Oracle by Example brandingConfigure the Flat Tree Workflow Element in Oracle Unified Directory 12c

section 0Before You Begin

This 15-minute tutorial shows you how to configure the Flat Tree workflow element and execute the LDAP search operations demonstrating the expected results with and without the workflow element.

This tutorial is part of the Oracle Virtual Directory 11g to Oracle Unified Directory 12c Transition Series.

Background

The Flat Tree workflow element provides the Flat Tree functionality in Oracle Unified Directory (OUD). This workflow element compresses a directory information tree so that all entries appear directly under the root base DN.

For example, assume you have a base DN with root dc=oracle,dc=com and the Flat Tree workflow element deployed against it. The Flat Tree workflow element converts an entry DN, such as uid=jsmith,cn=users,dc=peopleContainer,dc=oracle,dc=com from the back-end to uid=jsmith,dc=oracle,dc=com (directly under the root base DN). Consequently, the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.

What Do You Need?

  • An environment with at least 16 GB of physical memory, Oracle Enterprise Linux 6.6 or later, and oracle credentials
  • A basic understanding of Linux
  • This tutorial assumes that you have already installed Oracle Unified Directory 12c
  • Two LDIF files, flattree1.ldif and flattree2.ldif containing the sample data must be loaded into the respective OUD instances
  • The pwd.txt file contains the Directory Manager's password needed during the OUD setup
  • This tutorial assumes that you have already defined the following environment variables:
    • OUD_ORACLE_HOME=/u01/app/oracle/product/oud/oud
    • OUD_INSTANCES=/u01/app/oracle/config/oud_instances

section 1Set Up Directory Server Instances

In this section, you'll use the oud-setup utility to set up Oracle Unified Directory server instances.

  1. Launch a terminal window as oracle and navigate to the OUD_ORACLE_HOME directory. 
    $ cd /u01/app/oracle/product/oud/oud
  2. Run the oud-setup command to set up a directory server instance oud1: 
    $ ./oud-setup --cli --no-prompt --hostname host01.ab.example.com \
--ldapPort 10389 --adminConnectorPort 10444 \
--instancePath /u01/app/oracle/config/oud_instances/oud1/OUD \
--rootUserDN "cn=Directory Manager" --rootUserPasswordFile ~/pwd.txt \
--baseDN dc=example,dc=com --ldifFile ~/flattree1.ldif \
--integration generic --serverTuning jvm-default \
--offlineToolsTuning jvm-default --noPropertiesFile

    The output should look similar to this:

    Oracle Unified Directory 12.2.1.4.0
Please wait while the setup program initializes...

Creating instance directory
/u01/app/oracle/config/oud_instances/oud1/OUD .....Done.
See /u01/app/oracle/config/oud_instances/oud1/OUD/logs/oud-setup for 
a detailed log of this operation.
Configuring Directory Server ..... Done.
Importing LDIF file /u01/app/home/oracle/flattree1.ldif ....... 
Processed 9 entries, imported 9, skipped 0, rejected 0 and 
migrated 0 in 0 seconds (average rate 17.8/sec)
Starting Directory Server ....... Done.

To see basic server configuration status and configuration you can launch
/u01/app/oracle/config/oud_instances/oud1/OUD/bin/status
  3. Run the oud-setup command to set up a second directory server instance oud2: 
    $ ./oud-setup --cli --no-prompt --hostname host01.ab.example.com \
--ldapPort 8389 --adminConnectorPort 8444 \
--instancePath /u01/app/oracle/config/oud_instances/oud2/OUD \
--rootUserDN "cn=Directory Manager" --rootUserPasswordFile ~/pwd.txt \
--baseDN dc=example,dc=com --ldifFile ~/flattree2.ldif \
--integration generic --serverTuning jvm-default \
--offlineToolsTuning jvm-default --noPropertiesFile

    The output should look similar to this:

    Oracle Unified Directory 12.2.1.4.0
Please wait while the setup program initializes...

Creating instance directory
/u01/app/oracle/config/oud_instances/oud2/OUD .....Done.
See /u01/app/oracle/config/oud_instances/oud2/OUD/logs/oud-setup for 
a detailed log of this operation.
Configuring Directory Server ..... Done.
Importing LDIF file /u01/app/home/oracle/flattree2.ldif ....... 
Processed 11 entries, imported 11, skipped 0, rejected 0 and 
migrated 0 in 0 seconds (average rate 17.4/sec)
Starting Directory Server ....... Done.

To see basic server configuration status and configuration you can launch
/u01/app/oracle/config/oud_instances/oud2/OUD/bin/status

section 2Set Up a Proxy Server Instance

In this section, you'll use the oud-proxy-setup utility to set up an Oracle Unified Directory proxy server instance.

  1. Set the INSTANCE_NAME environment variable before you run the setup to specify an instance path: 
    $ export INSTANCE_NAME=../../config/oud_instances/oudp1
  2. Run the oud-proxy-setup command to set up a proxy server instance oudp1: 
    $ ./oud-proxy-setup --cli --no-prompt \
--adminConnectorPort 9444 --ldapPort 9389 \
--rootUserDN "cn=Directory Manager" --rootUserPasswordFile ~/pwd.txt \
--noPropertiesFile

    The output should look similar to this:

    Successfully wrote the updated Directory Server configuration
Starting the Server :
/u01/app/oracle/config/oud_instances/oudp1/OUD/bin/start-ds --timeout 0 
[29/Mar/2019:04:41:11 -0700] category=CORE severity=INFORMATION msgID=132 msg=The Directory Server is beginning the configuration bootstrapping process
.
.
[29/Mar/2019:04:41:17 -0700] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
[29/Mar/2019:04:41:17 -0700] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887):  The Directory Server has started successfully

section 3Create a Workflow to Connect a Proxy Server with the First Directory Server

In this section, you'll enable communication between a remote LDAP server and a proxy server by using LDAP server extensions and proxy LDAP workflow elements.

  1. Navigate to the oudp1 instance directory: 
    $ cd /u01/app/oracle/config/oud_instances/oudp1/OUD/bin
  2. Create an LDAP server extension Ldap-Extension1 that points to oud1: 
    $ ./dsconfig create-extension --type ldap-server \
--extension-name Ldap-Extension1 \
--set enabled:true --set remote-ldap-server-port:10389 \
--set remote-ldap-server-address:host01.ab.example.com \
--hostname host01.ab.example.com --port 9444 \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--no-prompt --trustAll
  3. Create an LDAP proxy workflow element LdapProxy-WE1 that points to oud1: 
    $ ./dsconfig create-workflow-element --type proxy-ldap \
--element-name LdapProxy-WE1 --set enabled:true \
--set client-cred-mode:use-client-identity \
--set ldap-server-extension:Ldap-Extension1 \
--set remote-ldap-server-bind-dn:"cn=Directory Manager" \
--set remote-ldap-server-bind-password:~/pwd.txt \
--hostname host01.ab.example.com --port 9444 --portProtocol LDAP \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--no-prompt --trustAll
  4. Create a Flat Tree workflow element FlatTree-WE1: 
    $ ./dsconfig create-workflow-element --type flat-tree \
--element-name FlatTree-WE1 --set enabled:true \
--set base-dn:dc=example,dc=com \
--set next-workflow-element:LdapProxy-WE1 \
--hostname host01.ab.example.com --port 9444 \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--trustAll --no-prompt
  5. Create a generic workflow Gen-WorkFlow1 for the Flat Tree workflow element FlatTree-WE1: 
    $ ./dsconfig create-workflow --workflow-name Gen-WorkFlow1 \
--set base-dn:dc=example,dc=com --set enabled:true \
--set workflow-element:FlatTree-WE1 \
--hostname host01.ab.example.com --port 9444 \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--trustAll --no-prompt
  6. Add the workflow Gen-WorkFlow1 to a network group network-group: 
    $ ./dsconfig set-network-group-prop --group-name network-group \
--set enabled:true --set workflow:Gen-WorkFlow1 \
--hostname host01.ab.example.com --port 9444 \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--trustAll --no-prompt

section 4Validate the Flat Tree Workflow Element Configuration

Since the Flat Tree workflow element is enabled, you'll check if the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.

  1. To locate a specific user in the directory, run the ldapsearch command with the filter "(cn=Harry Miller)" on the directory server without the Flat Tree workflow element: 
    $ ./ldapsearch --hostname host01.ab.example.com --port 10389 \
--baseDN dc=example,dc=com "(cn=Harry Miller)"

    The output should look similar to this:

    dn: uid=hmiller,ou=People,dc=example,dc=com
mail: hmiller@example.com
sn: Miller
roomNumber: 4304
cn: Harry Miller
ou: Human Resources
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
givenName: Harry
telephoneNumber: +1 408 555 9804
facsimileTelephoneNumber: +1 408 555 9332
l: Santa Clara
uid: hmiller
  2. To locate a specific user in the directory, run the ldapsearch command with the filter "(cn=Harry Miller)" on the proxy server with the Flat Tree workflow element enabled: 
    $ ./ldapsearch --hostname host01.ab.example.com --port 9389 \
--baseDN dc=example,dc=com "(cn=Harry Miller)"

    The output should look similar to this:

    dn: uid=hmiller,dc=example,dc=com
mail: hmiller@example.com
sn: Miller
roomNumber: 4304
cn: Harry Miller
ou: Human Resources
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
givenName: Harry
telephoneNumber: +1 408 555 9804
facsimileTelephoneNumber: +1 408 555 9332
l: Santa Clara
uid: hmiller

    If you compare the output of Step 1 with that of Step 2, you will notice that the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.

  3. To return all entries below a specified branch DN using the presence search filter (objectclass=person), run the ldapsearch command on the directory server without the Flat Tree workflow element as follows: 
    $ ./ldapsearch --hostname host01.ab.example.com --port 10389 \
--baseDN dc=example,dc=com "(objectclass=person)" '*'

    The output should look similar to this:

    dn: uid=alutz,ou=People,dc=example,dc=com
mail: alutz@example.com
sn: Lutz
roomNumber: 1327
cn: Alexander Lutz
ou: Product Development
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
givenName: Alexander
telephoneNumber: +1 408 555 6505
facsimileTelephoneNumber: +1 408 555 4774
l: Santa Clara
uid: alutz

    Output without a Flat Tree workflow element enabled

  4. To return all entries below a specified branch DN using the presence search filter (objectclass=person), run the ldapsearch command on the proxy server with the Flat Tree workflow element as follows: 
    $ ./ldapsearch --hostname host01.ab.example.com --port 9389 \
--baseDN dc=example,dc=com "(objectclass=person)" '*'

    The output should look similar to this:

    dn: uid=alutz,dc=example,dc=com
mail: alutz@example.com
sn: Lutz
roomNumber: 1327
cn: Alexander Lutz
ou: Product Development
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
givenName: Alexander
telephoneNumber: +1 408 555 6505
facsimileTelephoneNumber: +1 408 555 4774
l: Santa Clara
uid: alutz

    Output with a Flat Tree workflow element enabled

    If you compare the output of Step 3 with that of Step 4, you will notice that the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.

section 5Create another Workflow to Connect a Proxy Server with the Second Directory Server

In this section, you'll enable communication between another remote LDAP server and a proxy server by using LDAP server extensions and proxy LDAP workflow elements.

  1. Navigate to the oudp1 instance directory: 
    $ cd /u01/app/oracle/config/oud_instances/oudp1/OUD/bin
  2. Create an LDAP server extension Ldap-Extension2 that points to oud2: 
    $ ./dsconfig create-extension --type ldap-server \
--extension-name Ldap-Extension2 --set enabled:true \
--set remote-ldap-server-address:host01.ab.example.com \
--set remote-ldap-server-port:8389 \
--hostname host01.ab.example.com --port 9444 \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--no-prompt --trustAll
  3. Create an LDAP proxy workflow element LdapProxy-WE2 that points to oud2: 
    $ ./dsconfig create-workflow-element --type proxy-ldap \
--element-name LdapProxy-WE2 \
--set client-cred-mode:use-client-identity --set enabled:true \
--set ldap-server-extension:Ldap-Extension2 \
--set remote-ldap-server-bind-dn:"cn=Directory Manager" \
--set remote-ldap-server-bind-password:~/pwd.txt \
--hostname host01.ab.example.com --port 9444 --portProtocol LDAP \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--no-prompt --trustAll
  4. Create a Flat Tree workflow element FlatTree-WE2: 
    $ ./dsconfig create-workflow-element --type flat-tree \
--element-name FlatTree-WE2 --set enabled:true \
--set base-dn:dc=example,dc=com \
--set next-workflow-element:LdapProxy-WE2 \
--hostname host01.ab.example.com --port 9444 \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--trustAll --no-prompt
  5. Create a generic workflow Gen-WorkFlow2 for the Flat Tree workflow element FlatTree-WE2: 
    $ ./dsconfig create-workflow --workflow-name Gen-WorkFlow2 \
--set base-dn:dc=example,dc=com --set enabled:true \
--set workflow-element:FlatTree-WE2 \
--hostname host01.ab.example.com --port 9444 \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--trustAll --no-prompt
  6. Add the workflow Gen-WorkFlow2 to a network group network-group: 
    $ ./dsconfig set-network-group-prop --group-name network-group \
--set enabled:true --set workflow:Gen-WorkFlow2 \
--hostname host01.ab.example.com --port 9444 \
--bindDN "cn=Directory Manager" --bindPasswordFile ~/pwd.txt \
--trustAll --no-prompt

section 6Validate the Flat Tree Workflow Element Configuration

Since the Flat Tree workflow element is enabled, you'll check if the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.

  1. To locate a specific user in the directory, run the ldapsearch command with the filter "(cn=Jeffrey Campaigne)" on the directory server without the Flat Tree workflow element: 
    $ ./ldapsearch --hostname host01.ab.example.com --port 8389 \
--baseDN dc=example,dc=com "(cn=Jeffrey Campaigne)"

    The output should look similar to this:

    dn: uid=jcampai2,ou=People,dc=example,dc=com
mail: jcampai2@example.com
sn: Campaigne
roomNumber: 1377
cn: Jeffrey Campaigne
ou: Human Resources
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
givenName: Jeffrey
telephoneNumber: +1 408 555 7393
facsimileTelephoneNumber: +1 408 555 3372
l: Santa Clara
uid: jcampai2
  2. To locate a specific user in the directory, run the ldapsearch command with the filter "(cn=Jeffrey Campaigne)" on the proxy server with the Flat Tree workflow element enabled: 
    $ ./ldapsearch --hostname host01.ab.example.com --port 9389 \
--baseDN dc=example,dc=com "(cn=Jeffrey Campaigne)"

    The output should look similar to this:

    dn: uid=jcampai2,dc=example,dc=com
mail: jcampai2@example.com
sn: Campaigne
roomNumber: 1377
cn: Jeffrey Campaigne
ou: Human Resources
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
givenName: Jeffrey
telephoneNumber: +1 408 555 7393
facsimileTelephoneNumber: +1 408 555 3372
l: Santa Clara
uid: jcampai2

    If you compare the output of Step 1 with that of Step 2, you will notice that the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.

  3. To return all entries below a specified branch DN using the presence search filter (objectclass=person), run the ldapsearch command on the directory server without the Flat Tree workflow element as follows: 
    $ ./ldapsearch --hostname host01.ab.example.com --port 8389 \
--baseDN dc=example,dc=com "(objectclass=person)" '*'

    The output should look similar to this:

    dn: uid=lulrich,ou=People,dc=example,dc=com
mail: lulrich@example.com
sn: Ulrich
roomNumber: 0985
cn: Lee Ulrich
ou: Product Testing
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
givenName: Lee
telephoneNumber: +1 408 555 8652
facsimileTelephoneNumber: +1 408 555 3825
l: Sunnyvale
uid: lulrich

    Output without a Flat Tree workflow element enabled

  4. To return all entries below a specified branch DN using the presence search filter (objectclass=person), run the ldapsearch command on the proxy server with the Flat Tree workflow element as follows: 
    $ ./ldapsearch --hostname host01.ab.example.com --port 9389 \
--baseDN dc=example,dc=com "(objectclass=person)" '*'

    The output should look similar to this:

    dn: uid=lulrich,dc=example,dc=com
mail: lulrich@example.com
sn: Ulrich
roomNumber: 0985
cn: Lee Ulrich
ou: Product Testing
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
givenName: Lee
telephoneNumber: +1 408 555 8652
facsimileTelephoneNumber: +1 408 555 3825
l: Sunnyvale
uid: lulrich

    Output with a Flat Tree workflow element enabled

    If you compare the output of Step 3 with that of Step 4, you will notice that the hierarchical structure of the backend data is flattened and displayed directly under the root base DN.


more informationWant to Learn More?

feedbackFeedback

To provide feedback on this tutorial, please contact Identity Management User Assistance.