3 Setting Up Oracle Unified Directory as a Directory Server

You can use either the graphical user interface (GUI) or the command-line interface (CLI) to set up an Oracle Unified Directory LDAP directory server instance.

Topics:

Before you set up an LDAP directory server instance, you must have already installed the software, as described in Installing the Oracle Unified Directory Software.

3.1 Setting Up the Directory Server Using the Graphical User Interface (GUI)

You can use the graphical user interface to set up the directory server. The graphical user interface (GUI) install uses a Java-based graphical installer that enables you to set up the directory server, load it with data, and get it running in very little time.

Note:

The OUD instance creation GUI wizard is deprecated in Oracle Unified Directory 12c (12.2.1.4.0). Oracle recommends that you use the command-line (CLI) to create an instance. See Setting Up the Directory Server Using the Command-Line Interface (CLI).

The installer asks some basic questions about the server configuration and then gives you the choice of leaving your database empty, loading the server with data from your own LDIF or loading the server with automatically generated sample data. The installer also enables you to configure security and replication, and, optionally, to start the server when the configuration is complete.

To setup a directory server instance using the oud-setup graphical user interface (GUI):

  1. When you have installed the software, change to the OUD_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/$OUD_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location/$OUD_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation (JRE 8 or JDK 8).
  3. Run the oud-setup command to configure the directory server installation.

    On UNIX and Linux systems:

    $ oud-setup
    

    On Windows systems:

    C:\> oud-setup.bat
    

    The utility launches the graphical installer and creates the Oracle Unified Directory instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-instance
    

    Note:

    The instance is created directly under OUD-base-location by default. However, Oracle strongly recommends that you create your Oracle Unified Directory instance outside of the Oracle home directory.

    To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-instance
    
  4. On the Welcome screen, click Next.

    The Server Administration Settings screen is displayed.

  5. Enter the following information:
    1. Instance Path: Enter the path or use the Browse button to navigate to the directory where the instance will be created.
    2. Host Name: Enter the directory server's host name or IP address.

      The default is the local host name.

    3. Enter the port that will be used for administration traffic based on the protocols you selected.

      Select one of the following protocols:

      • Enable Administration only with LDAP: Enter the LDAP port that will be used for administration traffic.

        The default LDAP administration port is 4444.

      • Enable Administration with LDAP and HTTP: Enter the LDAP and HTTP ports that will be used for administration traffic.

        The default administration ports are 4444 for LDAP and 8444 for HTTP.

      • Enable Administration only with HTTP: Enter the HTTP port that will be used for administration traffic.

        The default HTTP administration port is 8444.

    4. Root User DN: Enter the Root User DN, or keep the default, cn=Directory Manager.
    5. Password: Enter the root user bind password.
    6. Password (confirm): Retype the root user bind password.
    7. Click Next.

      The Ports screen is displayed.

  6. Specify the different ports and protocols that clients can use to access the data in the server.

    Note:

    If you choose to enable a secure protocol, you must provide the certificate that the server will use to encrypt the communication.

    • Enable LDAP and enter the port number on which the directory server listens for connections. The default secure port is 1389.

    • Select Enable StartTLS for LDAP to specify that the LDAP connection handler should allow clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure connection.

    • Enable LDAPS and enter the port number on which the directory server listens for connections. On UNIX and Linux systems, if you run the installer as a non-root user, the default secure port is 1636, if available.

    • Enable HTTP and enter the port number on which the directory server listens for connections. The default secure port is 8080.

    • Enable HTTPS and enter the port number on which the directory server listens for connections. The default secure port is 10443.

    • Certificate: Select one of the following radio buttons to obtain the certificate that the server should use for SSL, StartTLS, or both:

      Generate Self-Signed Certificate generates a self-signed certificate that you can use to secure the communication. While this option is convenient for testing purposes, many clients will not trust the certificate by default, and you might need to configure it manually.

      Use an Existing Certificate uses a certificate in an existing JKS keystore, a PKCS #12 file, or a PKCS #11 token. For more information about obtaining and managing certificates, see Configuring Security Between Clients and Servers in Administering Oracle Unified Directory.

      For production servers, select Use an Existing Certificate, and then select the Keystore Type. Enter the Keystore Path, and Keystore PIN if necessary.

      If more than one certificate is defined in the specified key store, you are asked to select one of the certificates from a drop down menu.

    Click Next.

    The Topology Options screen is displayed.

  7. Select one of the following:

    Click Next.

    The Directory Data screen is displayed.

  8. Specify how to load data into your directory:
    • Directory Base DN: Enter the base DN for your directory.

      The default Base DN is dc=example,dc=com.

    • Directory Data: Select one of the following data options:

      Only Create Base Entry: Creates an entry with the base DN specified previously.

      Leave Database Empty: Sets up a database but does not populate any entries.

      Import Data from LDIF File: Imports LDIF data from the file specified in the Path field.

      Import Automatically-Generated Sample Data: Generates the number of sample entries specified in the Number of User Entries field.

    Click Next.

    The Oracle Components Integration screen is displayed.

  9. Select one of the following options. Some components appear in multiple options, with consecutive options adding additional components to the selection. The options are:
    • No specific integration: Select this option if you want a standard installation. This is the default option.

    • Enable for DIP: Select this option if you want this server instance to be enabled as a datastore for Oracle Directory Integration Platform (DIP) only.

    • Enable for EBS (E-Business Suite), Database Net Services and DIP: Select this option if you want this server instance to be enabled as a datastore for Oracle E-Business Suite (EBS), Oracle Database Net Services, and Oracle Directory Integration Platform (DIP).

    • Enable for EUS (Enterprise User Security), EBS, Database Net Services and DIP: Select this option if you want this server instance to be enabled as a datastore for Oracle Enterprise User Security (EUS), Oracle E-Business Suite (EBS), Oracle Database Net Services, and Oracle Directory Integration Platform (DIP).

      To enable a server instance for EUS, you must also have enabled SSL access, as described in the Server Settings screen in Step 5 of this procedure.

      The Enable for Oracle Database Net Services option causes this server to store the database connect identifiers.

      When you enable a server instance for Oracle Enterprise User Security (EUS), Oracle E-Business Suite (EBS), or Oracle Database Net Services, the following naming contexts are created on the instance:

      cn=oraclecontext

      cn=oracleschemaversion

      cn=subschemasubentry

      cn=oraclecontext,baseDN

    These naming contexts are not created if you select DIP.

    Click Next.

    The Server Tuning screen is displayed.

  10. The Server Tuning screen enables you to tune Oracle Unified Directory server by selecting one of these options:
    • Providing the specific memory to be dedicated to the server.

    • Explicitly providing the run-time settings (JVM arguments) to be used by the server and the off-line tools (import-ldif, export-ldif, verify-index, and rebuild-index).

    Select one of the following options:

    • Providing the Memory to be used for OUD: Move the slider to select the memory you want to use for the server. The off-line tools will use the same heap size as you select for the server using this slider.

      To fully dedicate the system, check Dedicated Machine for OUD.

      To reset any changes to the default values, click Reset to Default.

      Note:

      • The Providing the Memory to be used for OUD option is available only if you run the oud-setup script using a JVM with Java HotSpot (such as Oracle Java SE).

      • To tune the server using the contents of an LDIF file, use the dstune utility after you run the oud-setup script. See Using the dstune Utility in Administering Oracle Unified Directory.

    • Providing Runtime Options: Click Change to change any of the displayed values for the Server Runtime Settings or the Offline Tools Runtime Settings.

      To reset any changes to the default values, click Reset to Default.

      See also Configuring the Java Run-Time Settings During the Server Setup.

    Click Next.

    The Review screen is displayed.

  11. Review your configuration.

    Select Start Server when Configuration has Completed to start the server after the directory server has been configured. On Windows systems, select Start Server as a Windows service, if desired.

    To display the equivalent command-line installation, select Show Equivalent Command-Line from the drop down menu at the top of the panel. This option displays the non-interactive commands that are run to set up the server with the specified configuration, and can be useful for scripting purposes.

  12. Click Finish.
  13. Click Close.
  14. Test whether the directory server has been set up and started successfully by searching an entry in the directory. For example:

    On UNIX and Linux systems:

    instance-dir/OUD/bin/ldapsearch -h localhost -p 1389 \
      -D "cn=directory manager" -w my-password -b "dc=example,dc=com" \
      "(objectclass=*)"
    

    On Windows systems:

    instance-dir\OUD\bat\ldapsearch.bat -h localhost -p 1389 \
      -D "cn=directory manager" -w my-password -b "dc=example,dc=com" \
      "(objectclass=*)"

3.2 Setting Up the Directory Server Using the Command-Line Interface (CLI)

You can use the command-line interface to set up the directory server. You run the oud-setup script with the --cli option to set up a directory server instance using the command-line interface.

The command-line interface (CLI) install is either interactive or non-interactive. In a non-interactive installation, you can set up the server without user intervention. In interactive mode, you are prompted for the required information before the configuration begins.

To setup a directory server instance using the CLI:

  1. When you have installed the software, change to the OUD_HOME subdirectory.

    On UNIX and Linux systems:

    $ cd OUD-base-location/$OUD_HOME
    

    On Windows systems:

    C:\> cd OUD-base-location/$OUD_HOME
    
  2. Ensure that your JAVA_HOME environment variable is set to a supported JVM installation.
  3. Enter the oud-setup command with the --cli option to launch the install in interactive mode.
    $ ./oud-setup --cli
    

    The output should look similar to this:

    Oracle Unified Directory 12.2.1.4.0
    Please wait while the setup program initializes...
    
    Instance Path: [OUD-base-location/instance-dir]:

    The utility launches the command-line installer and creates the Oracle Unified Directory instance in OUD-base-location/instance-dir.

    The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

    $ export INSTANCE_NAME=my-oud-instance
    

    Note:

    The instance is created directly under OUD-base-location by default. However, Oracle strongly recommends that you create your Oracle Unified Directory instance outside of the Oracle home directory.

    To change the instance path, include the path relative to OUD-base-location when you set the INSTANCE_NAME variable. For example:

    $ export INSTANCE_NAME=../../local/my-oud-instance
    
  4. Enable the LDAP administration port, or press Enter or Return to accept the default.
    Do you want to enable the LDAP administration port?  Note that some of the OUD
    tools require this port to be enabled (yes / no) [yes]:
  5. Enter the port number that will be used for Administration traffic, or press Enter or Return to accept the default.
    On which port would you like the LDAP Administration Connector to accept
    connections? [4444]:

    The default administration port is 4444. See Managing Administration Traffic to the Server in Administering Oracle Unified Directory.

  6. Enter yes to enable the HTTP administrator port, or press Enter or Return to accept the default.
    Do you want to enable the HTTP administration port? (yes / no) [no]:
  7. Enter the root user DN, or press Enter or Return to accept the default (cn=Directory Manager).
    What would you like to use as the initial root user DN for the Directory
    Server? [cn=Directory Manager]: 
  8. Provide a password for the root user and reenter the password to confirm it.
    Please provide the password to use for the initial root user: **********
    Please re-enter the password for confirmation: **********
    
  9. Enable LDAP, or press Enter or Return to accept the default.
    Do you want to enable LDAP? (yes / no) [yes]:
  10. Enter the LDAP port number for your directory server, or press Enter or Return to accept the default.
    On which port would you like the Directory Server to accept connections from
    LDAP clients? [1389]:
  11. Enter yes to enable Start TLS, or press Enter or Return to accept the default.
    Do you want to enable Start TLS on LDAP Port '1389'? (yes / no) [no]:
    
  12. Enter yes to enable HTTP, or press Enter or Return to accept the default.
    Do you want to enable HTTP? (yes / no) [no]:
  13. Enter yes to enable LDAPS, or press Enter or Return to accept the default.
    Do you want to enable LDAPS? (yes / no) [no]:
  14. Enter yes to enable HTTPS, or press Enter or Return to accept the default
    Do you want to enable HTTPS? (yes / no) [no]:
  15. Press Enter or Return to create base DNs in the server, or enter no if you do not want to create base DNs.
    Do you want to create base DNs in the server? (yes / no) [yes]: 
  16. Enter the base DN for the directory data, or press Enter or Return to accept the default.
    Provide the base DN for the directory data: [dc=example,dc=com]:
  17. Select an option to populate the database:
    • Only create the base entry creates an entry with the base DN specified previously.

    • Leave the database empty sets up a database but does not populate any entries.

    • Import data from an LDIF file imports LDIF data from a file, specified in the following step.

    • Load automatically-generated sample data generates the number of sample entries specified in the following step.

    Options for populating the database:
    
    1) Only create the base entry
    2) Leave the database empty
    3) Import data from an LDIF file
    4) Load automatically-generated sample data
    
    Enter choice [1]: 
    
  18. Select one of the following options to integrate Oracle Unified Directory with Oracle components:

    1) No integration

    2) DIP (Directory Integration Platform)

    3) Generic: Database Net Services, EBS and DIP

    4) EUS (Enterprise User Security), Database Net Services, EBS and DIP

    The same components appear in multiple options. These options enable the server instance to be enabled as a datastore for the specified components, as follows.

    • 2) DIP: Oracle Directory Integration Platform (DIP) only.

    • 3) Generic: Database Net Services, EBS and DIP: Oracle E-Business Suite (EBS), Oracle Database Net Services, and Oracle Directory Integration Platform (DIP).

    • 4) EUS (Enterprise User Security), Database Net Services, EBS and DIP: Oracle Enterprise User Security (EUS), Oracle E-Business Suite (EBS), Oracle Database Net Services, and Oracle Directory Integration Platform (DIP).

      To integrate the server with EUS, you must also have enabled SSL access, as described in Step 11.

    When you enable a server instance for Oracle Enterprise User Security (EUS), Oracle E-Business Suite (EBS), or Oracle Database Net Services, the following naming contexts are created on the instance:

    cn=oraclecontext

    cn=oracleschemaversion

    cn=subschemasubentry

    cn=oraclecontext,baseDN

    These naming contexts are not created for DIP.

    Specify the Oracle components with which the server integrates.  It is
    recommended to choose the option covering only your requirements.
    
        1)  No Integration
        2)  DIP (Directory Integration Platform)
        3)  Generic: Database Net Services, EBS and DIP
        4)  EUS (Enterprise User Security), Database Net Services, EBS and DIP
    
        c)  cancel
    
    Enter choice [1]: 3
    
  19. Enter an option depending on how you want to tune the Oracle Unified Directory server:
    How do you want the OUD server to be tuned?
    
        1)  Use specific Java Virtual Machine arguments
        2)  Use the default Java Virtual Machine settings
        3)  Provide the Java heap size to be used by the server
        4)  Provide the percentage of system memory to be used by the server
        5)  Provide the size of system memory to be used by the server
    
    Enter choice [1]: 2

    Note:

    • Option 2 (default JVM settings) are based on the free memory of the system.

    • Options 3, 4, and 5 are available only if you run the oud-setup script using a JVM with Java HotSpot (such as Oracle Java SE).

  20. Enter an option depending on how you want to tune the off-line tools:
    How do you want the off-line tools (import-ldif, export-ldif, verify-index and
    rebuild-index) to be tuned?
    
        1)  Use specific Java Virtual Machine arguments
        2)  Use the default Java Virtual Machine settings
        3)  Automatic Tuning
        4)  Provide the Java heap size to be used by the off-line tools
    
    Enter choice [1]: 2

    Note:

    Select the Automatic Tuning option, if you want the off-line tools to be tuned automatically each time they are launched, depending on the system resources.
  21. Press Enter or Return to accept the default to start the server after the configuration has completed.
    Do you want to start the server when the configuration is completed? (yes /
    no) [yes]: 
    
    
    Setup Summary
    =============
    Instance Path:                       /u01/app/oracle/config/oud_instances/asinst_1/OUD
    LDAP Administration Port:            4444
    Root User DN:                        cn=Directory Manager
    LDAP Port:                           1389
    Directory Data:                      Create New Base DN dc=example,dc=com
                                         Base DN Data: Only Create Base Entry
                                         (dc=example,dc=com)
    Integration with Oracle components:  Generic: Database Net Services, EBS and DIP
    Server Runtime Settings:             Use the default Java Virtual Machine
                                         settings
    Off-line Tools Runtime Settings:     Use the default Java Virtual Machine
                                         settings
    
    Start Server when the configuration is completed
    
    Provide the base DN for the directory data: [dc=example,dc=com]:
  22. Enter 3 to display the equivalent non-interactive commands.

    This option displays the commands that are run to set up the server with the specified configuration, and can be useful for scripting purposes.

    What would you like to do?
    
        1)  Set up the server with the parameters above
        2)  Provide the setup parameters again
        3)  Print equivalent non-interactive command-line
        4)  Cancel and exit
    
    Enter choice [1]: 3
    
    Equivalent non-interactive command-line to setup server:
    
    oud-setup \
              --cli \
              --instancePath /u01/app/oracle/config/oud_instances/asinst_1/OUD \
              --adminConnectorPort 6444 \
              --httpAdminConnectorPort disabled \
              --rootUserDN cn=Directory\ Manager \
              --rootUserPasswordFile ****** \
              --ldapPort 3389 \
              --baseDN dc=example,dc=com \
              --addBaseEntry \
              --integration generic \
              --serverTuning jvm-default \
              --offlineToolsTuning jvm-default \
              --no-prompt \
              --noPropertiesFile
    
  23. Press Enter or Return to accept the default to complete the configuration process.
    What would you like to do?
    
        1)  Set up the server with the parameters above
        2)  Provide the setup parameters again
        3)  Print equivalent non-interactive command-line
        4)  Cancel and exit
    
    Enter choice [1]: 
    
    Creating instance directory /u01/app/oracle/config/oud_instances/asinst_1/OUD ..... Done.
    See /u01/app/oracle/config/oud_instances/asinst_1/OUD/logs/oud-setup for a detailed log
    of this operation.
    
    Configuring Directory Server ...... Done.
    Creating Base Entry dc=example,dc=com ..... Done.
    Preparing the server for Oracle integration .......... Done.
    Starting Directory Server ........... Done.
    Creating Net Services suffixes ..... Done.
    
    To see basic server configuration status and configuration you can launch
    /u01/app/oracle/config/oud_instances/asinst_1/OUD/bin/status 
    
  24. Test whether the directory server has been set up and started successfully by searching an entry in the directory. For example:
    instance-dir/OUD/bin/ldapsearch -h localhost -p 1389 \
      -D "cn=directory manager" -w my-password -b "dc=example,dc=com" \
      "(objectclass=*)"
    

    The output should look similar to this:

    dn: dc=example,dc=com
    dc: example
    objectClass: top
    objectClass: orclSubscriber
    objectClass: domain
    
    dn: cn=OracleContext,dc=example,dc=com
    orclVersion: 90600
    objectClass: orclContextAux82
    objectClass: top
    objectClass: orclContext
    cn: OracleContext
    
    dn: cn=Products,cn=OracleContext,dc=example,dc=com
    objectClass: top
    objectClass: orclContainer
    cn: Products
    
    dn: cn=OracleDBSecurityAdmins,cn=OracleContext,dc=example,dc=com
    uniquemember: cn=Directory Manager
    objectClass: groupofUniqueNames
    objectClass: orclPrivilegeGroup
    objectClass: top
    cn: OracleDBSecurityAdmins
    
    dn: cn=OracleDBCreators,cn=OracleContext,dc=example,dc=com
    uniquemember: cn=Directory Manager
    objectClass: groupofUniqueNames
    objectClass: orclPrivilegeGroup
    objectClass: top
    cn: OracleDBCreators
    
    dn: cn=OracleNetAdmins,cn=OracleContext,dc=example,dc=com
    uniquemember: cn=Directory Manager
    objectClass: groupofUniqueNames
    objectClass: orclPrivilegeGroup
    objectClass: top
    cn: OracleNetAdmins
    
    dn: cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=example,dc=com
    orclVersion: 102000
    cn: OracleDBSecurity
    orclDBVersionCompatibility: 90000
    objectClass: top
    objectClass: orclContainer
    objectClass: orclDBSecConfig
    objectClass: orclDBSecConfig10i
    orclDBOIDAuthentication: PASSWORD
    
    dn: cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=e
     xample,dc=com
    orcldbauthtypes: ALL
    objectClass: groupofuniquenames
    objectClass: orclDBEnterpriseDomain_82
    objectClass: orclprivilegegroup
    objectClass: top
    objectClass: orclDBEnterpriseDomain
    cn: OracleDefaultDomain
    
    dn: cn=Groups,cn=OracleContext,dc=example,dc=com
    objectClass: top
    objectClass: orclContainer
    cn: Groups
    
    dn: cn=Common,cn=Products,cn=OracleContext,dc=example,dc=com
    orclVersion: 90000
    orclCommonGroupSearchBase: ou=groups,dc=example,dc=com
    orclCommonKrbPrincipalAttribute: krbPrincipalName
    orclCommonApplicationGuidAttribute: orclGlobalID
    orclCommonNicknameAttribute: uid
    orclCommonWindowsPrincipalAttribute: orclSAMAccountName
    orclCommonUserCreateBase: ou=people,dc=example,dc=com
    orclCommonNamingAttribute: uid
    orclUserObjectClasses: top
    orclUserObjectClasses: person
    orclUserObjectClasses: inetorgperson
    orclUserObjectClasses: organizationalperson
    orclUserObjectClasses: orcluser
    orclUserObjectClasses: orcluserv2
    cn: Common
    orclSubscriberSearchBase: dc=example,dc=com
    orclSubscriberNickNameAttribute:: ZGMg
    objectClass: top
    objectClass: orclCommonAttributesV2
    objectClass: orclCommonAttributes
    objectClass: orclContainer
    orclCommonDefaultUserCreateBase: ou=people,dc=example,dc=com
    orclCommonDefaultGroupCreateBase: ou=groups,dc=example,dc=com
    orclCommonGroupCreateBase: ou=groups,dc=example,dc=com
    orclCommonUserSearchBase: ou=people,dc=example,dc=com
    
    dn: cn=OracleContextAdmins,cn=Groups,cn=OracleContext,dc=example,dc=com
    uniquemember: cn=Directory Manager
    cn: OracleContextAdmins
    description: Users who can administer all entities in this Oracle Context
    objectClass: groupofUniqueNames
    objectClass: orclPrivilegeGroup
    objectClass: orclGroup
    objectClass: top
    displayname: Oracle Context Administrators
    
    dn: cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,dc=example,dc=com
    uniquemember: cn=Directory Manager
    objectClass: groupofUniqueNames
    objectClass: orclPrivilegeGroup
    objectClass: top
    cn: OracleUserSecurityAdmins
    
    dn: cn=OraclePasswordAccessibleDomains,cn=Groups,cn=OracleContext,dc=example,dc=
     com
    uniquemember: cn=OracleDBSecurityAdmins,cn=OracleContext,dc=example,dc=com
    objectClass: groupofUniqueNames
    objectClass: orclPrivilegeGroup
    objectClass: top
    cn: OraclePasswordAccessibleDomains
    
    dn: cn=OracleDomainAdmins,cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products
     ,cn=OracleContext,dc=example,dc=com
    uniquemember: cn=Directory Manager
    objectClass: groupofUniqueNames
    objectClass: orclPrivilegeGroup
    objectClass: top
    cn: OracleDomainAdmins
    
    dn: cn=LabelSecurity,cn=Products,cn=OracleContext,dc=example,dc=com
    orclVersion: 100000
    objectClass: top
    objectClass: orclContainer
    cn: LabelSecurity
    
    dn: cn=Policies,cn=LabelSecurity,cn=Products,cn=OracleContext,dc=example,dc=com
    objectClass: top
    objectClass: orclContainer
    cn: Policies
    
    dn: cn=PolicyCreators,cn=Policies,cn=LabelSecurity,cn=Products,cn=oraclecontext,
     dc=example,dc=com
    owner: cn=OracleContextAdmins,cn=Groups,cn=OracleContext,dc=example,dc=com
    objectClass: groupOfUniqueNames
    objectClass: orclACPgroup
    objectClass: top
    cn: PolicyCreators
    
    dn: cn=ProxyPermissions,cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,c
     n=OracleContext,dc=example,dc=com
    objectClass: top
    objectClass: orclContainer
    cn: ProxyPermissions
    

3.2.1 Customizing Self Signed Certificate Generation Options

During OUD setup, you can customize the self-signed certificate by providing the following optional parameters:

  1. --selfSignedCertKeyAlg – To provide key algorithm of the self-signed certificate.
  2. --selfSignedCertKeySize – To provide key bit size of the self-signed certificate.
  3. --selfSignedCertSigAlg – To provide the signature algorithm of the self-signed certificate.

Note:

The values for the above parameters must be as per JDK documentation. For more information, see Java Security Standard Names documentation.

Sample non-interactive command-line to setup server:

oud-setup \
--cli \
-v -Z 2386 \
--instancePath /u01/app/oracle/config/oud_instances/asinst_1/OUD \
--adminConnectorPort 4444 \
--generateSelfSignedCertificate \
--selfSignedCertKeyAlg "RSA" \
--selfSignedCertKeySize "3072" \
--selfSignedCertSigAlg "SHA512withRSA" \
--rootUserDN cn=Directory\ Manager \
--rootUserPasswordFile ****** \
--ldapPort 1386 \
--baseDN dc=example,dc=com \
--addBaseEntry \
--integration generic \
--serverTuning jvm-default \
--offlineToolsTuning jvm-default \
--no-prompt \
--noPropertiesFile

3.3 Setting Up Replication During Installation

You can set up replication as part of the installation, if you install the directory server using the graphical user interface. However, if you install the server using the command-line interface, you must set up replication using the dsreplication command after the server is installed.

See Understanding Data Replication With dsreplication in Administering Oracle Unified Directory.

Note:

If you are running Oracle Unified Directory on HP Image Assistant (HPIA) platform, use the command-line interface to set up a replication instance. This will prevent connection issues due to HPIA JDK certificate error. See Setting Up the Directory Server Using the Command-Line Interface (CLI).
  1. For the first directory server in your replication topology, follow the instructions in Setting Up the Directory Server Using the Graphical User Interface (GUI).

  2. On the Topologies screen, do the following:

    • Select This server will be part of a replication topology.

    • Enter the replication port number or accept the default port 8989.

      The replication port must be an available port on the server, and must therefore be different for each directory server in a topology if all of them run on the same host.

    • Select Configure as Secure to use encrypted communication when connecting to the replication port on the first server.

      Note the host name, and administration port, for this first directory server. You will need this information when you configure the second directory server.

  3. Complete the configuration of the first server.

  4. For the second directory server in your replication topology, follow the instructions in Setting Up the Directory Server Using the Graphical User Interface (GUI).

  5. On the Topologies screen, do the following:

    • Select This server will be part of a replication topology.

    • Enter the replication port number for this directory server.

      The replication port must be different from the replication port of the first directory server if both servers run on the same host.

    • Select There is already a server in the topology and enter the following:

      1. Host Name: Enter the Host Name for the first directory server.

      2. Port: Enter the administration port for the first directory server.

      3. Admin User: Enter the bind DN for the first directory user, or accept the default.

      4. Admin Password: Enter the bind password for the Admin user.

  6. On the Global Administrator screen, provide the following information:

    • The UID for the new global administrator.

    • The password for the new global administrator.

    • Confirm the password for the new global administrator.

  7. On the Data Replication screen, select one of the following options, and click Next.

    1. Create first instance of base DN to be replicated.

    2. Create local instance of existing base DNs and configure replication. Click the base DN for the first directory server.

  8. Review the configuration settings for the second server, and click Finish.

  9. Repeat the above procedures to set up additional servers in the replication topology.

    When you have defined the Global Administrator, the entry with the DN and the password that you provided in step 5c must be defined on all servers in the topology.

3.4 Setting Up the Directory Server Using the WebLogic Scripting Tool

You can use the WebLogic Scripting Tool (WLST) to set up the directory server. Execute the oud_createInstance with the oud-setup script to set up a directory server instance using the WLST.

To set up a directory instance using the WLST:

  1. Set the PRODUCT_HOME and DOMAIN_HOME environment variables before launching WLST.
    export PRODUCT_HOME=/scratch/user/middleware/oracle_home
    export DOMAIN_HOME=/scratch/user/middleware/oracle_home/user_projects/domains/base_domain

    PRODUCT_HOME is similar to ORACLE_HOME. It points to the directory where a user provides at the time of product installation. However, DOMAIN_HOME points to the directory where domains that you configure are created.

  2. Launch the WLST:

    On UNIX and Linux systems:

    $ ORACLE_HOME/oracle_common/common/bin/wlst.sh

    On Windows systems:

    C:\> ORACLE_HOME\oracle_common\common\bin\wlst.cmd

    ORACLE_HOME is the Oracle home directory you specified at installation.

  3. Execute the oud_createInstance command with script name oud-setup to create the OUD Server instance.
    oud_createInstance(scriptName='oud-setup',instanceName='oud1',hostname='localhost',ldapPort=1389,rootUserDN='cn=Directory\ Manager',
    rootUserPasswordFile='/scratch/user/password.txt',baseDN='dc=example,dc=com',sampleData=5,adminConnectorPort= 1444) 

    scriptName indicates the setup script based on the flavor of OUD. The value for this parameter can be any one of [oud-setup, oud-proxy-setup, oud-replication-gateway-setup].

    instanceName indicates the name of the instance. For example, oud1.

    Note:

    Arguments that cannot have a value like noPropertiesFile and so on, can also be used with the custom WLST commands. You must pass an empty value for these arguments. For example, noPropertiesFile=''.

    See oud-setup in Administering Oracle Unified Directory for the rest of the parameters and their descriptions.

    Output:

    Oracle Unified Directory 12.2.1.4.0
    Please wait while the setup program initializes…
    Creating instance directory
    /scratch/user/middleware/oracle_home/user_projects/domains/base_domain/system_components/OUD/oud1/
    .....Done.
    
    See
    /scratch/user/middleware/oracle_home/user_projects/domains/base_domain/system_components/OUD/oud1/logs/oud-setup
    for a detailed log of this operation.
    
    Configuring Directory Server ..... Done.
    Importing Automatically-Generated Data (5 Entries) ....... Done.
    
    To see basic server configuration status and configuration you can launch
    /scratch/user/middleware/oracle_home/user_projects/domains/base_domain/system_components/OUD/oud1/bin/status
    Successfully created OUD instance