Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 1 (11.1.3) Part Number E21032-07 |
|
|
PDF · Mobi · ePub |
This chapter describes how to extend the Identity Management domain to include Oracle Directory Services Manager.
This chapter includes the following topics:
Section 10.1, "Overview of Extending the Domain to Include ODSM"
Section 10.5, "Provisioning the Managed Servers in the Managed Server Directory"
Section 10.6, "Configuring ODSM to work with the Oracle Web Tier"
Section 10.7, "Validating the Application Tier Configuration"
Section 10.8, "Backing Up the Application Tier Configuration"
The application tier consists of multiple computers hosting the Oracle Directory Services Manager and Oracle Access Manager instances. In the complete configuration, requests are balanced among the instances on the application tier computers to create a high-performing, fault tolerant application environment.
Oracle Directory Services Manager is a unified graphical user interface (GUI) for managing instances of Oracle Internet Directory and Oracle Virtual Directory. Oracle Directory Services Manager enables you to configure the structure of the directory, define objects in the directory, add and configure users, groups, and other entries.
This chapter describes how to install and configure Oracle Directory Services Manager (ODSM).
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
If you plan on provisioning the Instance Home or the Managed Server domain directory on shared storage, ensure that the appropriate shared storage volumes are mounted on IDMHOST1 as described in Section 4.4.4, "Directory Structure."
Ensure that port 7006 is not in use by any service on the computer by issuing these commands for the operating system you are using. If a port is not in use, no output is returned from the command.
On UNIX:
netstat -an | grep "7006"
If the port is in use (if the command returns output identifying the port), you must free it.
On UNIX:
Remove the entries for port 7006 in the /etc/services
file and restart the services, as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components," or restart the computer.
If you plan on provisioning the Instance Home or the Managed Server domain directory on shared storage, ensure that the appropriate shared storage volumes are mounted on IDMHOST1 as described in Section 4.4.4, "Directory Structure."
Follow these steps to install and configure Oracle Directory Services Manager on IDMHOST1:
Create a file containing the ports used by ODSM. On Disk1 of the installation media, locate the file stage/Response/staticports.ini
. Copy it to a file called odsm_ports.ini
. Delete all entries in odsm_ports.ini
except for ODSM Server Port No
. Change the values of ODSM Server Port No.
to 7006
.
Note:
If the port name in the file is slightly different from those listed in this step, use the name in the file.
Start the Oracle Identity Management 11g Configuration Wizard by running the config.sh
script located under the IDM_ORACLE_HOME
/bin
directory on IDMHOST1. For example:
/u01/app/oracle/product/fmw/idm/bin/config.sh
On the Welcome screen, click Next.
On the Select Domain screen, select Extend Existing Domain and enter the domain details:
Hostname: ADMINVHN.mycompany.com
Port: 7001
User Name: weblogic
User Password: user password
Click Next.
A dialog box with the following message appears:
The selected domain is not a valid Identity Management domain or the installer cannot determine if it is a valid domain. If you created the domain using the Identity Management installer, you can ignore this message and continue. If you did not create the domain using the Identity Management installer, refer to the Identity Management documentation for information on how to verify the domain is valid.
Click Yes to continue.
This is a benign warning that you can ignore.
On the Specify Installation Location screen, specify the following values (the values for the Oracle Middleware Home Location and the Oracle Home Directory fields are prefilled. The values default to the Middleware home and Oracle home previously installed on IDMHOST1:
Oracle Middleware Home Location: /u01/app/oracle/product/fmw
Oracle Home Directory: idm
WebLogic Server Directory: /u01/app/oracle/product/fmw/wlserver_10.3
Oracle Instance Location: /u01/app/oracle/admin/ods_inst1
Oracle Instance Name: ods_inst1
Click Next.
On the Specify Email for Security Updates screen, specify these values:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Check the check box next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, select Management Components - Oracle Directory Services Manager.
Deselect all the other components.
Select the Clustered check box.
Click Next.
On the Configure Ports screen, you use the odsm_ports.ini
file you created in Step 1 to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify odsm_ports.ini
.
Click Save, then click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Configure.
On the Configuration Progress screen, multiple configuration assistants are launched in succession; this process can be lengthy. Wait until it completes.
On the Installation Complete screen, click Finish to confirm your choice to exit.
Follow these steps to extend the WebLogic Server domain and install and configure Oracle Directory Service Manager on IDMHOST2:
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
If you plan on provisioning the Instance Home or the Managed Server domain directory on shared storage, ensure that the appropriate shared storage volumes are mounted on IDMHOST2 as described in Section 4.4.4, "Directory Structure."
Ensure that port number 7006 is not in use by any service on the computer by issuing this command for the operating system you are using. If a port is not in use, no output is returned from the command.
On UNIX:
netstat -an | grep "7006"
If the port is in use (if the command returns output identifying the port), you must free it.
On UNIX:
Remove the entries for port 7006 in the /etc/services
file if the port is in use by a service and restart the services, as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components," or restart the computer.
Start the Oracle Identity Management 11g Configuration Wizard by running the config.sh
script located under the IDM_ORACLE_HOME
/bin
directory on IDMHOST2. For example:
/u01/app/oracle/product/fmw/idm/bin/config.sh
On the Welcome screen, click Next.
On the Select Domain screen, select the Expand Cluster option and specify these values:
Hostname: ADMINVHN.mycompany.com
Port: 7001
UserName: weblogic
User Password: password for the webLogic user
Click Next.
A dialog box with the following message appears:
The selected domain is not a valid Identity Management domain or the installer cannot determine if it is a valid domain. If you created the domain using the Identity Management installer, you can ignore this message and continue. If you did not create the domain using the Identity Management installer, refer to the Identity Management documentation for information on how to verify the domain is valid.
Click YES to continue.
This is a benign warning that you can safely ignore.
On the Specify Installation Location screen, specify the following values. The values for the Oracle Middleware Home Location and the Oracle Home Directory fields are prefilled. The values default to the Middleware home and Oracle home previously installed on IDMHOST1:
Oracle Middleware Home Location: /u01/app/oracle/product/fmw
Oracle Home Directory: idm
WebLogic Server Directory: /u01/app/oracle/product/fmw/wlserver_10.3
Oracle Instance Location: /u01/app/oracle/admin/ods_inst2
Oracle Instance Name: ods_inst2
Click Next.
On the Email for Security Updates screen, specify these values:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Check the check box next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, de-select all the products and then click Next.
On the Configure Ports screen, you use the odsm_ports.ini
file you created in Section 10.3, "Extending the Oracle WebLogic Domain" to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify odsm_ports.ini
.
Click Save, then click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Configure.
On the Configuration Progress screen, multiple configuration assistants are launched in succession; this process can be lengthy. Wait until it completes.
On the Installation Complete screen, click Finish to confirm your choice to exit.
This section provides the steps to provision the Managed Server on the local disk. Proceed as follows:
Stop the ODS instances on both IDMHOST1 and IDMHOST2. Follow the steps in Section 21.1, "Starting and Stopping Oracle Identity Management Components"
On IDMHOST1, pack the Managed Server domain using the pack
command located under the ORACLE_COMMON_HOME
/common/bin
directory. Make sure to pass -managed=true flag
to pack the Managed Server. Type:
ORACLE_COMMON_HOME/common/bin/pack.sh -managed=true -domain=path_to_adminServer_domain -template=templateName.jar -template_name=templateName
For example
ORACLE_COMMON_HOME/common/bin/pack.sh -managed=true -domain=/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain -template=/u01/app/oracle/product/fmw/templates/managedServer.jar -template_name=ManagedServer_Template
Unpack the Managed Server to the managed server directory on IDMHOST1 using the unpack
command located under the ORACLE_COMMON_HOME
/common/bin
directory.
ORACLE_COMMON_HOME/common/bin/unpack.sh -domain=path_to_domain_on_localdisk -template=templateName.jar -app_dir=path_to_appdir_on_localdisk -overwrite_domain=true
For example:
ORACLE_COMMON_HOME/common/bin/unpack.sh -domain=/u01/app/oracle/admin/IDMDomain/mserver/IDMDomain -template=/u01/app/oracle/product/fmw/templates/managedServer.jar -app_dir=/u01/app/oracle/admin/IDMDomain/mserver/applications -overwrite_domain=true
Copy the Managed Server template directory from IDMHOST1 to IDMHOST2. For Example:
scp -rp /u01/app/oracle/products/fmw/templates user@IDMHOST2:/u01/app/oracle/products/fmw/templates
Unpack the Managed Server to the managed server directory on IDMHOST2 using the unpack
command located under the ORACLE_COMMON_HOME
/common/bin
directory.
ORACLE_COMMON_HOME/common/bin/unpack.sh -domain=path_to_domain_on_localdisk -template=templateName.jar -app_dir=path_to_appdir_on_localdisk
For example:
ORACLE_COMMON_HOME/common/bin/unpack.sh -domain=/u01/app/oracle/admin/IDMDomain/mserver/IDMDomain -template=/u01/app/oracle/product/fmw/templates/managedServer.jar -app_dir=/u01/app/oracle/admin/IDMDomain/mserver/applications
Restart the wls_ods1 and wls_ods2 instances on both IDMHOST1 and IDMHOST2. Follow the steps in Section 21.1, "Starting and Stopping Oracle Identity Management Components."
Delete the ORACLE_BASE
/admin/IDMDomain/aserver/IDMDomain/servers/wls_ods1
directory on IDMHOST1 and the ORACLE_BASE
/admin/IDMDomain/aserver/IDMDomain/servers/wls_ods2
directory on IDMHOST2.
These directories are created by the Oracle Universal Installer when the domain is originally configured and are no longer required after the provisioning the Managed Server to the managed server directory.
This section describes how to configure Oracle Directory Services Manager to work with the Oracle Web Tier.
This section contains the following topics:
Before proceeding, ensure that the following tasks have been performed:
Install Oracle Web Tier on WEBHOST1 and WEBHOST2.
Install and configure ODSM on IDMHOST1 and IDMHOST2.
Configure the load balancer with a virtual host name (admin.mycompany.com
) pointing to web servers WEBHOST1 and WEBHOST2.
On each of the web servers on WEBHOST1 and WEBHOST2, a file called admin_vh.conf
was created in the directory ORACLE_INSTANCE
/config/OHS/component/moduleconf
, as described Section 8.7.1, "Configuring Oracle HTTP Server for the WebLogic Administration Server." Edit this file and add the following lines within the virtual host definition:
<Location /odsm> SetHandler weblogic-handler WebLogicCluster idmhost1.mycompany.com:7006,idmhost2.mycompany.com:7006 </Location>
After editing the file should look like this:
NameVirtualHost *:7777 <VirtualHost *:7777> ServerName admin.mycompany.com:80 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit # Admin Server and EM <Location /console> SetHandler weblogic-handler WebLogicHost ADMINVHN WeblogicPort 7001 </Location> <Location /consolehelp> SetHandler weblogic-handler WebLogicHost ADMINVHN WeblogicPort 7001 </Location> <Location /em> SetHandler weblogic-handler WebLogicHost ADMINVHN WeblogicPort 7001 </Location> <Location /odsm> SetHandler weblogic-handler WebLogicCluster idmhost1.mycompany.com:7006,idmhost2.mycompany.com:7006 </Location> </VirtualHost>
Restart the Oracle HTTP Server, as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components."
Validate the Application Tier configuration as follows:
Follow these steps to validate that you can connect the Oracle Directory Services Manager site in a browser:
In a web browser, verify that you can connect to Oracle Directory Services Manager (ODSM) at:
http://hostname.mycompany.com:port/odsm
For example, on IDMHOST1, enter this URL:
http://idmhost1.mycompany.com:7006/odsm
and on IDMHOST2, enter this URL:
http://idmhost2.mycompany.com:7006/odsm
In a web browser, verify that you can access ODSM through the load balancer address:
http://admin.mycompany.com/odsm
Validate that Oracle Directory Services Manager can create connections to Oracle Internet Directory.
Create a connection to the Oracle Internet Directory on each ODSM instance separately. Even though ODSM is clustered, the connection details are local to each node. Proceed as follows:
Launch Oracle Directory Services Manager from IDMHOST1:
http://idmhost1.mycompany.com:7006/odsm
Create a connection to the Oracle Internet Directory virtual host by providing the following information in ODSM:
Server: oidstore.mycompany.com
Port: 636
Enable the SSL option
User: cn=orcladmin
Password: ldap-password
Launch Oracle Directory Services Manager from IDMHOST2.
Follow Step b to create a connection to Oracle Internet Directory from IDMHOST2
http://idmhost2.mycompany.com:7006/odsm
Create a connection to the Oracle Internet Directory virtual host by providing the corresponding information in ODSM
Note:
Accept the certificate when prompted.
It is an Oracle best practices recommendation to create a backup after successfully completing the installation and configuration of each tier, or at another logical point. Create a backup after verifying that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps. The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process. For more details, see the Oracle Fusion Middleware Administrator's Guide.
For information on database backups, refer to the Oracle Database Backup and Recovery User's Guide.
To back up the installation to this point, follow these steps:
Back up the web tier as described in Section 7.7, "Backing up the Web Tier Configuration."
Back up the database. This is a full database backup, either hot or cold. The recommended tool is Oracle Recovery Manager.
Back up the application tier instances by following these steps:
Shut down the instance using opmnctl
located under the ORACLE_INSTANCE
/bin
directory:
ORACLE_INSTANCE/bin/opmnctl stopall
Create a backup of the Middleware home on the application tier. On Linux, as the root
user, type:
tar -cvpf BACKUP_LOCATION/apptier.tar ORACLE_BASE
Create a backup of the Instance home on the application tier as the root
user:
tar -cvpf BACKUP_LOCATION/instance_backup.tar ORACLE_INSTANCE
Start up the instance using opmnctl
located under the ORACLE_INSTANCE
/bin
directory:
ORACLE_INSTANCE/bin/opmnctl startall
Back up the Administration Server domain directory as described in Section 8.8, "Backing Up the WebLogic Domain."
Back up the Oracle Internet Directory as described in Section 9.8, "Backing up the Oracle Internet Directory Configuration."
For information about backing up the application tier configuration, see Section 21.6, "Performing Backups and Recoveries."