1. Administering Oracle Unified Directory
  2. Basic Administration
  3. Starting and Stopping the Server

15 Starting and Stopping the Server

Follow these topics which describe the basic procedures that apply to an Oracle Unified Directory directory server, proxy server, and replication gateway instance:

15.1 Starting the Server

To start the server, run the start-ds command on UNIX or Linux systems or the start-ds.bat command on Windows systems. By default, the start-ds command starts the server as a background process when no options are specified.

You can use the start-ds command with the --nodetach option to run the server as a foreground process. For more information, see start-ds.

The start-ds command automatically attempts to find the correct Java environment to use when starting the server. You can specify the path to the Java installation, and provide additional options directly to the JVM when the directory server is starting. For more information, see Configuring the Default JVM and Java Arguments.

OUD Bundle Patch 12.2.1.4.211008 and Later Releases. This content applies only to OUD Bundle Patch 12.2.1.4.211008 and later releases.

Note:

During server startup, if any OUD keystore is using weaker keysize or key algorithm or signature algorithm, then the following warning message appears in the server startup logs. For more information to update any certificate, see Managing Certificates Using dsreplication.

"Certificate [ads-cert] is using weaker signature algorithm [SHA1withRSA] in keystore [asinst1/OUD/config/ads-keystore].It's recommended to use a stronger signature algorithm" 

"Certificate [ads-cert] is using weaker key bit size [1024] in keystore [asinst1/OUD/config/ads-keystore].It's recommended to use a stronger key bit size"

"Certificate [ads-cert] is using weaker key algorithm [DSA] in keystore [asinst1/OUD/config/ads-keystore].It's recommended to use a stronger key algorithm"

The topics in this section include:

15.1.1 Starting the Server Using start-ds

You can start the server using start-ds command for Oracle Unified Directory (OUD) instances created with the following OUD setups: oud-replication-gateway-setup, oud-proxy-setup and oud-setup.

Follow the steps to start the server:

  1. Change to the appropriate directory.
    
(UNIX, Linux)  $ cd INSTANCE_DIR/OUD/bin
(Windows)      C:\> cd INSTANCE_DIR\OUD\bat
  2. Type start-ds.
    
(UNIX, Linux)  $ start-ds
(Windows)      C:\> start-ds

15.1.2 Starting the Server as a Foreground Process

You can start the server as a foreground process by changing to the appropriate directory and then by using the start-ds command.

To start the server as a foreground process:

  1. Change to the appropriate directory.
    
(UNIX, Linux)  $ cd INSTANCE_DIR/OUD/bin
(Windows)      C:\> cd INSTANCE_DIR\OUD\bat
  2. Type start-ds with -N or --nodetach.
    
(UNIX, Linux)  $ start-ds --nodetach
(Windows)      C:\> start-ds --nodetach

    You can stop the directory server by pressing Control-C in the terminal window in which the server is running or by running the stop-ds utility from another window.

15.1.3 Restarting the Server

You can restart the server by changing to the installation directory and by using --restart command.

To restart the server:

  1. Change to the installation directory.
    
(UNIX, Linux)  $ cd INSTANCE_DIR/OUD/bin
(Windows)      C:\> cd INSTANCE_DIR\OUD\bat
  2. Type stop-ds with -R or --restart.
    
(UNIX, Linux)  $ stop-ds --restart
(Windows)      C:\> stop-ds --restart

15.1.4 Starting the Server Using a Script (UNIX/Linux)

The start-ds command provides a "quiet" option (-Q or --quiet) that suppresses output during the startup process unless a significant error occurs. You can use this option in a startup script.

To start the server using a script:

  1. Create a shell script and add the following start-ds command.
    INSTANCE_DIR/OUD/bin/start-ds --quiet
  2. Run the script.

15.2 Stopping the Server

On any system (whether the server is running in the foreground or the background), or even from a remote system, you can stop the server using one of the following methods.

Follow the topics below to stop the server:

For more information about the stop-ds command, see stop-ds.

15.2.1 Stopping the Server Using stop-ds

You can stop the server by changing to the appropriate directory and by using stop-ds command only for Oracle Unified Directory (OUD) instances created with the following OUD setups: oud-replication-gateway-setup, oud-proxy-setup and oud-setup.

To stop the server using stop-ds command:

  1. Change to the appropriate directory.
    (UNIX, Linux)  $ cd INSTANCE_DIR/OUD/bin
(Windows)         C:\> cd INSTANCE_DIR\OUD\bat
  2. Type stop-ds
    
(UNIX, Linux)  $ stop-ds
(Windows)      C:\> stop-ds

15.2.2 Stopping the Server that is Running in the Foreground

You can stop the server that is running in the foreground by running the stop-ds command from another window.

This procedure assumes that the directory server is running as a foreground process (using the -N or --nodetach option).

  1. Type Control-C in a terminal window on UNIX or in the Command Prompt window on Windows systems to stop the server.

    Alternatively, run the stop-ds command from another window.

15.2.3 Stopping the Server Using a Script (UNIX/Linux)

The stop-ds command provides a "quiet" option (-Q or --quiet) that suppresses output during the stopping process unless a significant error occurs. You can use this option in a shutdown script.

To stop the server using a script:

  1. Create a shell script and add the following stop-ds command.
    INSTANCE_DIR/OUD/bin/stop-ds --quiet
  2. Run the script.

15.3 Checking the Server Status

You can check if the server is started or stopped at any time, by using the status command.

To check the server status:

  1. Change to the appropriate directory.
    
(UNIX, Linux)  $ cd INSTANCE_DIR/OUD/bin
(Windows)      C:\> cd INSTANCE_DIR\OUD\bat
  2. Type status
    
(UNIX, Linux)  $ status
(Windows)      C:\> status

15.4 Running the Server as a Non-Root User

Like many network daemons, Oracle Directory Server Enterprise Edition has a setuid capability that allows it to be started as a root user but then drop privileges to run as a user with fewer capabilities. Oracle Unified Directory does not currently include this capability. However, you can install, start, and run the server as a non-root user.

Note:

The information in this section applies primarily to UNIX-based platforms because Windows systems do not historically place as many restrictions on non-administrative users.

This section includes the following topics:

15.4.1 Understanding the Rationale to Run the Server as a Non-Root User

Often, running the server as a non-root user from the start is an option that provides greater functionality than the setuid equivalent. Running the server as a non-root user means that the administrators do not need root access to the system, which is often desirable from an operational perspective. In addition, more administrative actions can be performed with the server online, because the server can do things that might not have been available after it had dropped root privileges.

The primary reason that servers are typically started and run as root users is so that they can listen on a privileged port (namely, ports between 1 and 1024). The standard port for LDAP communication is port 389, and the standard port for LDAPS is 636. On most UNIX-based systems only root users can create processes that listen on these ports. There can be other reasons for starting as a root user (for example, the ability to use a larger number of file descriptors), but it is generally easier to configure around these other limitations.

Although the standard LDAP and LDAPS ports are 389 and 636, the server is not required to run on those ports. In some environments, it is common to run the server on ports above 1024 (such as 1389 and 1636) so that it is not necessary to be root to start it. Virtually all LDAP-enabled clients provide the ability to specify the port on which the server is listening. If the clients know which port the server is using, then any value is allowed. For information about configuring the listen port, see Displaying the Properties of LDAP Connection Handler.

15.4.2 Running the Server as a Non-Root User on the Standard LDAP Ports

If clients expect the server to be listening on port 389 or 636, other options are still available. The best option, available on Solaris systems from Solaris 10 onwards, is to use the process rights management subsystem (also called least privilege). The privileges subsystem in Solaris makes it possible to give non-root users and roles capabilities normally available only to the root user (much like the Privilege Subsystem allows within the server).

In particular, the net_privaddr privilege controls which users can bind to privileged ports. If this privilege is granted to a non-root user, that user can bind to privileged ports.

To configure a user with this privilege, run the following command, as the root user:

# usermod -K defaultpriv=basic,net_privaddr,sys_resource,-proc_info,-file_link_any oud

This command configures the oud user so that it starts with the basic privilege set (which is what non-root users have by default). The command then adds the net_privaddr and sys_resource privileges, which allow the user to increase the number of file descriptors available, among other things. The command removes the proc_info privilege (which allows the user to see processes owned by other users) and the file_link_any privilege (which allows the user to create hard links to files that they do not own). After running this command, the oud user can start the server listening on a privileged port.

Even on systems without a capability like least privilege, it is possible to expose the server on a privileged port such as 389 or 636 without requiring root privileges to be able to start it. One possibility would be to run the server on an unprivileged port and use a directory proxy server listening on the privileged port to forward communication to the server on an unprivileged port. It is also possible to use network hardware to achieve the same purpose or to use firewall rules on the same system.

For example, on Linux systems the following commands can be used to redirect traffic targeting port 389 to port 1389:

# iptables --append PREROUTING --table nat --protocol tcp --dport 389 \
  --jump REDIRECT --to-port 1389
# iptables -t nat -A OUTPUT -p tcp --dport 389 -j DNAT --to :1389

15.5 Starting and Stopping Oracle Unified Directory Instance Created Within the Domain

You can start and stop Oracle Unified Directory (OUD) instances using command line interface and WebLogic Scripting Tool (WLST) commands.

Note:

It is not recommended to start or stop an instance using start-ds or stop-ds commands when you have created the OUD instance within the domain. Use these commands only when you have created OUD instance with the following OUD setups: oud-replication-gateway-setup, oud-proxy-setup and oud-setup. Instances created within the domain must be started or stopped using either the startComponent.sh and stopComponent.sh commands from Command Line or using the WLST commands.

See Also:

This section covers the following topics:

15.5.1 Starting Oracle Unified Directory Instance

You can start an Oracle Unified Directory (OUD) instance using command line interface and WebLogic Scripting Tool (WLST) commands..

Note:

You can run the start commands only on OUD instances created using WLST.

Before performing these actions, you need to start the NodeManager using the ./startNodeManager.sh command as follows: 

cd $DOMAIN_HOME/bin
Run ./startNodeManager.sh

This section contains the following topics:

15.5.1.1 Starting Oracle Unified Directory Instance Using Command Line

You can start an Oracle Unified Directory (OUD) instance using command line interface.

To start an Instance:

Run the following command from command line interface to start an OUD Instance.

For example:

$DOMAIN_HOME/bin/startComponent.sh oud1

where oud1 is the instance name/server name created using WLST

15.5.1.2 Starting Oracle Unified Directory Instance Using WebLogic Scripting Tool Commands

You can start an Oracle Unified Directory (OUD) Instance using WebLogic Scripting Tool (WLST) commands.

Note:

Before starting or stopping an instance, you need to connect to the NodeManager as follows:

nmConnect(domainName='base_domain',username='weblogic',password='password')

To start an Instance:

Run the following WLST command to start an OUD Instance.

nmStart(serverName='oud1',serverType='OUD')

15.5.2 Stopping Oracle Unified Directory Instance

You can stop Oracle Unified Directory (OUD) instances using command line interface and WebLogic Scripting Tool (WLST) commands.

Note:

You can run the stop commands only on OUD instances created using WLST.

Before performing these actions, you need to start the NodeManager using the ./startNodeManager.sh command as follows: 

cd $DOMAIN_HOME/bin
Run ./startNodeManager.sh
This section contains the following topics:
15.5.2.1 Stopping Oracle Unified Directory Instance Using Command Line

You can stop an Oracle Unified Directory (OUD) instance using command line interface.

To stop an Instance:

Run the following command from command line interface to stop an OUD Instance.

For Example:

$DOMAIN_HOME/bin/stopComponent.sh oud1

where oud1 is the instance name/server name created using WLST

15.5.2.2 Stopping Oracle Unified Directory Instance Using WebLogic Scripting Tool Commands

You can stop an Oracle Unified Directory (OUD) Instance using WebLogic Scripting Tool (WLST) commands.

Note:

Before starting or stopping an instance, you need to connect to the NodeManager as follows:

nmConnect(domainName='base_domain',username='weblogic',password='password')

To stop an Instance:

Run the following WLST command to stop an OUD Instance.

nmKill(serverName='oud1',serverType='OUD')