3 Setting Up Oracle Unified Directory as a Directory Server

You can use either the graphical user interface (GUI) or the command-line interface (CLI) to set up an Oracle Unified Directory LDAP directory server instance.

Topics:

Before you set up an LDAP directory server instance, you must have already installed the software, as described in Installing the Oracle Unified Directory Software.

3.1 Setting Up the Directory Server Using the Graphical User Interface (GUI)

You can use the graphical user interface to set up the directory server. The graphical user interface (GUI) install uses a Java-based graphical installer that enables you to set up the directory server, load it with data, and get it running in very little time.

The installer asks some basic questions about the server configuration and then gives you the choice of leaving your database empty, loading the server with data from your own LDIF or loading the server with automatically generated sample data. The installer also enables you to configure security and replication, and, optionally, to start the server when the configuration is complete.

To setup a directory server instance using the oud-setup graphical user interface (GUI):

  1. When you have installed the software, change to the ORACLE_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/ORACLE_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location\ORACLE_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (JRE 8 or JDK 8).
  3. Run the oud-setup command to configure the directory server installation.

    On UNIX and Linux systems:

    $ oud-setup
    

    On Windows systems:

    C:\OUD-base-location\ORACLE_HOME> oud-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-instance
    

    The instance is created directly under OUD-base-location by default. To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-instance
    
  4. On the Welcome screen, click Next.

    The Server Administration Settings screen is displayed.

  5. Enter the following information:
    1. Instance Path: Enter the path or use the Browse button to navigate to the directory where the instance will be created.
    2. Host Name: Enter the directory server's host name or IP address.

      The default is the local host name.

    3. Enter the port that will be used for administration traffic based on the protocols you selected.

      Select one of the following protocols:

      • Enable Administration only with LDAP: Enter the LDAP port that will be used for administration traffic.

        The default LDAP administration port is 4444.

      • Enable Administration with LDAP and HTTP: Enter the LDAP and HTTP ports that will be used for administration traffic.

        The default administration ports are 4444 for LDAP and 8444 for HTTP.

      • Enable Administration only with HTTP: Enter the HTTP port that will be used for administration traffic.

        The default HTTP administration port is 8444.

    4. Root User DN: Enter the Root User DN, or keep the default, cn=Directory Manager.
    5. Password: Enter the root user bind password.
    6. Password (confirm): Retype the root user bind password.
    7. Click Next.

      The Ports screen is displayed.

  6. Specify the different ports and protocols that clients can use to access the data in the server.

    Note:

    If you choose to enable a secure protocol, you must provide the certificate that the server will use to encrypt the communication.

    • Enable LDAP and enter the port number on which the directory server listens for connections. The default secure port is 1389.

    • Select Enable StartTLS for LDAP to specify that the LDAP connection handler should allow clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure connection.

    • Enable LDAPS and enter the port number on which the directory server listens for connections. On UNIX and Linux systems, if you run the installer as a non-root user, the default secure port is 1636, if available.

    • Enable HTTP and enter the port number on which the directory server listens for connections. The default secure port is 8080.

    • Enable HTTPS and enter the port number on which the directory server listens for connections. The default secure port is 10443.

    • Certificate: Select one of the following radio buttons to obtain the certificate that the server should use for SSL, StartTLS, or both:

      Generate Self-Signed Certificate generates a self-signed certificate that you can use to secure the communication. While this option is convenient for testing purposes, many clients will not trust the certificate by default, and you might need to configure it manually.

      Use an Existing Certificate uses a certificate in an existing JKS keystore, a PKCS #12 file, or a PKCS #11 token. For more information about obtaining and managing certificates, see Configuring Security Between Clients and Servers in Administering Oracle Unified Directory.

      For production servers, select Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      If more than one certificate is defined in the specified key store, you are asked to select one of the certificates from a drop down menu.

    Click Next.

    The Topology Options screen is displayed.

  7. Select one of the following:

    Click Next.

    The Directory Data screen is displayed.

  8. Specify how to load data into your directory:
    • Directory Base DN: Enter the base DN for your directory.

      The default Base DN is dc=example,dc=com.

    • Directory Data: Select one of the following data options:

      Only Create Base Entry: Creates an entry with the base DN specified previously.

      Leave Database Empty: Sets up a database but does not populate any entries.

      Import Data from LDIF File: Imports LDIF data from the file specified in the Path field.

      Import Automatically-Generated Sample Data: Generates the number of sample entries specified in the Number of User Entries field.

    Click Next.

    The Oracle Components Integration screen is displayed.

  9. Select one of the following options. Some components appear in multiple options, with consecutive options adding additional components to the selection. The options are:
    • No specific integration: Select this option if you want a standard installation. This is the default option.

    • Enable for DIP: Select this option if you want this server instance to be enabled as a datastore for Oracle Directory Integration Platform (DIP) only.

    • Enable for EBS (E-Business Suite), Database Net Services and DIP: Select this option if you want this server instance to be enabled as a datastore for Oracle E-Business Suite (EBS), Oracle Database Net Services, and Oracle Directory Integration Platform (DIP).

    • Enable for EUS (Enterprise User Security), EBS, Database Net Services and DIP: Select this option if you want this server instance to be enabled as a datastore for Oracle Enterprise User Security (EUS), Oracle E-Business Suite (EBS), Oracle Database Net Services, and Oracle Directory Integration Platform (DIP).

      To enable a server instance for EUS, you must also have enabled SSL access, as described in the Server Settings screen in Step 5 of this procedure.

      The Enable for Oracle Database Net Services option causes this server to store the database connect identifiers.

      When you enable a server instance for Oracle Enterprise User Security (EUS), Oracle E-Business Suite (EBS), or Oracle Database Net Services, the following naming contexts are created on the instance:

      cn=oraclecontext

      cn=oracleschemaversion

      cn=subschemasubentry

      cn=oraclecontext,baseDN

    These naming contexts are not created if you select DIP.

    Click Next.

    The Server Tuning screen is displayed.

  10. The Server Tuning screen enables you to tune Oracle Unified Directory server by selecting one of these options:
    • Providing the specific memory to be dedicated to the server.

    • Explicitly providing the run-time settings (JVM arguments) to be used by the server and the off-line tools (import-ldif, export-ldif, verify-index, and rebuild-index).

    Select one of the following options:

    • Providing the Memory to be used for OUD: Move the slider to select the memory you want to use for the server. The off-line tools will use the same heap size as you select for the server using this slider.

      To fully dedicate the system, check Dedicated Machine for OUD.

      To reset any changes to the default values, click Reset to Default.

      Note:

      • The Providing the Memory to be used for OUD option is available only if you run the oud-setup script using a JVM with Java HotSpot (such as Oracle Java SE).

      • To tune the server using the contents of an LDIF file, use the dstune utility after you run the oud-setup script. See Using the dstune Utility in Administering Oracle Unified Directory.

    • Providing Runtime Options: Click Change to change any of the displayed values for the Server Runtime Settings or the Offline Tools Runtime Settings.

      To reset any changes to the default values, click Reset to Default.

      See also Configuring the Java Run-Time Settings During the Server Setup.

    Click Next.

    The Review screen is displayed.

  11. Review your configuration.

    Select Start Server when Configuration has Completed to start the server after the directory server has been configured. On Windows systems, select Start Server as a Windows service, if desired.

    To display the equivalent command-line installation, select Show Equivalent Command-Line from the drop down menu at the top of the panel. This option displays the non-interactive commands that are run to set up the server with the specified configuration, and can be useful for scripting purposes.

  12. Click Finish.
  13. Click Close.
  14. Test whether the directory server has been set up and started successfully by searching an entry in the directory. For example:

    On UNIX and Linux systems:

    instance-dir/OUD/bin/ldapsearch -h localhost -p 1389 \
      -D "cn=directory manager" -w my-password -b "dc=example,dc=com" \
      "(objectclass=*)"
    

    On Windows systems:

    instance-dir\OUD\bat\ldapsearch.bat -h localhost -p 1389 \
      -D "cn=directory manager" -w my-password -b "dc=example,dc=com" \
      "(objectclass=*)"
    

3.2 Setting Up the Directory Server Using the Command-Line Interface (CLI)

You can use the command-line interface to set up the directory server. You run the oud-setup script with the --cli option to set up a directory server instance using the command-line interface.

The command-line interface (CLI) install is either interactive or non-interactive. In a non-interactive installation, you can set up the server without user intervention. In interactive mode, you are prompted for the required information before the configuration begins.

To setup a directory server instance using the CLI:

  1. When you have installed the software, change to the ORACLE_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/ORACLE_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location\ORACLE_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation.
  3. Type oud-setup with the --cli option to launch the install in interactive mode.

    On UNIX and Linux systems:

    $ ./oud-setup --cli
    

    On Windows systems:

    C:\> oud-setup.bat -cli
    

    The utility launches the command-line installer and creates the Oracle Unified Directory instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-instance
    

    The instance is created directly under OUD-base-location by default. To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-instance
    
  4. Enter the root user DN, or press Enter or Return to accept the default (cn=Directory Manager).
  5. Provide a password for the root user and reenter the password to confirm it.
  6. Enter the LDAP port number for your directory server, or press Enter or Return to accept the default.

    If you run the installer as the root user, the default port is 389. If you run the installer as a non-root user, the default port is 1389.

  7. Enter the port number that will be used for administration traffic.

    The default administration port is 4444. See Managing Administration Traffic to the Server in Administering Oracle Unified Directory.

  8. Press Enter or Return to create base DNs in the server, or enter no if you do not want to create base DNs.
  9. Enter the base DN for the directory data, or press Enter or Return to accept the default.

    The default Base DN is dc=example,dc=com.

  10. Select one of the following options to set up the directory data:
    • Only create the base entry creates an entry with the base DN specified previously.

    • Leave the database empty sets up a database but does not populate any entries.

    • Import data from an LDIF file imports LDIF data from a file, specified in the following step.

    • Load automatically-generated sample data generates the number of sample entries specified in the following step.

  11. Type yes to enable SSL and enter the port for LDAPS clients.

    If you run the installer as the root user, the default secure port is 636. If you run the installer as a non-root user, the default secure port is 1636.

  12. Type yes to enable StartTLS.
  13. If you enabled SSL or StartTLS in the previous steps, select the certificate type.
  14. Select one of the following options to integrate Oracle Unified Directory with Oracle components:

    1) No integration

    2) DIP (Directory Integration Platform)

    3) Generic: Database Net Services, EBS and DIP

    4) EUS (Enterprise User Security), Database Net Services, EBS and DIP

    The same components appear in multiple options. These options enable the server instance to be enabled as a datastore for the specified components, as follows.

    • 2) DIP: Oracle Directory Integration Platform (DIP) only.

    • 3) Generic: Database Net Services, EBS and DIP: Oracle E-Business Suite (EBS), Oracle Database Net Services, and Oracle Directory Integration Platform (DIP).

    • 4) EUS (Enterprise User Security), Database Net Services, EBS and DIP: Oracle Enterprise User Security (EUS), Oracle E-Business Suite (EBS), Oracle Database Net Services, and Oracle Directory Integration Platform (DIP).

      To integrate the server with EUS, you must also have enabled SSL access, as described in Step 11.

    When you enable a server instance for Oracle Enterprise User Security (EUS), Oracle E-Business Suite (EBS), or Oracle Database Net Services, the following naming contexts are created on the instance:

    cn=oraclecontext

    cn=oracleschemaversion

    cn=subschemasubentry

    cn=oraclecontext,baseDN

    These naming contexts are not created for DIP.

  15. Enter an option depending on how you want to tune the Oracle Unified Directory server:

    1) Use specific Java Virtual Machine arguments

    2) Use the default Java Virtual Machine settings

    3) Provide the Java heap size to be used by the server

    4) Provide the percentage of system memory to be used by the server

    5) Provide the size of system memory to be used by the server

    Note:

    • Option 2 (default JVM settings) are based on the free memory of the system.

    • Options 3, 4, and 5 are available only if you run the oud-setup script using a JVM with Java HotSpot (such as Oracle Java SE).

  16. Enter an option depending on how you want to tune the off-line tools (import-ldif, export-ldif, verify-index, and rebuild-index):

    1) Use specific Java Virtual Machine arguments

    2) Use the default Java Virtual Machine settings

    3) Automatic Tuning

    4) Provide the Java heap size to be used by the off-line tools

    Select the Automatic Tuning option, if you want the off-line tools to be tuned automatically each time they are launched, depending on the system resources.

  17. Type yes or press Enter or Return to accept the default to start the server after the configuration has completed.
  18. Confirm your configuration, and enter 1 or press Enter or Return to accept the default to complete the configuration process.

    To display the equivalent non-interactive commands, enter 3. This option displays the commands that are run to set up the server with the specified configuration, and can be useful for scripting purposes.

  19. Test whether the directory server has been set up and started successfully by searching an entry in the directory. For example:

    On UNIX and Linux systems:

    instance-dir/OUD/bin/ldapsearch -h localhost -p 1389 \
      -D "cn=directory manager" -w my-password -b "dc=example,dc=com" \
      "(objectclass=*)"
    

    On Windows systems:

    instance-dir\OUD\bat\ldapsearch.bat -h localhost -p 1389 \
      -D "cn=directory manager" -w my-password -b "dc=example,dc=com" \
      "(objectclass=*)"
    

3.3 Setting Up Replication During Installation

You can set up replication as part of the installation, if you install the directory server using the graphical user interface. However, if you install the server using the command-line interface, you must set up replication using the dsreplication command after the server is installed.

See Understanding Data Replication With dsreplication in Administering Oracle Unified Directory.

  1. For the first directory server in your replication topology, follow the instructions in Setting Up the Directory Server Using the Graphical User Interface (GUI).

  2. On the Topologies screen, do the following:

    • Select This server will be part of a replication topology.

    • Enter the replication port number or accept the default port 8989.

      The replication port must be an available port on the server, and must therefore be different for each directory server in a topology if all of them run on the same host.

    • Select Configure as Secure to use encrypted communication when connecting to the replication port on the first server.

      Note the host name, and administration port, for this first directory server. You will need this information when you configure the second directory server.

  3. Complete the configuration of the first server.

  4. For the second directory server in your replication topology, follow the instructions in Setting Up the Directory Server Using the Graphical User Interface (GUI).

  5. On the Topologies screen, do the following:

    • Select This server will be part of a replication topology.

    • Enter the replication port number for this directory server.

      The replication port must be different from the replication port of the first directory server if both servers run on the same host.

    • Select There is already a server in the topology and enter the following:

      1. Host Name: Enter the Host Name for the first directory server.

      2. Port: Enter the administration port for the first directory server.

      3. Admin User: Enter the bind DN for the first directory user, or accept the default.

      4. Admin Password: Enter the bind password for the Admin user.

  6. On the Global Administrator screen, provide the following information:

    • The UID for the new global administrator.

    • The password for the new global administrator.

    • Confirm the password for the new global administrator.

  7. On the Data Replication screen, select one of the following options, and click Next.

    1. Create first instance of base DN to be replicated.

    2. Create local instance of existing base DNs and configure replication. Click the base DN for the first directory server.

  8. Review the configuration settings for the second server, and click Finish.

  9. Repeat the above procedures to set up additional servers in the replication topology.

    When you have defined the Global Administrator, the entry with the DN and the password that you provided in step 5c must be defined on all servers in the topology.

3.4 Setting Up the Directory Server Using the WebLogic Scripting Tool

You can use the WebLogic Scripting Tool (WLST) to set up the directory server. Execute the oud_createInstance with the oud-setup script to set up a directory server instance using the WLST.

To set up a directory instance using the WLST:

  1. Set the PRODUCT_HOME and DOMAIN_HOME environment variables before launching WLST.
    export PRODUCT_HOME=/scratch/user/OUD_INSTALL/MW_HOME
    export DOMAIN_HOME=/scratch/user/OUD_INSTALL/MW_HOME/user_projects/domains/base_domain
    

    PRODUCT_HOME is similar to ORACLE_HOME. It points to the directory where a user provides at the time of product installation. However, DOMAIN_HOME points to the directory where domains that you configure are created.

  2. Launch the WLST:

    On UNIX and Linux systems:

    $ ORACLE_HOME/oracle_common/common/bin/wlst.sh
    

    On Windows systems:

    C:\> ORACLE_HOME\oracle_common\common\bin\wlst.cmd
    

    ORACLE_HOME is the Oracle home directory you specified at installation.

  3. Execute the oud_createInstance command with script name oud-setup to create the OUD Server instance.
    oud_createInstance(scriptName='oud-setup',instanceName='oud1',hostname='localhost',ldapPort=1389,rootUserDN='cn=Directory\ Manager',
    rootUserPasswordFile='/scratch/user/password.txt',baseDN='dc=example,dc=com',sampleData=5,adminConnectorPort= 1444) 
    

    scriptName indicates the setup script based on the flavor of OUD. The value for this parameter can be any one of [oud-setup, oud-proxy-setup, oud-replication-gateway-setup].

    instanceName indicates the name of the instance. For example, oud1.

    Note:

    Arguments that cannot have a value like noPropertiesFile and so on, can also be used with the custom WLST commands. You must pass an empty value for these arguments. For example, noPropertiesFile=''.

    See oud-setup in Administering Oracle Unified Directory for the rest of the parameters and their descriptions.

    Output:

    Oracle Unified Directory 12.2.1.3.0
    Please wait while the setup program initializes…
    Creating instance directory
    /scratch/user/OUD_INSTALL/MW_HOME/user_projects/domains/base_domain/system_components/OUD/oud1/
    .....Done.
    
    See
    /scratch/user/OUD_INSTALL/MW_HOME/user_projects/domains/base_domain/system_components/OUD/oud1/logs/oud-setup
    for a detailed log of this operation.
    
    Configuring Directory Server ..... Done.
    Importing Automatically-Generated Data (5 Entries) ....... Done.
    
    To see basic server configuration status and configuration you can launch
    /scratch/user/OUD_INSTALL/MW_HOME/user_projects/domains/base_domain/system_components/OUD/oud1/bin/status
    Successfully created OUD instance