Skip Headers

Oracle® Internet Directory Administrator's Guide
10g (9.0.4)
Part Number B12118-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to beginning of chapter Go to next page

Oracle Directory Replication Administration, 2 of 5

Installing and Configuring Multimaster Replication

This section tells you how to install and configure multimaster replication groups, and how to resolve conflicts manually in them. It contains these topics:

Installing and Configuring a Multimaster Replication Group

This section discusses the general tasks you perform when installing and configuring a multimaster replication group. It contains these topics:

Preliminary Information for Installing and Configuring a Multimaster Replication Group

This section describes the types of installation you need to perform to configure a multimaster replication group. It also introduces the Replication Environment Management Tool that enables you to perform various configuration tasks.

Oracle9i Enterprise Edition

In Oracle Internet Directory 10g (9.0.4), performing multimaster replication requires Oracle9i Advanced Replication, which is part of a typical installation of the Oracle9i Enterprise Edition. A typical installation of Oracle9i Standard Edition does not include Oracle9i Advanced Replication.

Oracle Application Server Infrastructure

When you install Oracle Internet Directory as part of Oracle Application Server on any node, you are prompted to select a product. Choose the Oracle Application Server Infrastructure. Then, later in the installation process, you are prompted to choose one of various installation types. The installation type that you must choose depends on whether you are installing on a node that serves as a master definition site (MDS) or one that serves as a remote master site (RMS).

If you are installing on a Master Definition Site

  1. Choose the "Identity Management and Oracle Application Server Metadata Repository" installation type. Choose Next. The Select Configuration Options screen appears.

  2. Verify that all options are selected.

  3. Choose Next.

If you are installing on a Remote Master Site

  1. Choose "Identity Management and Oracle Application Server Metadata Repository" installation type. Choose Next. The Select Configuration Options screen appears.

  2. Deselect everything in the Select Configuration Options screen.

  3. Choose Next.

Later, the Oracle Universal Installer asks for the host and port of Oracle Internet Directory. Specify the host and port number of the MDS. Verify that the server is running on that node.

After installation, create the wallet by entering the following: 

$Oracle_Home/bin/Oidpasswd connect=connect_string  create_wallet=TRUE 

current_password=password_for_the_ODS_database_user

Start and shut down the Oracle Internet Directory processes by entering the following: 

$Oracle_Home/bin/oidmon connect=connect_string start

$Oracle_Home/bin/oidctl connect=connect_string server=oidldapd instance=1 start

$Oracle_Home/bin/oidmon connect=connect_string stop
The Replication Environment Management Tool

During installation and configuration, you use the Replication Environment Management Tool to perform various tasks. This tool assists you in:

Task 1: Install Oracle Internet Directory on the Master Definition Site

You must be able to use Oracle Net Services to connect to the master definition site database and all other nodes in the DRG.

Note:

During installation, be sure that each Oracle Internet Directory database instance name is unique on each machine.

See Also:

Task 2: Install the Oracle Internet Directory on the Remote Master Sites

See Also:

"Oracle Application Server Infrastructure" for instructions on installing on a remote master site

Task 3: Set Up Oracle9i Advanced Replication for a Directory Replication Group

The following sections lead you through installing and configuring Oracle9i Advanced Replication through Oracle Internet Directory installation scripts. More advanced Oracle9i Advanced Replication users may prefer to configure Oracle9i Advanced Replication through the Oracle9i Advanced Replication Manager Tool.

See Also:

Oracle9i Advanced Replication in the Oracle Database Documentation Library, and the online Help for Oracle9i Advanced Replication Manager, for information on configuring Oracle9i Advanced Replication by using the Oracle9i Advanced Replication Manager

To configure the Oracle9i Advanced Replication environment to establish a directory replication group (DRG), perform the tasks discussed in these topics:

On All Nodes, Prepare the Oracle Net Services Environment for Replication

To prepare the Oracle Net Services environment, follow these steps, described more fully in this section, on all nodes in the directory replication group:

  1. Configure sqlnet.ora.

  2. Configure tnsnames.ora.

  3. Optional: Create rollback table space and rollback segments.

  4. If you created rollback table space and rollback segments, then modify the parameters in the initialization parameter file.

  5. Stop and restart the listener.

  6. IF you created rollback table space and rollback segments, then stop and restart the Oracle Internet Directory database.

  7. IMPORTANT: Test Oracle Net connections to all nodes from each node in the DRG.

To prepare the Oracle Net Services environment for replication:

  1. Configure sqlnet.ora.

    The sqlnet.ora file should contain the following parameters at minimum: 

    names.directory_path = (TNSNAMES)
names.default_domain = domain

    On UNIX, this file is in ORACLE_HOME/network/admin

    On Windows NT, this file is in ORACLE_HOME\network\admin

  2. Configure tnsnames.ora.

    Define all Oracle Internet Directory database instances in the DRG on all nodes in the DRG. The tnsnames.ora file must contain connect descriptor information in the following format for all Oracle Internet Directory databases: 

    connect_string =
    (DESCRIPTION =
      (ADDRESS = 
         (PROTOCOL = TCP)
         (HOST = HOST_NAME_OR_IP_ADDRESS)
         (PORT = 1521))
      (CONNECT_DATA = 
         (service_name = service_name)))

    On UNIX, this file is in $ORACLE_HOME/network/admin

    On Windows NT, this file is in ORACLE_HOME\network\admin

    Note:

    You must domain-qualify the net service name (for example, sales.com), but be sure that the domain component matches the one specified in the NAMES.DEFAULT_DOMAIN parameter in the sqlnet.ora file.

  1. Optional: Create rollback table space and rollback segments.

    You may want to create multiple rollback segments. You can increase the size of the table spaces and segments to meet your system requirements.

    1. Create a tablespace for rollback segments.

      Execute SQL*Plus by typing the following command: 

      sqlplus system/system_password@net_service_name

      At the SQL*Plus prompt, type: 

      CREATE TABLESPACE table_space_name 
datafile file_name_with_full_path SIZE 50M REUSE AUTOEXTEND ON NEXT 
10M MAXSIZE max_bulk_update transaction_size ex:500M;
    2. Create rollback segments.

      At the SQL*Plus prompt, type the following lines for each rollback segment: 

      CREATE ROLLBACK SEGMENT rollback_segment_name
tablespace table_space_name storage (INITIAL 1M NEXT 1M OPTIMAL 2M 
MAXEXTENTS UNLIMITED);

      Repeat the CREATE ROLLBACK SEGMENT command for each rollback segment entered in the initialization parameter file.

  2. If you created rollback table space and rollback segments, then modify the parameters in the initialization parameter file.

    Type the following lines in the initialization parameter file: 

    rollback_segments = (rollback_segment_name_1, rollback_segment_name_2 ...)
SHARED_POOL_SIZE = 20000000

    Ensure that the total System Global Area (SGA) does not exceed 50% of your system's physical memory.

  3. Stop and restart the listener.

    To stop the listener for the Oracle Internet Directory database, use the listener control utility (lsnrctl). Type the following command at the LSNRCTL command prompt: 

    SET PASSWORD password
STOP [listener_name]

    SET PASSWORD is required only if the password is set in the listener.ora file. The password defaults to ORACLE. The default listener name is LISTENER.

    To restart the listener for the Oracle Internet Directory database, type the following command at the LSNRCTL command prompt: 

    START [listener_name]
  4. IF you created rollback table space and rollback segments, then stop and restart the Oracle Internet Directory database.

    To stop and restart the Oracle Internet Directory database, you can use SQL*Plus.

    See Also:

    • Oracle9i Net Services Administrator's Guide in the Oracle Database Documentation Library

    • Oracle9i Database Administrator's Guide in the Oracle Database Documentation Library for instructions on stopping and restarting the database

  5. IMPORTANT: Test Oracle Net connections to all nodes from each node in the DRG.

    Use SQL*Plus. Test both internal@net_service_name and internal@net_service_name.domain. If this does not work, then replication will not work.

From the MDS, Configure Oracle9i Advanced Replication For Directory Replication

To do this:

  1. Connect as the system user on all nodes, including the MDS, from the MDS console. Ensure the following on all nodes:

    • The Oracle Internet Directory database is running

    • The Oracle Internet Directory listener is running

    • The connect string is correct

    • The system password is correct

  2. Ensure the following on remote sites:

    • A wallet exists for storing the password to the database designated for Oracle Internet Directory. This wallet is named oidpwdl and is located in the directory ORACLE_HOME/ldap/admin.

    • A wallet exists for storing the password of the replication administrator. This wallet is named oidpwdr, and is located in the directory ORACLE_HOME/ldap/admin.

  3. From the MDS, at the command prompt, run the following script if the prerequisites in the following note are met: 

    ORACLE_HOME/ldap/bin/remtool -asrsetup

    The Replication Environment Management Tool (remtool) configures Oracle9i Advanced Replication.

    Note:

    If you encounter errors, then clean up the environment by using the -asrcleanup option of the Replication Environment Management Tool. Then repeat Step 3.

    See Also:

    • "-ASRSETUP Option" for instructions on using the -ASRSETUP option of the Replication Environment Management Tool (remtool) and an example

    • Oracle9i Database Administrator's Guide in the Oracle Database Documentation Library for instructions on ensuring that the database and listener are running

    • Oracle9i Net Services Administrator's Guide in the Oracle Database Documentation Library for instructions on ensuring that the connect string is correct

    • The chapter on Oracle Wallet Manager in Oracle Advanced Security Administrator's Guide for instructions on creating an Oracle wallet

Task 4: Load Data into the Directory

If you have a small number of entries to add to the DRG, you can wait until you have completely configured the DRG, then use ldapadd to load the data to one of the nodes. The entries will then be replicated to the other nodes at the specified time.

If you have a large amount of data to load into the DRG, then use the bulkload utility. To do this:

  1. On any of the nodes, enter: 

    bulkload.sh -connect connect_string -check -generate file_with_absolute_
path_name

    Note:

    If data is extracted from Oracle Internet Directory, then, in addition to other options, use the -restore option to restore the operational attributes.

  1. From the same node, enter: 

    bulkload.sh -connect connect_string_1 -load
  2. Repeat Step 2, each time replacing connect_string_1 with the connect string of another node in the DRG, until you have loaded the data onto all the nodes. For example, enter: 

    bulkload.sh -connect connect_string_2 -load

then enter: 

bulkload.sh -connect connect_string_3 -load

and so on, until you have bulkloaded the data onto each node in the DRG.

Note:

To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:

See Also:

Task 5: Start Oracle Directory Server Instances on All the Nodes

To start Oracle directory server instances on all nodes, run the following commands on each node: 

oidmon [connect=connect_string] [sleep=seconds] start
oidctl connect=connect_string server=oidldapd instance=instance_number_of_
directory_server flags='-h host_name -p port' start

Be sure that the change logging option for the directory server is set to the default, namely, TRUE.

Note:

The instance_number_of_directory_server need not be unique across the entire DRG. For example, you can have instance=1 on both node A and on node B.

See Also:

Chapter 3, "Preliminary Tasks and Information" for more information on starting an Oracle directory server instance.

Task 6: Start the Replication Servers on All Nodes in the DRG

To start replication servers on all nodes, type the following command on each node: 

oidctl connect=connect_string server=oidrepld instance=1

   flags='-h host_on_which_the_directory_server_is_running -p port' start

Note that the instance number does not need to be unique across the entire DRG.

See Also:

Chapter 5, "Oracle Directory Server Administration" for information on starting the replication servers

You can turn off the multimaster flag, which occurs in the directory replication server, by changing the value of the -m flag in the OID Control Utility command for Oracle directory replication server from the default, namely, TRUE, to FALSE. This is useful for reducing performance overhead if you are deploying a single master with read-only replica consumers. The multimaster option controls conflict resolution, which serves no purpose if you are deploying a single master.

See Also:

"Conflict Resolution in Multimaster Replication"

Note:

As part of Task 3, the Replication Environment Management Tool (remtool) sets normal defaults enabling you to simply start the replication servers. If you wish to alter these defaults, see Managing Replication .

Task 7: Test Directory Replication

Use Oracle Directory Manager to verify that the directory replication servers are running, then test directory replication by doing the following:

  1. Log in to Oracle Directory Manager as orcladmin.

  2. In the navigator pane, expand in succession Oracle Internet Directory Servers, directory server instance, Entry Management.

  3. Create a single entry on the MDS node.

    The identical entry appears in approximately 1 to 10 minutes on the RMS. You can adjust the timing in the replication server configuration set entry. If entries are modified on any nodes in the DRG, then the changes will be replicated.

    Note:

    If you want to configure replication for Oracle Application Server Single Sign-On, then follow the post-installation steps specific to Oracle Application Server Single Sign-On. These are found in the replication installation section of the Oracle Application Server Single Sign-On Administrator's Guide.

Adding a Node to a Multimaster Replication Group

Note:

A new node that you add to an existing multimaster replication group must have Oracle Application Server Infrastructure product installed on it. During that installation, the installation type must have been "Oracle Application Server Metadata Repository". For more information, see "Task 2: Install the Oracle Internet Directory on the Remote Master Sites".

There are two ways to add a new node to a live replication group.

Before you add a replication node, prepare the Oracle Net Services environment as described in "On All Nodes, Prepare the Oracle Net Services Environment for Replication".

To add a replication node to a functioning DRG of any significant size, follow these general steps, each of which is more fully described later in this chapter.

Task 1: Stop the Directory Replication Server on All Nodes

To stop the directory replication server, run the following command on each node in the LDAP replication group: 

oidctl connect=db_connect_string server=oidrepld instance=1 stop

Note:

The instance number may not be 1. Check the running process to discover the instance number in use here.

Task 2: Identify a Sponsor Node and Switch the Sponsor Node to Read-Only Mode

A sponsor node is one that will supply the data to the new node. To identify a sponsor node and switch it to read-only mode:

  1. Create a new file, change_mode.ldif, containing the following: 

    dn:
changetype: modify
replace: orclservermode
orclservermode: r
  2. Run the following commands against the identified sponsor node: 

    ldapmodify -D "cn=orcladmin" -w welcome -h host_name_of_sponsor_node 		  
    
-p port -f change_mode.ldif

This switches all running Oracle directory servers to read-only mode.

Note:

While the sponsor node is in read-only mode, you may not make any updates to it. You may, however, update any of the other nodes, but those updates are not replicated immediately.

Also, the sponsor node and the MDS may be the same node.

Task 3: Backup the Sponsor Node by Using ldifwrite

Because this may take a long time, you may start "Task 4: Perform Oracle9i Advanced Replication Add Node Setup" while backup is in process.

Enter the following command: 

ldifwrite -c connect string -b "orclAgreementID=000001,cn=replication 
configuration" -f output_ldif_file

Task 4: Perform Oracle9i Advanced Replication Add Node Setup

You can perform this task at the same time as you are performing "Task 3: Backup the Sponsor Node by Using ldifwrite".

On the sponsor node, enter this command: 

ORACLE_HOME/ldap/bin/remtool -addnode

The Replication Environment Management Tool adds the node to the DRG.

Note:

If you encounter errors, then use the -asrverify option first. If it reports errors, then rectify them by using the -asrrectify option. Both -asrverify and -asrrectify list all nodes in the DRG. If the new node is not in the list, then add it by running the Replication Environment Management tool again, using the -addnode option.

See Also:

"-ADDNODE Option" of the Replication Environment Management Tool for instructions on using the -ADDNODE option and an example

Task 5: Switch the Sponsor Node to Updatable Mode

To switch the sponsor node to updatable mode:

  1. Edit change_mode.ldif to the following: 

    dn: 
changetype: modify
replace: orclservermode
orclservermode: rw
  2. Run the following commands on the sponsor node: 

    ldapmodify -D "cn=orcladmin" -w welcome -h host_name_of_sponsor_node
    
    -p  port  -f change_mode.ldif

This switches all running Oracle directory servers to read/write mode.

Note:

Task 6 is very similar to Task 3. The only difference is that the orclservermode parameter in change_mode.ldif is being set back to rw, that is, read/write, in this step.

Task 6: Start the Directory Replication Server on All Nodes Except the New Node

To start the directory replication server, type the following command: 

oidctl connect=db_connection_string server=oidrepld instance=1

flags='-h host -p port' start

Verify that no directory or replication processes are running on the new node.

Task 7: Load Data into the New Node by Using bulkload

To load data, type the following command: 

bulkload.sh -connect db_connect_string_of_new_node -check -generate -load

-restore absolute_path_to_the_ldif_file_generated_by_ldifwrite

Note:

To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:

Task 8: Start the Directory Server on the New Node

To start the directory server, type the following command: 

oidctl connect=db_connect_string_of_new_node server=oidldapd

instance=1 flags='-p port' start

Task 9: Start the Directory Replication Server on the New Node

Note:

If you need to change configuration or agreement parameters, see Managing Replication.

To start the directory replication server, type the following command: 

oidctl connect=db_connect_string_of_new_node server=oidrepld instance=1

flags='-h host_name_of_new_node -p port' start

Note:

Once a directory server instance is participating in a replication agreement, do not use the bulkload tool to add data into the node. Instead, use ldapadd.

If Oracle Application Server Single Sign-On is desired in replication, then follow the Oracle Application Server Single Sign-On Administrator's Guide in the replication installation section for the post-installation steps specific to Oracle Application Server Single Sign-On.

Deleting a Node from a Multimaster Replication Group

At times, you may want to delete a node from a DRG--for example, if the addition of a new node did not fully succeed as a result of system errors.

You can delete a replication node from a DRG only if there are more than two nodes in the DRG.

To delete a replication node, perform these tasks, each of which is more fully described in this section.

Task 1: Stop the Directory Replication Server on All Nodes

To stop the directory replication server, run the following command on each node in the DRG: 

oidctl connect=connect_string server=oidrepld instance=1 stop

Note:

The instance number may vary.

Task 2: Stop All Processes in the Node to be Deleted

On the node to be deleted, stop the OID Monitor and all directory server instances. 

oidmon [connect=connect_string] [host=virtual/host_name] stop
oidctl connect=connect_string server=oidldapd instance=server_instance_number 
stop

See Also:

Task 3: Delete the Node from the Master Definition Site

From the MDS, run the following script: 

remtool -delnode

The Replication Environment Management Tool deletes the node from the replication group.

See Also:

"-DELNODE Option" of the Replication Environment Management Tool for instructions on using the -DELNODE option and an example

This process can take a long time, depending on your system resources and the size of your DRG. The script keeps you informed of its progress.

Note:

If you encounter errors, then use the -asrverify option first. If it reports errors, then rectify them by using the -asrrectify option. Both -asrverify and -asrrectify list all nodes in the DRG. If the node to be deleted is not in the list, then add it by running the Replication Environment Management tool again, using the -delnode option.

Task 4: Start the Directory Replication Server on All Nodes

To start the directory replication server, type the following command: 

oidctl connect=connect_string server=oidrepld instance=1

flags='-h host -p port' start

See Also:

"Starting an Oracle Directory Replication Server Instance"

Resolving Conflicts Manually in a Multimaster Replication Group

This section contains these topics:

Monitoring Replication Change Conflicts

If a conflict has been written into the log, then it means that the system is not able to resolve it by following its resolution procedure. To avoid further replication change conflicts arising from earlier unapplied changes, it is important to monitor the logs regularly.

To monitor replication change conflicts, examine the contents of the replication log. You can distinguish between messages by their respective timestamps.

Examples of Conflict Resolution Messages

Conflict resolution messages, examples of which are shown in this section, are logged in the file oidrepld00.log. The path for this file is ORACLE_HOME/ldap/log. The result of each attempt to resolve the replication conflict is displayed at the end of each conflict resolution message.

Example 1: An Attempt to Modify a Non-Existent Entry
2000/08/03::10:59:05:  ************ Conflict Resolution Message ************
2000/08/03::10:59:05:  Conflict reason: Attempted to modify a non-existent 
entry.
2000/08/03::10:59:05:  Change number:1306.
2000/08/03::10:59:05:  Supplier:eastlab-sun.
2000/08/03::10:59:05:  Change type:Modify.
2000/08/03::10:59:05:  Target 
DN:cn=ccc,ou=Recruiting,ou=HR,ou=Americas,o=IMC,c=US.
2000/08/03::10:59:05:  Result: Change moved to low priority queue after failing 
on 10th retry.
Example 2: An Attempt to Add an Existing Entry
2000/08/03::10:59:05:  ************ Conflict Resolution Message ************
2000/08/03::10:59:05:  Conflict reason: Attempted to add an existing entry.
2000/08/03::10:59:05:  Change number:1209.
2000/08/03::10:59:05:  Supplier:eastlab-sun.
2000/08/03::10:59:05:  Change type:Add.
2000/08/03::10:59:05:  Target DN:cn=Lou Smith, ou=Recruiting, ou=HR, 
ou=Americas, o=IMC, c=US.
2000/08/03::10:59:05:  Result: Deleted duplicated target entry which was created 
later than the change entry. Apply the change entry again.
Example 3: An Attempt to Delete a Non-Existent Entry
2000/08/03::10:59:06:  ************ Conflict Resolution Message ************
2000/08/03::10:59:06:  Conflict reason: Attempted to delete a non-existent 
entry.
2000/08/03::10:59:06:  Change number:1365.
2000/08/03::10:59:06:  Supplier:eastlab-sun.
2000/08/03::10:59:06:  Change type:Delete.
2000/08/03::10:59:06:  Target DN:cn=Lou 
Smith,ou=recruiting,ou=hr,ou=americas,o=imc,c=us.
2000/08/03::10:59:06:  Result: Change moved to low priority queue after failing 
on 10th retry.

About the Human Intervention Queue Manipulation Tool

The Human Intervention Queue Manipulation Tool enables you to move changes from the human intervention queue to either the retry queue or the purge queue. Moving the change to the purge queue means that there are no further attempts to re-apply the changelog entry. To address changes in the human intervention queue, follow these general steps:

  1. Shut down the directory replication server.

  2. Analyze the replication log.

  3. Use the Human Intervention Queue Manipulation Tool to move the changes to either the retry queue or the purge queue as described in the following sections.

    See Also:

    "The Human Intervention Queue Manipulation Tool" for instructions on how to use the Human Intervention Queue Manipulation Tool

About the OID Reconciliation Tool

When the directory replication server encounters inconsistent data, you can use the OID Reconciliation Tool to synchronize the entries on the consumer with those on the supplier. When you do this, perform the following general steps:

  1. Set the supplier and the consumer to read-only mode.

  2. Ensure that the supplier and the consumer are in a tranquil state--that is, that neither is supplying or applying changes. If they are not in a tranquil state, then wait until they have finished updating.

  3. Identify the inconsistent entries or subtree on the consumer.

  4. Use the OID Reconciliation Tool to fix the inconsistent entries or subtree on the consumer.

  5. Set the participating supplier and consumer back to read/write mode.

    See Also:

Go to previous page Go to beginning of chapter Go to next page
Oracle
Copyright © 1999, 2003 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index