Configure Oracle Unified Directory for Oracle Access Management 12c Sandbox Environment

Introduction

This tutorial shows you how to install Oracle Access Management 12c software for a sandbox environment.

This is the fifth tutorial in the series Creating an Oracle Access Management 12c Sandbox Environment for Oracle Advanced Authentication and they should be read sequentially.

Objective

To configure Oracle Unified Directory for use with Oracle Access Management 12c.

Prerequisites

To have followed Install Oracle Access Management 12c Sandbox Environment.

All the tasks in this tutorial should be performed on the linux server where OUD will be installed. In these tutorials this is oam.example.com. Where hostnames (oam.example.com) or domain names (example.com) are referenced in the configuration below, change to match your environment.

Download the Oracle Unified Directory Software

  1. Launch your browser and navigate to Identity & Access Management Downloads.
  2. Under Identity Management 12cPS4 (12.2.1.4.0), click Oracle Unified Directory 12cPS4.
  3. In the Oracle Software Delivery Cloud page, select Linux x86-64 from the Platforms drop down list.
  4. Click on V983402-01.zip - Oracle Fusion Middleware 12c (12.2.1.4.0) Unified Directory for (Linux x86-64). The download will begin.
  5. After the download is complete, move the zip file to a staging directory, for example: /stage/OUD12c and unzip it.

Install Oracle Unified Directory in Standalone Mode

  1. Launch a terminal window as oracle and run the following commands:

    cd /stage/OUD12c
java -jar fmw_12.2.1.4.0_oud.jar

  2. Follow the table below to guide you through the installation screens:

    Step Window Description Choice or Values
    1 Welcome Click Next
    2 Auto Updates Skip Auto Updates
    3 Installation Location Oracle Home: /u01/app/oracle/product/middlewareoud
    4 Installation Type Standalone Oracle Unified Directory Server (Managed independently of WebLogic Server)
    5 Prerequisite Checks Click Next
    6 Installation Summary Click Install
    7 Installation Progress Click Next
    8 Installation Complete Click Finish

Configure Oracle Unified Directory

  1. Launch a terminal window as oracle and enter the following command:

    cd /u01/app/oracle/product/middlewareoud/oud
./oud-setup

  2. Follow the table below to guide you through the configuration screens:

    Step Window Description Choice or Values
    1 Welcome Click Next
    2 Server Administration Settings Instance Path: /u01/app/oracle/admin/oud/asinst_1/OUD
    Host Name: oam.example.com
    Root User DN: cn=oudadmin
    Password: <password>
    Confirm Password: <password>
    3 Ports Click Next
    4 Topology Options Select: This will be a standalone server
    5 Directory Data Select: Only Create Base Entry (dc=example,dc=com
    6 Oracle Components Integration Click Next
    7 Server Tuning Select 2GB and click Next
    8 Review Click Finish
    9 Finished Click Close

    Note: Oracle Unified Directory will automatically start after the configuration wizard has completed. For information on stopping and starting Oracle Unified Directory see: Starting and Stopping the Server.

Preparing the LDAP Directory

Before you can use an LDAP directory with Oracle Identity and Access Management, it must be extended with object classes required by Oracle Access Manager.

In addition, certain users and groups need to be seeded into the directory. These users and groups will be used by the various Oracle Identity and Access Management products as described later.

In this section you create the following:

  1. Create a file called /stage/OUD12c/iam.props with the following information:

    # Common
IDSTORE_HOST: oam.example.com
IDSTORE_PORT: 1389
IDSTORE_ADMIN_PORT: 4444
IDSTORE_KEYSTORE_FILE: /u01/app/oracle/admin/oud/asinst_1/OUD/config/admin-keystore
IDSTORE_KEYSTORE_PASSWORD: <Password key>
IDSTORE_BINDDN: cn=oudadmin
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
OAM11G_SERVER_LOGIN_ATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=example,dc=com
IDSTORE_NEW_SETUP: true
IDSTORE_DIRECTORYTYPE: OUD
# OAM
IDSTORE_OAMADMINUSER: oamadmin
IDSTORE_OAMSOFTWAREUSER: oamLDAP
OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
IDSTORE_SYSTEMIDBASE: cn=SystemIDs,dc=example,dc=com
# WebLogic
IDSTORE_WLSADMINUSER : weblogic_iam
IDSTORE_WLSADMINGROUP : WLSAdministrators

    Where <Password key> is the encrypted password of the Oracle Unified Directory keystore. This value can be found in the file /u01/app/oracle/admin/oud/asinst_1/OUD/config/admin-keystore.pin.

  2. Run the following command to create the required object classes. Enter the cn=oudadmin password when prompted:

    export MW_HOME=/u01/app/oracle/product/middlewareidm
export JAVA_HOME=/u01/app/oracle/product/jdk
export ORACLE_HOME=/u01/app/oracle/product/middlewareidm/idm
cd $ORACLE_HOME/idmtools/bin
./idmConfigTool.sh -preConfigIDStore input_file=/stage/OUD12c/iam.props

    The output will look similar to the following:

    Enter ID Store Bind DN Password : *******
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/oam/server/oim-intg/ldif/ojd/schema/ojd_oam_pwd_schema_add.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/oam/server/oim-intg/ldif/ojd/schema/ojd_user_schema_add.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/oam/server/oim-intg/ldif/ojd/schema/ojd_user_index_generic.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/add_oraclecontext_container.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/oud_indexes_extn.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/idm_idstore_groups_template.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/idm_idstore_groups_acl_template.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/systemid_pwdpolicy.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/fa_pwdpolicy.ldif
The tool has completed its operation. Details have been logged to automation.log

    Check the $ORACLE_HOME/idmtools/bin/automation.log log file for any errors or warnings, and correct them.

  3. In the same window, run the following command to seed the identity store with the WLS users and groups required by Identity Management. Enter the cn=oudadmin password when prompted, and the password to set for weblogic_iam:

    ./idmConfigTool.sh -prepareIDStore mode=WLS input_file=/stage/OUD12c/iam.props

    The output will look similar to the following:

    Enter ID Store Bind DN Password : 
*** Creation of Weblogic Admin User ***
<DATE> AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/oam_user_template.ldif
Enter User Password for weblogic_iam: 
Confirm User Password for weblogic_iam: 
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/weblogic_admin_group.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/common/group_member_template.ldif
The tool has completed its operation. Details have been logged to automation.log

    Check the $ORACLE_HOME/idmtools/bin/automation.log log file for any errors or warnings, and correct them.

  4. In the same window, run the following command to seed the identity store with the OAM users and groups required by Identity Management. Enter the cn=oudadmin password when prompted, and the passwords to set for oblixanonymous, oamadmin, and oamLDAP:

    ./idmConfigTool.sh -prepareIDStore mode=OAM input_file=/stage/OUD12c/iam.props

    The output will look similar to the following:

    Enter ID Store Bind DN Password : 
*** Creation of Oblix Anonymous User ***
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/oam_10g_anonymous_user_template.ldif
Enter User Password for oblixanonymous: 
Confirm User Password for oblixanonymous: 
*** Creation of oamadmin ***
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/oam_user_template.ldif
Enter User Password for oamadmin: 
Confirm User Password for oamadmin: 
*** Creation of oamLDAP ***
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/oim_user_template.ldif
Enter User Password for oamLDAP: 
Confirm User Password for oamLDAP: 
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/common/oam_user_group_read_acl_template.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/oim_group_template.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/common/oam_group_member_template.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/common/oam_group_member_template.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/oam_user_write_acl.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/fa_add_pwdpolicy.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/fa_add_pwdpolicy.ldif
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/esso_schema_extn.ldif
*** Creation of CO ***
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/common/orgunit_template.ldif
*** Creation of People ***
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/common/orgunit_template.ldif
*** Creation of vgoLocator ***
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/common/orgunit_template.ldif
*** Creation of default vgoLocator ***
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/common/esso_default.ldif
*** Creation of ESSO acl ***
<DATE> oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING:  /u01/app/oracle/product/middlewareidm/idm/idmtools/templates/oud/esso_acl.ldif
The tool has completed its operation. Details have been logged to automation.log

    Check the $ORACLE_HOME/idmtools/bin/automation.log log file for any errors or warnings, and correct them.

Loading Sample Users

In this section you import sample users (testuser - testuser9) that will be used in later tutorials.

  1. Download the users.ldif file and move the file to /stage/OUD12c.

  2. Edit the users.ldif and change the following:

    • userPassword: <password> to a value of your choice

    Note: Administrators should be aware of the following:

    • If using Oracle Advanced Authentication and intend to test user migration with EMAIL and SMS factors, then set the mail and mobile attributes to an actual email and mobile number.
    • If using Oracle Advanced Authentication and intend to test user migration with Oracle Mobile Authenticator TOTP, the LDAP attribute description is used for the key value added in Oracle Mobile Authenticator. The default value of welcome can be used for testing, but usually this should be set to a value exactly 16 characters long, in BASE32 format, and in lowercase. For example if you want your key to be M5XR7XZH26KEA2FZ, then the description field must be m5xr7xzh26kea2fz. In OMA and other authenticator applications you would enter M5XR7XZH26KEA2FZ.

  3. Launch a terminal window as oracle and run the following commands to populate the OUD directory server with sample data:

    cd /u01/app/oracle/admin/oud/asinst_1/OUD/bin
./ldapmodify -p 1389 -D "cn=oudadmin" -w <password> -a -c -f /stage/OUD12c/users.ldif

    The output should look similar to the following:

    Processing ADD request for cn=testuser,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser,cn=Users,dc=example,dc=com
Processing ADD request for cn=testuser2,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser2,cn=Users,dc=example,dc=com
Processing ADD request for cn=testuser3,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser3,cn=Users,dc=example,dc=com
Processing ADD request for cn=testuser4,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser4,cn=Users,dc=example,dc=com
Processing ADD request for cn=testuser5,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser5,cn=Users,dc=example,dc=com
Processing ADD request for cn=testuser6,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser6,cn=Users,dc=example,dc=com
Processing ADD request for cn=testuser7,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser7,cn=Users,dc=example,dc=com
Processing ADD request for cn=testuser8,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser8,cn=Users,dc=example,dc=com
Processing ADD request for cn=testuser9,cn=Users,dc=example,dc=com
ADD operation successful for DN cn=testuser9,cn=Users,dc=example,dc=com

Next Tutorial

Configure Oracle Access Management 12c Sandbox Environment.

Feedback

To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com.

Acknowledgements

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.