5 Upgrading Your Oracle Virtual Directory Environment

This chapter describes how to upgrade your existing Oracle Virtual Directory 10g ( to Oracle Virtual Directory 11g.

This chapter contains the following sections:

5.1 Task 1: Decide Upon an Oracle Virtual Directory Topology

Before you install Oracle Virtual Directory 11g, consider the topology you currently have in Oracle Application Server 10g (, as well as any requirements for your Oracle Fusion Middleware 11g environment.

Note that you can configure Oracle Virtual Directory with Oracle WebLogic Server domain or you can configure it without a domain.

For more information, refer to Chapter 3, "Oracle Virtual Directory Topologies".

5.2 Task 2: Install and Configure Oracle Virtual Directory 11g

The following sections describes how to install and configure new Oracle Fusion Middleware 11g middle tier instances in preparation for an upgrade to Oracle Fusion Middleware 11g:

5.2.1 Installing the Oracle WebLogic Server Software and Creating the Middleware Home

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.

5.2.2 Installing and Configuring Oracle Virtual Directory 11g in Preparation for Upgrade

Installing and configuring Oracle Virtual Directory in preparation for an upgrade is similar to any other 11g installation. Later, you use the Oracle Fusion Middleware Upgrade Assistant to copy configuration information from the 10g environment to the new 11g environment.

To install and configure Oracle Virtual Directory, in preparation for upgrade:

  1. Locate the Oracle Identity Management CD–ROM.

    Alternatively, you can download and unpack the installation kit from the Oracle Technology Network (OTN):

  2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

    Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

  3. Start Oracle Universal Installer:

    On UNIX systems, enter the following command to install Repository Creation Utility:


    On Windows systems, double-click the setup.exe file.

  4. Follow the instructions in the installer to install Oracle Virtual Directory.

    For complete details, as well as prerequisite information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.

  5. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

5.3 Task 3: Use the Upgrade Assistant to Upgrade Oracle Virtual Directory

The Oracle Fusion Middleware Upgrade Assistant automates the upgrade of many aspects of your Oracle Application Server 10g environment.

The Upgrade Assistant is installed automatically into the bin directory of your Oracle Fusion Middleware Oracle home.

The following sections provide more information:

5.3.1 Task 3a: Stop the Oracle Virtual Directory Instances

Before you start the Upgrade Assistant, the Oracle Virtual Directory instance that you are about to upgrade must be stopped.

On the Linux operating system, the Upgrade Assistant stops Oracle Virtual Directory automatically before it begins the upgrade process.

However, on the Windows operating system, you must stop Oracle Virtual Directory manually before you start the Upgrade Assistant.

For more information, refer to the section, "Starting & Stopping Oracle Virtual Directory" in the Oracle Virtual Directory Installation Guide, which is available in the Oracle Identity Management 10g ( documentation library on the Oracle Technology Network (OTN):


5.3.2 Task 3b: Start the Upgrade Assistant for an Oracle Virtual Directory Upgrade

To start the Upgrade Assistant using the graphical user interface:


You can also use the Upgrade Assistant command-line interface to upgrade your Oracle Application Server 10g Oracle homes. For more information, see "Using the Upgrade Assistant Command-Line Interface" in the Oracle Fusion Middleware Upgrade Planning Guide.
  1. Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.

  2. Enter the following command to start the Upgrade Assistant.

    On UNIX system:


    On Windows systems:


    The Upgrade Assistant displays the Welcome screen as shown in Figure 5-1

    Figure 5-1 Upgrade Assistant Welcome Screen

    Description of Figure 5-1 follows
    Description of "Figure 5-1 Upgrade Assistant Welcome Screen"

  3. Click Next to display the Select Operation screen (Figure 5-2).

    The options available in the Upgrade Assistant are specific to the Oracle home from which it started. When you start Upgrade Assistant from an Oracle Application Server Identity Management Oracle home, the options shown on the Select Operation screen are the valid options for an Oracle Application Server Identity Management Oracle home.

    Figure 5-2 Upgrade Assistant Select Operation Screen for an Oracle Virtual Directory Upgrade

    Description of Figure 5-2 follows
    Description of "Figure 5-2 Upgrade Assistant Select Operation Screen for an Oracle Virtual Directory Upgrade"

5.3.3 Task 3c: Upgrade Oracle Virtual Directory

To upgrade Oracle Virtual Directory:

  1. Start the Upgrade Assistant as described in Task 3b: Start the Upgrade Assistant for an Oracle Virtual Directory Upgrade.

  2. Select Upgrade Identity Management Instance on the Select Operation screen (Figure 5-2).

  3. Refer to Table 5-1 for a description of the Upgrade Assistant screens that require input from you during an Oracle Virtual Directory upgrade.

  4. After you provide all required input, the Upgrade Assistant performs the following tasks and provides the progress on each task:

    • Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.

    • Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.

    • Provides a progress screen so you can see the status of the upgrade as it proceeds.

    • Alerts you of any errors or problems that occur during the upgrade.

      See Also:

      "Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant
    • Displays the End of Upgrade screen, which confirms that the upgrade was complete.

Table 5-1 Upgrade Assistant Screens That Require Input During an Oracle Virtual Directory Upgrade

Upgrade Assistant Screen Description

Specify Source Home

Select the 10g ( source Oracle home.

If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide.

Specify Destination Instance

Enter the complete path to the destination 11g Oracle instance that you installed inside the middleware home. This is the Oracle instance that contains the Oracle Virtual Directory software.

Alternatively, click Browse to select the Oracle instance.

Specify WebLogic Server

Enter the host, Administration Server port, and administration user credentials for the Oracle WebLogic Server domain you configured in Section 5.2.1, "Installing the Oracle WebLogic Server Software and Creating the Middleware Home".

This screen appears only if you chose to associate the Oracle Virtual Directory 11g instance with Oracle WebLogic Server during the Oracle Virtual Directory installation.

It does not appear if you selected to install Oracle Virtual Directory without an Oracle WebLogic Server domain.

Warning Dialog Box

The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance.

This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home.

If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance.

Specify Upgrade Options

This screen offers these upgrade options:

  • Use source Oracle home ports in destination: If you want to migrate the port assignments used by your Oracle Application Server 10g Oracle home to your new Oracle Fusion Middleware Oracle instance. Note if you select this option, you will not be able to run both the 10g and 11g middle tiers at the same time; otherwise, port conflicts will occur.

  • Start destination components after successful upgrade: if you want the Upgrade Assistant to automatically start the components in the destination Oracle home after the upgrade is complete. If you do not select this option, then you will have to manually start the destination instance after the upgrade.

Click Help to display more information about the upgrade options on this screen.

5.4 Task 4: Perform Any Required Oracle Virtual Directory Post-Upgrade Tasks

After you upgrade Oracle Virtual Directory by running the Upgrade Assistant, you must perform the following post-upgrade tasks:

5.4.1 Configuring Anonymous Ciphers for Oracle Virtual Directory SSL Listeners

Oracle Virtual Directory 10g ( and later LDAP SSL listeners supports anonymous ciphers (in no-auth SSL mode) by default. The list of enabled cipher suites are set in OVD start-up scripts:

  • vde_start.sh on UNIX systems

  • OViDServer.lax on Windows systems

The list of ciphers can be modified by editing the -D Java system property vde.ldap.ciphers in these start-up scripts. This list is applicable across all LDAP SSL listeners. There was no option to enable different cipher suites for each LDAP listener.

In Oracle Virtual Directory 11g, the vde.ldap.ciphers Java system property is no longer supported. Instead, you can enable different cipher suites for each Oracle Virtual Directory listener when configuring SSL with Oracle Enterprise Manager Fusion Middleware Control or with the WLST command-line tool.

Anonymous cipher suites are disabled on Oracle Virtual Directory SSL listeners for security, by default. For information on enabling anonymous ciphers as part of configuring SSL security for your Oracle Virtual Directory environment, see "SSL Configuration in Oracle Fusion Middleware" in the Oracle Fusion Middleware Administrator's Guide.

5.4.2 Starting Oracle Virtual Directory After Upgrade When Using Privileged Ports

If you select the Use source Oracle home ports in destination option when upgrading an Oracle Virtual Directory 10g instance that is configured to listen on privileged ports, then the Upgrade Assistant cannot start Oracle Virtual Directory 11g after the upgrade.

Instead, the following error message appears in the Oracle Virtual Directory log file:

Cannot start Oracle Virtual Directory server: Permission denied.

To start an Oracle Virtual Directory 11g instance that is listening on privileged ports, perform the following steps:

  1. Stop Oracle Process Manager and Notification Server (OPMN) and its managed processes, by using the following command in the Oracle instance directory where Oracle Virtual Directory 11g is configured:

    ORACLE_INSTANCE/bin/opmnctl stopall
  2. Execute following commands as root:

    To start OPMN :

    ORACLE_INSTANCE/bin/opmnctl start

    Start Oracle Virtual Directory 11g:

    ORACLE_INSTANCE/bin/opmnctl startproc ias-component=OVDCompName

    In this example, replace OVDCompName with the name of the Oracle Virtual Directory instance.

For more information, see "Managing Oracle Virtual Directory Server Processes" in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

5.4.3 Updating Oracle Virtual Directory Monitoring Properties in Fusion Middleware Control

After upgrading Oracle Virtual Directory, you might encounter situations where the performance metrics and charts do not display properly when you are monitoring Oracle Virtual Directory in Oracle Enterprise Manager Fusion Middleware Control.

If this problem occurs, perform the following task to modify the monitoring properties in Fusion Middleware Control:

  1. Login to Fusion Middleware Control.

  2. From the Farm menu, select Agent-Monitored Targets.

  3. Click the Configure icon for the Oracle Virtual Directory target that you just upgraded.

  4. On the Configuration page, change the following fields so they match the values required for the upgraded Oracle Virtual Directory instance:

    • Machine Name

    • Virtual Directory Admin Port

    • Virtual Directory LDAP Port

  5. Click OK to save the changes.

  6. Log in to the system where Oracle Virtual Directory was installed and navigate to the Oracle Virtual Directory Oracle home:

  7. Run the following commands to import the Oracle Virtual Directory listener keystore certificates into the Fusion Middleware Control agent wallet:

    1. Export Oracle Virtual Directory server certificate:

      keytool -exportcert 
              -keystore OVD_KEYSTORE_FILE
              -storepass passwd
              -alias OVD_SERVER_CERT_ALIAS
              -file OVD_SERVER_CERT_FILE
    2. Add the Oracle Virtual Directory server certificate to Oracle Management Agent wallet

      ORACLE_HOME/bin/orapki wallet add
                 -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet 
                 -cert OVD_SERVER_CERT_FILE
                 -pwd WALLET_PASSWD

      For example, if you're using default values configured at installation time, you would use the following values for the variables in the above example:

      Replace OVD_KEY_STORE_FILE with:


      Replace OVD_SERVER_CERT_ALIAS with serverselfsigned.

      Replace passwd with the password for the Oracle Virtual Directory administrator account.

For more information about configuring Agent-monitored targets, see "Troubleshooting the Display of Performance Metrics and Charts in Fusion Middleware Control" in the Oracle Fusion Middleware Administrator's Guide.

5.4.4 Upgrading Oracle Virtual Directory Logging Configuration Settings

When you ugprade Oracle Virtual Directory, the logging settings you configured in Oracle Virtual Directory 10g are not upgraded.

Instead you will find that after upgrade:

  • The log levels in the upgraded Oracle Virtual Directory 11g instance are set to "Notification", and the access log is enabled by default after upgrade, irrespective of its configuration in Oracle Virtual Directory 10g.

    To disable the access log, modify log level of logger name com.octetstring.accesslog to "ERROR:1".

    For more information, see "Managing Oracle Virtual Directory Logging and Auditing" in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

  • If the Oracle Virtual Directory Dump Transactions plug-in is configured, then the log level for the plug-in must be changed to one of the following values: SEVERE, WARNING, INFO, FINE, FINER, or FINEST.

    For more information, see "Using the Dump Transactions Plug-In to Gather Information About Data Transformation Errors" in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

5.5 Task 5: Verify that the Oracle Virtual Directory Upgrade Was Successful

To verify that your Oracle Virtual Directory upgrade was successful:

  1. Run the Upgrade Assistant again and select Verify Instance on the Specify Operation page.

    Follow the instructions on the screen for information on how to verify that specific Oracle Fusion Middleware components are up and running.

  2. Use the Fusion Middleware Control to verify that the Oracle Virtual Directory components are up and running.

    For more information, see "Getting Started Using Oracle Enterprise Manager Fusion Middleware Control" in the Oracle Fusion Middleware Administrator's Guide.