Setting Up the Proxy Server by Using the GUI

The following topics present a step by step installation using the oud-proxy-setup graphical interface, including configuration examples for simple deployments.

Before you run the command, make sure that you have determined the best deployment architecture, using the deployment scenarios that are described in Chapter 7, Example Deployments Using the Proxy Server, in Oracle Fusion Middleware Deployment Planning Guide for Oracle Unified Directory.

Presentation of the GUI Setup Wizard

The GUI setup wizard is organized as follows:

• The left hand pane lists the steps of the setup process. The deployment sub-steps change, according to the type of deployment that you select.

• The arrow in the left hand pane indicates the current step.

• The main area on the right is the action pane, where you define your deployment.

• At the bottom of the window you have the option to go back and forth (or quit) to modify and complete your installation.

The remaining tasks in this section walk you through the various types of proxy deployments that can be set up.

To Configure Simple Load Balancing

1. When you have installed the software, change to the ORACLE_HOME subdirectory.

   (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
   (Windows)      C:\> cd OUD-base-location\ORACLE_HOME

2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).
3. Run the oud-proxy-setup command to configure the proxy server installation.

   (UNIX, Linux)  $ oud-proxy-setup
   (Windows)      C:\> oud-proxy-setup.bat

   The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

   The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

   $ export INSTANCE_NAME=my-oud-proxy-instance

4. On the Welcome panel, click Next.
5. On the Server Settings panel, enter the following information:
   1. Host Name. Enter the proxy server's host name or IP address.

      The default is the local host name.

   2. LDAP Listener Port. Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX platforms, if you run the installer as a non-root user, the default is 1389, if available.

   3. (Optional) LDAP Secure Access. If you want to configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access. Select Enable SSL and enter a valid port for secure LDAP operations.

         The default secure port that is proposed is the first available port that ends with 636. On UNIX platforms, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access. Select Enable StartTLS for LDAP.
      3. Certificate. If you are in a testing environment, select Generate Self-Signed Certificate.

         For production servers, select Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK to continue.
   4. Administration Port. Enter the port that will be used for administration traffic.

      The default administration port is 4444. For more information, see Managing Administration Traffic to the Server in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

   5. Root User DN. Enter the Root User DN, or keep the default, cn=Directory Manager.
   6. Password. Enter the root user bind password.
   7. Password (confirm): Re-enter the root user bind password.
   8. Click Next to continue.
6. In the Deployment Options panel, select Use load balancing on a replicated data set from the Configuration Option drop-down menu.

   ---

   Note - If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command, or the ODSM interface, to configure your deployment.

   ---

   Click Next to continue.

7. Select the remote LDAP servers that hold the corresponding replicated data.
   • If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.
     • For Oracle Unified Directory servers:
       1. Select Connect to a replicated Oracle Unified Directory server.
       2. Enter the hostname, administration port, administration bind DN and password for the remote Oracle Unified Directory server.
       3. Click Connect.
       4. Accept the certificate.
       5. Check the servers that should be part of the load balanced topology.

          When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

       6. Click OK.
     • For Oracle Directory Server Enterprise Edition servers:
       1. Select Connect to a DSCC registry.
       2. Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.
       3. Check the servers that should be part of the load balanced topology.

          The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

       4. Click OK.
   • If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.
     1. Enter the server name, port and security settings.

        ---

        Note - The security settings you set here will determine the security between the Oracle Unified Directory proxy and remote LDAP servers. For more information about setting security options, see Chapter 5, Configuring Security Between the Proxy and the Data Source, in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

        ---

     2. Click Add.
     3. Click Close when you have added all the remote LDAP servers for the load balanced topology.
8. Click Next.
9. Choose a load balancing algorithm.

   For information about the various load balancing algorithms, see Load Balancing Using the Proxy in Oracle Fusion Middleware Deployment Planning Guide for Oracle Unified Directory.

10. Set the load balancing algorithm properties or select Default Values.

    When you have completed the installation, the properties can be modified. For more information, see Modifying Load Balancing Properties in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

    • For proportional, set the weight. Requests are distributed between the remote LDAP servers based on the weight indicated.

      For example, if you leave the default value of 1, then all servers will receive the same number of requests.

    • For failover, indicate the order in which the servers are used.

      The server with a value of 1 is the highest priority server. The other servers are used only if there is a failure on the main server.

    • For saturation, set the order in which the servers are used as well as the saturation threshold of each server.

      Requests are sent to the server with the highest priority (1) until it reaches the threshold indicated. The saturation threshold is the rate at which the server is considered saturated, or full. Typically this limit should be set lower than 100%.

    • For optimal, no additional configuration is required.

      The active server is selected based on the saturation index, which is calculated automatically.

11. Enter the naming context, or suffix.
    • If the remote LDAP servers are online, the setup connects to them and displays the naming contexts that are available on the servers.
    • If no list of naming context is proposed, you must enter the DN of the naming context that you want to use.

      For example, dc=example,dc=com

12. On the Runtime options panel, click Change to configure any specific JVM setting, or click Next to run the server with the default JVM settings.
13. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

14. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

15. Click Finish to complete the installation.

    ---

    Note - When the installation is complete, you can use the dsconfig command to modify the installation. For more information, see Managing the Server Configuration With dsconfig in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

    ---

To Configure Simple Distribution

1. When you have installed the software, change to the ORACLE_HOME subdirectory.

   (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
   (Windows)      C:\> cd OUD-base-location\ORACLE_HOME

2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).
3. Run the oud-proxy-setup command to configure the proxy server installation.

   (UNIX, Linux)  $ oud-proxy-setup
   (Windows)      C:\> oud-proxy-setup.bat

   The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

   The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

   $ export INSTANCE_NAME=my-oud-proxy-instance

4. On the Welcome panel, click Next.
5. On the Server Settings panel, enter the following information:
   1. Host Name. Enter the proxy server's host name or IP address.

      The default is the local host name.

   2. LDAP Listener Port. Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX platforms, if you run the installer as a non-root user, the default is 1389, if available.

   3. (Optional) LDAP Secure Access. If you want to configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access. Select Enable SSL and enter a valid port for secure LDAP operations.

         The default secure port that is proposed is the first available port that ends with 636. On UNIX platforms, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access. Click Enable StartTLS for LDAP.
      3. Certificate. If you are in a testing environment, select Generate Self-Signed Certificate.

         For production servers, click Use an Existing Certificate, and then click the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK to continue.
   4. Administration Port. Enter the port that will be used for administration traffic.

      The default administration port is 4444. For more information, see Managing Administration Traffic to the Server in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

   5. Root User DN. Enter the Root User DN, or keep the default, cn=Directory Manager.
   6. Password. Enter the root user bind password.
   7. Password (confirm): Retype the root user bind password.
   8. Click Next to continue.
6. In the Deployment Options panel, select Use distribution on a partitioned data set from the Configuration Option drop-down menu.

   ---

   Note - If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command or the ODSM interface to configure your deployment.

   ---

7. Drag the sliding arrow to specify the number of partitions on which the data is separated.

   For the example distribution scenario, select two partitions.

   Click Next.

8. Define how the data will be partitioned across the LDAP servers.
   1. Select the Partitioning Algorithm from the drop-down list.

      For information about the various partitioning algorithms, see Data Distribution Using the Proxy in Oracle Fusion Middleware Deployment Planning Guide for Oracle Unified Directory.

   2. Enter the naming context.

      For example,dc=example,dc=com.

   3. Enter the distribution base DN.

      For example, ou=people. The distribution base DN is the level after which the distribution requests apply.

   4. If you have selected a Lexico or Numeric algorithm, enter the distribution attribute.

      For example,uid.

9. Depending on the distribution algorithm, define the partition capacities, DN patterns, or boundaries for each partition.

   If you use the Set Default button, the installation wizard sets defaults that might not correspond to your deployment. This feature can, however, be useful for testing purposes.

   • For capacity, set the maximum number of entries for each partition.

     For example, if you set maximum entries to 1000, only 1000 Add requests will be sent to the LDAP server associated with that partition. If you set maximum entries to 1000 for partition 1 and 2000 for partition 2, the proxy will send twice the number of requests to partition 2.

     ---

     Note - If you select the capacity algorithm, you must create a global index, as described in the next step.

     ---

   • For DN pattern, set the DN pattern string for each partition.

     For example, cn=[a].* means that requests with a uid that starts with a will be sent to partition 1. For more information about DN pattern strings, see DN Pattern String Syntax in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

   • For lexico, set the alphabetic boundaries for each partition.

     For example, for partition 1, From=A, To=K. This means that uids with values between A and K will be sent to partition 1.

   • For numeric, set numeric boundaries for each partition.

     For example, for partition 1, From=0, To=1000. This means that uids between 0 and 1000 will be sent to partition 1.

   ---

   Note - The upper boundary is exclusive. That is, if you set the upper boundary to 1000, only entries up to 999 will be distributed to that partition.

   If you leave one of the boundaries blank, this will be considered as unlimited. In other words, if you set the lower boundary to 1000 and the upper boundary to blank, the partition will include everything after 1000.

   ---

   Click Next.

10. (Optional) Configure the global index.
    1. Select Enable Global Indexes.

       ---

       Note - If you have selected a capacity algorithm, this option will already be selected because Global indexes are mandatory for the capacity algorithm.

       ---

    2. Add attributes to be indexed:
       1. Select Index the DNs if you want the DNs included in the global index.
       2. Select Index other attributes if you want attributes other than the DNs included.
       3. Select attributes from the Available Attributes list and click Add to include those attributes in the global index.

          ---

          Note - All available attributes are listed. Choose only those attributes that contain unique values.

          If necessary, use the split-ldif command to divide LDIF files into files containing the expected data for global indexes. For more information, see To Create a Global Index Catalog Containing Global Indexes in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

          ---

    The installation wizard creates a global index catalog, named gi-catalog by default, and populates the global index catalog with global indexes of the selected attributes. All global indexes are associated with the same global index catalog (gi-catalog) . The installation wizard also creates a global index replication administrator with the same password as the directory manager.

    For information about configuring and using global indexes, see Configuring Global Indexes By Using the Command Line in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

11. For each partition, select the remote LDAP server that holds the corresponding partitioned data.

    ---

    Note - If you add two servers for one partition, you must configure load balancing between these servers. This use case is explained in the example To Configure Distribution with Load Balancing.

    ---

    • If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.
      • For Oracle Unified Directory servers:
        1. Select Connect to a replicated Oracle Unified Directory server.
        2. Enter the hostname, administration port, administration bind DN and password for the remote Oracle Unified Directory server.
        3. Click Connect.
        4. Accept the certificate.
        5. Check the servers that should be part of the load balanced topology.

           When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

        6. Click OK.
      • For Oracle Directory Server Enterprise Edition servers:
        1. Select Connect to a DSCC registry.
        2. Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.
        3. Check the servers that should be part of the load balanced topology.

           The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

        4. Click OK.
    • If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.
      1. Enter the server name, port and security settings.

         ---

         Note - The security settings you set here will determine the security between the Oracle Unified Directory proxy and remote LDAP servers. For more information about setting security options, see Chapter 5, Configuring Security Between the Proxy and the Data Source, in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

         ---

      2. Click Add.
      3. Click Close when you have added all the remote LDAP servers for the distributed topology.
12. On the Runtime options panel, click Change to configure any specific JVM setting, or click Next to run the server with the default JVM settings.
13. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

14. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

15. Click Finish to complete the installation.

    ---

    Note - When the installation is complete, you can use the dsconfig command to modify the installation. For more information, see Managing the Server Configuration With dsconfig in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

    ---

To Configure Distribution with Load Balancing

1. When you have installed the software, change to the ORACLE_HOME subdirectory.

   (UNIX, Linux)  $ cd OUD-base-location/ORACLE_HOME
   (Windows)      C:\> cd OUD-base-location\ORACLE_HOME

2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).
3. Run the oud-proxy-setup command to configure the proxy server installation.

   (UNIX, Linux)  $ oud-proxy-setup
   (Windows)      C:\> oud-proxy-setup.bat

   The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

   The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

   $ export INSTANCE_NAME=my-oud-proxy-instance

4. On the Welcome panel, click Next.
5. On the Server Settings panel, enter the following information:
   1. Host Name. Enter the proxy server's host name or IP address.

      The default is the local host name.

   2. LDAP Listener Port. Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX platforms, if you run the installer as a non-root user, the default is 1389, if available.

   3. (Optional) LDAP Secure Access. If you want to configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access. Select Enable SSL and enter a valid port for secure LDAP operations.

         The default secure port that is proposed is the first available port that ends with 636. On UNIX platforms, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access. Click Enable StartTLS for LDAP.
      3. Certificate. If you are in a testing environment, select Generate Self-Signed Certificate.

         For production servers, click Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK to continue.
   4. Administration Port. Enter the port that will be used for administration traffic.

      The default administration port is 4444. For more information, see Managing Administration Traffic to the Server in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

   5. Root User DN. Enter the Root User DN, or keep the default, cn=Directory Manager.
   6. Password. Enter the root user bind password.
   7. Password (confirm): Retype the root user bind password.
   8. Click Next to continue.
6. In the Deployment Options panel, select Use distribution on a partitioned data set from the Configuration Option drop-down menu.

   ---

   Note - If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command or the ODSM interface to configure your deployment.

   ---

7. Drag the sliding arrow to specify the number of partitions on which the data is separated.

   For the example distribution scenario, select two partitions.

   Click Next.

8. Define how the data will be partitioned across the LDAP servers.
   1. Select the Partitioning Algorithm from the drop-down list.

      For information about the various partitioning algorithms, see Data Distribution Using the Proxy in Oracle Fusion Middleware Deployment Planning Guide for Oracle Unified Directory.

   2. Enter the naming context.

      For example,dc=example,dc=com.

   3. Enter the distribution base DN.

      For example, ou=people. The distribution base DN is the level after which the distribution requests apply.

   4. If you have selected a Lexico or Numeric algorithm, enter the distribution attribute.

      For example,uid.

9. Depending on the distribution algorithm, define the partition capacities, DN patterns, or boundaries for each partition.

   If you use the Set Default button, the installation wizard sets defaults, that might not correspond to your deployment. This feature can, however, be useful for testing purposes.

   • For capacity, set the maximum number of entries for each partition.

     For example, if you set maximum entries to 1000, only 1000 Add requests will be sent to the LDAP server associated with that partition. If you set maximum entries to 1000 for partition 1 and 2000 for partition 2, the proxy will send twice the number of requests to partition 2.

     ---

     Note - If you select the capacity algorithm, you must create a global index, as described in the next step.

     ---

   • For DN pattern, set the DN pattern string for each partition.

     For example, cn=[a].* means that requests with a uid that starts with a will be sent to partition 1. For more information about DN pattern strings, see DN Pattern String Syntax in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

   • For lexico, set the alphabetic boundaries for each partition.

     For example, for partition 1, From=A, To=K. This means that uids with values between A and K will be sent to partition 1.

   • For numeric, set numeric boundaries for each partition.

     For example, for partition 1, From=0, To=1000. This means that uids between 0 and 1000 will be sent to partition 1.

   ---

   Note - The upper boundary is exclusive. That is, if you set the upper boundary to 1000, only entries up to 999 will be distributed to that partition.

   If you leave one of the boundaries blank, this will be considered as unlimited. In other words, if you set the lower boundary to 1000 and the upper boundary to blank, the partition will include everything after 1000.

   ---

   Click Next.

10. (Optional) Configure the global index.
    1. Select Enable Global Indexes.

       ---

       Note - If you have selected a capacity algorithm, this option will already be selected because Global indexes are mandatory for the capacity algorithm.

       ---

    2. Add attributes to be indexed:
       1. Select Index the DNs if you want the DNs included in the global index.
       2. Select Index other attributes if you want attributes other than the DNs included.
       3. Select attributes from the Available Attributes list and click Add to include those attributes in the global index.

          ---

          Note - All available attributes are listed. Choose only those attributes that contain unique values.

          If necessary, use the split-ldif command to divide LDIF files into files containing the expected data for global indexes. For more information, see To Create a Global Index Catalog Containing Global Indexes in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

          ---

    The installation wizard creates a global index catalog, named gi-catalog by default, and populates the global index catalog with global indexes of the selected attributes. All global indexes are associated with the same global index catalog (gi-catalog) . The installation wizard also creates a global index replication administrator with the same password as the directory manager.

    For information about configuring and using global indexes, see Configuring Global Indexes By Using the Command Line in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

11. For each partition, select the remote LDAP server that holds the corresponding partitioned data.

    ---

    Note - You must select at least two remote LDAP servers per partition to deploy distribution with load balancing.

    ---

    • If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.
      • For Oracle Unified Directory servers:
        1. Select Connect to a replicated Oracle Unified Directory server.
        2. Enter the hostname, administration port, administration bind DN and password for the remote Oracle Unified Directory server.
        3. Click Connect.
        4. Accept the certificate.
        5. Check the servers that should be part of the load balanced topology.

           When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

        6. Click OK.
      • For Oracle Directory Server Enterprise Edition servers:
        1. Select Connect to a DSCC registry.
        2. Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.
        3. Check the servers that should be part of the load balanced topology.

           The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

        4. Click OK.
    • If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.
      1. Enter the server name, port and security settings.

         ---

         Note - The security settings you set here will determine the security between the Oracle Unified Directory proxy and remote LDAP servers. For more information about setting security options, see Chapter 5, Configuring Security Between the Proxy and the Data Source, in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

         ---

      2. Click Add.
      3. Click Close when you have added all the remote LDAP servers for the distributed topology.
12. For each partition, set load balancing.
    1. Choose the load balancing algorithm.

       For example, select Proportional with default values.

    2. Set the load balancing algorithm properties or select Default Values.

       When you have completed the installation, the properties can be modified. For more information, see Modifying Load Balancing Properties in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

       • For proportional load balancing, set the weight. Requests are distributed between the remote LDAP servers based on the weight indicated.

         For example, if you leave the default value of 1, all servers will receive the same number of requests.

       • For failover, indicate the order in which the servers are used.

         The server with a value of 1 will be the main server. The other servers will only be used if there is a failure on the server with a priority of 1.

       • For saturation, set the order in which the servers are used as well as the saturation threshold of each server.

         Requests are sent to the server with the highest priority (1) until it reaches the threshold indicated. The saturation threshold is the rate at which the server is considered saturated, or full. Typically this limit should be set lower than 100%.

       • For optimal, no additional configuration is required.

         The active server is selected based on the saturation index, which is calculated automatically.

13. On the Runtime options panel, click Change to configure any specific JVM setting, or click Next to run the server with the default JVM settings.

    For more information, see Configuring the Java Runtime Settings During Installation.

14. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

15. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

16. Click Finish to complete the installation.

    ---

    Note - When the installation is complete, you can use the dsconfig command to modify the installation. For more information, see Managing the Server Configuration With dsconfig in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.

    ---