This chapter describe how to upgrade Oracle Internet Directory high availability environments that were supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4).
This chapter contains the following sections:
Summary of Oracle Internet Directory High Availability Upgrade Starting Points
Before You Begin Upgrading Your Oracle Identity Management High Availability Environment
The following high availability topologies are supported for upgrade from Oracle Identity Management 10g Release 2 (10.1.2) and 10g (10.1.4):
High Availability Topologies Based on a Distributed Identity Management Environment
High Availability Topologies Based on a Colocated Identity Management Environment
High Availability Environments Based on Standalone Oracle Internet Directory Instances
This type of topology is based on the Oracle Internet Directory and Oracle Directory Integration Platform components when they are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services.
This was the recommended topology for high availability environments in Oracle Application Server 10g. It is sometimes referred to as a distributed Oracle Identity Management environment or a non-colocated Identity Management environment.
Refer to Section 3.2.2, "Upgrading a Non-Colocated Identity Management Environment" for a description the single-node variant of a non-colocated Identify Management high availability environment.
This type of topology is based on the Oracle Internet Directory and Oracle Directory Integration Platform components when they are installed and configured in the same Oracle home as Oracle Single Sign-On and Oracle Delegated Administration Services.
This type of environment is referred to as a colocated Identity Management environment. For more information, refer to Section 3.2.1, "Upgrading a Colocated Identity Management Environment" for a description of a single-node variant of a colocated Identity Management high availability environment.
Because Oracle Single Sign-On and Oracle Delegated Administration Services are not available in Oracle Fusion Middleware 11g, the upgrade of this topology requires some additional steps.
This type of topology is based on Oracle Internet Directory when it is upgraded without an associated Oracle Directory Integration Platform instance.
This Oracle Internet Directory topology can be upgraded and associated with a local Oracle WebLogic Server domain, an existing remote domain, or with no Oracle WebLogic Server domain.
For more information, see Section 4.3.2.1, "When is Oracle WebLogic Server Required?".
Before you begin using the procedures in this chapter, note the following:
The procedures in this chapter typically involve two host computers. For the purposes of the examples in this chapter, the two hosts are referred to as IDMHOST1 and IDMHOST2.
Some of the examples in this chapter provide the commands required to perform particular tasks on a UNIX system. The commands for Windows are similar, but you would replace the environment variables with the Windows equivalent (for example, %ORACLE_HOME%
).
Before you begin the upgrade procedures in this chapter, be sure the following prerequisites have been met.
Oracle Identity Management 10g Components Are Installed and Running on IDMHOST1
It is assumed that the Oracle Identity Management 10g components you are about to upgrade are installed and running on IDMHOST1. This is important because the Oracle Identity Management 11g components that you are upgrading must be installed on the same host as the Oracle Identity Management 10g components.
All Other Oracle Application Server 10g Instances That Use the Same Metadata Repository Are Stopped
Before you begin the upgrade, stop all the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances, except the instances that you are about to upgrade.
In addition, stop all the Oracle Application Server 10g instances that share the same OracleAS Metadata Repository as the Oracle Internet Directory instance you are about to upgrade. For example, if you have any Oracle Portal 10g or other Oracle Identity Management 10g instances running, be sure to stop those instances as well. This will ensure that no other Oracle Application Server components are accessing the repository during the upgrade.
All Instances of Oracle Enterprise Manager Are Stopped
Before you begin any of the high availability procedures documented in this chapter, be sure to stop all instances of Oracle Enterprise Manager that are managing the Oracle Internet Directory instances you are about to upgrade.
This step is important because Oracle Enterprise Manager Application Server Control sometimes accesses the Oracle Internet Directory schema (the ODS schema) when it monitors and configures the Oracle Internet Directory target. To avoid any possibility of conflict when you are upgrading the Oracle Internet Directory middle tier and schema, it is important to stop all instances of Oracle Enterprise Manager during the upgrade proces.
For information on stopping and starting Application Server Control, refer to the Oracle Application Server Administrator's Guide in the Oracle Application Server 10g documentation library.
Load Balancer Is Configured to Route Only to Primary Instance
Before you begin the upgrade, make sure the load balancer virtual servers are routing requests only to the primary instance of the OracleAS Cluster (Identity Management) node.
The primary instance of the OracleAS Cluster is the first node where you installed Oracle Internet Directory.
Any Modifications to ias.properties Have Been Removed
If you have modified the ias.properties
file in the Oracle Identity Management Oracle home to redefine port values, then you must update the ias.properties file with the actual, physical port values for each OID instance before upgrade.
Some organizations modify the ias.properties
file, for example, to reference specific load balancer ports. If you performed such a customization, be sure to restore the ias.properties
to its original state so it references the physical ports of the Oracle Internet Directory instances in your environment.
The Current Version of the Database is Supported by Oracle Fusion Middleware 11g
The procedures in this chapter assume you are storing the Oracle Internet Directory schema (the ODS schema) in a Real Application Clusters (RAC) database that has been upgraded to a database version supported by Oracle Fusion Middleware 11g.
For more information database requirements for upgrade, as well as additional upgrade information for Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware Upgrade Planning Guide.
This chapter describe how to upgrade Oracle Internet Directory high availability environments that were supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4).
High Availabilty Configurations for Administration Tools
This chapter does not provide information on configuring the administration tools (such as Oracle WebLogic Server Administration Console, Oracle Enterprise Manager Fusion Middleware Control, or Oracle Directory Services Manager) for high availability.
For information about the supported high availability topologies in Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware High Availability Guide.
Before you begin these procedures, review the procedures and prerequisites available in Chapter 4, "Upgrading Your Oracle Internet Directory Environment".
The procedures in this chapter assume your organization can support a limited amount of Identity Management downtime.
If your organization has no tolerance for Identity Management downtime, consider the following approach to the upgrade process:
Configure your existing Oracle Identity Management 10g environment using Oracle Internet Directory Advanced Replication.
Use the upgrade procedures in Section 9.3.2, "Upgrading One Replica at a Time".
When you implement Oracle Internet Directory Advanced Replication, you can route client traffic to one replica while upgrading the other replica. The result is an upgrade procedure that requires little or no downtime while each replica is upgraded.
For more information about using Oracle Internet Directory replication, refer to the following sections in the Oracle Internet Directory Administrator's Guide in the 10g (10.1.4) documentation library on the Oracle Technology Network (OTN):
"Oracle Internet Directory Replication Concepts"
"Oracle Internet Directory Replication Installation and Configuration"
The Oracle Identity Management 10g (10.1.4) documentation library is available on OTN at the following URL:
http://www.oracle.com/technology/documenation/
Perform the following tasks to upgrade an Oracle Internet Directory and Oracle Directory Integration Platform high availability environment when when both components are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services:
Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home
Task 6: On IDMHOST2, Install Oracle WebLogic Server and Create the Middleware Home
Task 8: Copy the Oracle Directory Integration Platform Directory from IDMHOST1 to IDMHOST2
Task 9: On IDMHOST2, Set the Anonymous Bind Property to Allow
Task 11: Verify That the Components Are Up and Running on IDMHOST2
To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
For complete instructions for installing and configuring the Oracle Identity Management 11g components, including all the prerequisites and system requirements, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
The instructions provided here outline the key installation steps required when installing Oracle Internet Directory and Oracle Directory Integration Platform in preparation for an upgrade of your high availability environment.
To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g on IDMHOST1:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network (OTN):
http://www.oracle.com/technology/
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1
directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe
file.
Refer to Table 7-1 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
Table 7-1 Summary of Screens for Installing and Configuring Oracle Internet Directory and Oracle Directory Integration Platform on IDMHOST1
Screen | Instructions |
---|---|
Welcome |
Click Next. |
Select Install and Configure. Click Next. |
|
Prerequisite Checks |
Click Next. |
Select Create New Domain and enter the domain details. For the purposes of this exercise, enter Click Next. |
|
Specify the following values:
|
|
Specify the following values:
|
|
Select the following components:
Selected the Clustered check box. |
|
Select Auto Port Configuration. Click Next. |
|
Select Use Existing Schema. In the Connect String field, enter the connect string to each nodes in the Real Application Clusters (RAC) database. Separate each node with a carot symbol ( INFRADBHOST1.MYCOMPANY.COM:1521:IDMDB1^INFRADBHOST2.MYCOMPANY.com:1521:IDMDB2@IDMEDG.MYCOMPANY.COM Enter the ODS schema password in the Password field. Note that the ODS schema is used by Oracle Internet Directory. By default, the password for the ODS schema is the Click Next. |
|
Click Yes. |
|
OID Password |
Enter the Administrator password for Oracle Internet Directory instance. |
Installation Summary |
Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install. |
Installation Progress |
On UNIX systems, a dialog appears, prompting you to run the Open a window and run the script, following the prompts in the window. Click OK. |
Configuration |
Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the Installation Complete screen appears. Click Finish, and then confirm your choice to exit. |
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:
Change directory the ORACLE_HOME
/bin
directory of the Oracle Fusion Middleware installation.
Enter the following command to start the Upgrade Assistant.
On UNIX system:
./ua
On Windows systems:
ua.bat
The Upgrade Assistant displays the Welcome screen.
Click Next to display the Select Operation screen.
Select Upgrade Identity Management Instance on the Select Operation screen.
Refer to Table 7-2 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.
After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:
Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.
Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.
Provides a progress screen so you can see the status of the upgrade as it proceeds.
Alerts you of any errors or problems that occur during the upgrade.
See Also:
"Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade AssistantDisplays the End of Upgrade screen, which confirms that the upgrade was complete.
Exit the Upgrade Assistant.
Table 7-2 Upgrade Assistant Screens That Require Input During an Oracle Internet Directory and Oracle Directory Integration Platform Upgrade
Upgrade Assistant Screen | Description |
---|---|
Select the 10g Release 2 (10.1.2) or 10g (10.1.4) source Oracle home. If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide. |
|
Enter the complete path to the 11g Oracle instance, or click Browse to locate the instance directory. |
|
Enter the host and Administration Server port for the Oracle WebLogic Server you configured in "Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home". Note this information is required if you are upgrading Oracle Directory Integration Platform. It is also required if you associated your Oracle Internet Directory 11g installation with Oracle WebLogic Server. |
|
Warning Dialog Box |
The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance. This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home. If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance. |
Select the upgrade options you want to apply to the Oracle Identity Management upgrade:
Click Help to display more information about the upgrade options on this screen. |
|
Use this screen to enter the details required to connect to the Oracle Internet Directory 10g instance, including the physical host and the password to the Oracle Internet Directory super user account ( For more information, click Help. |
|
Use this screen to enter the details required to connect to the database where the Oracle Identity Management schemas reside, including the host, service name, port, and SYS password for the database. Note the following important information about this screen:
|
|
This is only if you are using privileged port on a UNIX system. A configuration script needs to be run as root before upgrade can proceed. Leaving this window open, open another window, and run the When the script has completed, return to the Upgrade Assistant and click OK. |
After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform instances to 11g, update the dip-config.xml
file so it references the Oracle Internet Directory Virtual Host Name (for example, oid.mycompany.com
), which is associated with the load balancer that is directing traffic to your Oracle Internet Directory instances.
If the load balancer/virtual host has a different port value than the Oracle Internet Directory physical port value, then you must also change the port.
This task is accomplished using the manageDIPServerConfig
command, as described in the following procedure.
Use the following procedure perform this step on IDMHOST1:
Make a backup of the dip-config.xml
file, which is located under the following directory:
MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers
/wls_ods1/applications/DIP_11.1.1.2.0/configuration/
Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries.
For example:
export ORACLE_HOME=/u01/app/oracle/product/11g/mw_home/idm
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server. For example:
export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
Run the following command to update the value of the Oracle Internet Directory host and port:
ORACLE_HOME/bin/manageDIPServerConfig set -h hostName -p port -D wlsuser -attr oidhostport -val OIDVIRTUALHOSTNAME:PORT
For example, on IDMHOST1, the command and output are shown below:
ORACLE_HOME/bin/manageDIPServerConfig set
-h idmhost1.mycompany.com
-p 7005
-D weblogic
-attr oidhostport
val oid.mycompany.com:636
[Weblogic user password]
Connection parameters initialized.
Connecting at idmhost1.mycompany.com:7005, with userid "weblogic"..
Connected successfully
The attribute oidhostport is successfully changed to value
oid.mycompany.com:636
Using the WebLogic Server Administration Console, stop and start the wls_ods1
managed server.
Use the following OPMN command to verify that Oracle Internet Directory is up and running:
ORACLE_INSTANCE/opmnctl status
The output of the command should be similar to the following example:
Processes in Instance: oid_instance1 ---------------------------------+--------------------+---------+--------- ias-component | process-type | pid | status ---------------------------------+--------------------+---------+--------- oid1 | oidldapd | 31394 | Alive oid1 | oidldapd | 31392 | Alive oid1 | oidmon | 31384 | Alive
Use the ldapbind
command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind
tool enables you to determine whether you can authenticate a client to a server.
For non-SSL:
ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q ldapbind -h idmhost2.mycompany.com -p 389 -D "cn=orcladmin" -q ldapbind -h oid.mycompany.com -p 389 -D "cn=orcladmin" -q
For SSL:
ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1 ldapbind -h idmhost2.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1 ldapbind -h oid.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
where:
U = SSL authentication mode
1 = No authentication required
2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet"
) and wallet password (-P wallet_password
).
3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet"
) and wallet password (-P wallet_password
).
Validate the Oracle Directory Integration Platform installation by using the WLST dipStatus command. To run this command, follow these steps:
Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries. For example:
export ORACLE_HOME=/u01/app/oracle/product/11g/fmw_home/ods
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server.
For example:
export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
Run the following command:
$ORACLE_HOME/bin/dipStatus -h <hostName> -p <port> -D <wlsuser>
For example, on IDMHOST1, the command and successful output are shown below:
$ORACLE_HOME/bin/dipStatus -h idmhost1.mycompany.com -p 7005 -D weblogic [Weblogic user password] Connection parameters initialized. Connecting at idmhost1.mycompany.com:7005, with userid "weblogic".. Connected successfully. ODIP Application is active at this host and port.
Verify the Oracle Directory Services Manager installation by bringing up the ODSM Administration Console in a web browser.
The URL to access the ODSM Administration Console is:
http://hostname.mycompany.com:<port>/odsm/faces/odsm.jspx
For example, on IDMHOST1, enter this URL:
http://idmhost1.us.oracle.com:7005/odsm/faces/odsm.jspx
Before you can expand the Oracle WebLogic Server cluster you created on IDMHOST1 to include IDMHOST2, you must install the Oracle WebLogic Server binary files on IDMHOST2 and create Middleware home on IDMHOST2.
Note:
When installing the Middleware home for the second (and any subsequent) Oracle Internet Directory installations, you must specify a path for the Middleware home that is identical to the first Oracle Internet Directory.For example, suppose you are using the Linux operating system and you installed the first Oracle Internet Directory in a Middleware home in the following directory on IDMHOST1:
/dua1/Oracle/Middleware/
When you are prompted for the Middleware home on IDMHOST2, you must enter the identical path specification.
To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g on IDMHOST1:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:
http://www.oracle.com/technology/
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1
directory in the location where you unpacked the software.
Prepare a staticports.ini
file that will be used during the installation to configure the ports for the Oracle Internet Directory instance on IDMHOST2.
This step will ensure that the two Oracle Internet Directory instances on IDMHOST1 and IDMHOST2 use the same ports:
Copy the staticports.ini
file from the Disk1/stage/Response
directory to a temporary directory.
Edit the staticports.ini
file you copied to the temporary directory to assign the following custom ports (uncomment the lines where you specify the port numbers for Oracle Internet Directory):
# The non-SSL port for Oracle Internet Directory Oracle Internet Directory port = oid_port_on_IDMHOST1 # The SSL port for Oracle Internet Directory Oracle Internet Directory (SSL) port = oid_ssl_port_on_IDMHOST1
In this example, replace oid_port_on_IDMHOST1 with the listening port of the Oracle Internet Directory instance you installed and upgraded on IDMHOST1.
Replace oid_ssl_port_on_IDMHOST1 with SSL port of the Oracle Internet Directory instance you installed and updated on IDMHOST1.
Make a note of the path to this modified staticports.ini
file; you will need to enter it on the Configure Ports page of the Oracle Identity Management installer.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe
file.
Refer to Table 7-3 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
Table 7-3 Summary of Screens for Installing and Configuring Oracle Internet Directory and Oracle Directory Integration Platform on IDMHOST2
Screen | Instructions |
---|---|
Welcome |
Click Next. |
Select Install and Configure. Click Next. |
|
Prerequisite Checks |
Click Next. |
Select Expand Cluster and enter the domain details. Enter the host, port, user name, and password for the administration server in the domain you created on IDMHOST1 in "Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory and Oracle Directory Integration Platform and Create the Oracle WebLogic Server Cluster". Click Next. |
|
Specify the following values:
|
|
Specify the following values:
|
|
Configure Components |
Select the following components:
Selected the Clustered check box. |
Select Specify Ports Using Configuration File and enter the filename for the |
|
Select Use Existing Schema. In the Connect String field, enter the connect string to each nodes in the Real Application Clusters (RAC) database. Separate each node with a carot symbol ( INFRADBHOST1.MYCOMPANY.COM:1521:IDMDB1^INFRADBHOST2.MYCOMPANY.com:1521:IDMDB2@IDMEDG.MYCOMPANY.COM Enter the ODS schema password in the Password field. Note that the ODS schema is used by Oracle Internet Directory. By default, the password for the ODS schema is the Click Next. |
|
This warning indicates that you are selecting an ODS schema that is already being used by an Oracle Internet Directory instance. In fact, in a high availability environment, you want the two Oracle Internet Directory instances to share the same schema. This prompt verifies that you have selected the correct schema. Click Yes to continue. |
|
When you are using the same ODS schema for multiple Oracle Internet Directory instances, the installer displays this dialog box (Figure 7-1) to warn you that the system time on each system that is sharing the same schema must be synchronized. Various third-party tools are available to help you synchronize clocks across clustered systems, including the Network Time Protocol (NTP), which is a commonly-used tool for synchronizing system clocks. The following URL provides information on NTP and system time synchronization: http://www.ntp.org/ |
|
OID Password |
Enter the Administrator password for Oracle Internet Directory instance. |
Installation Summary |
Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install. |
Installation Progress |
On UNIX systems, a dialog appears, prompting you to run the Open a window and run the script, following the prompts in the window. Click OK. |
Configuration |
Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the Installation Complete screen appears. Click Finish, and then confirm your choice to exit. |
Figure 7-1 System Time Warning When Installing Second Oracle Internet Directory Instance Against the Same ODS Schema
The Oracle Directory Integration Platform application is deployed on IDMHOST1 as an externally staged application. The application must be copied from IDMHOST1 to IDMHOST2; otherwise, the managed server on IDMHOST2 is listed in the Oracle WebLogic Server administration console as being in an "unknown" state:
Locate the applications
directory in the Oracle WebLogic Server domain directory on IDMHOST1:
MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers
/wls_ods1/applications
Copy the applications
directory on and its contents on IDMHOST1 to the same location in the domain directory on IDMHOST2.
For example:
scp -rp MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers /wls_ods1/applications user@IDMHOST2:MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig /servers/wls_ods2/applications
After you install and configure the second Oracle Internet Directory instance on IDMHOST2, you mustset the the "Anonymous Bind" server property to "allow," so it matches the first, upgraded Oracle Internet Directoryinstance on IDMHOST1.
This property allows the Oracle Single Sign-On 10g and Oracle Delegated Administration Services 10g (specifically, OC4J_Security) to correctly use the second Oracle Internet Directory instance on IDMHOST2. Without this alteration to the second Oracle Internet Directory, the OC4J_Security instance on IDMHOST2 will not start.
To modify the anonymous bind property with Oracle Enterprise Manager Fusion Middleware Control:
Log in to Fusion Middleware Control.
Navigate to the home page of the Oracle Internet Directory instance on IDMHOST2.
From the Oracle Internet Directory menu, select Administration, and then Server Properties.
Select Allows from the Anonymous Bind drop-down menu.
Click Apply
Start Oracle Single Sign-On as you normally would.
Follow these steps to start the wls_ods2 managed server in a cluster:
Open a browser and navigate to the WebLogic Administration Console at:
http://idmhost1.mycompany.com:port/console
Login to the WebLogic Administration Console using the administrator credentials.
In the left pane of the WebLogic Administration Console, expand Environment and select Clusters.
Select the cluster (cluster_ods
) containing the managed server (wls_ods2) you want to start.
Select Control.
Under Managed Server Instances in this Cluster, select the check box next to the managed server (wls_ods2
) you want to start and click Start.
On the Server Life Cycle Assistant page, click Yes to confirm.
Note:
Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.
The procedure for upgrading an Oracle Internet Directory high availability enviroment based on colocated Oracle Identity Management components is similar to the procedure described in Section 7.3, "Upgrading Oracle Internet Directory and Oracle Directory Integration Platform in a High Availability Environment".
However, there are additional steps required when upgrading this specific topology. Specifically, after you upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g, you must then disable Oracle Internet Directory and Oracle Directory Integration Platform in the Oracle Application Server 10g Oracle home.
Perform the following tasks to upgrade an Oracle Internet Directory and Oracle Directory Integration Platform high availability environment when when both components are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services:
Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home
Task 7: On IDMHOST2, Install Oracle WebLogic Server and Create the Middleware Home
Task 9: Copy the Oracle Directory Integration Platform Directory from IDMHOST1 to IDMHOST2
Task 10: On IDMHOST2, Set the Anonymous Bind Property to Allow
Task 13: Verify That the Components Are Up and Running on IDMHOST2
To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g on IDMHOST1:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:
http://www.oracle.com/technology/
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1
directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe
file.
Refer to Table 7-1 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Internet Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:
Change directory the ORACLE_HOME
/bin
directory of the Oracle Fusion Middleware installation.
Enter the following command to start the Upgrade Assistant.
On UNIX system:
./ua
On Windows systems:
ua.bat
The Upgrade Assistant displays the Welcome screen.
Click Next to display the Select Operation screen.
Select Upgrade Identity Management Instance on the Select Operation screen.
Refer to Table 7-2 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.
After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:
Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.
Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.
Provides a progress screen so you can see the status of the upgrade as it proceeds.
Alerts you of any errors or problems that occur during the upgrade.
See Also:
"Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade AssistantDisplays the End of Upgrade screen, which confirms that the upgrade was complete.
Exit the Upgrade Assistant.
After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform instances to 11g, update the dip-config.xml
file so it references the Oracle Internet Directory Virtual Host Name (for example, oid.mycompany.com
). This can be done using the manageDIPServerConfig
command.
Refer to Section 7.3.4, "Task 4: On IDMHOST1, Configure Oracle Directory Integration Platform to Use the Oracle Internet Directory Virtual Host" for specific instructions for this task.
After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform components on IDMHOST1, you cannot start Oracle Internet Directory or use the Oracle Single Sign-On 10g component until you disassociate Oracle Internet Directory from the Oracle Single Sign-On and Oracle Delegated Administration Services components in the 10g Oracle home.
For specific instructions for performing this task, see the following:
Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.
Before you can expand the Oracle WebLogic Server cluster you created on IDMHOST1 to include IDMHOST2, you must install the Oracle WebLogic Server binary files on IDMHOST2 and create Middleware home on IDMHOST2.
Note:
When installing the Middleware home for the second (and any subsequent) Oracle Internet Directory installations, you must specify a path for the Middleware home that is identical to the first Oracle Internet Directory.For example, suppose you are using the Linux operating system and you installed the first Oracle Internet Directory in a Middleware home in the following directory on IDMHOST1:
/dua1/Oracle/Middleware/
When you are prompted for the Middleware home on IDMHOST2, you must enter the identical path specification.
To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g on IDMHOST1:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:
http://www.oracle.com/technology/
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1
directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe
file.
Refer to Table 7-3 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.
Note:
When specifying the installation details, the path to the Oracle home must be identical to the path used on IDMHOST1, but the name of the OID instance must be unique.For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
The Oracle Directory Integration Platform application is deployed on IDMHOST1 as an externally staged application. The application must be copied from IDMHOST1 to IDMHOST2; otherwise, the managed server on IDMHOST2 is listed in the Oracle WebLogic Server administration console as being in an "unknown" state:
Locate the applications
directory in the Oracle WebLogic Server domain directory on IDMHOST1:
MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers
/wls_ods1/applications
Copy the applications
directory on and its contents on IDMHOST1 to the same location in the domain directory on IDMHOST2.
For example:
scp -rp MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers /wls_ods1/applications user@IDMHOST2:MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig /servers/wls_ods2/applications
After you install and configure the second Oracle Internet Directory instance on IDMHOST2, you mustset the the "Anonymous Bind" server property to "allow," so it matches the first, upgraded Oracle Internet Directoryinstance on IDMHOST1.
This property allows the Oracle Single Sign-On 10g and Oracle Delegated Administration Services 10g (specifically, OC4J_Security) to correctly use the second Oracle Internet Directory instance on IDMHOST2. Without this alteration to the second Oracle Internet Directory, the OC4J_Security instance on IDMHOST2 will not start.
To modify the anonymous bind property with Oracle Enterprise Manager Fusion Middleware Control:
Log in to Fusion Middleware Control.
Navigate to the home page of the Oracle Internet Directory instance on IDMHOST2.
From the Oracle Internet Directory menu, select Administration, and then Server Properties.
Select Allows from the Anonymous Bind drop-down menu.
Click Apply
Start Oracle Single Sign-On as you normally would.
After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform components on IDMHOST1, you cannot start Oracle Internet Directory or use the Oracle Single Sign-On 10g component until you disassociate Oracle Internet Directory from the Oracle Single Sign-On and Oracle Delegated Administration Services components in the 10g Oracle home.
For specific instructions for performing this task, see the following:
Follow these steps to start the wls_ods2 managed server in a cluster:
Open a browser and navigate to the WebLogic Administration Console at:
http://idmhost1.mycompany.com:port/console
Login to the WebLogic Administration Console using the administrator credentials.
In the left pane of the WebLogic Administration Console, expand Environment and select Clusters.
Select the cluster (cluster_ods
) containing the managed server (wls_ods2) you want to start.
Select Control.
Under Managed Server Instances in this Cluster, select the check box next to the managed server (wls_ods2
) you want to start and click Start.
On the Server Life Cycle Assistant page, click Yes to confirm.
Note:
Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.
If you are using Oracle Internet Directory in a high availability environment without Oracle Directory Integration Platform or the other Oracle Identity Management 10g components, then the following procedure applies.
When you upgrade such an environment to Oracle Fusion Middleware 11g, note that you can choose to install Oracle Internet Directory in one of the following topologies:
Upgrading Oracle Internet Directory With a Local Oracle WebLogic Server Domain
Upgrading Oracle Internet Directory With a Remote Domain or No Domain
Perform the following tasks to upgrade an Oracle Internet Directory-only high availability environment to 11g:
Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home
Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory
Task 3: On IDMHOST1, Upgrade Oracle Internet Directory to 11g
Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance
Task 5: On IDMHOST2, Install and Configure Oracle Internet Directory
Task 6: On IDMHOST2, Register the Oracle Internet Directory Instance with the Domain on IDMHOST1
Task 7: On IDMHOST2, Verify the Oracle Internet Directory Instance
To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory 11g on IDMHOST1:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:
http://www.oracle.com/technology/
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1
directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe
file.
With the following important exceptions, refer to Table 7-1 for instructions about how to respond to each screen in the installation and configuration tool:
On the Configure Components screen:
Select only Oracle Internet Directory.
Do not select the Clustered check box.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory 10g instance on IDMHOST1 to Oracle Internet Directory 11g.
Use the instructions in Section 7.3.3, "Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g" to upgrade the Oracle Internet Directory instance.
Use the following OPMN command to verify that Oracle Internet Directory is up and running:
ORACLE_INSTANCE/opmnctl status
The output of the command should be similar to the following example:
Processes in Instance: oid_instance1 ---------------------------------+--------------------+---------+--------- ias-component | process-type | pid | status ---------------------------------+--------------------+---------+--------- oid1 | oidldapd | 31394 | Alive oid1 | oidldapd | 31392 | Alive oid1 | oidmon | 31384 | Alive
Use the ldapbind
command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind
tool enables you to determine whether you can authenticate a client to a server.
For non-SSL:
ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q ldapbind -h idmhost2.mycompany.com -p 389 -D "cn=orcladmin" -q ldapbind -h oid.mycompany.com -p 389 -D "cn=orcladmin" -q
For SSL:
ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1 ldapbind -h idmhost2.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1 ldapbind -h oid.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
where:
U = SSL authentication mode
1 = No authentication required
2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet"
) and wallet password (-P wallet_password
).
3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet"
) and wallet password (-P wallet_password
).
To install and configure Oracle Internet Directory 11g on IDMHOST1:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:
http://www.oracle.com/technology/
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1
directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe
file.
With the following important exceptions, refer to Table 7-3 for instructions about how to respond to each screen in the installation and configuration tool:
On the Select Domain screen, select the No Domain option.
On the Specify Installation Screen, provide the Oracle Home Location, the Oracle Instance Location, and instance name.
Note:
When specifying the installation details, the path to the Oracle home must be identical to the path used on IDMHOST1, but the name of the OID instance must be unique.Select Oracle Internet Directory on the Configure Components Screen. Do not select the other components
Note that the Specify Cluster Details screen does not appear in an Oracle Internet Directory only installation.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
Register the Oracle Internet Directory instance on IDMHOST2 with the Oracle WebLogic Server domain on IDMHOST1, using the following OPMN command.
ORACLE_INSTANCE/opmnctl registerinstance -adminHost adminHostName -adminPort adminServerPort -adminUsername DOMAIN_ADMINISTRATOR_USERNAME -oracleInstance ORACLE_INSTANCE_HOME
For example:
ORACLE_INSTANCE/opmnctl registerinstance
-adminHost IDMHOST1 MYCOMPANY.COM
-adminPort 7001
-adminUsername weblogic
-oracleInstance /u01/app/oracle/product/11g/instances/oid_inst2
Use the procedure in Section 7.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST2.
This section provides the upgrade procedure when you want to use a remote Oracle WebLogic Server domain to register the upgraded Oracle Internet Directory 11g instances.
These steps are also applicable if you do not plan to register the Oracle Internet Directory instances with an Oracle WebLogic Server domain:
Task 1: On IDMHOST1, Install and Configure Oracle Internet Directory
Task 2: On IDMHOST1, Upgrade Oracle Internet Directory to 11g
Task 3: On IDMHOST1, Verify the Oracle Internet Directory Instance
Task 4: On IDMHOST2, Install and Configure Oracle Internet Directory
Task 5: Verify the Oracle Internet Directory Instances on IDMHOST1 and IDMHOST2
With the following important exceptions, refer to Table 7-1 for instructions about how to respond to each screen in the installation and configuration tool:
On the Select Domain screen, select the No Domain option.
On the Specify Installation Screen, provide the Oracle Home Location and the Oracle Instance Location.
Select Oracle Internet Directory on the Configure Components Screen. Deselect all other components
Note that the Specify Cluster Details screen does not appear in an Oracle Internet Directory only installation.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory 10g instance on IDMHOST1 to Oracle Internet Directory 11g.
Use the instructions in Section 7.3.3, "Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g" to upgrade the Oracle Internet Directory instance.
Use the procedure in Section 7.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST1.
To install and configure Oracle Internet Directory 11g on IDMHOST1:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:
http://www.oracle.com/technology/
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1
directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe
file.
With the following important exceptions, refer to Table 7-3 for instructions about how to respond to each screen in the installation and configuration tool:
On the Select Domain screen, select the No Domain option.
On the Specify Installation Screen, provide the Oracle Home Location and the Oracle Instance Location.
Note:
When specifying the Oracle home page, enter a path identical to the path used for the Oracle home on IDMHOST1.Select Oracle Internet Directory on the Configure Components Screen. Do not select the other components
Note that the Specify Cluster Details screen does not appear in an Oracle Internet Directory only installation.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
Use the procedure in Section 7.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST1.
Register both Oracle Internet Directory instances on IDMHOST1 and IDMHOST2 with the existing, remote Oracle WebLogic Server domain, using the following OPMN command.
ORACLE_INSTANCE/opmnctl registerinstance -adminHost adminHostName -adminPort adminServerPort -adminUsername DOMAIN_ADMINISTRATOR_USERNAME -oracleInstance ORACLE_INSTANCE_HOME
For example:
ORACLE_INSTANCE/opmnctl registerinstance
-adminHost IDMHOST1 MYCOMPANY.COM
-adminPort 7001
-adminUsername weblogic
-oracleInstance /u01/app/oracle/product/11g/instances/oid_inst2