5 Configuring LDAP Manager

This chapter explains how to configure the Oracle Communications Billing and Revenue Management (BRM) LDAP Manager.

Important:

LDAP Manager is an optional feature that requires a separate license.

Before you read this document, you should be familiar with BRM concepts and architecture. See "Introducing BRM" and "BRM System Architecture" in BRM Concepts, and "About LDAP Manager".

For information on customizing your BRM LDAP environment, see "Customizing Your BRM LDAP Environment".

Before you configure the LDAP Manager, you need to install it. See "Installing LDAP Manager".

Configuring the LDAP Data Manager

To configure the LDAP DM:

  • Set up the ldap.idl mapping file.

  • Set up the directory server to use a replicatable user object (/r_user) for BRM.

  • Edit the LDAP DM pin.conf file.

Setting Up the Mapping File

When you install the LDAP Manager, a default interface language definition (.idl) mapping file is created for you. Use the ldap.idl mapping file.

You can find the mapping file in the BRM_home/sys/dm_ldap directory.

The mapping file needs to match your directory server implementation. For more information on how to set up this file, see "LDAP Data Manager Mapping Files".

Setting Up the Directory Server

To set up your directory server with attributes that BRM can understand, such as Portal Object ID (POID), names, addresses, currency, login, and appropriate service information (email and other IP network services), you must create a BRM object-type definition called the replicate user (/r_user) object class in your directory server. For more information on setting up this object class in the directory server, see "Determining the /r_user Object Class Attributes".

Editing the LDAP Data Manager Configuration File

  1. Open the LDAP DM configuration file (BRM_home/sys/dm_ldap/pin.conf).

  2. Edit the standard memory, connection, debugging, and log file entries. See "Using Configuration Files to Connect and Configure Components" in BRM System Administrator's Guide.

    The hostname and port entries identify the machine when the LDAP directory server runs:

    - ldap_ds       hostname       my_company.com
    - ldap_ds       port           port_number
      
    
  3. To specify the mapping file, set the mapping_file entry to ldap.idl:

    - ldap_ds      mapping_file    ldap.idl
      
    
  4. To set the Bind Distinguished Name (DN) for authenticating BRM to the directory server, set the bind entry to the Distinguished Name (DN) of the entry you want to use for binding to the directory server.

    For example:

    - ldap_ds bind uid=admin,ou=Administrators,ou=TopologyManagement, o=DirectoryManager
    

    Note:

    You can check the directory bind DN by using your directory server tools or you can ask your directory server system administrator for this information.
  5. Set the bind password for your LDAP directory server host:

    - ldap_ds      password        password
      
    
  6. To specify how the LDAP Manager outputs timestamps, edit the encodeTimestamp entry.

    • Use UTCTIMESTRING to specify a readable format; for example, 20021207135225 (yyyymmddhhmmss).

    • Use UTCTIMEVALUE to specify a decimal format; for example, 962246667. This is the default.

    - ldap_ds    encodeTimestamp    UTCTIMESTRING
      
    
  7. Use the appendZToTimestamp entry to append Z (which specifies the Zulu time zone) to the end of the time stamp. The default (0) does not append a Z.

    - ldap_ds     appendZToTimestamp   1
      
    
  8. Use the deleteOldRdn entry to specify whether to rename distinguished names. See "Renaming Directory Server Entries". By default, the old name is deleted.

    - ldap_ds       deleteOldRdn         1
      
    
  9. Use the ops_fields_extension_file entry to specify the file that contains the definitions of custom field lists.

    Important:

    Include this entry in your LDAP Data Manager pin.conf file only when you create custom fields for your directory server implementation.
    - dm_ldap ops_fields_extension_file my_ldap_implementation
      
    

    For information on how to create custom fields, see "Creating Custom Fields" in BRM Developer's Guide.

Configuring the Connection Manager for LDAP Manager

Make sure the LDAP entries have been added to your CM configuration file and edit them as necessary (the fm_module entries are preconfigured, but you must uncomment them if they are commented out).

  1. Open the Connection Manager configuration file (BRM_home/sys/dm_ldap/pin.conf) from the CM directory.

  2. Set the dm_pointer entry to point to your LDAP Data Manager.

    The default database number for the dm_pointer entry is 0.0.5.x, where x is the number of the BRM database.

    - cm dm_pointer      0.0.5.X      dm_ldap_host       dm_ldap_port
      
    
  3. Do one of the following:

    • For the user mapping scheme, leave the mapping scheme entry (user_scheme) set to 1. This is the default.

    • For the one-to-one mapping scheme, set user_scheme to 0.

    - fm_repl_pol      user_scheme    1
    

Configuring the LDAP Data Manager for Multiple Schemas

You can configure a BRM system to use multiple database schemas as well as multiple LDAP Data Managers. For example:

- cm             dm_pointer      0.0.0.1 ip 156.151.1.13 56971   # Oracle
- cm             dm_pointer      0.0.0.2 ip 156.151.1.13 56972   # Oracle
- cm             dm_pointer      0.0.0.3 ip 156.151.1.13 56973   # Oracle
- cm             dm_pointer      0.0.5.1 ip 156.151.1.13 56981   # DM LDAP
- cm             dm_pointer      0.0.5.2 ip 156.151.1.13 56982   # DM LDAP
- cm             dm_pointer      0.0.5.3 ip 156.151.1.13 56983   # DM LDAP
  

In addition to setting these entries, you must define the LDAP DM's database number in the PIN_FLD_CONSUMER_OBJ field in the /channel object. The PCM_OP_REPL_POL_PUSH policy opcode retrieves this database number and sends the data to that LDAP DM. For more information, see "About Channels and Data Propagation".

Configuring the LDAP Data Manager with Different LDAP Data Manager Pointers

You can set different LDAP Data Manager pointers to reference the same host/port combination. For example:

- cm             dm_pointer      0.0.5.1 ip 156.151.1.13 56981   # DM LDAP
- cm             dm_pointer      0.0.5.2 ip 156.151.1.13 56981   # DM LDAP
- cm             dm_pointer      0.0.5.3 ip 156.151.1.13 56981   # DM LDAP

Configuring Event Notification for LDAP Manager

To trigger updates to the LDAP database, BRM uses event notification.

Before you can use LDAP Manager, you must configure the event notification feature as follows:

  1. If your system has multiple configuration files for event notification, merge them. See "Merging Event Notification Lists" in BRM Developer's Guide.

  2. Ensure that the merged file includes the entire event notification list in the BRM_home/sys/data/config/pin_notify.ldap file.

  3. (Optional) If necessary to accommodate your business needs, add, modify, or delete entries in your final event notification list. See "Editing the Event Notification List" in BRM Developer's Guide.

  4. (Optional) If necessary to accommodate your business needs, create custom code for event notification to trigger. See "Triggering Custom Operations" in BRM Developer's Guide.

  5. Load your final event notification list into the BRM database. See "Loading the Event Notification List" in BRM Developer's Guide.

For more information, see "Using Event Notification" in BRM Developer's Guide.

Loading the LDAP Price List

LDAP Manager includes a price list that includes a plan that uses the LDAP service. Use Pricing Center to add the LDAP plans to your price list, or use the "loadpricelist" utility in BRM Setting Up Pricing and Rating as shown below:

loadpricelist -v -cf BRM_home/setup/scripts/LdapPlan.xml

Configuring the Channel Framework

This section includes the following channel framework configuration tasks:

Configuring the pin_channel_export Utility

The "pin_channel_export" utility publishes changes from the BRM database to the directory server by synchronizing data in the channel with the data in the external directory server. This utility runs as a process under UNIX; once you start it, it runs continuously in the background until you end the process or until the BRM connection goes down. To keep the pin_channel_export utility running even when BRM goes down, configure the mta_retry_srch entry in the utility's pin.conf file.

You can edit the pin_channel_export configuration file in BRM_home/apps/pinapps/exportapps to configure the following options:

  • To specify whether to delete channel events that have been pushed, set the delete_channel_entry entry. The default is 1, which deletes the objects. A value of 0 keeps them.

  • To specify the interval time running the utility, set the sleep_interval entry. By default, the pin_channel_export utility publishes data every 60 seconds.

  • To specify the number of worker threads spawned to perform the specified work, set the children entry. The default is 5.

  • To specify the number of channel events processed by each worker thread in batch mode, set the per_batch entry. The default is 5000.

  • To specify the number of channel events returned by each search step in the BRM database, set the per_step entry. The default is 500.

  • To specify the number of channel events received from the BRM database in a block and cached in system memory for processing, set the fetch_size entry. The default is 1000.

  • To specify the number of times the MTA framework retries a search after the CM goes down, set the retry_mta_srch entry. The framework retries the search the specified number of times with a sleep interval of 30 seconds. The default is 0.

    For more information, see "Configuring Your Multithreaded Application" in BRM Developer's Guide.

To specify a channel family, run the pin_channel_export utility with the -f parameter and specify the channel family ID. For example:

pin_channel_export -f 100

Note:

  • To publish channel events for different channel families, you need a separate pin_channel_export instance for each family ID. The channel events are published to their respective LDAP servers by the PCM_OP_REPL_POL_PUSH policy opcode based on the PIN_FLD_CONSUMER_OBJ value in the /channel object.

  • When channel events are not deleted from the channel_event_table, the table can grow rapidly and reduce performance.

For more information on publishing channels, see "How Channel Events are Published".

Configuring Channel Definitions

This procedure describes how to set the following attributes of a channel, which determine how channel events are published to the LDAP server(s):

  • The channel family.

  • The publishing order.

  • The publishing method: serially or in parallel.

In addition to setting these attributes, you must set the general channel attribute values, including the channel name, consumer array information, and supplier array information. For more information on all channel attributes, see "About Defining Channels".

  1. Open the sample channel_config.xml file in the BRM_home/sys/data/config directory with an XML editor or text editor.

  2. Do the following for each channel definition in the file:

    • Set the FldChannelId value to assign a channel ID.

      Important:

      Channel IDs must be less than 1000.
    • Set the FldFamilyId value to assign a channel family. For more information, see "About Channel Families".

    • Set the FldOrder value to define a publishing order for a channel inside a family. For more information, see "About Channel Order".

    • Set the FldMultithread value to set whether the channel is published serially or in parallel:

      0 = serially

      1 = in parallel

      For more information, see "About Channel Publishing Mode".

  3. Save the channel_config.xml file. You can save this configuration file with any name and in any location.

  4. Load the channel definitions into the BRM database. See "Loading Channel Definitions into the BRM Database".

Loading Channel Definitions into the BRM Database

To load channel definitions, edit the sample channel_config.xml file, then run the "load_channel_config" utility to load the contents into the /channel object in the BRM database:

Note:

To connect to the BRM database, the load_channel_config utility needs a configuration file in the directory from which you run the utility. See "Creating Configuration Files for BRM Utilities" in BRM System Administrator's Guide.

Caution:

When you run the load_channel_config utility, it overwrites the existing channel definitions in the /channel object in the BRM database. If a channel definition exists but is not included in the channel_config.xml file, the database definition is not overwritten.
  1. Define the channels for your database in the channel configuration XML file and save the file. For more information, see "About Defining Channels".

  2. Use the following command to load the channel_config file:

    load_channel_config channel_config.xml
      
    

    where channel_config is the name of the channel configuration file.

    If the channel configuration XML file is not in your working directory, use the full path to the file. For example:

    load_channel_config BRM_home/sys/data/config/channel_config.xml
      
    
  3. Stop and restart the pin_channel_export utility.

To verify that the channel_config.xml file was loaded, you can display the /channel object by using the Object Browser, or use the robj command with the testnap utility. See "Reading an Object and Writing Its Contents to a File" in BRM Developer's Guide.

Saving Channel Definitions to a File

To save channel definitions stored in your BRM database to an XML file, run the load_channel_config utility with the -r parameter:

Note:

To connect to the BRM database, the load_channel_config utility needs a configuration file in the directory from which you run the utility. See "Creating Configuration Files for BRM Utilities" in BRM System Administrator's Guide.
load_channel_config -r channel_config.xml
  

To export the channel definitions to an XML file not in your working directory, use the full path for the file:

load_channel_config -r BRM_home/data/config/channel_config.xml
  

For more information on the channel_config.xml file, see "About Defining Channels".

When creating a new supplier for a channel, the PCM_OP_ACT_POL_EVENT_NOTIFY policy opcode formerly checked if the input event type was of a particular sub-type and, if so, set the PIN_FLD_SUPPLIER_OBJ field to the event POID and sent it to PCM_OP_CHANNEL_PUSH. Now, it sets the PIN_FLD_SUPPLIER_OBJ field to the subtype value of the supplier. For details, see "Tracking Additional Changes to /account or /service Objects".

Your LDAP Manager configuration is now complete.

Enabling Secure Communication between LDAP Manager and LDAP Directory Servers

You can use Transport Layer Security (TLS) to enable secure communication between LDAP Manager and LDAP directory servers.

Before you enable LDAP Manager to secure communications, ensure that you do the following:

  • Download the 32-bit version of Oracle 12c client libraries to the directory in which you store the Oracle client libraries.

  • Create or obtain server certificates for your LDAP directory servers.

  • Configure your LDAP directory servers to listen to incoming TLS connections.

  • Configure the LDAP Manager port specified in the BRM_home/sys/dm_ldap/pin.conf file as the TLS port for your LDAP directory servers.

For more information on creating or obtaining server certificates and configuring your LDAP directory servers, see the LDAP directory server documentation.

To enable secure communication between LDAP Manager and LDAP directory servers:

  1. Go to the BRM_home/bin directory.

  2. Run the following command, which stops LDAP Manager:

    stop_dm_Ldap
    
  3. Open the start_dm_Ldap script file in a text editor.

  4. Search for the following line:

    # XXX ought to save old log file, or check for > some-size...
    
  5. Add the following lines above the line specified in step 4:

    LDAP_12C_LIBS=Oracle12c_client_libs_path
    .
         if [ "$LD_LIBRARY_PATH" = "" ]; 
         then 
             LD_LIBRARY_PATH=${LDAP_12C_LIBS}
         else 
             LD_LIBRARY_PATH=${LDAP_12C_LIBS}:${LD_LIBRARY_PATH}
    .
    

    where Oracle12c_client_libs_path is the path to the directory in which the 32-bit version of Oracle 12c client libraries are located.

  6. Save and close the script file.

  7. Create the Oracle wallet by doing the following:

    1. Run the following command, which creates the Ldap_dir/Ldap_wallet directory.

      mkdir Ldap_dir/Ldap_wallet
      

      where Ldap_dir is the directory in which you store the Oracle wallet for LDAP Manager.

    2. Copy the server certificates for your LDAP directory servers to the BRM_home directory.

    3. Go to the BRM_home/bin directory.

    4. Run the following commands:

      ./orapki wallet create -wallet Ldap_dir/Ldap_wallet
      ./orapki wallet add -wallet Ldap_dir/Ldap_wallet -trusted_cert -cert cert_file_name
      ./orapki wallet create -wallet Ldap_dir/Ldap_wallet -auto_login
      

      where cert_file_name is the name of the server certificate file.

  8. Go to the BRM_home/sys/dm_ldap directory.

  9. Open the LDAP DM configuration file (BRM_home/sys/dm_ldap/pin.conf) in a text editor.

  10. Add the following lines in the file:

    - ldap_ds       ssl       1
    - ldap_ds       ssl_auth_mode       server_ssl_mode
    - ldap_ds       wallet       Ldap_dir/Ldap_wallet
    

    where server_ssl_mode is the SSL mode enabled for your LDAP directory servers. The valid values are:

    • 0. To disable authentication, use 0.

    • 1. To enable one way authentication, use 1.

    • 2. To enable two way authentication, use 2.

  11. Run the following command, which starts LDAP Manager:

    start_dm_Ldap