Skip Headers
Oracle® Application Server Installation Guide
10g Release 2 (10.1.2) for AIX 5L Based Systems (64-Bit)
B25201-01
  Go To Documentation Library
Home
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

9 Installing Oracle Internet Directory in Replicated Mode

This chapter describes how to install Oracle Internet Directory in replicated mode, that is, how to install Oracle Internet Directory masters and replicas.

Contents:

9.1 Oracle Internet Directory Replication Overview

To run Oracle Internet Directory in a replication environment means that you have more than one Oracle Internet Directory, each with its own OracleAS Metadata Repository. The Oracle Internet Directory instances synchronize the data in the metadata repositories so that the data in the repositories are "loosely consistent". This means that the data in the repositories are not guaranteed to be synchronized in "real time", but the data become identical within an acceptable time interval.

For More Information

This chapter provides information from an installation point of view. For in-depth information on replication, see the following guides:

Types of Replication

There are two types of replication. During installation, you select the type of replication that you want.

9.1.1 Fan-Out Replication (LDAP Replication)

In fan-out replication, one Oracle Internet Directory is the master, and the other Oracle Internet Directory instances are called the Oracle Internet Directory replicas.

Clients modify the data in the master Oracle Internet Directory only. The master then propagates the changes to the replicas. These replicas, in turn, can update other Oracle Internet Directory replicas.

Figure 9-1 Example of Fan-Out Replication (LDAP Replication)

Description of Figure 9-1  follows
Description of "Figure 9-1 Example of Fan-Out Replication (LDAP Replication)"

In fan-out replication, Oracle Internet Directory instances use the LDAP protocol to communicate with each other. The Select Oracle Internet Directory Replication Mode screen in the installer uses the term LDAP Replication to refer to fan-out replication.

The procedure for installing a master Oracle Internet Directory is the same as installing a "regular" (non-replicated) Oracle Internet Directory.

The procedure for installing replicas is different. When installing a replica, you must select the High Availability and Replication option in the Select Configuration Options screen, and you need to provide connect information to the master Oracle Internet Directory.

The Oracle Application Server instance that runs the Oracle Internet Directory (master or replica) can also run other Oracle Application Server components, such as the OracleAS Metadata Repository, OracleAS Single Sign-On, Oracle Delegated Administration Services, and/or Oracle Directory Integration and Provisioning.

9.1.2 Multimaster Replication (Advanced Replication)

In multimaster replication, you have one or more master Oracle Internet Directory instances. You can also have other Oracle Internet Directory instances that are replicas. Clients can update data in any Oracle Internet Directory (master or replica). The Oracle Internet Directory instances propagate the changes among themselves.

Figure 9-2 Example of Multimaster Replication (Advanced Replication)

Description of Figure 9-2  follows
Description of "Figure 9-2 Example of Multimaster Replication (Advanced Replication)"

In multimaster replication, Oracle Internet Directory instances use the Oracle Database Advanced Replication protocol to communicate with each other. The Select Oracle Internet Directory Replication Mode screen in the installer uses the term Advanced Replication to refer to multimaster replication.

The procedure for installing a master Oracle Internet Directory is the same as installing a "regular" (non-replicated) Oracle Internet Directory.

The procedure for installing replicas is different. When installing a replica, you must select the High Availability and Replication option in the Select Configuration Options screen, and you need to provide connect information to the master Oracle Internet Directory.

The Oracle Application Server instance that runs the Oracle Internet Directory (master or replica) can also run other Oracle Application Server components, such as the OracleAS Metadata Repository, OracleAS Single Sign-On, Oracle Delegated Administration Services, and/or Oracle Directory Integration and Provisioning.

9.2 Requirements

Check that you meet the following requirements for installing Oracle Internet Directory in replication mode:

9.2.1 Database Requirements

Each Oracle Internet Directory, whether master or replica, needs its own OracleAS Metadata Repository. You can install it with a new OracleAS Metadata Repository, or against an existing OracleAS Metadata Repository.

If installing against an existing OracleAS Metadata Repository, you can create an existing OracleAS Metadata Repository in two different ways:

If you are installing against an existing OracleAS Metadata Repository, the OracleAS Metadata Repository must not be already registered with another Oracle Internet Directory. If you specify an OracleAS Metadata Repository that is already registered with an Oracle Internet Directory, the installer assumes you are installing a high availability environment, and it does not display the replication options.

9.2.2 Clock Synchronization

Check that the clocks on the computers running the masters and replicas are within 250 seconds of each other.

9.3 Installation Order

To install Oracle Internet Directory in replicated mode, you need a master Oracle Internet Directory and one or more Oracle Internet Directory replicas. You install them in the following order:

  1. Install the master Oracle Internet Directory first.

  2. Install the Oracle Internet Directory replicas. The installer will prompt you to enter connect information for the master Oracle Internet Directory.

9.4 Installing a Master Oracle Internet Directory

The procedure for installing a master Oracle Internet Directory is the same as installing a "regular" (non-replicated) Oracle Internet Directory. You can install the master Oracle Internet Directory against an existing database, or you can install it with a new database.


Note:

  • In the Select Configuration Options screen, you must select Oracle Internet Directory. You can select other components to configure, as desired.

  • Also in the Select Configuration Options screen, you do not need to select High Availability and Replication. Select this option only if you are installing this Oracle Application Server instance in a high availability configuration.

  • If you select the High Availability and Replication option in Select Configuration Options screen, the installer displays the Select High Availability Option screen. In this, do not select the Replication option, because this option is for installing a replica Oracle Internet Directory, not a master Oracle Internet Directory.


You can use any of the procedures in Chapter 6, "Installing OracleAS Infrastructure" to install a master Oracle Internet Directory. Examples:

You can also install a master Oracle Internet Directory in high availability environments. Refer to Chapter 11, "Installing in High Availability Environments: OracleAS Cold Failover Cluster" and Chapter 12, "Installing in High Availability Environments: OracleAS Cluster (Identity Management)" for details.

9.5 Installing an Oracle Internet Directory Replica

You can install an Oracle Internet Directory replica against an existing database, or you can install it with a new database.

Contents of this section:

9.5.1 Overview of Installing a Replica

When installing an Oracle Internet Directory replica, remember the following:

  • In the Select Configuration Options screen, you must select Oracle Internet Directory and High Availability and Replication.

  • In the Select High Availability Option screen, select Replication.

  • When the installer prompts you to enter connect information for the master Oracle Internet Directory, you need to connect as the Oracle Internet Directory superuser (cn=orcladmin). You need to know the password for the superuser.

  • The master Oracle Internet Directory must not already contain a registration for a database with the same global database name or SID as the OracleAS Metadata Repository to be used for the replica.

  • The OracleAS Metadata Repository for the replica cannot already be registered with any Oracle Internet Directory.

9.5.2 Installing an Oracle Internet Directory Replica with a New Database

Follow these steps to install an Oracle Internet Directory replica with a new database:

Table 9-1 Installing an Oracle Internet Directory Replica with a New Database


Screen Action

1.

--

Start up the installer and complete the first few screens. Refer to Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

  • In the Select a Product to Install screen, select Oracle Application Server Infrastructure 10g.

  • In the Select Installation Type screen, select Oracle Identity Management and OracleAS Metadata Repository.

2.

Select Configuration Options

Select Oracle Internet Directory.

Select High Availability and Replication.

The other options on this screen are optional:

Select Oracle Application Server Single Sign-On, Oracle Application Server Delegated Administration Services, Oracle Application Server Directory Integration and Provisioning, and/or OracleAS Certificate Authority (OCA) if you need these components.

Click Next.

3.

Specify Port Configuration Options

If you want to use default ports for the components, select Automatic.

If you do not want to use the default ports, and you have created a staticports.ini file, select Manual and enter the fullpath to your staticports.ini file in the provided field.

Click Next.

4.

Select High Availability or Replication Option

This screen is required to install a replica. This screen appears only if you selected High Availability and Replication in the Select Configuration Options screen.

Select Replication, and click Next.

5.

Select Oracle Internet Directory Replication Mode

Select LDAP Replication if you want fan-out replication.

Select Advanced Replication if you want multimaster replication.

Click Next.

6.

Specify Oracle Internet Directory Master Node

Hostname: Enter the name of the computer running the master Oracle Internet Directory.

Port: Enter the port at which the master Oracle Internet Directory is listening.

Do not select Use only SSL connections with this Oracle Internet Directory. If you want Oracle Internet Directory to run in SSL-only mode, you can make this configuration change after installation. Refer to Oracle Application Server Administrator's Guide for details.

Click Next.

7.

Specify Master Oracle Internet Directory Login

Username: Enter cn=orcladmin because you have to connect to the master Oracle Internet Directory as the superuser.

Password: Enter the password for the superuser.

Click Next.

8.

Specify Namespace in Internet Directory

Select the suggested namespace, or enter a custom namespace for the location of the default Oracle Identity Management realm.

Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. Refer to Section 6.16, "What Do I Enter on the "Specify Namespace in Internet Directory" Screen?".

Click Next.

9.

OCA screens

If you selected OracleAS Certificate Authority (OCA) in the Select Configuration Options screen, the installer displays screens for configuring OCA. Refer to Section 6.30, "Install Fragment: OCA Screens" for details.

10.

Specify Database Configuration Options

Global Database Name: Enter a name for the OracleAS Metadata Repository database. Append the domain name of your computer to the database name.

Example: orcl.mydomain.com

Note: Ensure that the master Oracle Internet Directory does not already contain a registration for a database with the same global database name or SID. (The installer checks this for you.)

SID: Enter the system identifier for the OracleAS Metadata Repository database. Typically this is the same as the global database name, but without the domain name. The SID must be unique across all databases. The SID cannot be longer than eight characters.

Example: orcl

Select Database Character Set: Select the character set to use.

Specify Database File Location: Enter the full path to the parent directory for the data files directory. This parent directory must already exist, and you must have write permissions in this directory.

The installer will create a subdirectory in this parent directory, and the subdirectory will have the same name as the SID. The data files will be placed in this subdirectory.

Example: If you enter /u02/oradata, and the SID is orcl, then the data files will be located in /u02/oradata/orcl.

Click Next.

11.

Specify Database Schema Passwords

Set the passwords for these privileged database schemas: SYS, SYSTEM, SYSMAN, and DBSNMP. You can set different passwords for each schema, or you can set the same password for all the schemas.

Refer to Section 6.14, "Restrictions on the Passwords for the SYS, SYSTEM, SYSMAN, and DBSNMP Users" for rules on setting passwords for these accounts.

Click Next.

12.

Specify Instance Name and ias_admin Password

Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. Refer to Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: infra

ias_admin Password and Confirm Password: Enter and confirm the password for the ias_admin user. This is the administrative user for this infrastructure instance.

This password will also become the password for the following users:

  • the Oracle Internet Directory superuser ("cn=orcladmin")

  • the Oracle Internet Directory database user ("ods")

  • the replication DN, which is the identity used by the replication server. The DN is: "cn=replication dn, orclreplicaid=replica_ID, cn=replication configuration", where replica_ID is the replica ID of the Oracle Internet Directory being installed.

Refer to Section 5.10, "The ias_admin User and Restrictions on its Password" for password requirements.

Example: welcome99

Click Next.

13.

--

Finish the installation. Refer to Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.


9.5.3 Installing an Oracle Internet Directory Replica against an Existing Database

Follow these steps to install an Oracle Internet Directory replica against an existing database.

Table 9-2 Installing an Oracle Internet Directory Replica against an Existing Database


Screen Action

1.

--

Start up the installer and complete the first few screens. Refer to Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Note:

  • In the Select a Product to Install screen, select Oracle Application Server Infrastructure 10g.

  • In the Select Installation Type screen, select Oracle Identity Management.

2.

Select Configuration Options

Select Oracle Internet Directory.

Select High Availability and Replication.

The other options on this screen are optional:

Select Oracle Application Server Single Sign-On, Oracle Application Server Delegated Administration Services, Oracle Application Server Directory Integration and Provisioning, and/or OracleAS Certificate Authority (OCA) if you need these components.

Click Next.

3.

Specify Port Configuration Options

If you want to use default ports for the components, select Automatic.

If you do not want to use the default ports, and you have created a staticports.ini file, select Manual and enter the fullpath to your staticports.ini file in the provided field.

Click Next.

4.

Specify Repository

Enter information for the OracleAS Metadata Repository that you want to use for the replica.

Note:

  • This OracleAS Metadata Repository cannot already be registered with any Oracle Internet Directory.

  • The master Oracle Internet Directory, which you will specify in step 7., must not already contain a registration for a database with the same global database name or SID as this OracleAS Metadata Repository. (The installer does not check this for you.)

Username: Enter the username to use to log in to the OracleAS Metadata Repository database. The user must have DBA privileges.

Password: Enter the user's password.

Hostname and Port: Enter the name of the computer where the database is running, and the port number at which it is listening. Use the format: host:port.

Service Name: Enter the service name of the database. Note that the service name must include the database domain name.

Example: orcl.mydomain.com

Click Next.

5.

Select High Availability or Replication Option

This screen is required to install a replica. If you do not see this screen, return to the Select Configuration Options screen and ensure you selected High Availability and Replication.

Select Replication.

Click Next.

6.

Select Oracle Internet Directory Replication Mode

Select LDAP Replication if you want fan-out replication.

Select Advanced Replication if you want multimaster replication.

Click Next.

7.

Specify Oracle Internet Directory Master Node

Hostname: Enter the name of the computer running the master Oracle Internet Directory.

Port: Enter the port at which the master Oracle Internet Directory is listening.

Do not select Use only SSL connections with this Oracle Internet Directory. If you want Oracle Internet Directory to run in SSL-only mode, you can make this configuration change after installation. Refer to Oracle Application Server Administrator's Guide for details.

Click Next.

8.

Specify Master Oracle Internet Directory Login

Username: Enter cn=orcladmin because you have to connect to the master Oracle Internet Directory as the superuser.

Password: Enter the password for the superuser.

Click Next.

9.

Specify Namespace in Internet Directory

Select the suggested namespace, or enter a custom namespace for the location of the default Oracle Identity Management realm.

Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. Refer to Section 6.16, "What Do I Enter on the "Specify Namespace in Internet Directory" Screen?".

Click Next.

10.

OCA screens

If you selected OracleAS Certificate Authority (OCA) in the Select Configuration Options screen, the installer displays screens for configuring OCA. Refer to Section 6.30, "Install Fragment: OCA Screens" for details.

11.

Specify Instance Name and ias_admin Password

Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. Refer to Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: id_mgmt

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance.

This password will also become the password for the following users:

  • the Oracle Internet Directory superuser ("cn=orcladmin")

  • the Oracle Internet Directory database user ("ods")

  • the replication DN, which is the identity used by the replication server. The DN is: "cn=replication dn, orclreplicaid=replica_ID, cn=replication configuration", where replica_ID is the replica ID of the Oracle Internet Directory being installed.

Refer to Section 5.10, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

12.

--

Finish the installation. Refer to Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.


9.6 Accessing OracleAS Single Sign-On and Oracle Delegated Administration Services

To access OracleAS Single Sign-On or Oracle Delegated Administration Services on the replica node, you have to use the password for the orcladmin user on the master Oracle Internet Directory, not the replica Oracle Internet Directory.

Example:

  1. Enter the URL for OracleAS Single Sign-On or Oracle Delegated Administration Services in your browser:

    For OracleAS Single Sign-On, the URL is: http://host:port/pls/orasso.

    For Oracle Delegated Administration Services, the URL is: http://host:port/oiddas.

    host specifies the name of the computer where you installed the Oracle Internet Directory replica.

    port specifies the port number on which Oracle HTTP Server is listening.

  2. To log in, enter orcladmin as the user name and the password you entered when you installed the master Oracle Internet Directory. If you enter the password for the replica Oracle Internet Directory, the login will not succeed.