13 Setting Up Oracle Internet Directory

This chapter provides information about setting up the Oracle Internet Directory. This chapter contains the following sections:

13.1 Installing Oracle Internet Directory

Use the documentation that corresponds with the version of Oracle Internet Directory you are installing to guide you through the installation process.

The following components are required to install Oracle Internet Directory:

  • Oracle Database 11g – Version 11.2.0

  • Oracle Fusion Middleware Repository Creation Utility 11g (11.1.1.5.x)

  • Oracle WebLogic Server (10.3.5) Generic and Coherence

  • Oracle Identity Management 11g (11.1.1.5.x)

13.2 Starting the Required Oracle Internet Directory Components

  1. Start the WebLogic Admin Server:

    <domain_home>/bin/startWebLogic.sh
    

    For example:

    /u01/software/Apps/OraMiddleware/user_projects/domains/OIAMDomain/bin/startWebLogic.sh
    
  2. Start the WebLogic Node Manager:

    <weblogic_home>/server/bin/startNodeManager.sh
    

    For example:

    /u01/software/Apps/OraMiddleware/wlserver_10.3/server/bin/startNodeManager.sh
    
  3. View the Enterprise Manager Farm Application

    1. From a browser, go to the following URL:

      http://<weblogic_admin_host>:<weblogic_admin_port>/em
      
    2. Log in using the WebLogic server credentials.

    3. On the right side, under Fusion Middleware (Figure 13-1), you can view the status for each of the applications and servers. Currently only AdminServer should be shown as running.

      Figure 13-1 Fusion Middleware

      Description of Figure 13-1 follows
      Description of ''Figure 13-1 Fusion Middleware''

      The required applications are: the Oracle Internet Directory server (oid1) and the Oracle Directory Services Manager web application (wls_ods1) which is used for Oracle Internet Directory administration.

  4. Start the Oracle Internet Directory server.

    1. Set the ORACLE_INSTANCE environment variable:

      export ORACLE_INSTANCE=<middleware_home>/asinst_1
      
    2. Start the server using the opmnctl command:

      <middleware_home>/Oracle_IDM1/opmn/bin/opmnctl startall
      
    3. View the opmnctl processes:

      <middleware_home>/Oracle_IDM1/opmn/bin/opmnctl status
      
    4. Stop any unwanted non-oid1 components using the values from the chart output from step 3c.

      <middleware_home>/Oracle_IDM1/opmn/bin/opmnctl stopproc ias-compnent=<ias-component_name>
      

      In the Enterprise Farm Application you should now see the Oracle Internet Directory server (oid1) as started.

  5. Start the Oracle Directory Services Manager web application (Figure 13-2):

    1. From the Farm Application, click wls_ods1.

    2. Under wls_ods1, click WebLogic Server.

      A drop-down menu opens.

    3. In the drop-down menu, select Control and then click Start Up.

      Figure 13-2 Oracle Directory Services Manager

      Description of Figure 13-2 follows
      Description of ''Figure 13-2 Oracle Directory Services Manager''

      When startup has completed, the status arrow changes to green.

13.3 Using the Oracle Directory Services Manager

  1. Access the Oracle Directory Services Manager:

    1. From the Farm Application, click oid1.

    2. Under oid1, click Oracle Internet Directory which becomes a drop-down menu.

      A drop-down menu opens.

    3. In the drop-down menu, point to Directory Services Manager and click Data Browser.

    4. In the "Connect" screen (Figure 13-3), fill in the following fields and then click Connect:

      • In the User Name field, enter cn=orcladmin.

      • In the Password field, enter the password specified during the Oracle Identity Directory installation.

      • In the Start Page field, select a start page.

      This connection will be saved for later use.

  2. View or modify Oracle Internet Directory Data:

    1. In the Oracle Directory Services Manager (Figure 13-4), click the Data Browser tab.

    2. Expand dc=com, dc=oracle, dc=us.

      The roles for WebCenter Sites are stored in cn=Groups. The users for WebCenter Sites are stored in cn=Users.

    3. (Optional) Add/Remove a role for a user:

      1. Expand cn=Groups

      2. Click the role to be added/removed.

        Figure 13-4 Oracle Directory Services Manager

        Description of Figure 13-4 follows
        Description of ''Figure 13-4 Oracle Directory Services Manager''

        To remove a role from a user, select the user's name and click the red X, then click Apply.

        To add a role to a user, click the green + next to the desired role, then either enter the full user name, or browse to the name of the desired user.

    4. (Optional) Change a user's password (Figure 13-5):

      1. Expand cn=Users

      2. Click the name of the user whose password you wish to change.

      3. Click the Attributes tab.

      4. In the "userPassword" field, enter the new password for the user and then click Apply.

        Figure 13-5 Oracle Directory Services Manager

        Description of Figure 13-5 follows
        Description of ''Figure 13-5 Oracle Directory Services Manager''

13.4 Configuring Oracle Internet Directory

  1. Set the Server Mode:

    Note:

    WebCenter Sites requires an LDAP server that is capable of recording data to enable User/Role modification in the WebCenter Sites Admin interface.
    1. From the Farm Application, click oid1 (Figure 13-6).

    2. Under oid1, click Oracle Internet Directory.

      A drop-down menu opens.

    3. In the drop-down menu, select Administration and then click Server Properties.

      Figure 13-6 Oracle Internet Directory: Server Properties

      Description of Figure 13-6 follows
      Description of ''Figure 13-6 Oracle Internet Directory: Server Properties''

      The "Server Properties" screen opens.

    4. In the "Server Mode" field, select Read/Write (Figure 13-7) and then click Apply.

      Figure 13-7 Server Properties

      Description of Figure 13-7 follows
      Description of ''Figure 13-7 Server Properties''

  2. Modify the default Password Policy:

    Note:

    WebCenter Sites requires an LDAP server to allow passwords without numeric characters.
    1. In the Oracle Directory Services Manager, click the Security tab.

    2. In the left navigation pane, click Password Policy.

    3. Find the policy named cn=default with an "Effective Subtree" of cn=Users, dc=us,dc=oracle,dc=com by clicking each policy named cn=default and then clicking the Effective Subtree tab (Figure 13-8).

      Figure 13-8 Effective Subtree

      Description of Figure 13-8 follows
      Description of ''Figure 13-8 Effective Subtree''

    4. Click the Password Syntax tab.

    5. In the "Number of Numeric Characters" field, enter 0 (Figure 13-9).

    6. Click Apply.

13.5 Connecting to Oracle Internet Directory using an LDAP Browser

  1. Open the LDAP browser.

  2. Select the Quick Connect tab.

  3. In the "Quick Connect" tab (Figure 13-10), fill in the following information:

    • Host: <oid_host>

    • Port: <oid_port> (default is 3060)

    • Base DN: dc=us,dc=oracle,dc=com

    • Anonymous bind: deselect

    • User DN: cn=orcladmin

    • Password: <oid_password>

  4. Click Connect.

13.6 Adding Users/Roles Using an LDIF File

  1. Create an LDIF file:

    1. Open a new file in a text editor.

    2. For each new user add the following:

      dn: cn=<user>,dc=Users,dc=us,dc=oracle,dc=com
      userPassword: <password>
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      sn: <user>
      cn: <user>
      
    3. For each new role add the following:

      dn: cn=<role>,dn=Groups,dc=us,dc=oracle,dc=com
      objectClass: top
      objectClass: groupofUniqueNames
      uniqueMember: cn=<user1>,cn=Users,dc=us,dc=oracle,dc=com
      uniqueMember: cn=<user2>,cn=Users,dc=us,dc=oracle,dc=com
      …
      cn: <role>
      
    4. Save the new LDIF file.

  2. Import the LDIF file. Do one of the following:

    • If you are using the ldapadd command:

      1. Change to the <oracle_home>/bin directory:

        cd <middleware_home>/Oracle_IDM1/bin
        
      2. Import the file using the ldapadd command:

        ./ ldapadd -h <oid_host> -p <oid_port> -D "cn=orcladmin" -w <oid_password> -f <path to ldif file> -x
        
    • If you are using the Oracle Directory Services Manager:

      1. Connect to the Oracle Identity Directory using the Directory Services Manager and click the Data Browser tab.

      2. Under "Data Tree," select the icon located farthest to the right.

        The "Import File" dialog box opens (Figure 13-11).

      3. In the "Import File" dialog box, browse to the LDIF file you created in step 1 and then click OK.