Tuesday, 19 August 2014
A.1 Instance Creation and Process Management
10g Oracle Internet Directory Instance Creation
In 10g (10.1.4.0.1) and earlier releases, configuration information for an instance of Oracle Internet Directory was stored in a configuration set, which had a DN of the form:
cn=configsetN,cn=osdldapd,cn=subconfigsubentry
where N is an integer. You created a new Oracle Internet Directory instance by creating a new configsetN entry and then executing:
oidctl connect=connStr config=N inst=InstNum flags="...." start
to start the instance.
11g Oracle Internet Directory Instance Creation
In 11g Release 1 (11.1.1), the procedure for creating an instance has changed. Configuration information for an Oracle Internet Directory instance now resides in an instance-specific configuration entry, which has a DN of the form
cn=componentname,cn=osdldapd,cn=subconfigsubentry
where componentname is the name of a Oracle Fusion Middleware system component of Type=OID, for example, oid1. You do not manually create an instance-specific configuration entry. Instead, you create a Oracle Fusion Middleware component of Type=OID. Creating the Oracle Internet Directory component automatically generates an instance-specific configuration entry.
Note:
The entry in configset0 still exists in 11g, but it is read-only and used to store default attribute values for seeding new instance-specific configuration entries.
The first Oracle Internet Directory system component is created during installation. The first Oracle Internet Directory system component, oid1 by default, is created during installation with the Oracle instance name asinst_1 by default. The corresponding configuration entry for this component is cn=oid1,cn=osdldapd,cn=subconfigsubentry. There are two ways to create an additional Oracle Internet Directory instance:
Adding another component of Type=OID by using opmnctl createcomponent. For example:
opmnctl createcomponent -componentType OID \
-componentName componentName -Db_info "DBHostName:Port:DBSvcName" \
-Namespace "dc=domain"
See "Creating an Oracle Internet Directory Component by Using opmnctl" for more information.
Adding an Oracle Internet Directory instance within an existing component of Type=OID by using oidctl add. See "Creating and Starting an Oracle Internet Directory Server Instance by Using OIDCTL" for more information.
The recommended method is to use opmnctl to add a system component. If you create an instance by adding a component with opmnctl, you must use opmnctl or Oracle Enterprise Manager Fusion Middleware Control, not oidctl, to stop and start the instance. See "Starting the Oracle Internet Directory Server by Using opmnctl" and "Starting the Oracle Internet Directory Server by Using Fusion Middleware Control".
You can update the configuration attributes of the instance by using Fusion Middleware Control, LDAP tools, or Oracle Directory Services Manager. See Chapter 9, "Managing System Configuration Attributes."
If you use opmnctl to add a system component with oid2 as the component name, then an additional instance with componentname=oid2 is configured within the given Oracle instance, which is asinst_1 by default. This instance of Oracle Internet Directory can be started and stopped by using the opmnctl command with ias-component=oid2 or by using Fusion Middleware Control. The instance-specific configuration entry for this instance is cn=oid2,cn=osdldapd,cn=subconfigsubentry and the configuration attributes in that entry can be updated to customize the instance. For more information about instance-specific configuration attributes, see "Attributes of the Instance-Specific Configuration Entry".
Note:
You can use oidctl to create an instance if you are running Oracle Internet Directory as a standalone server, not part of a WebLogic domain. When you create an instance with oidctl, you must use oidmon and oidctl to stop and start the instance. An Oracle Internet Directory instance created with oidctl cannot be registered with a WebLogic server, so you cannot use Oracle Enterprise Manager Fusion Middleware Control to manage the instance. See Appendix B, "Managing Oracle Internet Directory Instances by Using OIDCTL."
11g Replication Server
Use oidctl or Oracle Enterprise Manager Fusion Middleware Control to start replication on an instance the first time. After that, opmnctl stops and starts replication when it stops and starts the component. If you must stop and start the Oracle Internet Directory Replication Server for administration purposes, use oidctl or Oracle Enterprise Manager Fusion Middleware Control.
11g OIDMON
In 11g Release 1 (11.1.1), OIDMON monitors and reports the status of all Oracle Internet Directory processes (dispatcher, directory server, and replication server) to OPMN. This monitoring by OIDMON enables Fusion Middleware Control to report Oracle Internet Directory status accurately.
See Also:
Chapter 4, "Understanding Process Control of Oracle Internet Directory Components"
Chapter 8, "Managing Oracle Internet Directory Instances."
A.2 Locations of Configuration Attributes
Oracle Internet Directory configuration information is stored in configuration attributes in the DIT. For a complete listing of configuration attributes, their locations, and procedures for managing them, see Chapter 9, "Managing System Configuration Attributes."
In 10g (10.1.4.0.1), many configurable Oracle Internet Directory attributes resided in the DSE Root and in the configset entry, for example, cn=configset0,cn=osdldapd,cn=subconfigsubentry. In 11g Release 1 (11.1.1), most of these have been moved to the instance-specific configuration entry or the DSA configuration entry.
Most attributes that resided in the instance-specific configuration set at 10g (10.1.4.0.1) are now stored in the instance-specific configuration entry in 11g Release 1 (11.1.1). In addition, some attributes that resided in the DSA configuration entry are now instance-specific and have been moved to the instance-specific configuration entry.
Notes:
During an upgrade to 11g, attributes are created in their new locations with default values. An attribute's value prior to the upgrade is not preserved unless the attribute is in the same location in 11g.
If you manage attributes from the command line, ensure that the DNs specified on the command line or in LDIF files reflect the 11g locations of the attributes.
Table A-1 lists 10g attributes, their locations in 10g and in 11g, and their default values in 11g. In the following table, "Instance Specific" implies that the attribute is located in the instance-specific configuration entry, for example cn=oid1,cn=osdldapd,cn=subconfigsubentry and DSA Config is cn=dsaconfig,cn=configsets,cn=oracle internet directory. Attributes in the DSA Config entry are shared by all Oracle Internet Directory instances and components.
Table A-1 New Locations of 10g Attributes
Attribute 10g Location 11g Location 11g Default Value
orclanonymousbindsflag
Root DSE
Instance Specific
1
orcldataprivacymode
DSA Config
DSA Config
0
orcldebugflag
Root DSE
Instance Specific
0
orcldebugforceflush
DSA Config
Instance Specific
0
orcldebugop
Root DSE
Instance Specific
511
orclecacheenabled
Root DSE
Instance Specific
1
orclecachemaxentries
Root DSE
Instance Specific
100000
orclecachemaxentsize
DSA Config
Instance Specific
1000000
orclecachemaxsize
Root DSE
Instance Specific
200000000
orclenablegroupcache
Root DSE
Instance Specific
1
orcleventlevel
Root DSE
Instance Specific
0
orclldapconntimeout
DSA Config
Instance Specific
0
orclmatchdnenabled
Root DSE
DSA Config
1
orclmaxcc
Configset
Instance Specific
2
orclmaxconnincache
DSA Config
Instance Specific
100000
orclnwrwtimeout
DSA Config
Instance Specific
30
orcloptcontainsquery
Root DSE
DSA Config
0
orcloptracklevel
DSA Config
Instance Specific
0
orcloptrackmaxtotalsize
DSA Config
Instance Specific
100000000
orclpkimatchingrule
DSA Config
DSA Config
2
orclrefreshdgrmems
DSA Config
DSA Config
0
orclsaslauthenticationmode
Configset
Instance Specific
auth-conf
orclsaslcipherchoice
Configset
Instance Specific
Rc4-56, des, 3des, rc4, rc4-40
orclsaslmechanism
Configset
Instance Specific
DIGEST MD5, EXTERNAL
orclsdumpflag
DSA Config
Instance Specific
0
orclservermode
Root DSE
Instance Specific
rw
orclserverprocs
Configset
Instance Specific
1
orclsizelimit
Root DSE
Instance Specific
10000
orclskewedattribute
DSA Config
DSA Config
objectclass
orclskiprefinsql
DSA Config
DSA Config
0
orclsslauthentication
Configset
Instance Specific
1
orclsslenable
Configset
Instance Specific
0
orclsslversion
Configset
Instance Specific
3
orclsslwalleturl
Configset
Instance Specific
File:
orclstatsdn
DSA Config
DSA Config
orclstatsflag
Root DSE
Instance Specific
1
orclstatslevel
Root DSE
Instance Specific
0
orclstatsperiodicity
DSA Config
Instance Specific
30
orcltimelimit
Root DSE
Instance Specific
3600
orcltlimitmode
DSA Config
1
See Also:
Chapter 9, "Managing System Configuration Attributes".
A.3 Default Ports
During installation of Oracle Internet Directory, Oracle Identity Management 11g Installer follows specific steps in assigning the SSL and non-SSL port. First, it attempts to use 3060 as the non-SSL port. If that port is unavailable, it tries ports in the range 3061 to 3070, then 13060 to 13070. Similarly, it attempts to use 3131 as its SSL port, then ports in the range 3132 to 3141, then 13131 to 13141.
If you want Oracle Internet Directory to use privileged ports, you can override the defaults during installation by using staticports.ini. (See Oracle Fusion Middleware Installation Guide for Oracle Identity Management.) You can also reset the port numbers after installation. See "Enabling Oracle Internet Directory to run on Privileged Ports".
Note:
If you perform an upgrade from an earlier version of Oracle Internet Directory to 11g Release 1 (11.1.1), your port numbers from the earlier version are retained.
A.4 Enabling Server Debugging
In 10g, you could enable debugging either by using a debug option when you invoked the server or by setting orcldebugflag, which was in the root DSE.
In 11g, you cannot enable debugging by using debug options when you invoke the server. You enable debugging of the directory server by changing the attribute orcldebugflag, which is now in the instance-specific configuration entry, which has a DN of the form:
cn=componentname,cn=osdldapd,cn=subconfigsubentry
You can change orcldebugflag either by using the Server Properties page, Logging tab, in Fusion Middleware Control or by using ldapmodify. For example, you could use the following LDIF file to configure the Oracle Internet Directory instance in system component oid1 for heavy trace debugging.
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orcldebugflag
orcldebugflag: 1
See Chapter 23, "Managing Logging" for more information.
You enable debugging of the replication server by changing the attribute orcldebuglevel in the replication configuration set
Table 40-4, "Replication Configuration Set Attributes" lists and describes the attributes of the replication configuration set, which has the following DN:
cn=configset0,cn=osdrepld,cn=subconfigsubentry
You can use either ldapmodify or the Shared Properties, Replication tab, in Fusion Middleware Control to change orcldebuglevel. See Chapter 40, "Managing Replication Configuration Attributes" for more information.
A.5 Command Line Tools
Most commands now require that the environment variable ORACLE_INSTANCE be set.
New options have been added to opmnctl and oidctl.
Several Oracle Internet Directory administration tools and bulk tools take a connect argument that specifies the Oracle Database to connect to. In 10g, if you did not include a connect argument on the command line, the command would take the value of the environment variable ORACLE_SID by default. In 11g Release 1 (11.1.1), you must use the connect argument to specify the database. Oracle Internet Directory and Oracle Database are not installed in the same ORACLE_HOME, so ORACLE_SID is irrelevant. Therefore, you must use the connect argument to specify the database, for example connect=oiddb.
See Also:
Chapter 8, "Managing Oracle Internet Directory Instances"
Chapter 15, "Performing Bulk Operations"
A.6 Path Names
In Oracle Fusion Middleware 11g Release 1 (11.1.1), files that are updatable are installed under ORACLE_INSTANCE and most product binaries are stored under ORACLE_HOME. As a result, the path names of most configuration files and log files are different than in 10g (10.1.4.0.1). Table A-2 lists some examples:
Table A-2 Some Path Names that Changed
Filename 10g (10.1.4.0.1) Location 11g Release 1 (11.1.1) Location
Orclpwdlldap1
OidpwdrSID
ORACLE_HOME/ldap/admin
ORACLE_INSTANCE/OID/admin
Tnsnames.ora
ORACLE_HOME/network/admin
ORACLE_HOME/config
Oidldapd*.log
oidmon*.log
ORACLE_HOME/ldap/log
ORACLE_HOME/diagnostics/logs/OID/componentName
bulkload.log
bulkdelte.log
catalog.log
ORACLE_HOME/ldap/log
ORACLE_HOME/diagnostics/logs/OID/tools
Bulkload intermediate files
ORACLE_HOME/ldap/load
ORACLE_HOME/OID/load
opmnctl
ORACLE_HOME/opmn/bin
ORACLE_INSTANCE/bin
opmn.xmll
ORACLE_HOME/opmn/conf
ORACLE_INSTANCE/config/OPMN/opmn
See Also:
Chapter 2, "Understanding Oracle Internet Directory in Oracle Fusion Middleware"
A.7 Graphical User Interfaces
Oracle Directory Manager and Oracle Internet Directory Grid Control Plug-in no longer exist in 11g Release 1 (11.1.1). They have been replaced by Oracle Directory Services Manager and Oracle Enterprise Manager Fusion Middleware Control.
See the following sections for more information:
"Using Oracle Directory Services Manager"
"Using Fusion Middleware Control to Manage Oracle Internet Directory"
A.8 Audit
As of release 11g Release 1 (11.1.1), Oracle Internet Directory uses an audit framework that is integrated with Oracle Fusion Middleware.
You can configure auditing by using Oracle Enterprise Manager Fusion Middleware Control or the WebLogic Scripting Tool, wlst.
The attribute orclAudFilterPreset has replaced the audit levels used in 10g (10.1.4.0.1). You can set it to None, Low, Medium, All, or Custom.
There is no longer any need for an Oracle Internet Directory garbage collector.
See Also:
Chapter 22, "Managing Auditing."
A.9 Referential Integrity
Referential Integrity has been completely reimplemented. You can configure it from the command line or by using Oracle Enterprise Manager Fusion Middleware Control.
See Also:
Chapter 21, "Configuring Referential Integrity"
A.10 Server Chaining
Server chaining now supports Novell eDirectory, as well as Microsoft Active Directory and Sun Java System Directory Server, formerly known as SunONE iPlanet. The attributes mapUIDtoADAttribute, showExternalGroupEntries, showExternalUserEntries, and addOrcluserv2ToADUsers have been added since Oracle Internet Directory 10g (10.1.4.0.1).
A.11 Replication
You can set up and manage LDAP-based replication by using the replication wizard in Oracle Enterprise Manager Fusion Middleware Control. A separate Replication page enables you to adjust attributes that control the replication server.
You can now use LDAP-based replication for multimaster directory replication groups. You no longer need Oracle Database Advanced Replication-based replication for this purpose. If you want to replicate Oracle Single Sign-On, however, you still must use Oracle Database Advanced Replication-based replication.
See Also:
Chapter 6, "Understanding Oracle Internet Directory Replication"
Part V, "Advanced Administration: Directory Replication"
Appendix C, "Setting Up Oracle Database Advanced Replication-Based Replication"
A.12 Oracle Directory Integration Platform
In 10g (10.1.4.0.1), the Oracle Directory Integration Platform server was under the control of OIDMON, like the LDAP and replication servers. For 11g Release 1 (11.1.1), Oracle Directory Integration Platform has been reimplemented as a J2EE application, and is started and stopped separately from Oracle Internet Directory servers.
See Also:
Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform
A.13 Oracle Single Sign-On and Oracle Delegated Administration Services
Oracle Fusion Middleware 11g Release 1 (11.1.1) does not include Oracle Single Sign-On or Oracle Delegated Administration Services. Oracle Internet Directory 11g Release 1 (11.1.1), however, is compatible with Oracle Single Sign-On 10g (10.1.4.3.0) or later and Oracle Delegated Administration Services 10g (10.1.4.3.0) or later.
A.14 Java Containers
In Oracle Application Server 10g, Java applications ran in instances of Oracle Containers for Java. In the current release, they run in instances of WebLogic. Oracle Directory Services Manager and Oracle Directory Integration Platform are Java components that run in WebLogic managed servers.
The Oracle Internet Directory LDAP and replication servers, as C programs, are system components and are not affected by this change. The Java server plug-ins run in a JVM within the oidldapd server itself. This is implemented using the Java Native Interface (JNI).
10g Oracle Internet Directory Instance Creation
In 10g (10.1.4.0.1) and earlier releases, configuration information for an instance of Oracle Internet Directory was stored in a configuration set, which had a DN of the form:
cn=configsetN,cn=osdldapd,cn=subconfigsubentry
where N is an integer. You created a new Oracle Internet Directory instance by creating a new configsetN entry and then executing:
oidctl connect=connStr config=N inst=InstNum flags="...." start
to start the instance.
11g Oracle Internet Directory Instance Creation
In 11g Release 1 (11.1.1), the procedure for creating an instance has changed. Configuration information for an Oracle Internet Directory instance now resides in an instance-specific configuration entry, which has a DN of the form
cn=componentname,cn=osdldapd,cn=subconfigsubentry
where componentname is the name of a Oracle Fusion Middleware system component of Type=OID, for example, oid1. You do not manually create an instance-specific configuration entry. Instead, you create a Oracle Fusion Middleware component of Type=OID. Creating the Oracle Internet Directory component automatically generates an instance-specific configuration entry.
Note:
The entry in configset0 still exists in 11g, but it is read-only and used to store default attribute values for seeding new instance-specific configuration entries.
The first Oracle Internet Directory system component is created during installation. The first Oracle Internet Directory system component, oid1 by default, is created during installation with the Oracle instance name asinst_1 by default. The corresponding configuration entry for this component is cn=oid1,cn=osdldapd,cn=subconfigsubentry. There are two ways to create an additional Oracle Internet Directory instance:
Adding another component of Type=OID by using opmnctl createcomponent. For example:
opmnctl createcomponent -componentType OID \
-componentName componentName -Db_info "DBHostName:Port:DBSvcName" \
-Namespace "dc=domain"
See "Creating an Oracle Internet Directory Component by Using opmnctl" for more information.
Adding an Oracle Internet Directory instance within an existing component of Type=OID by using oidctl add. See "Creating and Starting an Oracle Internet Directory Server Instance by Using OIDCTL" for more information.
The recommended method is to use opmnctl to add a system component. If you create an instance by adding a component with opmnctl, you must use opmnctl or Oracle Enterprise Manager Fusion Middleware Control, not oidctl, to stop and start the instance. See "Starting the Oracle Internet Directory Server by Using opmnctl" and "Starting the Oracle Internet Directory Server by Using Fusion Middleware Control".
You can update the configuration attributes of the instance by using Fusion Middleware Control, LDAP tools, or Oracle Directory Services Manager. See Chapter 9, "Managing System Configuration Attributes."
If you use opmnctl to add a system component with oid2 as the component name, then an additional instance with componentname=oid2 is configured within the given Oracle instance, which is asinst_1 by default. This instance of Oracle Internet Directory can be started and stopped by using the opmnctl command with ias-component=oid2 or by using Fusion Middleware Control. The instance-specific configuration entry for this instance is cn=oid2,cn=osdldapd,cn=subconfigsubentry and the configuration attributes in that entry can be updated to customize the instance. For more information about instance-specific configuration attributes, see "Attributes of the Instance-Specific Configuration Entry".
Note:
You can use oidctl to create an instance if you are running Oracle Internet Directory as a standalone server, not part of a WebLogic domain. When you create an instance with oidctl, you must use oidmon and oidctl to stop and start the instance. An Oracle Internet Directory instance created with oidctl cannot be registered with a WebLogic server, so you cannot use Oracle Enterprise Manager Fusion Middleware Control to manage the instance. See Appendix B, "Managing Oracle Internet Directory Instances by Using OIDCTL."
11g Replication Server
Use oidctl or Oracle Enterprise Manager Fusion Middleware Control to start replication on an instance the first time. After that, opmnctl stops and starts replication when it stops and starts the component. If you must stop and start the Oracle Internet Directory Replication Server for administration purposes, use oidctl or Oracle Enterprise Manager Fusion Middleware Control.
11g OIDMON
In 11g Release 1 (11.1.1), OIDMON monitors and reports the status of all Oracle Internet Directory processes (dispatcher, directory server, and replication server) to OPMN. This monitoring by OIDMON enables Fusion Middleware Control to report Oracle Internet Directory status accurately.
See Also:
Chapter 4, "Understanding Process Control of Oracle Internet Directory Components"
Chapter 8, "Managing Oracle Internet Directory Instances."
A.2 Locations of Configuration Attributes
Oracle Internet Directory configuration information is stored in configuration attributes in the DIT. For a complete listing of configuration attributes, their locations, and procedures for managing them, see Chapter 9, "Managing System Configuration Attributes."
In 10g (10.1.4.0.1), many configurable Oracle Internet Directory attributes resided in the DSE Root and in the configset entry, for example, cn=configset0,cn=osdldapd,cn=subconfigsubentry. In 11g Release 1 (11.1.1), most of these have been moved to the instance-specific configuration entry or the DSA configuration entry.
Most attributes that resided in the instance-specific configuration set at 10g (10.1.4.0.1) are now stored in the instance-specific configuration entry in 11g Release 1 (11.1.1). In addition, some attributes that resided in the DSA configuration entry are now instance-specific and have been moved to the instance-specific configuration entry.
Notes:
During an upgrade to 11g, attributes are created in their new locations with default values. An attribute's value prior to the upgrade is not preserved unless the attribute is in the same location in 11g.
If you manage attributes from the command line, ensure that the DNs specified on the command line or in LDIF files reflect the 11g locations of the attributes.
Table A-1 lists 10g attributes, their locations in 10g and in 11g, and their default values in 11g. In the following table, "Instance Specific" implies that the attribute is located in the instance-specific configuration entry, for example cn=oid1,cn=osdldapd,cn=subconfigsubentry and DSA Config is cn=dsaconfig,cn=configsets,cn=oracle internet directory. Attributes in the DSA Config entry are shared by all Oracle Internet Directory instances and components.
Table A-1 New Locations of 10g Attributes
Attribute 10g Location 11g Location 11g Default Value
orclanonymousbindsflag
Root DSE
Instance Specific
1
orcldataprivacymode
DSA Config
DSA Config
0
orcldebugflag
Root DSE
Instance Specific
0
orcldebugforceflush
DSA Config
Instance Specific
0
orcldebugop
Root DSE
Instance Specific
511
orclecacheenabled
Root DSE
Instance Specific
1
orclecachemaxentries
Root DSE
Instance Specific
100000
orclecachemaxentsize
DSA Config
Instance Specific
1000000
orclecachemaxsize
Root DSE
Instance Specific
200000000
orclenablegroupcache
Root DSE
Instance Specific
1
orcleventlevel
Root DSE
Instance Specific
0
orclldapconntimeout
DSA Config
Instance Specific
0
orclmatchdnenabled
Root DSE
DSA Config
1
orclmaxcc
Configset
Instance Specific
2
orclmaxconnincache
DSA Config
Instance Specific
100000
orclnwrwtimeout
DSA Config
Instance Specific
30
orcloptcontainsquery
Root DSE
DSA Config
0
orcloptracklevel
DSA Config
Instance Specific
0
orcloptrackmaxtotalsize
DSA Config
Instance Specific
100000000
orclpkimatchingrule
DSA Config
DSA Config
2
orclrefreshdgrmems
DSA Config
DSA Config
0
orclsaslauthenticationmode
Configset
Instance Specific
auth-conf
orclsaslcipherchoice
Configset
Instance Specific
Rc4-56, des, 3des, rc4, rc4-40
orclsaslmechanism
Configset
Instance Specific
DIGEST MD5, EXTERNAL
orclsdumpflag
DSA Config
Instance Specific
0
orclservermode
Root DSE
Instance Specific
rw
orclserverprocs
Configset
Instance Specific
1
orclsizelimit
Root DSE
Instance Specific
10000
orclskewedattribute
DSA Config
DSA Config
objectclass
orclskiprefinsql
DSA Config
DSA Config
0
orclsslauthentication
Configset
Instance Specific
1
orclsslenable
Configset
Instance Specific
0
orclsslversion
Configset
Instance Specific
3
orclsslwalleturl
Configset
Instance Specific
File:
orclstatsdn
DSA Config
DSA Config
orclstatsflag
Root DSE
Instance Specific
1
orclstatslevel
Root DSE
Instance Specific
0
orclstatsperiodicity
DSA Config
Instance Specific
30
orcltimelimit
Root DSE
Instance Specific
3600
orcltlimitmode
DSA Config
1
See Also:
Chapter 9, "Managing System Configuration Attributes".
A.3 Default Ports
During installation of Oracle Internet Directory, Oracle Identity Management 11g Installer follows specific steps in assigning the SSL and non-SSL port. First, it attempts to use 3060 as the non-SSL port. If that port is unavailable, it tries ports in the range 3061 to 3070, then 13060 to 13070. Similarly, it attempts to use 3131 as its SSL port, then ports in the range 3132 to 3141, then 13131 to 13141.
If you want Oracle Internet Directory to use privileged ports, you can override the defaults during installation by using staticports.ini. (See Oracle Fusion Middleware Installation Guide for Oracle Identity Management.) You can also reset the port numbers after installation. See "Enabling Oracle Internet Directory to run on Privileged Ports".
Note:
If you perform an upgrade from an earlier version of Oracle Internet Directory to 11g Release 1 (11.1.1), your port numbers from the earlier version are retained.
A.4 Enabling Server Debugging
In 10g, you could enable debugging either by using a debug option when you invoked the server or by setting orcldebugflag, which was in the root DSE.
In 11g, you cannot enable debugging by using debug options when you invoke the server. You enable debugging of the directory server by changing the attribute orcldebugflag, which is now in the instance-specific configuration entry, which has a DN of the form:
cn=componentname,cn=osdldapd,cn=subconfigsubentry
You can change orcldebugflag either by using the Server Properties page, Logging tab, in Fusion Middleware Control or by using ldapmodify. For example, you could use the following LDIF file to configure the Oracle Internet Directory instance in system component oid1 for heavy trace debugging.
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orcldebugflag
orcldebugflag: 1
See Chapter 23, "Managing Logging" for more information.
You enable debugging of the replication server by changing the attribute orcldebuglevel in the replication configuration set
Table 40-4, "Replication Configuration Set Attributes" lists and describes the attributes of the replication configuration set, which has the following DN:
cn=configset0,cn=osdrepld,cn=subconfigsubentry
You can use either ldapmodify or the Shared Properties, Replication tab, in Fusion Middleware Control to change orcldebuglevel. See Chapter 40, "Managing Replication Configuration Attributes" for more information.
A.5 Command Line Tools
Most commands now require that the environment variable ORACLE_INSTANCE be set.
New options have been added to opmnctl and oidctl.
Several Oracle Internet Directory administration tools and bulk tools take a connect argument that specifies the Oracle Database to connect to. In 10g, if you did not include a connect argument on the command line, the command would take the value of the environment variable ORACLE_SID by default. In 11g Release 1 (11.1.1), you must use the connect argument to specify the database. Oracle Internet Directory and Oracle Database are not installed in the same ORACLE_HOME, so ORACLE_SID is irrelevant. Therefore, you must use the connect argument to specify the database, for example connect=oiddb.
See Also:
Chapter 8, "Managing Oracle Internet Directory Instances"
Chapter 15, "Performing Bulk Operations"
A.6 Path Names
In Oracle Fusion Middleware 11g Release 1 (11.1.1), files that are updatable are installed under ORACLE_INSTANCE and most product binaries are stored under ORACLE_HOME. As a result, the path names of most configuration files and log files are different than in 10g (10.1.4.0.1). Table A-2 lists some examples:
Table A-2 Some Path Names that Changed
Filename 10g (10.1.4.0.1) Location 11g Release 1 (11.1.1) Location
Orclpwdlldap1
OidpwdrSID
ORACLE_HOME/ldap/admin
ORACLE_INSTANCE/OID/admin
Tnsnames.ora
ORACLE_HOME/network/admin
ORACLE_HOME/config
Oidldapd*.log
oidmon*.log
ORACLE_HOME/ldap/log
ORACLE_HOME/diagnostics/logs/OID/componentName
bulkload.log
bulkdelte.log
catalog.log
ORACLE_HOME/ldap/log
ORACLE_HOME/diagnostics/logs/OID/tools
Bulkload intermediate files
ORACLE_HOME/ldap/load
ORACLE_HOME/OID/load
opmnctl
ORACLE_HOME/opmn/bin
ORACLE_INSTANCE/bin
opmn.xmll
ORACLE_HOME/opmn/conf
ORACLE_INSTANCE/config/OPMN/opmn
See Also:
Chapter 2, "Understanding Oracle Internet Directory in Oracle Fusion Middleware"
A.7 Graphical User Interfaces
Oracle Directory Manager and Oracle Internet Directory Grid Control Plug-in no longer exist in 11g Release 1 (11.1.1). They have been replaced by Oracle Directory Services Manager and Oracle Enterprise Manager Fusion Middleware Control.
See the following sections for more information:
"Using Oracle Directory Services Manager"
"Using Fusion Middleware Control to Manage Oracle Internet Directory"
A.8 Audit
As of release 11g Release 1 (11.1.1), Oracle Internet Directory uses an audit framework that is integrated with Oracle Fusion Middleware.
You can configure auditing by using Oracle Enterprise Manager Fusion Middleware Control or the WebLogic Scripting Tool, wlst.
The attribute orclAudFilterPreset has replaced the audit levels used in 10g (10.1.4.0.1). You can set it to None, Low, Medium, All, or Custom.
There is no longer any need for an Oracle Internet Directory garbage collector.
See Also:
Chapter 22, "Managing Auditing."
A.9 Referential Integrity
Referential Integrity has been completely reimplemented. You can configure it from the command line or by using Oracle Enterprise Manager Fusion Middleware Control.
See Also:
Chapter 21, "Configuring Referential Integrity"
A.10 Server Chaining
Server chaining now supports Novell eDirectory, as well as Microsoft Active Directory and Sun Java System Directory Server, formerly known as SunONE iPlanet. The attributes mapUIDtoADAttribute, showExternalGroupEntries, showExternalUserEntries, and addOrcluserv2ToADUsers have been added since Oracle Internet Directory 10g (10.1.4.0.1).
A.11 Replication
You can set up and manage LDAP-based replication by using the replication wizard in Oracle Enterprise Manager Fusion Middleware Control. A separate Replication page enables you to adjust attributes that control the replication server.
You can now use LDAP-based replication for multimaster directory replication groups. You no longer need Oracle Database Advanced Replication-based replication for this purpose. If you want to replicate Oracle Single Sign-On, however, you still must use Oracle Database Advanced Replication-based replication.
See Also:
Chapter 6, "Understanding Oracle Internet Directory Replication"
Part V, "Advanced Administration: Directory Replication"
Appendix C, "Setting Up Oracle Database Advanced Replication-Based Replication"
A.12 Oracle Directory Integration Platform
In 10g (10.1.4.0.1), the Oracle Directory Integration Platform server was under the control of OIDMON, like the LDAP and replication servers. For 11g Release 1 (11.1.1), Oracle Directory Integration Platform has been reimplemented as a J2EE application, and is started and stopped separately from Oracle Internet Directory servers.
See Also:
Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform
A.13 Oracle Single Sign-On and Oracle Delegated Administration Services
Oracle Fusion Middleware 11g Release 1 (11.1.1) does not include Oracle Single Sign-On or Oracle Delegated Administration Services. Oracle Internet Directory 11g Release 1 (11.1.1), however, is compatible with Oracle Single Sign-On 10g (10.1.4.3.0) or later and Oracle Delegated Administration Services 10g (10.1.4.3.0) or later.
A.14 Java Containers
In Oracle Application Server 10g, Java applications ran in instances of Oracle Containers for Java. In the current release, they run in instances of WebLogic. Oracle Directory Services Manager and Oracle Directory Integration Platform are Java components that run in WebLogic managed servers.
The Oracle Internet Directory LDAP and replication servers, as C programs, are system components and are not affected by this change. The Java server plug-ins run in a JVM within the oidldapd server itself. This is implemented using the Java Native Interface (JNI).
A Differences Between 10g and 11g
This appendix lists the major differences between Oracle Internet Directory Release 10g (10.1.4.0.1) and 11g Release 1 (11.1.1). It contains the following topics:
Instance Creation and Process Management
Locations of Configuration Attributes
Enabling Server Debugging
Command Line Tools
Path Names
Graphical User Interfaces
Audit
Referential Integrity
Server Chaining
Replication
Oracle Directory Integration Platform
Oracle Single Sign-On and Oracle Delegated Administration Services
Java Containers
about oracle 11g
Oracle Database Express Edition 11g Release 2 June 4, 2014 You must accept the OTN License Agreement for Oracle Database Express Edition 11g Release 2 to download this software. Accept License Agreement | Decline License Agreement Download Oracle Database Express Edition 11g Release 2 for Windows x64 - Unzip the download and run the DISK1/setup.exe Download Oracle Database Express Edition 11g Release 2 for Windows x32 - Unzip the download and run the DISK1/setup.exe Download Oracle Database Express Edition 11g Release 2 for Linux x64 -Unzip the download and the RPM file can be installed as normal You may also be interested in the following downloads: Download Oracle SQL Developer Download Oracle SQL Developer Data Modeler Download Oracle Application Express Download JDeveloper for Java Developers Download Oracle Developer Tools for Visual Studio .NET Download Zend Server
Labels:
about my studies
Location:
Mumbai, Maharashtra, India
Subscribe to:
Posts (Atom)