Before You Begin
This 15-minute tutorial shows you how to configure the Flat
Tree workflow element and execute the LDAP search operations
demonstrating the expected results with and without the workflow
element.
This tutorial is part of the Oracle Virtual
Directory 11g to Oracle Unified Directory 12c Transition
Series.
Background
The Flat Tree workflow element provides the Flat Tree functionality in Oracle Unified Directory (OUD). This workflow element compresses a directory information tree so that all entries appear directly under the root base DN.
For example, assume you have a base DN with root dc=oracle,dc=com
and the Flat Tree workflow element deployed against it. The Flat
Tree workflow element converts an entry DN, such as uid=jsmith,cn=users,dc=peopleContainer,dc=oracle,dc=com
from the back-end to uid=jsmith,dc=oracle,dc=com
(directly under the root base DN). Consequently, the
hierarchical structure of the backend data is flattened and
displayed directly under the root base DN.
What Do You Need?
- An environment with at least 16 GB of physical memory,
Oracle Enterprise Linux 6.6 or later, and
oracle
credentials - A basic understanding of Linux
- This tutorial assumes that you have already installed Oracle Unified Directory 12c
- Two LDIF files, flattree1.ldif and flattree2.ldif containing the sample data must be loaded into the respective OUD instances
- The
pwd.txt
file contains the Directory Manager's password needed during the OUD setup - This tutorial assumes that you have already defined the
following environment variables:
OUD_ORACLE_HOME=/u01/app/oracle/product/oud/oud
OUD_INSTANCES=/u01/app/oracle/config/oud_instances
Set Up Directory Server Instances
In this section, you'll use the oud-setup
utility
to set up Oracle Unified Directory server instances.
- Launch a terminal window as
oracle
and navigate to theOUD_ORACLE_HOME
directory.$ cd /u01/app/oracle/product/oud/oud
- Run the
oud-setup
command to set up a directory server instanceoud1
:$ ./oud-setup --cli --no-prompt --hostname host01.ab.example.com \ --ldapPort 10389 --adminConnectorPort 10444 \ --instancePath /u01/app/oracle/config/oud_instances/oud1/OUD \ --rootUserDN "cn=Directory Manager" --rootUserPasswordFile ~/pwd.txt \ --baseDN dc=example,dc=com --ldifFile ~/flattree1.ldif \ --integration generic --serverTuning jvm-default \ --offlineToolsTuning jvm-default --noPropertiesFile
The output should look similar to this:
Oracle Unified Directory 12.2.1.4.0 Please wait while the setup program initializes... Creating instance directory /u01/app/oracle/config/oud_instances/oud1/OUD .....Done. See /u01/app/oracle/config/oud_instances/oud1/OUD/logs/oud-setup for a detailed log of this operation. Configuring Directory Server ..... Done. Importing LDIF file /u01/app/home/oracle/flattree1.ldif ....... Processed 9 entries, imported 9, skipped 0, rejected 0 and migrated 0 in 0 seconds (average rate 17.8/sec) Starting Directory Server ....... Done. To see basic server configuration status and configuration you can launch /u01/app/oracle/config/oud_instances/oud1/OUD/bin/status
- Run the
oud-setup
command to set up a second directory server instanceoud2
:$ ./oud-setup --cli --no-prompt --hostname host01.ab.example.com \ --ldapPort 8389 --adminConnectorPort 8444 \ --instancePath /u01/app/oracle/config/oud_instances/oud2/OUD \ --rootUserDN "cn=Directory Manager" --rootUserPasswordFile ~/pwd.txt \ --baseDN dc=example,dc=com --ldifFile ~/flattree2.ldif \ --integration generic --serverTuning jvm-default \ --offlineToolsTuning jvm-default --noPropertiesFile
The output should look similar to this:
Oracle Unified Directory 12.2.1.4.0 Please wait while the setup program initializes... Creating instance directory /u01/app/oracle/config/oud_instances/oud2/OUD .....Done. See /u01/app/oracle/config/oud_instances/oud2/OUD/logs/oud-setup for a detailed log of this operation. Configuring Directory Server ..... Done. Importing LDIF file /u01/app/home/oracle/flattree2.ldif ....... Processed 11 entries, imported 11, skipped 0, rejected 0 and migrated 0 in 0 seconds (average rate 17.4/sec) Starting Directory Server ....... Done. To see basic server configuration status and configuration you can launch /u01/app/oracle/config/oud_instances/oud2/OUD/bin/status
Set Up a Proxy Server Instance
In this section, you'll use the oud-proxy-setup
utility to set up an Oracle Unified Directory proxy server
instance.
- Set the
INSTANCE_NAME
environment variable before you run the setup to specify an instance path:$ export INSTANCE_NAME=../../config/oud_instances/oudp1
- Run the
oud-proxy-setup
command to set up a proxy server instanceoudp1
:$ ./oud-proxy-setup --cli --no-prompt \ --adminConnectorPort 9444 --ldapPort 9389 \ --rootUserDN "cn=Directory Manager" --rootUserPasswordFile ~/pwd.txt \ --noPropertiesFile
The output should look similar to this:
Successfully wrote the updated Directory Server configuration Starting the Server : /u01/app/oracle/config/oud_instances/oudp1/OUD/bin/start-ds --timeout 0 [29/Mar/2019:04:41:11 -0700] category=CORE severity=INFORMATION msgID=132 msg=The Directory Server is beginning the configuration bootstrapping process . . [29/Mar/2019:04:41:17 -0700] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully [29/Mar/2019:04:41:17 -0700] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887): The Directory Server has started successfully
Create a Workflow to Connect a Proxy Server with the First Directory Server
In this section, you'll enable communication between a remote LDAP server and a proxy server by using LDAP server extensions and proxy LDAP workflow elements.
- Navigate to the
oudp1
instance directory:$ cd /u01/app/oracle/config/oud_instances/oudp1/OUD/bin
- Create an LDAP server extension
Ldap-Extension1
that points tooud1
:$ ./dsconfig create-extension --type ldap-server \ --extension-name Ldap-Extension1 \ --set enabled:true --set remote-ldap-server-port:10389 \ --set remote-ldap-server-address:host01.ab.example.com \ --hostname host01.ab.example.com --port 9444 \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --no-prompt --trustAll
- Create an LDAP proxy workflow element
LdapProxy-WE1
that points tooud1
:$ ./dsconfig create-workflow-element --type proxy-ldap \ --element-name LdapProxy-WE1 --set enabled:true \ --set client-cred-mode:use-client-identity \ --set ldap-server-extension:Ldap-Extension1 \ --set remote-ldap-server-bind-dn:"cn=Directory Manager" \ --set remote-ldap-server-bind-password:~/pwd.txt \ --hostname host01.ab.example.com --port 9444 --portProtocol LDAP \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --no-prompt --trustAll
- Create a Flat Tree workflow element
FlatTree-WE1
:$ ./dsconfig create-workflow-element --type flat-tree \ --element-name FlatTree-WE1 --set enabled:true \ --set base-dn:dc=example,dc=com \ --set next-workflow-element:LdapProxy-WE1 \ --hostname host01.ab.example.com --port 9444 \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --trustAll --no-prompt
- Create a generic workflow
Gen-WorkFlow1
for the Flat Tree workflow elementFlatTree-WE1
:$ ./dsconfig create-workflow --workflow-name Gen-WorkFlow1 \ --set base-dn:dc=example,dc=com --set enabled:true \ --set workflow-element:FlatTree-WE1 \ --hostname host01.ab.example.com --port 9444 \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --trustAll --no-prompt
- Add the workflow
Gen-WorkFlow1
to a network groupnetwork-group
:$ ./dsconfig set-network-group-prop --group-name network-group \ --set enabled:true --set workflow:Gen-WorkFlow1 \ --hostname host01.ab.example.com --port 9444 \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --trustAll --no-prompt
Validate the Flat Tree Workflow Element Configuration
Since the Flat Tree workflow element is enabled, you'll check if the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.
- To locate a specific user in the directory, run the
ldapsearch
command with the filter"(cn=Harry Miller)"
on the directory server without the Flat Tree workflow element:$ ./ldapsearch --hostname host01.ab.example.com --port 10389 \ --baseDN dc=example,dc=com "(cn=Harry Miller)"
The output should look similar to this:
dn: uid=hmiller,ou=People,dc=example,dc=com mail: hmiller@example.com sn: Miller roomNumber: 4304 cn: Harry Miller ou: Human Resources objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person givenName: Harry telephoneNumber: +1 408 555 9804 facsimileTelephoneNumber: +1 408 555 9332 l: Santa Clara uid: hmiller
- To locate a specific user in the directory, run the
ldapsearch
command with the filter"(cn=Harry Miller)"
on the proxy server with the Flat Tree workflow element enabled:$ ./ldapsearch --hostname host01.ab.example.com --port 9389 \ --baseDN dc=example,dc=com "(cn=Harry Miller)"
The output should look similar to this:
dn: uid=hmiller,dc=example,dc=com mail: hmiller@example.com sn: Miller roomNumber: 4304 cn: Harry Miller ou: Human Resources objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person givenName: Harry telephoneNumber: +1 408 555 9804 facsimileTelephoneNumber: +1 408 555 9332 l: Santa Clara uid: hmiller
If you compare the output of Step 1 with that of Step 2, you will notice that the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.
- To return all entries below a specified branch DN using the
presence search filter
(objectclass=person)
, run theldapsearch
command on the directory server without the Flat Tree workflow element as follows:$ ./ldapsearch --hostname host01.ab.example.com --port 10389 \ --baseDN dc=example,dc=com "(objectclass=person)" '*'
The output should look similar to this:
dn: uid=alutz,ou=People,dc=example,dc=com mail: alutz@example.com sn: Lutz roomNumber: 1327 cn: Alexander Lutz ou: Product Development objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person givenName: Alexander telephoneNumber: +1 408 555 6505 facsimileTelephoneNumber: +1 408 555 4774 l: Santa Clara uid: alutz
- To return all entries below a specified branch DN using the
presence search filter
(objectclass=person)
, run theldapsearch
command on the proxy server with the Flat Tree workflow element as follows:$ ./ldapsearch --hostname host01.ab.example.com --port 9389 \ --baseDN dc=example,dc=com "(objectclass=person)" '*'
The output should look similar to this:
dn: uid=alutz,dc=example,dc=com mail: alutz@example.com sn: Lutz roomNumber: 1327 cn: Alexander Lutz ou: Product Development objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person givenName: Alexander telephoneNumber: +1 408 555 6505 facsimileTelephoneNumber: +1 408 555 4774 l: Santa Clara uid: alutz
Output with a Flat Tree workflow element enabled
If you compare the output of Step 3 with that of Step 4, you will notice that the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.
Create another Workflow to Connect a Proxy Server with the Second Directory Server
In this section, you'll enable communication between another remote LDAP server and a proxy server by using LDAP server extensions and proxy LDAP workflow elements.
- Navigate to the
oudp1
instance directory:$ cd /u01/app/oracle/config/oud_instances/oudp1/OUD/bin
- Create an LDAP server extension
Ldap-Extension2
that points tooud2
:$ ./dsconfig create-extension --type ldap-server \ --extension-name Ldap-Extension2 --set enabled:true \ --set remote-ldap-server-address:host01.ab.example.com \ --set remote-ldap-server-port:8389 \ --hostname host01.ab.example.com --port 9444 \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --no-prompt --trustAll
- Create an LDAP proxy workflow element
LdapProxy-WE2
that points tooud2
:$ ./dsconfig create-workflow-element --type proxy-ldap \ --element-name LdapProxy-WE2 \ --set client-cred-mode:use-client-identity --set enabled:true \ --set ldap-server-extension:Ldap-Extension2 \ --set remote-ldap-server-bind-dn:"cn=Directory Manager" \ --set remote-ldap-server-bind-password:~/pwd.txt \ --hostname host01.ab.example.com --port 9444 --portProtocol LDAP \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --no-prompt --trustAll
- Create a Flat Tree workflow element
FlatTree-WE2
:$ ./dsconfig create-workflow-element --type flat-tree \ --element-name FlatTree-WE2 --set enabled:true \ --set base-dn:dc=example,dc=com \ --set next-workflow-element:LdapProxy-WE2 \ --hostname host01.ab.example.com --port 9444 \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --trustAll --no-prompt
- Create a generic workflow
Gen-WorkFlow2
for the Flat Tree workflow elementFlatTree-WE2
:$ ./dsconfig create-workflow --workflow-name Gen-WorkFlow2 \ --set base-dn:dc=example,dc=com --set enabled:true \ --set workflow-element:FlatTree-WE2 \ --hostname host01.ab.example.com --port 9444 \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --trustAll --no-prompt
- Add the workflow
Gen-WorkFlow2
to a network groupnetwork-group
:$ ./dsconfig set-network-group-prop --group-name network-group \ --set enabled:true --set workflow:Gen-WorkFlow2 \ --hostname host01.ab.example.com --port 9444 \ --bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \ --trustAll --no-prompt
Validate the Flat Tree Workflow Element Configuration
Since the Flat Tree workflow element is enabled, you'll check if the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.
- To locate a specific user in the directory, run the
ldapsearch
command with the filter"(cn=Jeffrey Campaigne)"
on the directory server without the Flat Tree workflow element:$ ./ldapsearch --hostname host01.ab.example.com --port 8389 \ --baseDN dc=example,dc=com "(cn=Jeffrey Campaigne)"
The output should look similar to this:
dn: uid=jcampai2,ou=People,dc=example,dc=com mail: jcampai2@example.com sn: Campaigne roomNumber: 1377 cn: Jeffrey Campaigne ou: Human Resources objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person givenName: Jeffrey telephoneNumber: +1 408 555 7393 facsimileTelephoneNumber: +1 408 555 3372 l: Santa Clara uid: jcampai2
- To locate a specific user in the directory, run the
ldapsearch
command with the filter"(cn=Jeffrey Campaigne)"
on the proxy server with the Flat Tree workflow element enabled:$ ./ldapsearch --hostname host01.ab.example.com --port 9389 \ --baseDN dc=example,dc=com "(cn=Jeffrey Campaigne)"
The output should look similar to this:
dn: uid=jcampai2,dc=example,dc=com mail: jcampai2@example.com sn: Campaigne roomNumber: 1377 cn: Jeffrey Campaigne ou: Human Resources objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person givenName: Jeffrey telephoneNumber: +1 408 555 7393 facsimileTelephoneNumber: +1 408 555 3372 l: Santa Clara uid: jcampai2
If you compare the output of Step 1 with that of Step 2, you will notice that the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.
- To return all entries below a specified branch DN using the
presence search filter
(objectclass=person)
, run theldapsearch
command on the directory server without the Flat Tree workflow element as follows:$ ./ldapsearch --hostname host01.ab.example.com --port 8389 \ --baseDN dc=example,dc=com "(objectclass=person)" '*'
The output should look similar to this:
dn: uid=lulrich,ou=People,dc=example,dc=com mail: lulrich@example.com sn: Ulrich roomNumber: 0985 cn: Lee Ulrich ou: Product Testing objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person givenName: Lee telephoneNumber: +1 408 555 8652 facsimileTelephoneNumber: +1 408 555 3825 l: Sunnyvale uid: lulrich
- To return all entries below a specified branch DN using the
presence search filter
(objectclass=person)
, run theldapsearch
command on the proxy server with the Flat Tree workflow element as follows:$ ./ldapsearch --hostname host01.ab.example.com --port 9389 \ --baseDN dc=example,dc=com "(objectclass=person)" '*'
The output should look similar to this:
dn: uid=lulrich,dc=example,dc=com mail: lulrich@example.com sn: Ulrich roomNumber: 0985 cn: Lee Ulrich ou: Product Testing objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person givenName: Lee telephoneNumber: +1 408 555 8652 facsimileTelephoneNumber: +1 408 555 3825 l: Sunnyvale uid: lulrich
Output with a Flat Tree workflow element enabled
If you compare the output of Step 3 with that of Step 4, you will notice that the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.
Want to Learn More?
Feedback
To provide feedback on this tutorial, please contact Identity Management User Assistance.