3 Configuring the Database Repositories

This chapter describes how to install and configure the database repositories. It contains the following topics:

Before beginning to install and configure the Identity Management components, you must perform the following steps:

Databases Required

For Oracle Identity management, a number of separate databases are recommended. A summary of these databases is provided inTable 3-1. Which database(s) you use is dependent on the topology that you are implementing:

Table 3-1 Mapping between Topologies, Databases and Schemas

Topology Type Database Names Database Hosts Service Names Schemas in Database

OAM11g

INFRADB

INFRADBHOST1 INFRADBHOST2

idmedg.mycompany.com

ODS

OAM11g

OAMDB

OAMDBHOST1 OAMDBHOST2

oamedg.mycompany.com

OAM, IAU

OIM11g/OAM10g

INFRADB

INFRADBHOST1 INFRADBHOST2

idmedg.mycompany.com

ODS

OIM11g/OAM10g

OIMDB

OIMDBHOST1 OIMDBHOST2

oimedg.mycompany.com

OIM, MDS, SOAINFRA, ORASDPM

OIM11g/OIM11g

INFRADB

INFRADBHOST1 INFRADBHOST2

idmedg.mycompany.com, oamedg.mycompany.com

ODS, OAM, IAU, APM, MDS

OIM11g/OIM11g

OIMDB

OIMDBHOST1 OIMDBHOST2

oimedg.mycompany.com

OIM, MDS, SOAINFRA, ORASDPM

OIF11g/OAM11g

INFRADB

INFRADBHOST1 INFRADBHOST2

idmedg.mycompany.com, oamedg.mycompany.com

ODS, OAM, IAU

OIF11g/OAM11g

OIFDB

OIFDBHOST1 OIFDBHOST2

oifedg.mycompany.com

OIF

OAAM11g/OAM11g

INFRADB

INFRADBHOST1 INFRADBHOST2

idmedg.mycompany.com, oamedg.mycompany.com

ODS, OAM, IAU

OAAM11g/OAM11g

OAAMDB

OAAMDBHOST1 OAAMDBHOST2

oaamedg.mycompany.com

OAAM, OAAM_PARTN, MDS, IAU

Note:

  • The SOA and OIM components share the MDS repository

  • The MDS repository is for APM

The following sections apply to all the databases listed in Table 3-1.

Database Versions Supported

To check if your database is certified or to see all certified databases, refer to the "Certified Databases" section in the Certification Document:

http://www.oracle.com/technology/software/products/ias/files/fusion_certification.html

To determine the version of your installed Oracle Database, execute the following query at the SQL prompt:

select version from sys.product_component_version where product like 'Oracle%';

3.1 Real Application Clusters

The database used to store the metadata repository should be highly available in its own right, for maximum availability Oracle recommends the use of an Oracle Real Application Clusters (RAC) database.

Ideally the database will use Oracle ASM for the storage of data, however this is not necessary.

If using ASM, then ASM should be installed into its own Oracle home and have two disk groups:

  • One for the "Database Files

  • One for the Flash Recovery Area

If you are using Oracle ASM, best practice is to also use Oracle Managed Files.

Install and configure the database repository as follows.

Oracle Clusterware

Automatic Storage Management

  • For 10g Release 2 (10.2), see Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for your platform, listed in "Related Documents".

  • For 11g Release 1 (11.1), see Oracle Clusterware Installation Guide.

  • When you run the installer, select the Configure Automatic Storage Management option in the Select Configuration screen to create a separate Automatic Storage Management home.

Oracle Real Application Clusters

3.2 Configuring the Database for Oracle Fusion Middleware 11g Metadata

Create a Real Applications Clusters Database with the following characteristics:

  • Database should be in archive log mode to facilitate backup and recovery.

  • Optionally, enable the Flashback database. Create UNDO tablespace of sufficient size to handle any rollback requirements during the OIM reconciliation process.

  • Database is created with ALT32UTF8 character set.

  • In addition the database will have the following minimum initialization parameters defined:

    Table 3-2 Minimum Initialization Parameters for Oracle RAC Database

    Parameter Value

    aq_tm_processes

    1

    dml_locks

    200

    job_queue_processes

    10

    open_cursors

    400

    session_max_open_files

    50

    sessions

    500

    processes

    500

    sga_target

    512M

    sga_max_size

    800M

    pga_aggregate_target

    100M

Database Services

Oracle recommends using the Oracle Enterprise Manager Cluster Managed Services Page to create database services that client applications will use to connect to the database. For complete instructions on creating database services, see the chapter on Workload Management in the Oracle Database Oracle Clusterware and Oracle Real Application Clusters Administration and Deployment Guide. A list of the services to be created can be found in Table 3-1. If possible, create one service per application, such as Oracle Identity Management and Oracle Access Manager.

You can also use SQL*Plus to configure your Oracle RAC database to automate failover for Oracle Internet Directory using the following instructions.

  1. Use the CREATE_SERVICE subprogram to both create the database service and enable high-availability notification and configure server-side Transparent Application Failover (TAF) settings:

    prompt> sqlplus "sys/password as sysdba"

SQL> EXECUTE 
DBMS_SERVICE.CREATE_SERVICE(  
SERVICE_NAME => 'oam.mycompany.com',
NETWORK_NAME => 'oam.mycompany.com',
AQ_HA_NOTIFICATIONS => TRUE, 
FAILOVER_METHOD => DBMS_SERVICE.FAILOVER_METHOD_BASIC, 
FAILOVER_TYPE => DBMS_SERVICE.FAILOVER_TYPE_SELECT, 
FAILOVER_RETRIES => 5, FAILOVER_DELAY => 5);

    Note:

    The EXECUTE DBMS_SERVICE command above must be entered on a single line to execute properly.

  2. Add the service to the database and assign it to the instances using srvctl:

    prompt> srvctl add service -d oam -s oam -r racnode1,racnode2

  3. Start the service using srvctl:

    prompt> srvctl start service -d oam -s oam.mycompany.com

    Note:

    For more information about the SRVCTL command, see the Oracle Real Application Clusters Administration and Deployment Guide.

When creating a service in the database for Oracle Internet Directory, make sure that it is enabled for high-availability notifications and configured with the proper server-side Transparent Application Failover (TAF) settings. Use the DBMS_SERVICE package to modify the service to enable high availability notification to be sent through Advanced Queuing (AQ) by setting the AQ_HA_NOTIFICATIONS attribute to TRUE and configure server-side Transparent Application Failover (TAF) settings, as shown below:

prompt> sqlplus "sys/password as sysdba"

SQL> EXECUTE DBMS_SERVICE.MODIFY_SERVICE 
(SERVICE_NAME => 'idmdb.mycompany.com',
AQ_HA_NOTIFICATIONS => TRUE,
FAILOVER_METHOD => DBMS_SERVICE.FAILOVER_METHOD_BASIC, 
FAILOVER_TYPE => DBMS_SERVICE.FAILOVER_TYPE_SELECT, 
FAILOVER_RETRIES => 5, FAILOVER_DELAY => 5);

The EXECUTE DBMS_SERVICE command above must be entered on a single line to execute properly.

Note:

For more information about the DBMS_SERVICE package, see the Oracle Database PL/SQL Packages and Types Reference.

3.3 Executing the Repository Creation Utility

Use the Repository Creation Utility (RCU) that is version compatible with the product you are installing. For example the Repository Creation utility for OID and OAM10g is different from the one for OAM11g and OAAM.

You run RCU to create the collection of schemas used by Identity Management and Management Services.

This section contains the following topics:

  1. Section 3.3.1, "Procedure for Executing RCU"

  2. Section 3.3.2, "RCU Example"

3.3.1 Procedure for Executing RCU

  1. Start RCU by issuing this command:

    prompt> RCU_HOME/bin/rcu &

  2. On the Welcome screen, click Next.

  3. On the Create Repository screen, select the Create operation to load component schemas into a database. Then click Next.

  4. On the Database Connection Details screen, provide the information required to connect to an existing database. For example:

    Database Type: Oracle Database

    • Host Name: Enter one of the Oracle RAC nodes. Specify the VIP name. For example: infradbhost1-vip.mycompany.com.

    • Port: The port number for the database listener. For example: 1521

    • Service Name: The service name of the database. For example idmedg.mycompany.com

    • Username: sys

    • Password: The sys user password

    • Role: SYSDBA

    Click Next.

  5. On the Check Prerequisites screen, click OK after the prerequisites have been validated.

  6. On the Select Components screen, provide the following values:

    Create a New Prefix: Enter a prefix to be added to the database schemas. Note that all schemas except for the ODS schema are required to have a prefix For example, enter EDG.

    Components: The components specified here depend on the topology being installed. Select the appropriate schemas.

    Click Next.

    Note:

    If your topology requires more than one database, the following important considerations apply:

    • Be sure to install the correct schemas in the correct database.

    • You might have to run the RCU more than once to create all the schemas for a given topology.

    • Table 3-1 in this chapter provides the recommended mapping between the schemas and their corresponding databases. Refer to this table to ensure that the correct details are entered in this screen.

    • The example at the end of the table illustrates these choices as well.

  7. On the Check Prerequisites screen, click OK after the prerequisites have been validated.

  8. On the Schema Passwords screen, enter the passwords for the schemas. You can choose to use either the same password for all the schemas or different passwords for each of the schemas. Oracle recommends choosing different passwords for different schema's to enhance security

    Click Next.

  9. On the Map Tablespaces screen, accept the defaults and click Next.

  10. On the Create Tablespaces screen, click OK to allow the creation of the tablespaces.

  11. On the Creating tablespaces screen, click OK to acknowledge creation of the tablespaces.

  12. On the Summary screen, the summary and verify that the details provided are accurate. Click Create to start the schema creation process.

  13. On the Completion summary screen, verify that the schemas were created.

    Click Close to exit.

3.3.2 RCU Example

This example illustrates the steps to create the required schemas in the INFRADB and OIMDB databases for the topology with OAM11g and OIM11g.

  1. Start RCU as described in Section 3.3.1, "Procedure for Executing RCU."

  2. On the Welcome Screen, click Next.

  3. On the Connection Details screen, provide the details to connect to the INFRADB database running on INFRADBHOST1 and INFRADBHOST2. Enter the following values:

    • Host: infradbhost1-vip.mycompany.com

    • Port: 1521

    • Service Name: idmedg.mycompany.com

    • Username: sys

    • Password: password

    • Role: SYSDBA

    Click Next.

  4. On the Select Components screen, select the appropriate schemas by referring to Table 3-1. Select the ODS, OAM, IAU, APM, and MDS schemas. Click Next.

  5. Follow the remaining steps in Section 3.3.1, "Procedure for Executing RCU" to create the schemas.

  6. Verify that the schemas for the INFRADB database were successfully created.

  7. Start RCU again to create the schemas for the OIMDB database.

  8. On the Connection Details screen, provide the details to connect to the OIMDB database running on OIMDBHOST1 and OIMDBHOST2. Enter the following values:

    • Host: oimdbhost1-vip.mycompany.com

    • Port: 1521

    • Service Name: oimedg.mycompany.com

    • Username: sys

    • Password: password

    • Role: SYSDBA

    Click Next.

  9. On the Select Components screen, select the appropriate schemas by referring to Table 3-1. Select the OIM, MDS, SOAINFRA, and ORASDPM schemas on this screen.

  10. Complete the schema creation by following the remaining steps in Section 3.3.1, "Procedure for Executing RCU."