Skip Headers
Oracle® Beehive Installation Guide
Release 1 (1.4) for Linux x86

Part Number E13791-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

15 Oracle Beehive Post-Installation Procedures

Depending on the installation scenario you have chosen, your security requirements, the standards-based clients you want to use with Oracle Beehive, or any other issue particular to your deployment, perform one or more of the following procedures:

Using Oracle Beehive Command-Line Utility

Many of the following post-installation procedures use the Oracle Beehive command-line utility beectl. For more information about beectl, refer to "Oracle Beehive Command-Line Utility" in Oracle Beehive Administrator's Reference Guide.

Performing Post-Installation Procedures on Oracle Beehive Database

After successfully installing Oracle Beehive, refer to "Oracle Beehive Database Post-Installation Procedures" for tuning recommendations to perform on your Oracle Beehive database.

Configuring Oracle Beehive to Listen on Ports Less Than 1024

Follow one of these series of steps to change a port number to which Oracle Beehive listens to a privileged port number (less than 1024):

Changing HTTP Port

Follow these steps to change the HTTP port to 80 or HTTPS port to 443 (or any other port less than 1024):

  1. As the root user, change the owner of .apachectl to the root user, set its user ID to root, and give all users permission to execute it::

    chown root <Oracle home>/Apache/Apache/bin/.apachectl
    chmod a+x <Oracle home>/Apache/Apache/bin/.apachectl
    chmod a+s <Oracle home>/Apache/Apache/bin/.apachectl
    

    Tip:

    Alternatively, instead of changing to the root user, you may use the sudo command instead:
    sudo chown root <Oracle home>/Apache/Apache/bin/.apachectl
    sudo chmod a+x <Oracle home>/Apache/Apache/bin/.apachectl
    sudo chmod a+s <Oracle home>/Apache/Apache/bin/.apachectl
    
  2. Determine the name of the listening component and property name of the port you want to change. Run the beectl list_ports command to list all available ports (the --format option is optional):

    beectl list_ports --format xml
    
    ...
       <row>
          <column name="Protocol">HTTP</column>
          <column name="Listening Port">7777</column>
          <column name="Virtual Port">7777</column>
          <column name="Defining Component">ohs_site1.example.com</column>
          <column name="Property Name">HttpListenPort</column>
          <column name="Listening Component">ohs_site1.example.com</column>
       </row>
       <row>
          <column name="Protocol">HTTPS</column>
          <column name="Listening Port">4443</column>
          <column name="Virtual Port">4443</column>
          <column name="Defining Component">ohs_site1.example.com</column>
          <column name="Property Name">HttpSslListenPort</column>
          <column name="Listening Component">ohs_site1.example.com</column>
       </row>
    

    In the previous example, the HTTP (and HTTPS) listening component is ohs_site1.example.com. The property name of the HTTP port is HttpListenPort, and the property name of the HTTPS port is HttpSslListenPort.

  3. Change the listening port with the beectl modify_property command with the appropriate listening component and property name. The following example changes the HTTP port to 80:

    beectl modify_property
      --component ohs_site1.example.com --name HttpListenPort --value 80
    
  4. Change the HTTP (or HTTPS) port number in the _VIRTUAL_SERVER component. The following example changes the HTTP port number. (Use the property name HttpSslPort to change the HTTPS port number):

    beectl modify_property --component _VIRTUAL_SERVER --name HttpPort --value 80
    
  5. Activate configuration and commit changes:

    beectl activate_configuration
    beectl modify_local_configuration_files
    

    Note:

    The beectl modify_local_configuration_files command will ask you to run this command on all your other instances. Do not run this command on all your other instances at this time. For each instance, perform steps 1 to 3 before running the beectl modify_local_configuration_files command.

Changing Other Ports

Follow these steps to change ports of Oracle Beehive-specific protocols such as BTP/BTPS, IMAP/IMAPS and SMTP.

Note:

If you are changing e-mail port numbers, refer to "Configuring E-Mail with SSL" for additional information about changing the ports that SMTP and IMAP listen to.
  1. As the root user, change the owner of hasbind to the root user, set its user ID to root, and give all users permission to execute it:

    chown root <Oracle home>/beehive/bin/hasbind
    chmod a+x <Oracle home>/beehive/bin/hasbind
    chmod a+s <Oracle home>/beehive/bin/hasbind
    

    Note:

    For hasbind to work, ensure that root only has write permission to the /etc directory, while all other users and groups have only read permission.
  2. As the root user, create a text file named /etc/cap.ora (that contains the following, where instuser is the user who installed Oracle Beehive:

    +user instuser: bind port 80
    

    Ensure the owner and user ID of cap.ora is root, give root read and write access to it, and all other users only read access:

    chown root /etc/cap.ora
    chmod 644 /etc/cap.ora
    
  3. If you have configured your Oracle Beehive deployment with Oracle Beehive DMZ instances, perform the following steps on all your DMZ instances:

    1. As the root user, change the owner of hasbind to the root user, set its user ID to root, and give all users permission to execute it:

      chown root <DMZ home>/beehive/bin/hasbind
      chmod a+x <DMZ home>/beehive/bin/hasbind
      chmod a+s <DMZ home>/beehive/bin/hasbind
      

      Note: For hasbind to work, ensure that root only has write permission to the /etc directory, while all other users and groups have only read permission.

    2. As the root user, create a text file named /etc/cap.ora as described in Step 2 of this section.

    3. Restart your Oracle Beehive DMZ instance.

  4. Determine the name of the listening component and property name of the port you want to change. Run the beectl list_ports command to list all available ports (the --format option is optional):

    beectl list_ports --format xml
    
    ...
       <row>
          <column name="Protocol">BTP</column>
          <column name="Listening Port">21401</column>
          <column name="Virtual Port">21401</column>
          <column name="Defining Component">SitewideBtiConfiguration</column>
          <column name="Property Name">ClientPort</column>
          <column name="Listening Component">BTI_site1.example.com</column>
       </row>
       <row>
          <column name="Protocol">BTPS</column>
          <column name="Listening Port">21451</column>
          <column name="Virtual Port">21451</column>
          <column name="Defining Component">SitewideBtiConfiguration</column>
          <column name="Property Name">SecureClientPort</column>
          <column name="Listening Component">BTI_site1.example.com</column>
       </row>
    

    In the previous example, the BTP (and BTPS) listening component is BTI_site1.example.com. The property name of the BTP port is ClientPort, and the property name of the BTPS port is SecureClientPort.

  5. Change the listening port with the beectl modify_property command with the appropriate listening component and property name. The following example changes the BTP port:

    beectl modify_property
      --component BTI_site1.example.com --name ClientPort --value <new port number>
    
  6. Change the appropriate property in the _VIRTUAL_SERVER component to the new port number. The following example changes the BTI port to the new port number (to list the properties of _VIRTUAL_SERVER, run the command beectl list_properties --component _VIRTUAL_SERVER):

    beectl modify_property
      --component _VIRTUAL_SERVER
      --name BtiClientPort
      --value <new port number>
    
  7. Activate configuration and commit changes:

    beectl activate_configuration
    beectl modify_local_configuration_files
    

    Note:

    The beectl modify_local_configuration_files command will ask you to run this command on all your other instances. Do not run this command on all your other instances at this time. For each instance, perform steps 1 to 3 before running the beectl modify_local_configuration_files command.

Enabling BPEL Workflows to Use New Port Number

If you changed the HTTP port number that Oracle Beehive listens to, follow these directions to enable BPEL workflows to use this new port number:

  1. Modify the value element of the following properties in the file <Oracle home>/bpel/system/config/collaxa-config.xml to reflect the new HTTP port number:

    • clusterName

    • soapCallbackUrl

    • soapServerUrl

    The following is an example:

    <property id="clusterName">
         <name>Cluster Id</name>
         <value>www.example.com:80</value>
       </property>   
     
        <property id="soapCallbackUrl">
          <name>BPEL soap callback URL</name>
          <value>http://www.example.com:80</value>
        </property>   
       
        <property id="soapServerUrl">
          <name>BPEL soap server URL</name>
          <value>http://www.example.com:80</value>
        </property>
    
  2. Restart the oc4j_soa component:

    beectl restart --component oc4j_soa_instance1.example.com
    

    Retrieve the component identifier of oc4j_soa with the beectl status command.

  3. Re-deploy the SerialWorkflow and ParallelVoteWorkflow sample workflows by copying the jar files from <Oracle home>/beehive/seed/workflows into <Oracle home>/bpel/domains/default/deploy. Since the BPEL Process Manager is in auto-deploy mode, it will redeploy these processes after a few minutes.

Opening Ports Required by Oracle Beehive for FTP

If your Oracle Beehive instance is behind a firewall, ensure that the following ports are open in your firewall to enable FTP connections:

Table 15-1 Ports Required Open

Default Port Number Property Name Description

2121

Port

The FTP server listens at this port to accept new connections from clients

2120

DefaultDataPort

Port used by the FTP server in PORT (ACTIVE) mode to make active connections (outbound connections) to clients

12121

DataConnectionPort

In PASSIVE mode, the FTP server listens on a range of ports starting from DataConnectionPort to create new data connections, which will be used for data transfer operations.

The property MaxDCPortCount indicates the number of ports in the range.

For example, if the value of DataConnectionPort is 12121 and MaxDCPortCount is 10, then ensure that all the ports from 12121 to 12130 (inclusively) are open in your firewall.


You may change the value of these ports as well as the value of MaxDCPortCount.

To retrieve a list of all available ports, call the beectl list_ports command (the --format option is optional):

beectl list_ports --format xml

...
   <row>
      <column name="Protocol">FTP</column>
      <column name="Listening Port">2121</column>
      <column name="Virtual Port">2121</column>
      <column name="Defining Component">_FtpService</column>
      <column name="Property Name">Port</column>
      <column name="Listening Component">
        BTI_instance1.example.com</column>
   </row>
   <row>
      <column name="Protocol"></column>
      <column name="Listening Port">2120</column>
      <column name="Virtual Port"></column>
      <column name="Defining Component">_FtpService</column>
      <column name="Property Name">DefaultDataPort</column>
      <column name="Listening Component">
        BTI_instance1.example.com</column>
   </row>
   <row>
      <column name="Protocol"></column>
      <column name="Listening Port">12121</column>
      <column name="Virtual Port"></column>
      <column name="Defining Component">_FtpService</column>
      <column name="Property Name">DataConnectionPort</column>
      <column name="Listening Component">
        BTI_instance1.example.com</column>
   </row>
...

To retrieve a list of all the properties for the FTP service, call the beectl list_properties command:

beectl list_properties --component _FtpService

---------------------------+----------------------------------------------------
Property name              | Property value                                     
---------------------------+----------------------------------------------------
Alias                      | _FtpService                                        
---------------------------+----------------------------------------------------
ChannelSecurity            | PLAIN_AND_TLS                                      
---------------------------+----------------------------------------------------
DMSInstrumentation         | false                                              
---------------------------+----------------------------------------------------
DataConnectionPort         | 12121                                              
---------------------------+----------------------------------------------------
DefaultCommandCharacterset | UTF-8                                              
---------------------------+----------------------------------------------------
DefaultDataPort            | 2120                                               
---------------------------+----------------------------------------------------
FtpServerEnabled           | true                                               
---------------------------+----------------------------------------------------
InternalIP                 | DEFAULT                                            
---------------------------+----------------------------------------------------
LightweightThreadCount     |                                                    
---------------------------+----------------------------------------------------
ListeningPoint             | DEFAULT                                            
---------------------------+----------------------------------------------------
MaxDCPortCount             | 200                                                
---------------------------+----------------------------------------------------
Port                       | 2121                                               
---------------------------+----------------------------------------------------
ServiceApplication         | svcapp_ftp                                         
---------------------------+----------------------------------------------------
ServiceInstances           | instance_ftp_BEEAPP_site1.example.com
---------------------------+----------------------------------------------------
SessionTimeout             | 900000                                             
---------------------------+----------------------------------------------------
Site                       | _CURRENT_SITE                                      
---------------------------+----------------------------------------------------
Status                     | ENABLED                                            
---------------------------+----------------------------------------------------
UploadBufferSize           | 260096                                             
---------------------------+----------------------------------------------------

To change a property (such as the Port property), call the beectl modify_property command on all of your instances:

beectl modify_property
  --component _FtpService
  --name Port
  --value <new port value>

To save the your changes and activate them, call the following command:

beectl activate_configuration

Note:

If the beectl activate_configuration command asks you to run the beectl modify_local_configuration_files command, then run this command. It will then ask you do run the command on all your other instances. Run this command on all your instances.

Configuring DMZ Instances

Refer to "Configuring Oracle Beehive Demilitarized Zone Instances" for instructions on how to configure DMZ instances and Oracle Wallet with DMZ instances.

Integrating and Synchronizing LDAP with Oracle Beehive

Oracle Beehive user data may be mastered in Oracle Beehive User Directory Service (UDS) or in an external LDAP-based directory, such as Oracle Internet Directory. "Mastered" means that a master source is used as the point of reference to determine the correct value for any user account attribute, and this source is used for making any changes to any account details.

After you have installed and configured Oracle Beehive, you may synchronize your external LDAP-based directory with UDS so that you may continue to manage your users and groups through your LDAP server. For more information, refer to "Integrating and Synchronizing LDAP with Oracle Beehive".

Configuring SSL

Refer to "Configuring SSL" for information about configuring SSL with Oracle Beehive and DMZ instances.

If you do not want to use SSL with your Oracle Beehive deployment, follow the steps described in "Installing Non-SSL Oracle Beehive Site".

Configuring TLS

Some services, such as XMPP, require a Transport Layer Security (TLS) encrypted communication channel. Use Oracle Wallet to provide this.

To configure Oracle Beehive with Oracle Wallet so that clients may access it with a TLS connection, refer to "Configuring TLS with Oracle Wallet".

Configuring SSL for LDAP Integration

After configuring LDAP and Oracle Wallet with Oracle Beehive, you may configure Oracle Beehive authentication with Certificate Authority verification. For more information, refer to "Configuring SSL for LDAP Integration".

Enabling AJPS

To enable secure Apache JServ Protocol (AJPS), which is used instead of HTTP for communication between Oracle HTTP Server and OC4J, refer to "Enabling AJPS".

Configuring Oracle Beehive E-mail

The default installation of Oracle Beehive includes a basic configuration of e-mail services. This configuration does not include any filtering, dispatch rules, relay configuration, attachment blocking, or other common settings. For detailed configuration options and procedures, refer to "Managing Oracle Beehive E-Mail" in Oracle Beehive Administrator's Guide.

To secure Oracle Beehive e-mail with SSL, refer to "Configuring E-Mail with SSL". This involves configuring Oracle Beehive and your e-mail client.

Configuring XMPP

Extensible Messaging and Presence Protocol (XMPP) is an open XML technology for presence and real-time communication. For users to authenticate against Oracle Beehive's XMPP Service, you must perform the steps described in "Configuring XMPP" to configure it.

Configuring Notifications to Use SMS

Oracle Beehive can send users notifications as email messages, instant messages, or as mobile messages in the form of SMS. SMS notifications are only possible if the Oracle Beehive SMS delivery channel is enabled and configured to point to an SMS Aggregator.

For more information, refer to the section "Configuring Notifications to use SMS" in "Managing Oracle Beehive Subscriptions and Notifications" in Oracle Beehive Administrator's Guide.

Configuring Oracle Secure Enterprise Search

Oracle Secure Enterprise Search 10g is a stand-alone enterprise search solution. It incorporates best-in-class indexing crawling and security capabilities to create a reliable and comprehensive search solution for any organization. Refer to "Configuring Oracle Secure Enterprise Search".

Configuring Oracle Single Sign-On

You may register Oracle Beehive as a partner application with Oracle Single Sign-On, which means that you may delegate the authentication function to the single sign-on server. Refer to "Configuring Single Sign-On with Oracle Beehive".

Configuring External Oracle BPEL Process Manager with Oracle Beehive

If you have an existing instance of Oracle BPEL Process Manager, you may configure Oracle Beehive to use it instead of the one that is included with Oracle Beehive. Refer to "Configuring External Oracle BPEL Process Manager with Oracle Beehive".

Installing Oracle Beehive Integration for Outlook

Oracle Beehive Integration for Outlook extends the functionality of Microsoft Outlook by providing Outlook users with unified access to Oracle Beehive-based collaborative features and data in a familiar environment.

Oracle Beehive Integration for Outlook is supported in Windows operating systems with the following versions of Microsoft Outlook:

Oracle Beehive Integration for Outlook requires installation on the computers of individual users. For information about installing Oracle Beehive Integration for Outlook, refer to "Installing Oracle Beehive Integration for Outlook".

Configuring Oracle Beehive Integration for Zimbra

Oracle Beehive Integration for Zimbra is available for Oracle Beehive Release 1 (1.3) and later.

Oracle Beehive Integration for Zimbra is installed in an Oracle home separate from Oracle Beehive. As a result, Oracle Beehive Integration for Zimbra acts like an application tier and should be configured as such.

If you have not configured TLS or SSL for your Oracle Beehive deployment, you do not need to perform any post-installation steps; simply install Oracle Beehive Integration for Zimbra as described in "Installing Oracle Beehive Integration for Zimbra".

If you have configured TLS or SSL for your Oracle Beehive deployment, follow the steps described in "Configuring Oracle Beehive Integration for Zimbra" to install Oracle Beehive Integration for Zimbra (these steps are similar to "Configuring SSL with Self-Signed Certificates During Installation of Oracle Beehive").

Cloning Oracle Beehive

Cloning is the process of copying an existing installation to a different location while preserving its configuration. For more information, refer to "Cloning Oracle Beehive Application Tiers and Sites".

Performing Oracle Beekeeper Post-Installation Procedures

Oracle Beekeeper is available for Oracle Beehive Release 1 (1.3) and later.

If you have installed Oracle Beekeeper, perform one or more of the procedures described in "Oracle Beekeeper Post-Installation Procedures", depending on your security requirements or any other issue particular to your deployment.