Oracle® Identity Management User Reference 10g (10.1.4.0.1) Part Number B15998-01 |
|
|
View PDF |
This chapter describes the following command-line tools used to administer the Oracle Identity Management servers:
odisrv (Oracle Directory Integration Server Control)
oidca (Oracle Internet Directory Configuration Assistant)
oidctl (Oracle Internet Directory Control)
oiddiag (Oracle Internet Directory Server Diagnostic Tool)
oidmon (Oracle Internet Directory Monitor)
opmnctl (Oracle Process Manager and Notification Server Control)
stopodiserver.sh (Oracle Directory Integration Server Stop Command)
The Oracle Directory Integration Server Control Tool (odisrv
) is used to start an Oracle Directory Integration Platform server in a client-only installation, where the Oracle Internet Directory Monitor (oidmon
) and Control (oidctl
) tools are not available, and if the Oracle Directory Integration Platform server is not used for high-availability purposes.
In a typical Oracle Internet Directory installation you should use the Oracle Internet Directory Monitor and Control utilities to start and stop the server. Oracle Corporation recommends that you use these utilities if available. This way, if the Oracle Directory Integration Platform server unexpectedly terminates, the Oracle Internet Directory Monitor utility automatically restarts it. See "oidmon" and "oidctl" for more information.
odisrv host=hostname port=port_number [config=configuration_set_number] instance=instance_number [debug=debug_level] [refresh=interval_between_refresh] [maxprofiles=number_of_profiles] [sslauth=ssl_mode]
host=hostname
Required. The host name of the Oracle Internet Directory server. If not specified, then the default of localhost is used.
port=port_number
Required. The port number used to connect to the Oracle Internet Directory server. If not specified, then the default of 389 is used.
config=configuration_set_number
Optional. The configuration set number to be used when starting the server.
instance=instance_number
Required. The instance number to assign to the Oracle Directory Integration Platform server. This instance number must be unique. OID Monitor verifies that the instance number is not already associated with a currently running instance of this server.
debug=debug_level
Optional. If not specified the default of 0 (not enabled) is used. Debug levels are additive. Add the numbers representing the functions that you want to activate, and use the sum of those in the command-line option. For example, to trace search filter processing (512) and active connection management (256), enter 768 as the debug level (512 + 256 = 768). Debug levels are as follows:
1 — Heavy trace debugging
128 — Debug packet handling
256 — Connection management, related to network activities
512 — Search filter processing
1024 — Entry parsing
2048 — Configuration file processing
8192 — Access control list processing
491520 — Log of communication with the database
524288 — Schema related operations
4194304 — Replication specific operations
8388608 — Log of entries, operations and results for each connection
16777216 — Trace function call arguments
67108864 — Number and identity of clients connected to this server
117440511 — All possible operations and data
refresh=interval_between_refresh
The number of minutes between server refreshes for any changes in Oracle Directory Integration Platform profiles. If not specified, the default of 2 is used.
maxprofiles=number_of_profiles
The maximum number of Oracle Directory Integration Platform profiles that can be executed concurrently for this server instance.
sslauth=ssl_mode
The number of the corresponding SSL mode. If not specified, the default of 0 is used. The modes are as follows:
0 — SSL is not used.
1 — SSL is used for encryption only, not for authentication.
2 — SSL is used for one-way authentication. With this mode you must also specify the complete path and file name of the server's Oracle Wallet.
During installation, the Oracle Internet Directory Configuration Assistant (oidca
) configures Oracle Internet Directory. Once an installation has been completed, you can use it to:
Create, upgrade, or delete an Oracle Context.
Convert an Oracle Context to an Oracle Identity Management realm.
Configure the ldap.ora
file that is used to discover the directory server in the environment.
Use the Oracle Internet Directory Configuration Assistant with Enterprise User Security and Oracle Net Services under the following conditions:
Table 2-1 Conditions for Using Oracle Internet Directory Configuration Assistant for Specific Database Components
Component | Conditions |
---|---|
Enterprise User Security |
Enterprise User Security works only with Oracle Identity Management realms created in the 9.0.4 or later release of Oracle Internet Directory. If you have Oracle Contexts created in prior releases, then you must use the Oracle Internet Directory Configuration Assistant to convert them to Oracle Identity Management realms. Use Oracle Internet Directory Configuration Assistant when creating or updating the |
Oracle Net Services |
Use Oracle Internet Directory Configuration Assistant when:
|
oidca -silent oidhost=hostname {nonsslport=port_number | sslport=port_number} dn=binddn pwd=bindpwd {{mode=CREATECTX | UPGRADECTX | DELETECTX | CTXTOIMR contextdn=oraclecontextdn} | {mode=LDAPORA adminctx=admincontextdn dirtype=OID | AD [-update]}} | {propfile=filename}
-silent
Required. The silent
flag is used to run the oidca
tool in command line or silent mode.
oidhost=hostname
Required. The host name of the Oracle Internet Directory server. If not specified, then the default of localhost is used.
nonsslport=port_number | sslport=port_number
Required. The port number used to connect to the Oracle Internet Directory server.
To connect to the directory in non-SSL mode, supply the unsecure LDAP port with the nonsslport argument (the default is 389).
To connect to the directory in SSL mode, supply the secure LDAP port with the sslport argument (the default is 636).
dn=binddn
Required. The DN of the Oracle Internet Directory user needed to bind to the directory (for example, cn=orcladmin
).
pwd=bindpw
Required. The user password needed to bind to the directory.
mode=CREATECTX | UPGRADECTX | DELETECTX | CTXTOIMR | LDAPORA
Required. Specifies the operation to perform. The choices are:
CREATECTX
creates a new Oracle Context under the given DN.
UPGRADECTX
upgrades the Oracle Context in the given DN. You cannot upgrade Oracle Context instances that belong to a realm.
DELETECTX
deletes an Oracle Context from the given DN.
CTXTOIMR
converts an Oracle Context to an Oracle Identity Management realm.
LDAPORA
configures the ldap.ora file that is used to discover the Oracle Internet Directory server in the environment.
contextdn=oraclecontextdn
Required when the mode argument equals CREATECTX, UPGRADECTX, DELETECTX, or CTXTOIMR. Specifies the DN under which the Oracle Context will be created, upgraded, deleted, or converted to an Oracle Identity Management realm.
adminctx=admincontextdn
Required when the mode argument equals LDAPORA. The default administrative context DN. For example, dn=company, dc=com
.
dirtype=OID | AD
Required when the mode argument equals LDAPORA. The type of directory.
-update
Optional flag used when the mode
argument equals LDAPORA
. Use -update
to overwrite an existing ldap.ora
file. If not given, a new ldap.ora
file will be created. If the ldap.ora
file exists and the -update
argument is not specified, then the Assistant exits with the message "ldap.ora exists".
propfile=filename
Instead of specifying the mode
argument and its associated contextdn
, adminctx
, and dirtype
arguments on the command-line, you can specify them in a properties file instead. Specify the full path and file name of the file containing these arguments.
Using the Oracle Internet Directory Configuration Assistant command-line tool, you can perform the following tasks:
The following example shows how to create a new Oracle Context under the given context DN:
Example:
oidca -silent oidhost=host.company.com nonsslport=389 dn=cn=orcladmin pwd=password mode=CREATECTX contextdn=dc=company,dc=com
The context DN must exist in the directory and have the format of dc=
your_company
,dc=com
. A DN with the format of cn=oraclecontext,dc=
your_company
,dc=com
must not exist in the directory.
When creating an Oracle Context, Oracle Internet Directory Configuration Assistant does the following:
It verifies that the contextdn
has valid DN syntax.
Verifies if OracleContext
exists. If OracleContext
does not exist, then Oracle Internet Directory Configuration Assistant creates it under the given context DN.
The following example shows how to upgrade an existing Oracle Context under the given context DN:
Example:
oidca -silent oidhost=host.company.com nonsslport=389 dn=cn=orcladmin pwd=password mode=UPGRADECTX contextdn=cn=oraclecontext,dc=company,dc=com
The context DN must exist in the directory, and can have either the format of dc=
your_company
,dc=com
or the format of cn=oraclecontext,dc=
your_company
,dc=com
. The given context DN must contain an OracleContext
. The OracleContext
cannot belong to a realm.
When upgrading an Oracle Context, Oracle Internet Directory Configuration Assistant does the following:
It verifies that the context DN has a valid DN syntax and that OracleContext
exists in Oracle Internet Directory. The Assistant cannot upgrade a root OracleContext
explicitly. If there is no root OracleContext
, then the Assistant sends an error message.
It verifies if the OracleContext
already belongs to an Oracle Identity Management realm. You cannot upgrade OracleContext
instances that belong to a realm.
If OracleContext
belongs to a realm, then Oracle Internet Directory Configuration Assistant exits with the appropriate message.
It verifies if the OracleContext
is up-to-date.
If the OracleContext
is up-to-date, then the Assistant exits with the message "Oracle Context already exists and is up to date."
If the OracleContext
is not up-to-date, then the Assistant upgrades the OracleContext
under this DN.
The following example shows how to delete an existing Oracle Context under the given context DN:
Example:
oidca -silent oidhost=host.company.com nonsslport=389 dn=cn=orcladmin pwd=password mode=DELETECTX contextdn=cn=oraclecontext,dc=company,dc=com
The context DN must exist in the directory, and can have either the format of dc=
your_company
,dc=com
or the format of cn=oraclecontext,dc=
your_company
,dc=com
. The given context DN must contain an OracleContext
. The OracleContext
cannot belong to a realm.
When deleting an Oracle Context, Oracle Internet Directory Configuration Assistant does the following:
It verifies that the context DN has a valid DN syntax and that OracleContext
exists in Oracle Internet Directory.
It verifies if the OracleContext
already belongs to an Oracle Identity Management realm. You cannot delete OracleContext
instances that belong to a realm.
If OracleContext
belongs to a realm, then Oracle Internet Directory Configuration Assistant exits with the appropriate message.
If the OracleContext
does not belong to a realm, then Oracle Internet Directory Configuration Assistant deletes it.
Oracle Database 10g entries must be stored in Oracle Internet Directory Release 9.0.4 or later. Moreover, Enterprise User Security, a feature of Oracle Database 10g, requires a Release 9.0.4 or later version of an Oracle Identity Management realm.
The following example shows how to convert an existing Oracle Context to an Oracle Identity Management realm:
Example:
oidca -silent oidhost=host.company.com nonsslport=389 dn=cn=orcladmin pwd=password mode=CTXTOIMR contextdn=cn=oraclecontext,dc=company,dc=com
The context DN must exist in the directory, and can have either the format of dc=
your_company
,dc=com
or the format of cn=oraclecontext,dc=
your_company
,dc=com
. The given context DN must contain an OracleContext
. The OracleContext
cannot already belong to a realm.
When converting an Oracle Context to an Oracle Identity Management realm, Oracle Internet Directory Configuration Assistant does the following:
It verifies that the context DN has a valid DN syntax and that OracleContext
exists in Oracle Internet Directory.
It verifies if the OracleContext
already belongs to an Oracle Identity Management realm. You cannot convert OracleContext
instances that already belong to a realm.
If the OracleContext
does not belong to a realm, then the Assistant converts the OracleContext to an Oracle Identity Management realm.
Note:
|
The following example shows how to configure anldap.ora
file by overwriting the existing ldap.ora
file:
Example:
oidca -silent oidhost=host.company.com nonsslport=389 dn=cn=orcladmin pwd=password mode=LDAPORA adminctx=dc=company,dc=com dirtype=OID -update
When configuring the ldap.ora
file, Oracle Internet Directory Configuration Assistant does the following:
Checks for the ldap.ora
file location.
If ldap.ora
exists and the -update
flag is not specified, then the Assistant exits with the message "ldap.ora exists".
If ldap.ora
exists and the -update
flag is specified, then the Assistant updates the existing ldap.ora
file.
If ldap.ora
does not exist, then the assistant creates a new ldap.ora
file in a location in the following order:
LDAP_ADMIN
$
ORACLE_HOME
/ldap/admin
Oracle Internet Directory Control Utility (oidctl
) is a command-line tool for starting and stopping Oracle Identity Management server instances. You can use this utility to start, stop, or restart the following server processes:
Oracle Internet Directory Server
Oracle Directory Integration Platform Server
Oracle Directory Replication Server
The commands issued by Oracle Internet Directory Control Utility are interpreted and executed by the Oracle Internet Directory Monitor process. Before starting a server instance with this utility, make sure that the Monitor process is running. See "oidmon" .
oidctl [connect=connect_string] [host=virtual_hostname] {server=OIDLDAPD | ODISRV | OIDREPLD} instance=instance_number [configset=configuration_set_number] [flags="flagname=value ..."] {start | stop | restart | status}
connect=connect_string
Optional. The directory database connect string. If you already have a tnsnames.ora
file configured, then this is the net service name specified in that file, which is located in $
ORACLE_HOME
/network/admin
. If not provided, defaults to the value of $ORACLE_SID
environment variable.
host=hostname
Optional. Enables you to specify a virtual host name for the server or the name of an Oracle Application Server Identity Management Cluster Node. If not given, the default of localhost
is used.
server=OIDLDAP |ODISRV | OIDREPLD
Required. The name of the type of server process you want to start, stop, or restart. The options are:
OIDLDAPD
— Oracle Internet Directory server
ODISRV
— Oracle Directory Integration Platform server
OIDREPLD
— Directory Replication server
instance=instance_number
Required. An instance number assigned to the server process. The instance number must be unique for each server process. It cannot be associated with a currently running instance of the specified server type. Value must be greater than 0 but less than 100.
configset=configuration_set_number
Optional. The configuration set number to be used when starting the server. Defaults to 0 if not specified.
flags="flagname=value | -flag value ..."
Depending on the server process and the operation you are performing, you may also need to supply some additional flags on the command-line. Enclose all flags in quotation marks and separate flagname =value or -flag value pairs with a space. If the flags are not specified on the command-line, configset values are used. See the appropriate section for the flags related to each server type:
These flags are passed to the server exactly as specified on the command-line—the oidctl
or oidmon
tools do not validate the values passed with the flags
argument. If any values are invalid, the Oracle Internet Directory server will not start, but the oidmon
tool will start. If this occurs, you should use oidctl
to stop the server instance.
start | stop | restart | status
Required. The start
, stop
, or restart
operation to perform on the given server process. The status
option reports the status of each server configured on the node.
-debug debug_level
Optional. If not specified the default of 0 (not enabled) is used. Debug levels are additive. Add the numbers representing the functions that you want to activate, and use the sum of those in the command-line option. For example, to trace search filter processing (512) and active connection management (256), enter 768 as the debug level (512 + 256 = 768). Debug levels are as follows:
1 — Heavy trace debugging
128 — Debug packet handling
256 — Connection management, related to network activities
512 — Search filter processing
1024 — Entry parsing
2048 — Configuration file processing
8192 — Access control list processing
491520 — Log of communication with the database
524288 — Schema related operations
4194304 — Replication specific operations
8388608 — Log of entries, operations and results for each connection
16777216 — Trace function call arguments
67108864 — Number and identity of clients connected to this server
117440511 — All possible operations and data
-l true | false
Optional. Turns replication change logging on or off. Use true
to enable change logging. Use false
to disable change logging. The default is true
.
-p ldap_port
Optional. Specifies the LDAP port that this Oracle Internet Directory server instance will use. If not specified the default 389 is used.
-server number_of_processes
The number of server processes to start on this port.
-sport ssl_port
Optional. Specifies the LDAPS port that this Oracle Internet Directory server instance will use. If not specified the default 636 is used.
-work maximum_threads
The maximum number of worker threads for this server.
host=hostname
The host name of the Oracle Internet Directory server. If not specified, then the default of localhost
is used.
port=port_number
The port number used to connect to the Oracle Internet Directory server. If not specified, then the default of 389 is used.
debug=debug_level
Optional. If not specified the default of 0 (not enabled) is used. See "-debug debug_level" for a description of the debug levels.
refresh=interval_between_refresh
The number of minutes between server refreshes for any changes in Oracle Directory Integration Platform profiles. If not specified, the default of 2 is used.
grpID=group_id_profile
The group ID of profiles to be scheduled.
maxprofiles=number_of_profiles
The maximum number of Oracle Directory Integration Platform profiles that can be executed concurrently for this server instance.
sslauth=ssl_mode
The number of the corresponding SSL mode. If not specified, the default of 0 is used. The modes are as follows:
0 — SSL is not used.
1 — SSL is used for encryption only, not for authentication.
2 — SSL is used for one-way authentication. With this mode you must also specify the complete path and file name of the server's Oracle Wallet.
-p directory_port_number
Required for a start operation. Port number used to connect to Oracle Internet Directory server. The default is 389.
-h directory_hostname
Required for a start operation. The host name of the Oracle Internet Directory server to which the replication server connects. If not specified, localhost
is used.
-d debug_level
Optional. If not specified the default of 0 (not enabled) is used. See "-debug debug_level" for a description of the debug levels.
-m true | false
Optional. Use true
to enable conflict resolution. Use false
to disable conflict resolution. The default value is true
.
-z transaction_size
Optional. The number of changes applied in each replication update cycle. If not specified the value from the Oracle Internet Directory server size limit configuration parameter, which has a default of 1024.
Before using Oracle Internet Directory Control, make sure that Oracle Internet Directory Monitor is running. To verify this on UNIX, enter to following at the command-line:
ps -ef | grep oidmon
See "oidmon" for more information about Oracle Internet Directory Monitor.
Using Oracle Internet Directory Control, you can perform the following tasks:
Starting an Oracle Directory Integration Platform Server Instance
Stopping an Oracle Directory Integration Platform Server Instance
Starting and Stopping a Server Instance on a Virtual Host or Cluster Node
When starting an Oracle Internet Directory server, you must supply the instance
, server=OIDLDAPD
, and start
arguments. All other arguments are optional.
Example:
oidctl connect=dbs1 server=OIDLDAPD instance=2 configset=5 flags="-p 636 -debug 1024 -l" start
Example:
oidctl connect=dbs1 server=OIDLDAPD instance=2 stop
A restart operation is useful when you want to refresh the server cache immediately, or when you have changed a configuration set entry and want your changes to take effect on an active server instance. When the Oracle Internet Directory server restarts, it maintains the same arguments it had before it stopped.
For example, if you changed a configuration set that was being referenced by an active instance of Oracle Internet Directory server, you could update it by restarting that server instance. You do not need to supply the configset
argument again, as it is maintained from the prior start operation.
Example:
oidctl connect=dbs1 server=OIDLDAPD instance=1 restart
To restart all active instances on a node, do not specify the instance
argument. Note that a server is momentarily unavailable to client requests during a restart.
It is recommended that you use the Oracle Internet Directory Control and Monitor utilities to start an integration and provisioning server. If these tools are not available, you can start a client-only integration and provisioning server instance using the odisrv
utility. See "odisrv".
The following example shows the recommended way to start an Oracle Directory Integration Platform server. You must make sure the Monitor utility is running before you can start a server. See "oidmon".
Example:
oidctl connect=dbs1 server=ODISRV instance=1 configset=1 flags="host=ldaphost.company.com port=389 grpID=odipgroup maxprofiles=5 sslauth=2" start
Server instances that are started using the Oracle Internet Directory Control utility must also be stopped in the same way. If you started a standalone Oracle Directory Integration Platform server using the odisrv
utility, you should use the stopodiserver.sh
script to stop the server.
The following example shows how to stop a server instance that was started using the Oracle Internet Directory Control utility.
Example:
oidctl server=ODISRV instance=1 stop
When starting an Oracle Directory Replication server you need to supply the information it needs to connect to the Oracle Internet Directory server.
Example:
oidctl connect=dbs1 server=OIDREPL instance=1 flags="-p 389 -h ldaphost.company.com -d 1024" start
Example:
oidctl connect=dbs1 server=OIDREPLD instance=1 stop
Use the host
argument to specify a virtual host name when starting an Oracle Internet Directory server, Oracle Directory Integration Platform server, or Oracle Internet Directory Replication server on a virtual host or a Oracle Application Server Identity Management Cluster Node.
When communicating with the directory server, the directory replication server uses the virtual host name. Further, the replicaID
attribute that represents the unique replication identification for the Oracle Internet Directory node is generated once. It is independent of the host name and hence requires no special treatment in Oracle Application Server Cold Failover Cluster (Identity Management).
When communicating with the directory server, the Directory Integration Platform server uses the virtual host name.
The following example shows how to start an Oracle Internet Directory server (OIDLDAPD) on a virtual host. The same syntax can be used to also start a directory replication server (OIDREPLD) or integration and provisioning server (ODISRV) on a virtual host.
Example:
oidctl connect=dbs1 host=vhost.company.com server=OIDLDAPD instance=1 configset=2 [flags="..."] start
The Oracle Internet Directory Server Diagnostic command-line tool (oiddiag
) collects diagnostic information that helps triage issues reported on Oracle Internet Directory. The tool connects to the database used as the directory store (also called Metadata Repository) of Oracle Internet Directory and reads the information. The tool makes no recommendations on potential fixes to issues. Rather, it collects information to help Support and Development understand a problem and determine its solution. The tool can collect four types of diagnostic information:
Directory information tree (DIT)
Data consistency
Server manageability statistics
System and process information
If you use either the collect_all=true
or the collect_sub=true
arguments, you will be prompted to supply the following information:
The fully domain-qualified database host name
The database listener port number
The database service name
The ODS database user password
You can find the hostname, port number and service name in the file tnsnames.ora
. For example, in the following tnsnames.ora
file, the hostname, port number and service names are, respectively, sun16.us.oracle.com
, 1521
, and orcl.us.oracle.com
:
ORCL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = sun16.us.oracle.com)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl.us.oracle.com) ) )
Note: You must set theORACLE_HOME environment variable before executing the OIDDIAG tool. |
oiddiag {listdiags=true [targetfile=filename]} | {collect_all=true [outfile=filename]} | {collect_sub=true [infile=filename] [outfile=filename]} | {audit_report=true [outfile=file_name]}
listdiags=true
Writes a list of available diagnostics that can be collected. The list is written to an output file, which is $
ORACLE_HOME
/ldap/log/oiddiag.txt
by default. You should run a listdiags
command before running a collect_sub
command. The collect_sub
command uses the file that is output by listdiags
. You can edit this file as needed to contain only the diagnostic items you want.
targetfile=filename
This is the location of the output file where the diagnostic tool writes the list of available diagnostics when listdiags=true
is given. If not specified, the tool writes the list to $
ORACLE_HOME
/ldap/log/oiddiag.txt
.
collect_all=true
Collect all of the diagnostic information available and writes it to an output file. You will be prompted to provide the Oracle Internet Directory database host name, listener port, net service name, and password.
outfile=filename
The name of the output file that the diagnostic information is written to. If not specified, the default output file is written to $
ORACLE_HOME
/ldap/log/oiddiag
timestamp
.log
. The timestamp format is YYYYMMDDHHmmss
.
collect_sub=true
Collects a subset of diagnostic information (based on the diagnostics specified in the input file) and writes it to an output file. You will be prompted to provide the Oracle Internet Directory database host name, listener port, net service name, and password.
You should run a listdiags
command before running a collect_sub
command. The collect_sub
command uses the file that is output by listdiags
. You can edit this file as needed to contain only the diagnostic items you want.
infile=filename
A file that contains the list of diagnostic items for which you want to output information. By default, the diagnostic tool looks for this file in $
ORACLE_HOME
/ldap/log/oiddiag.txt
, which is the default target file location of the listdiags
command. You can edit this file as needed to contain only the diagnostic items you want.
audit_report=true
Generates standard reports for Secure Events Tracking and writes them to an output file.
Using the Oracle Internet Directory diagnostic tool, you can perform the following tasks:
The following example shows how to collect all available diagnostic information and write it to the specified output file.
Example:
oiddiag collect_all=true output=~/myfiles/oid.log
To collect a subset of diagnostic data, you must first run the oiddiag
tool with the listdiags
argument. This outputs a list of available diagnostics, which you can then edit. This list is then passed in to the collect_sub
command to determine the diagnostics for which to collect output. The following example uses the default file locations of $
ORACLE_HOME
/ldap/log/oiddiag.txt
(for the list) and $
ORACLE_HOME
/ldap/log/oiddiag
timestamp
.log
(for the output file).
Example:
oiddiag listdiags oiddiag collect_sub
An important type of information that the oiddiag
tool collects is the stack trace data for Oracle Internet Directory processes. Examining the stack trace is useful if you are experiencing slow response times or if your system stops responding. Because Oracle Internet Directory is usually started as a setuid-root
program, you must log in as the root user before you can use the oiddiag
tool to trace the stack for any Oracle Internet Directory processes. The root user must belong to the same operating system group that the Oracle operating system user belongs to. The following example logs in as the root user and changes to the dba
group before executing the oiddiag
tool:
su newgrp dba oiddiag collect_all=true
The Oracle Internet Directory Monitor (oidmon
) initiates, monitors, and terminates directory server processes. If you elect to start a replication server or integration and provisioning server, Monitor controls it. When you issue commands through Oracle Internet Directory Control (oidctl
) to start or stop directory server instances, your commands are interpreted by this process.
oidmon [connect=connect_string] [host=hostname] [sleep=seconds] start | stop
connect=connect_string
Optional. The directory database connect string. If you already have a tnsnames.ora
file configured, then this is the net service name specified in that file, which is located in $
ORACLE_HOME
/network/admin
. If not provided, defaults to the value of $ORACLE_SID
environment variable.
host=hostname
Optional. Enables you to specify a virtual host name for the server or the name of an Oracle Application Server Identity Management Cluster Node. If not given, the default of localhost
is used.
sleep=seconds
Optional. The number of seconds after which Oracle Internet Directory Monitor should check for new requests from Oracle Internet Directory Control and for requests to restart any server instances that may have stopped. The default is 10 seconds.
start | stop
Required. The operation to perform (start or stop the Monitor process).
Using Oracle Internet Directory Monitor, you can perform the following tasks:
You should start Oracle Internet Directory Monitor before using Oracle Internet Directory Control.
Example:
oidmon connect=dbs1 sleep=15 start
Use the host
argument to specify a virtual host name when starting an Oracle Internet Directory Monitor on a virtual host or a Oracle Application Server Identity Management Cluster Node.
Example:
oidmon connect=dbs1 host=virtualhostname.company.com start
Stopping Oracle Internet Directory Monitor will also stop all other Oracle Internet Directory processes. The oidmon
tool does not remove server instance information from the ODS_PROCESS
table. When an oidmon start
operation is executed, it will start all the server processes it had stopped previously.
Example:
oidmon connect=dbs1 stop
The Oracle Process Manager and Notification Server Control Utility (opmnctl
) enables you to manage Oracle Application Server components in an integrated way. If you use it to start an Oracle Internet Directory server, then you do not need to separately start Oracle Internet Directory Monitor or the directory-designated database. Instead, opmnctl
starts those components for you.
Note: This section only discusses how to use the OPMN Control Utility to start and stop Oracle Internet Directory servers. For detailed information on how to use the OPMN Control Utility, see Oracle Process Manager and Notification Server Administrator's Guide. |
You can use opmnctl
to do the following:
Start and stop a default, that is, out-of-the-box, Oracle Internet Directory server instance.
On a given node, stop, then restart, all running Oracle Internet Directory servers—that is, directory servers, directory replication server, and Directory Integration Platform server.
Once you have used opmnctl
to start the default directory server, you cannot then use it to start or stop a particular instance of an Oracle Internet Directory server. To start or stop particular instances, use oidctl
. See "oidctl".
startproc | stopproc
Required. The operation to perform (start or stop all Oracle Internet Directory server processes).
ias-component=OID
Required. Identifies the Oracle Internet Directory server processes as the Oracle Application Server processes to start or stop.
Using OPMN Control Utility, you can perform the following Oracle Internet Directory server management tasks:
Stopping All Oracle Internet Directory Server Instances Using opmnctl
Starting All Oracle Internet Directory Server Instances Using opmnctl
The following example shows how to stop all running directory server processes (Oracle Internet Directory, Oracle Directory Integration Platform server, and Oracle Directory Replication server).
Example:
opmnctl stopproc ias-component=OID
The following example shows how to start all directory server processes previously stopped by OPMNCTL (Oracle Internet Directory, Oracle Directory Integration Platform server, and Oracle Directory Replication server).
Example:
opmnctl startproc ias-component=OID
If you used the odisrv
command to start an Oracle Directory Integration Platform server, you must then stop that server process with the stopodiserver.sh
command. You should only use these commands in a client-only installation, where the Oracle Internet Directory Monitor and Control tools are not available. The stopodiserver.sh
tool is located in the $
ORACLE_HOME
/ldap/odi/admin
directory.
$ORACLE_HOME/ldap/odi/admin/stopodiserver.sh -LDAPhost oid_hostname -LDAPport ldap_port -binddn admin_dn -bindpass admin_password -instance instance_number [-clean]
-LDAPhost oid_hostname
Required. The host name of the Oracle Internet Directory server. If not specified, then the default of localhost
is used.
-LDAPport ldap_port
Required. The port number used to connect to the Oracle Internet Directory server. If not specified, then the default of 389
is used.
-binddn admin_dn
Required. The DN of the Oracle Internet Directory super user needed to bind to the directory (for example, cn=orcladmin
).
-bindpass admin_password
Required. The super user password needed to bind to the directory.
-instance instance_number
Required. The instance number of the Oracle Directory Integration Platform server instance to stop.
-clean
Optional. If the Oracle Directory Integration Platform server is stopped by any means other than the oidctl
or stopodiserver.sh
command, then the server cannot be started from the same host. In that case, the footprint of the previous execution in the directory needs to be removed by using the -clean
argument.
Using the stopodiserver.sh command you can perform the following task:
The following example shows how to stop an Oracle Directory Integration Platform server in a client-only installation. Use the -clean
argument to remove the footprint of the previous execution in the directory:
Example:
$ORACLE_HOME/ldap/admin/stopodiserver.sh -LDAPhost oidhost.company.com -LDAPport 389 -binddn cn=orcladmin -bindpass welcome -instance 1 -clean