

For example:

oidmon connect=dbsl stop>

Step Two: Start Server Instances

Once the OID Monitor is running, start and stop server instances by using the OID Control Utility.

Note:
The value for the instance flag in the OID Control Utility should always be greater than or equal to one.

This section covers topics in the following subsections:

Starting an LDAP Server Instance

The syntax for starting an LDAP server instance is:

oidctl connect=net_service_name server=oidldapd instance=server_instance_number 
[configset=configset_number] [flags=' -p port_number -debug debug_level -l 
change-logging -server n'] start

For example, to start an LDAP server instance whose net service name is dbs1, using configset5,at port 12000, with a debug level of 1024, an instance number 3, and turning off change-logging, type at the system prompt:

oidctl connect=dbs1 server=oidldapd instance=3 configset=5 flags='-p 12000 

-debug 1024 -l ' start

When starting and stopping an LDAP server instance, the server name and instance number are mandatory. All other arguments are optional.

All keyword value pairs within the flags arguments must be separated by a single space.

Single quotes are mandatory around the flags.

The configset identifier defaults to zero (configset0) if not set.

Table 3-2 provides descriptions for each of the arguments for the command line syntax. It also contains cross-references to concepts explained elsewhere in this book and in other Oracle documentation.

Table 3-1 Command Line Syntax

Argument	Description	Information
net_service_name	If you already have a `tnsnames.ora` file configured, this is the name specified in that file, located in ORACLE_HOME/network/admin	Net8 Administrator's Guide
server	Type of server to start (valid values are OIDLDAPD and OIDREPLD). This is not case-sensitive.	"Step Two: Start Server Instances"
server_instance_number	Instance number of the server to start. Should be a number between 0 and 1000.	"Managing Server Configuration Set Entries"
configset_ number	Configset number used to start the server. This defaults to `configset0` if not set. This should be a number between 0 and 1000.	"Configuration Set Entries"
-p port_num	Specifies a port number during server instance startup. Default port if not set is 389.	"Configuring SSL Parameters" and "Managing Server Configuration Set Entries"
-debug debug_level	Specifies a debug level during LDAP server instance startup	"Setting Debug Logging Levels by Using the OID Control Utility"
-h host_name	Specifies the host name on which the server runs.
-l	Turns replication change-logging on and off. To turn it off, enter -l. To turn it on, omit the flag. The default is true (values = true and false). (directory server only)	Chapter 10
-server n	Specifies the number of server processes to start on this port
start	Starts the server specified in the server argument.	"Step Two: Start Server Instances"

Note:
If you choose to use a port other than the default port (389 for non-secure usage or 636 for secure usage), you must tell the clients which port to use to locate the Oracle Internet Directory. If you use the default ports, clients can connect to the Oracle Internet Directory without referencing a port in their connect requests.

Stopping an LDAP Server Instance

OID Monitor must be running whenever you start or stop directory server instances.

At the system prompt, type:

oidctl connect=net_service_name server=OIDLDAPD instance=server_instance_number 
stop

For example:

oidctl connect=dbs1 server=oidldapd instance=3 stop

Starting an Oracle Directory Replication Server Instance

The syntax for starting the Oracle Directory Replication Server is:

oidctl connect=net_service_name server=oidrepld instance=server_instance_number 
[configset=configset_number] flags=' -h hostname -p port_number 

-d debug_level -z transaction_size ' start

For example, to start the Replication server with an instance=1, at port 12000, with debugging set to 1024, type at the system prompt:

oidctl connect=dbs1 server=oidrepld instance=1 flags='-p 12000 -h eastsun11 -d 
1024' start

When starting and stopping an Oracle Directory Replication Server, the -h flag, which specifies the host name, is mandatory. All other flags are optional.

All keyword value pairs within the flags arguments must be separated by a single space.

Single quotes are mandatory around the flags.

The configset identifier defaults to zero (configset0) if not set.

Table 3-2 provides descriptions for each of the arguments for the command line syntax. It also contains cross-references to concepts explained elsewhere in this book.

Table 3-2 Command Line Syntax

Argument	Description	Information
net_service_name	If you already have a tnsnames.ora file configured, this is the name specified in the tnsnames.ora file, located in ORACLE_HOME/network/admin	Net8 Administrator's Guide
server	Type of server to start (valid values are OIDLDAPD and OIDREPLD). This is not case-sensitive.	"Step Two: Start Server Instances"
server_instance_number	Instance number of the server to start. Should be a number between 0 and 1000.	"Managing Server Configuration Set Entries"
configset_ number	Configset number used to start the server. This defaults to configset0 if not set. This should be a number between 0 and 1000.	"Configuration Set Entries" Table F-1 for a list and descriptions of the entire set of attributes that are used to configure an instance of a directory server
-p port_num	Specifies a port number during server instance startup. Default port if not set is 389.	"Configuring SSL Parameters" and "Managing Server Configuration Set Entries"
-d debug_level	Specifies a debug level during replication server instance startup	"Setting Debug Logging Levels by Using the OID Control Utility"
-h host_name	Specifies the host name on which the server runs. (Replication server only)
-m [true\|false]	Turns conflict resolution on and off. The default is true (values = true and false). (Replication server only)	Chapter 10
-z transaction_size	Specifies the number of changes applied in each replication update cycle. If you do not specify this, the number is determined by the Oracle Directory Server sizelimit parameter, which has a default setting of 1024. You can configure this latter setting.	Chapter 10
start	Starts the server specified in the server argument.	"Step Two: Start Server Instances"

Stopping an Oracle Directory Replication Server Instance

OID Monitor must be running whenever you start or stop directory server instances.

At the system prompt, type:

oidctl connect=net_service_name server=OIDREPLD instance=server_instance_number 
stop

For example:

oidctl connect=dbs1 server=oidrepld instance=1 stop

Restarting Directory Server Instances

OID Monitor must be running whenever you start or stop directory server instances.

If you try to contact a server that is down, you receive from the SDK the error message 81--LDAP_SERVER_DOWN.

If you change a configuration set entry that is referenced by an active server instance, you must stop that instance and restart it if you want the changed value in the configuration set entry to take effect on that server instance. You can either issue the stop command followed by the start command, or you can use the restart command. The restart command both stops and restarts the server instance.

To restart a directory server instance, at the system prompt, type:

oidctl connect=net_service_name server={oidldapd|oidrepld} instance=server_
instance_number  restart

For example, suppose that Oracle Directory Server instance1 were started, using configset3, and with the net service name dbs1. Further, suppose that, while the server is running, you change one of the attributes in the configset. To enable the change to take effect on this server instance, you would enter the following command:

oidctl connect=dbs1 server=oidldapd instance=1 restart

If there were more than one instance of the Oracle Directory Server running on that node using configset3, then all the instances could be restarted at once using the following command syntax:

oidctl connect=dbs1 server=oidldapd restart

Note that this command restarts all the instances running on the node, whether they are using configset3 or not.

Important Note:
During the restart process, clients cannot access the Oracle Directory Server instance. However, the process takes only a few seconds to execute.

Troubleshooting Directory Server Instance Startup

If the directory server fails to start, you can override all user-specified configuration parameters to start the directory server and then return the configuration sets to a workable state by using the ldapmodify operation.

To start the directory server using its hard-coded default parameters instead of the configuration parameters stored in the directory, type at the system prompt:

oidctl connect=net_service_name flags='-p port_number -f'

The -f option in the flags starts the server with hard-coded configuration values, overriding any defined configuration sets except for the values in configset0.

Step Three: Reset the Default Security Configuration

When you first install the Oracle Internet Directory, the default configuration grants to all users complete access to the directory. One of the first things you need to do is establish and implement an access control policy to ensure that each user receives the appropriate authorization. Oracle Corporation specifically recommends that you control access to the subentry subSchemaSubEntry and its children because these objects contain information about the directory.

Moreover, when you load directory entries, you are creating a hierarchy of directory entries. You must therefore establish:

Permissions to load entries into this hierarchy
Directory access for clients that need read, modify, and write access to the directory entries

To configure security, you use the administration tools described in Chapter 4.

See Also:

Chapter 9 for a detailed explanation of access control options and instructions for setting up security

Chapter 4 for instructions on using Oracle Directory Manager and an overview of the command line tools

Appendix F or syntax and usage notes for the command line tools

3 Preliminary Tasks

Step One: Start the OID Monitor Daemon

Starting the OID Monitor Daemon

Stopping the OID Monitor Daemon

Step Two: Start Server Instances

Starting an LDAP Server Instance

Table 3-1 Command Line Syntax

Stopping an LDAP Server Instance

Starting an Oracle Directory Replication Server Instance

Table 3-2 Command Line Syntax

Stopping an Oracle Directory Replication Server Instance

Restarting Directory Server Instances

Troubleshooting Directory Server Instance Startup

Step Three: Reset the Default Security Configuration

3
Preliminary Tasks