Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Oracle Directory Integration and Provisioning Server Administration, 4 of 6
This section contains these topics:
For security reasons, Oracle Corporation recommends that you run the Oracle directory integration and provisioning server on the same host as the directory server. If you run them on different hosts, then run them by using SSL as described in Chapter 13, "Secure Sockets Layer (SSL) and the Directory".
Note:
When the directory integration and provisioning server starts, it generates specific runtime information and stores it in the directory. This information includes:
You can view this information by using either Oracle Directory Manager or ldapsearch.
To view runtime information for the directory integration and provisioning server instance by using Oracle Directory Manager:
To view registration information for the directory integration and provisioning server instance by using ldapsearch, perform a base search on its entry. For example:
ldapsearch -p 389 -h my_host -b cn=instance1,cn=odisrv,cn=subregistrysubentry -s base -v "objectclass=*"
This example search returns the following:
dn: cn=instance1,cn=odisrv,cn= subregistrysubentrycn: instance1orclodipconfigdns: orclodipagentname=HRAgent,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory orcldiaconfigrefreshflag: 0 orclhostname: my_host orclconfigsetnumber: 1 objectclass: top objectclass: orclODISInstance
You can create, modify, and view configuration set entries by using either Oracle Directory Manager or the appropriate command-line tools. When a connector is registered, an integration profile is created and added to the given configuration set. This configuration set entry determines the behavior of the directory integration and provisioning server.
You can control the runtime behavior of the directory integration and provisioning server by using a different configuration set entry when you start it. For example, you can start instance 1 of the directory integration and provisioning server on host H1 with configset1, and instance 2 on host H1 with configset2. The behavior of instance 1 depends on configset1, and that of instance 2 depends on configset2. Dividing the agents on host H1 between two configuration set entries distributes the load between the two directory integration and provisioning server instances. Similarly, running different configuration sets and different instances on different hosts balances the load between the servers.
The certificates to be used for connecting Oracle Internet Directory and connected directories are stored in a wallet by using Oracle Wallet Manager.
The location of the wallet and the password to open it are stored in a properties file used by the Oracle Directory Integration and Provisioning platform. This file is $ORACLE_HOME/ldap/odi/conf/odi.properties
.
A typical odi.properties
file has the entries described in Table 35-2.
All the file locations are absolute path names. The certificate wallet file is the location of the ewallet.p12
file.
As an example, an odi.properties
file can look like this:
RegWalletFile: /private/myhost/orahome/ldap/odi/conf CertWalletFile: /private/myhost/orahome/ldap/dipwallet CertWalletPwdFile: /private/myhost/orahome/ldap/
In this example, the wallet file ewallet.p12
is located in the directory /private/myhost/orahome/ldap/dipwallet
This section tells you how to start, stop, and restart the Oracle directory integration and provisioning server.
The way you start the Oracle directory integration and provisioning server depends on whether your installation is a typical Oracle Internet Directory installation or an Oracle Directory Integration and Provisioning platform-only installation.
The way you stop the directory integration and provisioning server depends on the tool that you used to start it.
If you use OID Monitor and the OID Control utility, then you can both stop and restart the directory integration and provisioning server in a single RESTART
command. This is useful when you want to refresh the server cache immediately, rather than at the next scheduled time. When the directory integration and provisioning server restarts, it maintains the same parameters it had before it stopped.
The Oracle directory integration and provisioning server can, with certain restrictions, execute in various high availability scenarios. This section discusses the Oracle directory integration and provisioning server as it operates in a Real Application Clusters environment and in a cold failover configuration.
The Oracle Internet Directory infrastructure is configured to work in a Real Application Clusters mode. In a Real Application Cluster, the Oracle directory integration and provisioning server can execute against any directory node.
A particular configuration set can be executed by only one instance of the Oracle directory integration and provisioning server. For this reason, during the default installation only one server instance--namely, instance 1--is started on the Real Application Clusters master node. This server instance executes configuration set 0. Although it is started only on the master node, the server is nevertheless registered on all the nodes.
If the master node fails, then the Oracle directory integration and provisioning server instance is started by the OID Monitor on a secondary node. If there are multiple secondary nodes, then the server is started by the first OID Monitor to recognize the master node failure.
When it starts the server, the OID Monitor uses the same instance number and configuration set that was used on the master node. This is a transparent to the end user, and, once it is done, the Oracle directory integration and provisioning server on the secondary node behaves as if it is the primary server. The server continues executing on the secondary node as long as that node is available.
Two separate instances of the Oracle directory integration and provisioning server running on two nodes cannot simultaneously execute the same configuration set. Although the OID Monitor does not check for this, the Oracle directory integration and provisioning server itself fails to start.
You can stop the Oracle directory integration and provisioning server at any time by using the OID Control utility. However, if you do this, then the server does not start automatically on any other node. To start it on another node, do so manually by using the OID Control utility.
If you execute the command opmnctl stopall
, and subsequently execute opmnctl startall
, then the Oracle directory integration and provisioning server starts.
In summary, unless an OID Control command stops the Oracle directory integration and provisioning server, OIDMON always ensures that the server is running.
The Oracle Internet Directory infrastructure is configured to work in a cold failover configuration mode. The Oracle directory integration and provisioning server executes on the active node.
If the active node fails, then the OID Monitor on a standby node starts the Oracle directory integration and provisioning server instance on the standby node. When it does this, it uses the same instance number and configuration set as previously used on the active node. This is a transparent to the end user. The server continues executing on the active node as long as the node is available. In a cold failover configuration, the server is registered once for both the active and standby nodes because the virtual host names are the same for both.
You can stop the Oracle directory integration and provisioning server at any time by using the OID Control utility. However, if you do this, then the server does not start again on this node. Moreover, if this node fails over, then the OID Monitor on the standby node does not start the Oracle directory integration and provisioning server. To start the server, you must use the OID Control utility.
If you execute the command opmnctl stopall
, and subsequently execute opmnctl startall
, then the Oracle directory integration and provisioning server starts.
In summary, unless an OID Control command stops the Oracle directory integration and provisioning server, OID Monitor always ensures that the server is running.
You can separately control the execution of the directory integration and provisioning server and that of each connector. You can also selectively disable debugging for different connectors.
For server execution, the trace is stored in the server log. For connectors, the trace is stored in the respective trace file of each connector.
If you specify a nonzero debug level, then each trace statement in the server log file includes these trace-statement types:
Table 35-3 Debug Types for Server Debugging
See Also:
"Managing Synchronization Profiles" for instructions on selectively debugging the threads |
If you do not set a value for the debug flag, then the default level is 0 (zero), and none of the debug events in Table 35-3 are logged. However, errors and exceptions are always logged.
If you do not want to debug any of the connectors, then set the debug value to 3
.
You can set the debugging levels for each connector in the profile itself.
See Also:
|
For provisioning and synchronization, the replicated directory is different from the master directory. Any profiles created in the original directory need to be recreated in the new directory, and all configurations must be performed as in the original directory.
Execution details and debugging information are in the log file located in the $
ORACLE_HOME/ldap/log/odisrv
Instance_number.log
directory.
For example, if the server was started as server instance number 3, then the log file would have this path name: $
ORACLE_HOME
/ldap/log/odisrv03.log
.
Any other exceptions in the server are in the file odisrv_jvm_
xxxx
.log
where xxxx
is the identifier of the process running the directory integration and provisioning server in that table.
All the profile-specific debug events are stored in the profile-specific trace file in $
ORACLE_HOME
\ldap\odi\log\
profile_name.trc
.
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|