4 Setting Up Oracle Unified Directory as a Proxy Server

You can use the graphical user interface or the command-line utility to set up an Oracle Unified Directory proxy server instance.

Topics:

This chapter provides an overview of the supported Oracle Unified Directory proxy deployments. For example deployments using the proxy server, see Understanding Deployments Using the Proxy Server in Administering Oracle Unified Directory.

4.1 Before You Set up the Oracle Unified Directory Proxy

To set up the Oracle Unified Directory proxy, you must have one or more remote LDAPv3-compliant directory servers. Oracle Unified Directory proxy has been tested with Oracle Unified Directory and Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1).

Before you start to set up the proxy, determine the type of deployment architecture that you want to implement from the following list:

  • Simple load balancing

  • Simple distribution

  • Distribution with load balancing

  • Failover between data centers

  • Distribution with failover between data centers

A global index catalog can be incorporated into any scenario that uses distribution. For information about creating a global index catalog, see Configuring Global Indexes Using the Command Line in Administering Oracle Unified Directory.

4.2 Setting Up the Proxy Server Using the Graphical User Interface (GUI)

The GUI setup is a Java-based graphical installer that enables you to configure all the elements required for specific Oracle Unified Directory proxy deployments.

Note:

The OUD instance creation GUI wizard is deprecated in Oracle Unified Directory 12c (12.2.1.4.0). Oracle recommends use of the command-line (CLI) to create an instance. See Setting Up the Proxy Using the CLI.

You can use the GUI setup only once per instance. To modify an installation after you have run the GUI setup, use the dsconfig command.

The following topics present a step-by-step installation using the oud-proxy-setup graphical interface, including configuration examples for simple deployments:

Before you run the GUI setup, determine the best deployment architecture using the deployment scenarios described in Understanding Deployments Using the Proxy Server in Administering Oracle Unified Directory.

4.2.1 Presentation of the GUI Setup Wizard

The setup wizard has all the graphical user interface elements that enables the user to interact with the application while setting up Oracle Unified Directory as a proxy server.

The GUI setup wizard is organized as follows:

  • The left hand pane lists the steps of the setup process. The deployment sub-steps change, according to the type of deployment that you select.

  • The arrow in the left hand pane indicates the current step.

  • The main area on the right is the action pane, where you define your deployment.

  • At the bottom of the window you have the option to go back and forth (or quit) to modify and complete your installation.

The remaining tasks in this section walk you through the various types of proxy deployments that can be set up.

4.2.2 Configuring Simple Load Balancing

You can deploy a proxy server in a simple load balancing configuration to optimize performance by distributing incoming requests across multiple resources.

To configure simple load balancing:

  1. When you have installed the software, change to the OUD_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/$OUD_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location\$OUD_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).

  3. Run the oud-proxy-setup command to configure the proxy server installation.

    On UNIX and Linux systems:

    $ oud-proxy-setup
    

    On Windows systems:

    C:\> oud-proxy-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    Note:

    The instance is created directly under OUD-base-location by default. However, Oracle strongly recommends that you create your Oracle Unified Directory instance outside of the Oracle home directory.

    To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    
  4. On the Welcome panel, click Next.

  5. On the Server Settings panel, enter the following information:

    • Host Name: Enter the proxy server's host name or IP address.

      The default is the local host name.

    • LDAP Listener Port: Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX and Linux systems, if you run the installer as a non-root user, the default is 1389, if available.

    • LDAP Secure Access: To configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access: Select Enable SSL and enter a valid port for secure LDAP operations.

        The default secure port that is proposed is the first available port that ends with 636. On UNIX and Linux systems, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access: Select Enable StartTLS for LDAP.

      3. Certificate: If you are in a testing environment, select Generate Self-Signed Certificate.

        For production servers, select Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK to continue.

    • Administration Port: Enter the port that will be used for administration traffic.

      The default administration port is 4444. See Managing Administration Traffic to the Server in Administering Oracle Unified Directory.

    • Root User DN: Enter the Root User DN, or keep the default, cn=Directory Manager.

    • Password: Enter the root user bind password.

    • Password (confirm): Reenter the root user bind password.

    Click Next.

    The Deployment Options screen is displayed.

  6. Select Use load balancing on a replicated data set from the Configuration Option drop-down menu.

    Note:

    If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command, or the Oracle Unified Directory Services Manager interface, to configure your deployment.

    Click Next.

    The Back-End Servers screen is displayed.

  7. Select the remote LDAP servers that hold the corresponding replicated data.

    1. If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.

      • For Oracle Unified Directory servers:

        Select Connect to a replicated Oracle Unified Directory server.

        Enter the host name, administration port, administration bind DN, and password for the remote Oracle Unified Directory server.

        Click Connect.

        Accept the certificate.

        Check the servers that should be part of the load balanced topology.

        When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

        Click OK.

      • For Oracle Directory Server Enterprise Edition servers:

        Select Connect to a DSCC registry.

        Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.

        Check the servers that should be part of the load balanced topology.

        The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

        Click OK.

    2. If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.

      • Enter the server name, port and security settings.

        The security settings you set here will determine the security between the Oracle Unified Directory proxy and remote LDAP servers. See Configuring Security Between Clients and Servers in Administering Oracle Unified Directory.

      • Click Add.

      • Click Close when you have added all the remote LDAP servers for the load balanced topology.

    Click Next.

    The Load Balancing Options screen is displayed.

  8. Choose a load balancing algorithm.

    For information about the various load balancing algorithms, see Configuring Load Balancing Using the Proxy in Administering Oracle Unified Directory.

  9. Set the load balancing algorithm properties or select Default Values.

    When you have completed the installation, the properties can be modified. For more information about modifying load balancing properties, see Configuring Load Balancing Using the Proxy in Administering Oracle Unified Directory.

    1. For proportional, set the weight. Requests are distributed between the remote LDAP servers based on the weight indicated.

      For example, if you leave the default value of 1, then all servers will receive the same number of requests.

    2. For failover, indicate the order in which the servers are used.

      The server with a value of 0 is the highest priority server. The other servers are used only if there is a failure on the main server.

    3. For saturation, set the order in which the servers are used and the saturation threshold of each server.

      Requests are sent to the server with the highest priority (1) until it reaches the threshold indicated. The saturation threshold is the rate at which the server is considered saturated, or full. Typically this limit should be set lower than 100%.

    4. For optimal, no additional configuration is required.

      The active server is selected based on the saturation index, which is calculated automatically.

  10. Enter the naming context, or suffix.

    If the remote LDAP servers are online, the setup connects to them and displays the naming contexts that are available on the servers.

    If no naming contexts are proposed, enter the DN of the naming context that you want to use, for example, dc=example,dc=com.

    Click Next.

    The Runtime options screen is displayed.

  11. Click Change to configure any specific JVM settings, or click Next to run the server with the default JVM settings.

    The Review screen is displayed.

  12. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

  13. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

  14. Click Finish to complete the installation.

    When the installation is complete, you can use the dsconfig command to modify the installation. See Managing the Server Configuration Using dsconfig in Administering Oracle Unified Directory.

4.2.3 Configuring Simple Distribution

You can deploy a proxy server in a simple distribution topology to scale your directory by splitting your data across multiple servers.

To configure simple distribution:

  1. When you have installed the software, change to the OUD_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/$OUD_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location\$OUD_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).

  3. Run the oud-proxy-setup command to configure the proxy server installation.

    On UNIX and Linux systems:

    $ oud-proxy-setup
    

    On Windows systems:

    C:\> oud-proxy-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    Note:

    The instance is created directly under OUD-base-location by default. However, Oracle strongly recommends that you create your Oracle Unified Directory instance outside of the Oracle home directory.

    To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    
  4. On the Welcome panel, click Next.

  5. On the Server Settings screen, enter the following information:

    • Host Name: Enter the proxy server's host name or IP address.

      The default is the local host name.

    • LDAP Listener Port: Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX and Linux systems, if you run the installer as a non-root user, the default is 1389, if available.

    • LDAP Secure Access: To configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access: Select Enable SSL and enter a valid port for secure LDAP operations.

        The default secure port that is proposed is the first available port that ends with 636. On UNIX and Linux systems, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access: Click Enable StartTLS for LDAP.

      3. Certificate: If you are in a testing environment, select Generate Self-Signed Certificate.

        For production servers, click Use an Existing Certificate, and then click the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK.

    • Administration Port: Enter the port that will be used for administration traffic.

      The default administration port is 4444. See Managing Administration Traffic to the Server in Administering Oracle Unified Directory.

    • Root User DN: Enter the Root User DN, or keep the default, cn=Directory Manager.

    • Password: Enter the root user bind password.

    • Password (confirm): Retype the root user bind password.

    • Click Next.

  6. In the Deployment Options panel, select Use distribution on a partitioned data set from the Configuration Option drop-down menu.

    If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command or the Oracle Unified Directory Services Manager interface to configure your deployment.

  7. Drag the sliding arrow to specify the number of partitions on which the data is separated.

    For the example distribution scenario, select two partitions.

    Click Next.

  8. Define how the data will be partitioned across the LDAP servers.

    1. Select the Partitioning Algorithm from the drop-down list.

      For information about the various partitioning algorithms and distribution using the proxy, see Overview of Load Balancing Using the Proxy in Administering Oracle Unified Directory.

    2. Enter the naming context.

      For example, dc=example,dc=com.

    3. Enter the distribution base DN.

      For example, ou=people. The distribution base DN is the level after which the distribution requests apply.

    4. If you have selected a Lexico or Numeric algorithm, enter the distribution attribute.

      For example,uid.

  9. Depending on the distribution algorithm, define the partition capacities, DN patterns, or boundaries for each partition.

    If you use the Set Default button, the installation wizard sets defaults that might not correspond to your deployment. This feature can, however, be useful for testing purposes.

    1. For capacity, set the maximum number of entries for each partition.

      For example, if you set maximum entries to 1000, only 1000 Add requests will be sent to the LDAP server associated with that partition. If you set maximum entries to 1000 for partition 1 and 2000 for partition 2, the proxy will send twice the number of requests to partition 2.

      Note:

      If you select the capacity algorithm, you must create a global index, as described in the next step.

    2. For DN pattern, set the DN pattern string for each partition.

      For example, cn=[a].* means that requests with a uid that starts with a will be sent to partition 1. See About DN Pattern String Syntax in Administering Oracle Unified Directory.

    3. For lexico, set the alphabetic boundaries for each partition.

      For example, for partition 1, From=A, To=K. Then, uids with values between A and K will be sent to partition 1.

    4. For numeric, set numeric boundaries for each partition.

      For example, for partition 1, From=0, To=1000. Then, uids between 0 and 1000 will be sent to partition 1.

    Note:

    The upper boundary is exclusive. That is, if you set the upper boundary to 1000, only entries up to 999 will be distributed to that partition.

    If you leave one of the boundaries blank, this will be considered as unlimited. In other words, if you set the lower boundary to 1000 and the upper boundary to blank, the partition will include everything after 1000.

    Click Next.

  10. Configure the global index.

    1. Select Enable Global Indexes.

      If you have selected a capacity algorithm, this option will already be selected because Global indexes are mandatory for the capacity algorithm.

    2. Add attributes to be indexed:

      • Select Index the DNs if you want the DNs included in the global index.

      • Select Index other attributes if you want attributes other than the DNs included.

      • Select attributes from the Available Attributes list and click Add to include those attributes in the global index.

        All available attributes are listed. Choose only those attributes that contain unique values.

        If necessary, use the split-ldif command to divide LDIF files into files containing the expected data for global indexes. See Configuring Global Indexes Using the Command Line in Administering Oracle Unified Directory.

    The installation wizard creates a global index catalog, named gi-catalog by default, and populates the global index catalog with global indexes of the selected attributes. All global indexes are associated with the same global index catalog (gi-catalog). The installation wizard also creates a global index replication administrator with the same password as the directory manager.

    See Configuring Global Indexes Using the Command Line in Administering Oracle Unified Directory.

  11. For each partition, select the remote LDAP server that holds the corresponding partitioned data.

    Note:

    If you add two servers for one partition, you must configure load balancing between these servers. This use case is explained in the example Configuring Distribution with Load Balancing.

    1. If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.

      For Oracle Unified Directory servers:

      1. Select Connect to a replicated Oracle Unified Directory server.

      2. Enter the host name, administration port, administration bind DN, and password for the remote Oracle Unified Directory server.

      3. Click Connect.

      4. Accept the certificate.

        Check the servers that should be part of the load balanced topology.

        When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

      5. Click OK.

      For Oracle Directory Server Enterprise Edition servers:

      1. Select Connect to a DSCC registry.

      2. Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.

      3. Check the servers that should be part of the load balanced topology.

        The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

      4. Click OK.

    2. If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.

      1. Enter the server name, port and security settings.

        The security settings that you set here determine the security between the Oracle Unified Directory proxy and remote LDAP servers. See Configuring Security Between the Proxy and the Data Source in Administering Oracle Unified Directory.

      2. Click Add.

      3. Click Close when you have added all the remote LDAP servers for the distributed topology.

  12. On the Runtime options panel, click Change to configure any specific JVM setting, or click Next to run the server with the default JVM settings.

  13. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

  14. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

  15. Click Finish to complete the installation.

    When the installation is complete, you can use the dsconfig command to modify the installation. See Managing the Server Configuration Using dsconfig in Administering Oracle Unified Directory.

4.2.4 Configuring Distribution with Load Balancing

You can deploy a proxy server in a distribution with load balancing configuration to split the data into partitions. You can also replicate the data on the remote LDAP servers.

To configure distribution with load balancing:

  1. When you have installed the software, change to the OUD_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/$OUD_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location\$OUD_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (at least Java 1.6).

  3. Run the oud-proxy-setup command to configure the proxy server installation.

    On UNIX and Linux systems:

    $ oud-proxy-setup
    

    On Windows systems:

    C:\> oud-proxy-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    Note:

    The instance is created directly under OUD-base-location by default. However, Oracle strongly recommends that you create your Oracle Unified Directory instance outside of the Oracle home directory.

    To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    
  4. On the Welcome panel, click Next.

  5. On the Server Settings panel, enter the following information:

    • Host Name: Enter the proxy server's host name or IP address.

      The default is the local host name.

    • LDAP Listener Port: Enter the LDAP port for the proxy server.

      The default port that is proposed is the first available port that ends with 389. On UNIX and Linux systems, if you run the installer as a non-root user, the default is 1389, if available.

    • LDAP Secure Access: To configure SSL, StartTLS, or both, click Configure.

      Complete the following information:

      1. SSL Access: Select Enable SSL and enter a valid port for secure LDAP operations.

        The default secure port that is proposed is the first available port that ends with 636. On UNIX and Linux systems, if you run the installer as a non-root user, the default is 1636, if available.

      2. StartTLS Access: Click Enable StartTLS for LDAP.

      3. Certificate: If you are in a testing environment, select Generate Self-Signed Certificate.

        For production servers, click Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      4. Click OK.

    • Administration Port: Enter the port that will be used for administration traffic.

      The default administration port is 4444. See Managing Administration Traffic to the Server in Administering Oracle Unified Directory.

    • Root User DN: Enter the Root User DN, or keep the default, cn=Directory Manager.

    • Password: Enter the root user bind password.

    • Password (confirm): Retype the root user bind password.

    Click Next to continue.

    The Deployment Options screen is displayed.

  6. Select Use distribution on a partitioned data set from the Configuration Option drop-down menu.

    If you select Configure later, only the server settings that you specified in the previous step are configured. You must then use the dsconfig command or the Oracle Unified Directory Services Manager interface to configure your deployment.

  7. Drag the sliding arrow to specify the number of partitions on which the data is separated.

    For the example distribution scenario, select two partitions.

    Click Next.

  8. Define how the data will be partitioned across the LDAP servers.

    1. Select the Partitioning Algorithm from the drop-down list.

      For information about the various partitioning algorithms for the proxy, see Overview of Data Distribution Using the Proxy in Administering Oracle Unified Directory.

    2. Enter the naming context.

      For example, dc=example,dc=com.

    3. Enter the distribution base DN.

      For example, ou=people. The distribution base DN is the level after which the distribution requests apply.

    4. If you have selected a Lexico or Numeric algorithm, enter the distribution attribute.

      For example,uid.

  9. Depending on the distribution algorithm, define the partition capacities, DN patterns, or boundaries for each partition.

    If you use the Set Default button, the installation wizard sets defaults, that might not correspond to your deployment. This feature can, however, be useful for testing purposes.

    1. For capacity, set the maximum number of entries for each partition.

      For example, if you set maximum entries to 1000, only 1000 Add requests will be sent to the LDAP server associated with that partition. If you set maximum entries to 1000 for partition 1 and 2000 for partition 2, the proxy will send twice the number of requests to partition 2.

      If you select the capacity algorithm, you must create a global index, as described in the next step.

    2. For DN pattern, set the DN pattern string for each partition.

      For example, cn=[a].* means that requests with a uid that starts with a will be sent to partition 1. See About DN Pattern String Syntax in Administering Oracle Unified Directory.

    3. For lexico, set the alphabetic boundaries for each partition.

      For example, for partition 1, From=A, To=K. Then, uids with values between A and K will be sent to partition 1.

    4. For numeric, set numeric boundaries for each partition.

      For example, for partition 1, From=0, To=1000. Then, uids between 0 and 1000 will be sent to partition 1.

      The upper boundary is exclusive. That is, if you set the upper boundary to 1000, only entries up to 999 will be distributed to that partition.

      If you leave one of the boundaries blank, this will be considered as unlimited. In other words, if you set the lower boundary to 1000 and the upper boundary to blank, the partition will include everything after 1000.

    Click Next.

  10. Configure the global index.

    1. Select Enable Global Indexes.

      If you have selected a capacity algorithm, this option will already be selected because Global indexes are mandatory for the capacity algorithm.

    2. Add attributes to be indexed:

      1. Select Index the DNs if you want the DNs included in the global index.

      2. Select Index other attributes if you want attributes other than the DNs included.

      3. Select attributes from the Available Attributes list and click Add to include those attributes in the global index.

        All available attributes are listed. Choose only those attributes that contain unique values.

        If necessary, use the split-ldif command to divide LDIF files into files containing the expected data for global indexes. See Creating a Global Index Catalog Containing Global Indexes in Administering Oracle Unified Directory.

      The installation wizard creates a global index catalog, named gi-catalog by default, and populates the global index catalog with global indexes of the selected attributes. All global indexes are associated with the same global index catalog (gi-catalog). The installation wizard also creates a global index replication administrator with the same password as the directory manager.

      See Configuring Global Indexes Using the Command Line in Administering Oracle Unified Directory.

  11. For each partition, select the remote LDAP server that holds the corresponding partitioned data.

    You must select at least two remote LDAP servers per partition to deploy distribution with load balancing.

    1. If your remote LDAP servers are Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Oracle Servers.

      For Oracle Unified Directory servers:

      1. Select Connect to a replicated Oracle Unified Directory server.

      2. Enter the host name, administration port, administration bind DN, and password for the remote Oracle Unified Directory server.

      3. Click Connect.

      4. Accept the certificate.

      5. Check the servers that should be part of the load balanced topology.

        When you have entered the details of one directory server in a replicated topology, the setup wizard displays all other replicated servers in that topology.

      6. Click OK.

      For Oracle Directory Server Enterprise Edition servers:

      1. Select Connect to a DSCC registry.

      2. Enter the DSCC host name, DSCC port, protocol, and the Directory Service Manager credentials for the DSCC registry.

      3. Check the servers that should be part of the load balanced topology.

        The setup wizard displays all the Oracle Directory Server Enterprise Edition server instances that are registered in the DSCC registry.

      4. Click OK.

    2. If your remote LDAP servers are not Oracle Unified Directory servers or Oracle Directory Server Enterprise Edition servers, click Add Server.

      1. Enter the server name, port and security settings.

        The security settings you set here will determine the security between the Oracle Unified Directory proxy and remote LDAP servers. See Configuring Security Between the Proxy and the Data Source in Administering Oracle Unified Directory.

      2. Click Add.

      3. Click Close when you have added all the remote LDAP servers for the distributed topology.

  12. For each partition, set load balancing.

    1. Choose the load balancing algorithm.

      For example, select Proportional with default values.

    2. Set the load balancing algorithm properties or select Default Values.

      When you have completed the installation, the properties can be modified. See Modifying Load Balancing Properties in Administering Oracle Unified Directory.

      • For proportional load balancing, set the weight. Requests are distributed between the remote LDAP servers based on the weight indicated.

        For example, if you leave the default value of 1, all servers will receive the same number of requests.

      • For failover, indicate the order in which the servers are used.

        The server with a value of 1 will be the main server. The other servers will only be used if there is a failure on the server with a priority of 1.

      • For saturation, set the order in which the servers are used and the saturation threshold of each server.

        Requests are sent to the server with the highest priority (1) until it reaches the threshold indicated. The saturation threshold is the rate at which the server is considered saturated, or full. Typically this limit should be set lower than 100%.

      • For optimal, no additional configuration is required.

        The active server is selected based on the saturation index, which is calculated automatically.

  13. On the Runtime options panel, click Change to configure any specific JVM setting, or click Next to run the server with the default JVM settings.

    See Configuring the Java Run-Time Settings During the Server Setup.

    The Review screen is displayed.

  14. Review the installation configuration.

    If you need to make any modifications, use the Previous button.

  15. To display the commands that will be launched for this installation, select Show Command from the drop down menu.

    These commands are saved in a log file, in the logs folder. You can use these commands to run additional installations with similar deployment options later.

  16. Click Finish to complete the installation.

When the installation is complete, you can use the dsconfig command to modify the installation. See Managing the Server Configuration Using dsconfig in Administering Oracle Unified Directory.

4.2.5 Enterprise User Security (EUS) Configuration

You can deploy a proxy server in an Enterprise User Security configuration to store the configuration details locally in the Oracle Unified Directory directory server and the enterprise users or group details in the remote external LDAP directory.

After you have installed the Oracle Unified Directory software, as described in Installing the Oracle Unified Directory Software, you can configure the proxy instance to use Enterprise User Security (EUS).

For the configuration procedure, see Configuring Oracle Unified Proxy to Work with an External LDAP Directory and Enterprise User Security in Administering Oracle Unified Directory.

4.3 Set Up the Proxy Using the Command-Line (CLI)

The interactive command-line setup prompts you for the first steps of an Oracle Unified Directory proxy installation. For example, running the oud-proxy-setup or oud-proxy-setup.bat script in command-line mode defines the proxy host name, proxy port, and security configuration.

To complete the deployment and to configure the proxy instance using dsconfig or Oracle Unified Directory Services Manager, see Configuring Proxy, Distribution, and Virtualization Functionality in Administering Oracle Unified Directory.

You can also use a common properties file to provide default values for options. For more information about using a properties file with server commands, see Using a Properties File With Server Commands in Administering Oracle Unified Directory.

4.3.1 Setting Up the Proxy Using the CLI

If you have previously used the graphical wizard to set up the proxy, you can copy the commands that are launched by the wizard before completing the installation. The commands displayed by the install wizard are a good starting point for scripting an installation.

See Duplicating an Oracle Unified Directory Proxy Installation.

To set up a proxy using the CLI:

  1. After you have installed the Oracle Unified Directory software, change to the OUD_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/$OUD_HOME
    

    On Widows systems:

    C:\> cd OUD-base-location\$OUD_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (JDK 8 or JRE 8).
  3. Enter the oud-proxy-setup command with the --cli option, specifying the server details as follows:

    On UNIX and Linux systems:

    $ oud-proxy-setup --cli -p 1389 --adminConnectorPort 4444 -D 
    "cn=Directory Manager" -j pwd-file 
    

    On Windows systems:

    C:\> oud-proxy-setup.bat -cli -p 1389  --adminConnectorPort 4444 -D
    "cn=Directory Manager" -j pwd-file 
    

    In these examples, -p specifies the proxy LDAP port used to send data between the client and the proxy, --adminConnectorPort specifies the proxy administration port, -D specifies the bind DN, and -j specifies the file containing the proxy LDAP bind password.

    The oud-proxy-setup command launches the setup script and creates the Oracle Unified Directory proxy instance in OUD-base-location/instance-dir.

    The default instance directory is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the script. For example:

    $ export INSTANCE_NAME=my-oud-proxy-instance
    

    Note:

    The instance is created directly under OUD-base-location by default. However, Oracle strongly recommends that you create your Oracle Unified Directory instance outside of the Oracle home directory.

    To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-proxy-instance
    

    Note:

    To configure Enterprise User Security (EUS) in CLI mode, specify the following option when you run the setup script:

    oud-proxy-setup --eusContext namingContext

    For example:

    $ oud-proxy-setup --eusContext dc=example,dc=com

  4. To complete the proxy deployment, you must configure workflow elements, workflows, network group, and other required components.

    These components depend on your deployment architecture. For examples based on supported use cases, see Configuring Proxy, Distribution, and Virtualization Deployments in Administering Oracle Unified Directory.

4.4 Duplicating an Oracle Unified Directory Proxy Installation

You must duplicate your Oracle Unified Directory proxy installation to set up a replicated Oracle Unified Directory proxy. You can either use the graphical user interface or the installation log file to duplicate a proxy installation.

4.4.1 Duplicating a Proxy Installation Using the GUI

If you are using the graphical install wizard to set up Oracle Unified Directory proxy, you can copy the commands that are launched by the wizard before completing the installation. The commands displayed by the install wizard are a good starting point for scripting an installation.

To duplicate a proxy installation:

  1. Using the graphical install wizard, define the proxy installation but do not click Finish.
  2. On the Review page, select the Show Commands button from the top right.
  3. Copy the commands that are displayed.
  4. Paste them into a text file.

    You can now complete your first installation by clicking Finish.

  5. Edit the commands to modify the port, the host name, and the password.

    Replace the generic asinst variable with the appropriate instance name, either by anticipating the instance name, or by setting the INSTANCE_NAME variable. You might also need to quote certain arguments, depending on your shell scripting language.

  6. Save the updated file as a script.
  7. On the system where you want to host the next Oracle Unified Directory proxy instance, install the Oracle Unified Directory software, as described in Installing the Oracle Unified Directory Software.
  8. Change to the OUD_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/$OUD_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location\$OUD_HOME
    
  9. Run the script that you saved in Step 5.

4.4.2 Duplicating a Proxy Installation Using the Installation Log File

When you have completed a proxy installation, a log file named oud-setup saves the commands of the installation. You can use this file to duplicate an Oracle Unified Directory proxy instance.

To duplicate a proxy installation:

  1. Change to the logs directory.
    $ cd OUD-base-location/instance-name/OUD/logs
    
  2. Open the file oud-setup.
  3. Edit the commands to modify the port, the host name, and the password file of the new proxy instance.

    Replace the generic asinst variable with the appropriate instance name, either by anticipating the instance name, or by setting the INSTANCE_NAME variable. You might also need to quote certain arguments, depending on your shell scripting language.

  4. Save the updated file as a script.
  5. On the system where you want to host the next Oracle Unified Directory proxy instance, install the Oracle Unified Directory software, as described in Installing the Oracle Unified Directory Software.
  6. Change to the OUD_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/$OUD_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location\$OUD_HOME
    
  7. Run the script that you saved in Step 4.

4.5 Manage Redundancy for Oracle Unified Directory

You can make the proxy server redundant to avoid a single point of failure in your deployment. Use multiple replicated proxy server instances to ensure redundancy.

See Multiple Replicated Proxies in Administering Oracle Unified Directory.

4.6 Setting Up the Proxy Server Using the WebLogic Scripting Tool

You can use the WebLogic Scripting Tool (WLST) to set up the proxy server. Execute the oud_createInstance with the oud-proxy-setup script to set up a proxy instance using the WLST.

To set up a proxy instance using the WLST:

  1. Set the PRODUCT_HOME and DOMAIN_HOME environment variables before launching WLST.
    export PRODUCT_HOME=/scratch/user/middleware/oracle_home
    export DOMAIN_HOME=/scratch/user/middleware/oracle_home/user_projects/domains/base_domain

    PRODUCT_HOME is similar to ORACLE_HOME. It points to the directory where a user provides at the time of product installation. However, DOMAIN_HOME points to the directory where domains that you configure are created.

  2. Launch the WLST:

    On UNIX and Linux systems:

    $ ORACLE_HOME/oracle_common/common/bin/wlst.sh

    On Windows systems:

    C:\> ORACLE_HOME\oracle_common\common\bin\wlst.cmd

    ORACLE_HOME is the Oracle home directory you specified at installation.

  3. Execute the oud_createInstance command with script name oud-proxy-setup to create the OUD Server instance.
    oud_createInstance(scriptName='oud-proxy-setup',instanceName='oud_proxy',hostname='localhost',ldapPort=1393,
    rootUserDN='cn=Directory\ Manager',rootUserPasswordFile='/scratch/user/work/password.txt',adminConnectorPort=2444)
    

    scriptName indicates the setup script based on the flavor of OUD. The value for this parameter can be any one from [oud-setup, oud-proxy-setup, oud-replication-gateway-setup].

    instanceName indicates the name of the instance. For example, oud_proxy.

    Note:

    Arguments that cannot have a value like noPropertiesFile and so on, can also be used with the custom WLST commands. You must pass an empty value for these arguments. For example, noPropertiesFile=''.

    See oud-proxy-setup in Administering Oracle Unified Directory for the rest of the parameters and their descriptions.

    Output:

    Successfully wrote the updated Directory Server configuration
    The server is now installed but not started. You can start the server using the "start-ds" command
    Successfully created OUD instance