3 Setting Up Oracle Unified Directory as a Directory Server
You can use either the graphical user interface (GUI) or the command-line interface (CLI) to set up an Oracle Unified Directory LDAP directory server instance.
Topics:
-
Setting Up the Directory Server Using the Graphical User Interface (GUI)
-
Setting Up the Directory Server Using the Command-Line Interface (CLI)
-
Setting Up the Directory Server Using the WebLogic Scripting Tool
Before you set up an LDAP directory server instance, you must have already installed the software, as described in Installing the Oracle Unified Directory Software.
3.1 Setting Up the Directory Server Using the Graphical User Interface (GUI)
You can use the graphical user interface to set up the directory server. The graphical user interface (GUI) install uses a Java-based graphical installer that enables you to set up the directory server, load it with data, and get it running in very little time.
Note:
The OUD instance creation GUI wizard is deprecated in Oracle Unified Directory 12c (12.2.1.4.0). Oracle recommends that you use the command-line (CLI) to create an instance. See Setting Up the Directory Server Using the Command-Line Interface (CLI).The installer asks some basic questions about the server configuration and then gives you the choice of leaving your database empty, loading the server with data from your own LDIF or loading the server with automatically generated sample data. The installer also enables you to configure security and replication, and, optionally, to start the server when the configuration is complete.
To setup a directory server instance using the oud-setup
graphical user interface (GUI):
3.2 Setting Up the Directory Server Using the Command-Line Interface (CLI)
You can use the command-line interface to set up the directory server. You run the oud-setup
script with the --cli
option to set up a directory server instance using the command-line interface.
The command-line interface (CLI) install is either interactive or non-interactive. In a non-interactive installation, you can set up the server without user intervention. In interactive mode, you are prompted for the required information before the configuration begins.
To setup a directory server instance using the CLI:
3.2.1 Customizing Self Signed Certificate Generation Options
During OUD setup, you can customize the self-signed certificate by providing the following optional parameters:
- --selfSignedCertKeyAlg – To provide key algorithm of the self-signed certificate.
- --selfSignedCertKeySize – To provide key bit size of the self-signed certificate.
- --selfSignedCertSigAlg – To provide the signature algorithm of the self-signed certificate.
Note:
The values for the above parameters must be as per JDK documentation. For more information, see Java Security Standard Names documentation.Sample non-interactive command-line to setup server:
oud-setup \
--cli \
-v -Z 2386 \
--instancePath /u01/app/oracle/config/oud_instances/asinst_1/OUD \
--adminConnectorPort 4444 \
--generateSelfSignedCertificate \
--selfSignedCertKeyAlg "RSA" \
--selfSignedCertKeySize "3072" \
--selfSignedCertSigAlg "SHA512withRSA" \
--rootUserDN cn=Directory\ Manager \
--rootUserPasswordFile ****** \
--ldapPort 1386 \
--baseDN dc=example,dc=com \
--addBaseEntry \
--integration generic \
--serverTuning jvm-default \
--offlineToolsTuning jvm-default \
--no-prompt \
--noPropertiesFile
3.3 Setting Up Replication During Installation
You can set up replication as part of the installation, if you install the directory server using the graphical user interface. However, if you install the server using the command-line interface, you must set up replication using the dsreplication
command after the server is installed.
See Understanding Data Replication With dsreplication in Administering Oracle Unified Directory.
Note:
If you are running Oracle Unified Directory on HP Image Assistant (HPIA) platform, use the command-line interface to set up a replication instance. This will prevent connection issues due to HPIA JDK certificate error. See Setting Up the Directory Server Using the Command-Line Interface (CLI).-
For the first directory server in your replication topology, follow the instructions in Setting Up the Directory Server Using the Graphical User Interface (GUI).
-
On the Topologies screen, do the following:
-
Select This server will be part of a replication topology.
-
Enter the replication port number or accept the default port
8989
.The replication port must be an available port on the server, and must therefore be different for each directory server in a topology if all of them run on the same host.
-
Select Configure as Secure to use encrypted communication when connecting to the replication port on the first server.
Note the host name, and administration port, for this first directory server. You will need this information when you configure the second directory server.
-
-
Complete the configuration of the first server.
-
For the second directory server in your replication topology, follow the instructions in Setting Up the Directory Server Using the Graphical User Interface (GUI).
-
On the Topologies screen, do the following:
-
Select This server will be part of a replication topology.
-
Enter the replication port number for this directory server.
The replication port must be different from the replication port of the first directory server if both servers run on the same host.
-
Select There is already a server in the topology and enter the following:
-
Host Name: Enter the Host Name for the first directory server.
-
Port: Enter the administration port for the first directory server.
-
Admin User: Enter the bind DN for the first directory user, or accept the default.
-
Admin Password: Enter the bind password for the Admin user.
-
-
-
On the Global Administrator screen, provide the following information:
-
The UID for the new global administrator.
-
The password for the new global administrator.
-
Confirm the password for the new global administrator.
-
-
On the Data Replication screen, select one of the following options, and click Next.
-
Create first instance of base DN to be replicated.
-
Create local instance of existing base DNs and configure replication. Click the base DN for the first directory server.
-
-
Review the configuration settings for the second server, and click Finish.
-
Repeat the above procedures to set up additional servers in the replication topology.
When you have defined the Global Administrator, the entry with the DN and the password that you provided in step 5c must be defined on all servers in the topology.
3.4 Setting Up the Directory Server Using the WebLogic Scripting Tool
You can use the WebLogic Scripting Tool (WLST) to set up the directory server. Execute the oud_createInstance
with the oud-setup
script to set up a directory server instance using the WLST.
To set up a directory instance using the WLST: