Setting up OID (LDAP) for TNS Service Resolution
Posted at Sunday, June 08, 2008
Here are the steps for configuring OID/LDAP to use for your Net Service (TNS) resolution.
This example assumes that you already have an LDAP directory available for use, in my case Oracle Internet Directory (OID) installed as part of OracleAS Infrastructure/Identity Management. Additionally, this example does not cover SSL.
Launch the Net Configuration Assistant
Set-up the Directory Usage Configuration
At this point, you should have a properly configured directory file similar to the following:
ldap.ora
Configure your Oracle Naming Configuration. In my case, I will use my OID (LDAP) directory as my primary lookup service; if it fails, the tnsnames.ora will be used.
At this point, your sqlnet.ora file should be properly configured for OID (LDAP) use:
sqlnet.ora
Import your Database Services, etc. into your OID (LDAP) Directory via Oracle Network Manager
Manually confirm that the entries are present via a manual search of LDAP:
Confirm SQLNet's use of the OID (LDAP) via a tnsping:
This example assumes that you already have an LDAP directory available for use, in my case Oracle Internet Directory (OID) installed as part of OracleAS Infrastructure/Identity Management. Additionally, this example does not cover SSL.
Launch the Net Configuration Assistant
# export DISPLAY=192.168.1.3:0.0
# netca
Set-up the Directory Usage Configuration
At this point, you should have a properly configured directory file similar to the following:
ldap.ora
DIRECTORY_SERVERS= (rac2.colestock.test:389:636)
DEFAULT_ADMIN_CONTEXT = "dc=colestock,dc=test"
DIRECTORY_SERVER_TYPE = OID
Configure your Oracle Naming Configuration. In my case, I will use my OID (LDAP) directory as my primary lookup service; if it fails, the tnsnames.ora will be used.
At this point, your sqlnet.ora file should be properly configured for OID (LDAP) use:
sqlnet.ora
NAMES.DIRECTORY_PATH= (LDAP, TNSNAMES)
Import your Database Services, etc. into your OID (LDAP) Directory via Oracle Network Manager
# export DISPLAY=192.168.1.3:0.0
# netmgr
Manually confirm that the entries are present via a manual search of LDAP:
# ldapsearch -h rac2 -p 389 -D cn=orcladmin -w password -b "cn=OracleContext,dc=colestock,dc=test" -s one "objectclass=orclNetService" orclnetdescstring
cn=LDG,cn=OracleContext,dc=colestock,dc=test
orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.101)(PORT=1525)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=ldg.colestock.test)))
cn=EM,cn=OracleContext,dc=colestock,dc=test
orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1-vip)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=rac2-vip)(PORT=1521))(LOAD_BALANCE=yes))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=em.colestock.test)(FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC)(RETRIES=180)(DELAY=5))))
cn=STDBY,cn=OracleContext,dc=colestock,dc=test
orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.102)(PORT=1525)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=stdby.colestock.test)))
cn=STANDBY,cn=OracleContext,dc=colestock,dc=test
orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.102)(PORT=1525)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=stdby.colestock.test)))
cn=EM2,cn=OracleContext,dc=colestock,dc=test
orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=rac2-vip)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=em.colestock.test)(INSTANCE_NAME=em2)))
cn=EM1,cn=OracleContext,dc=colestock,dc=test
orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1-vip)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=em.colestock.test)(INSTANCE_NAME=em1)))
Confirm SQLNet's use of the OID (LDAP) via a tnsping:
# tnsping EM
Used parameter files:
/u01/app/oracle/product/10.2/network/admin/sqlnet.ora
Used LDAP adapter to resolve the alias
Attempting to contact (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1-vip)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=rac2-vip)(PORT=1521))(LOAD_BALANCE=yes))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=em.colestock.test)(FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC)(RETRIES=180)(DELAY=5))))
OK (0 msec)
Labels: Application Servers, OID
How to Install OracleAS Infrastructure (10.1.4.0.1)
Posted at Thursday, June 05, 2008
This post assumes that you want to install OracleAS Infrastructure (10.1.4.0.1) using an existing Metadata Repository, created earlier with the Metadata Repository Creation Assistant (MRCA): see the following post.
The above is normally accomplished in steps to allow for a more distributed topology for the OracleAS Infrastructure installation. In my case, I will place the Metadata Repository (database) on one server and then use another server for the remaining components, such as the Application Server. This posting covers the latter step.
Unpack the appropriate software
Due to some installation errors, namely inventory corruption issues, I specify an installation-specific inventory location via /etc/oraInst.loc (depending upon your installation, you may have to do so as root)
Set the environment
Run the Installer
Run the root.sh as root
Post Installation Steps
Check key URLs:
Validate that components are running
Check that you can login to the Oracle Internet Directory as cn=orcladmin
Before verifying that single sign-on is operating, you will have to work around a known bug
SSO Authentication Fails With Internal Server Error After Upgrading To 10.1.4 Or Using MRCA 10.1.4.0.1 (Metalink NOTE:467706.1)
After install you will not be able to use SSO, instead the following error will be in the log files:
java.sql.SQLException: ORA-06550: line 1, column 7:
PLS-00306: wrong number or types of arguments in call to 'ADD_AUDIT_LOG'
ORA-06550: line 1, column 7:
PL/SQL: Statement ignored
The workaround according to Oracle:
The SSO database schema needs to be upgraded to 10.1.4 by running the ssopatch.sql as user orasso.
1. Get the orasso database password:
ldapsearch -D cn=orcladmin -w -p
-b "cn=IAS,cn=Products,cn=OracleContext" -s sub "OrclresourceName=ORASSO" orclpasswordattribute
2. $ORACLE_HOME/opmn/bin/opmnctl stopall
3. cd $ORACLE_HOME/sso/admin/plsql/sso
4. sqlplus orasso/@
5. restart Identity Management
$ORACLE_HOME/opmn/bin/opmnctl starttall
In my case:
Afterwards, you can validate that SSO is functional by logging in as orcladmin
Optionally, set-up your OID installation for Net Service Name Resolution - reference my post on Setting Up OID (LDAP)
The above is normally accomplished in steps to allow for a more distributed topology for the OracleAS Infrastructure installation. In my case, I will place the Metadata Repository (database) on one server and then use another server for the remaining components, such as the Application Server. This posting covers the latter step.
Unpack the appropriate software
# cpio -idmv < as_linux_x86_oim_oif_101401_disk1.cpio
# cpio -idmv < as_linux_x86_oim_oif_101401_disk2.cpio
Due to some installation errors, namely inventory corruption issues, I specify an installation-specific inventory location via /etc/oraInst.loc (depending upon your installation, you may have to do so as root)
# su - root
# vi /etc/oraInst.loc
# more /etc/oraInst.loc
inventory_loc=/u01/app/oracle/product/oim/oraInventory
inst_group=dba
Set the environment
# echo "oim:/u01/app/oracle/product/oim:N" >> /etc/oratab
# export ORACLE_SID=oim
# . oraenv
# export DISPLAY=192.168.1.3:0.0
# export TMP=/tmp
# export TMPDIR=/tmp
# unset TNS_ADMIN=
# export PATH=.:/usr/local/java/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/bin:/bin:/usr/local/bin:/u02/oracle/logs/em/scripts/common/oracle/bin:/usr/bin/X11
# CLASSPATH=
# export LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib
Run the Installer
# ./runInstaller -ignoreSysPreReqs
Run the root.sh as root
# su - root
# cd /u01/app/oracle/product/oim
# ./root.sh
Running Oracle10 root.sh script...
\nThe following environment variables are set as:
ORACLE_OWNER= oracle
ORACLE_HOME= /u01/app/oracle/product/oim
Enter the full pathname of the local bin directory: [/usr/local/bin]:
The file "dbhome" already exists in /usr/local/bin. Overwrite it? (y/n)
[n]:
The file "oraenv" already exists in /usr/local/bin. Overwrite it? (y/n)
[n]:
The file "coraenv" already exists in /usr/local/bin. Overwrite it? (y/n)
[n]:
Adding entry to /etc/oratab file...
Entries will be added to the /etc/oratab file as needed by
Database Configuration Assistant when a database is created
Finished running generic part of root.sh script.
Now product-specific root actions will be performed.
OCR is configured for Oracle Cluster Ready Services. CSS is already configured and should be running from Oracle Cluster Ready Services home
Entering Oracle Internet Directory Root Installation Section
OiD Server Installation
Checking LDAP binary file protections
Setting oidmon file protections
Setting oidldapd file protections
Setting oidrepld file protections
Setting oidemdpasswd file protections
Setting remtool file protections
Setting oiddiag file protections
Leaving Oracle Internet Directory Root Installation Section
Post Installation Steps
Check key URLs:
Validate that components are running
# cd /u01/app/oracle/product/oim/opmn/bin/
# ./opmnctl status
Processes in Instance: jlc.rac2.colestock.test
-------------------+--------------------+---------+---------
ias-component | process-type | pid | status
-------------------+--------------------+---------+---------
DSA | DSA | 9142 | Alive
LogLoader | logloaderd | N/A | Down
dcm-daemon | dcm-daemon | 28047 | Alive
OC4J | oca | 5202 | Alive
OC4J | OC4J_SECURITY | 4824 | Alive
HTTP_Server | HTTP_Server | 4630 | Alive
OID | OID | 14673 | Alive
Check that you can login to the Oracle Internet Directory as cn=orcladmin
# export DISPLAY=192.168.1.3:0.0
# oidadmin
Before verifying that single sign-on is operating, you will have to work around a known bug
SSO Authentication Fails With Internal Server Error After Upgrading To 10.1.4 Or Using MRCA 10.1.4.0.1 (Metalink NOTE:467706.1)
After install you will not be able to use SSO, instead the following error will be in the log files:
java.sql.SQLException: ORA-06550: line 1, column 7:
PLS-00306: wrong number or types of arguments in call to 'ADD_AUDIT_LOG'
ORA-06550: line 1, column 7:
PL/SQL: Statement ignored
The workaround according to Oracle:
The SSO database schema needs to be upgraded to 10.1.4 by running the ssopatch.sql as user orasso.
1. Get the orasso database password:
ldapsearch -D cn=orcladmin -w
-b "cn=IAS,cn=Products,cn=OracleContext" -s sub "OrclresourceName=ORASSO" orclpasswordattribute
2. $ORACLE_HOME/opmn/bin/opmnctl stopall
3. cd $ORACLE_HOME/sso/admin/plsql/sso
4. sqlplus orasso/
5. restart Identity Management
$ORACLE_HOME/opmn/bin/opmnctl starttall
In my case:
[oracle@rac2 log]$ ldapsearch -D cn=orcladmin -w password -p 389 -b "cn=IAS,cn=Products,cn=OracleContext" -s sub "OrclresourceName=ORASSO" orclpasswordattribute
OrclResourceName=ORASSO,orclReferenceName=EM.COLESTOCK.TEST,cn=IAS Infrastructure Databases,cn=IAS,cn=Products,cn=OracleContext
orclpasswordattribute=WV1z3ihA
# $ORACLE_HOME/opmn/bin/opmnctl stopall
opmnctl: stopping opmn and all managed processes...
# cd $ORACLE_HOME/sso/admin/plsql/sso
# sqlplus orasso/WV1z3ihA@em @ssopatch.sql
# $ORACLE_HOME/opmn/bin/opmnctl startall
opmnctl: starting opmn and all managed processes...
Afterwards, you can validate that SSO is functional by logging in as orcladmin
Optionally, set-up your OID installation for Net Service Name Resolution - reference my post on Setting Up OID (LDAP)
Labels: Application Servers, Installation
How to Install Metadata Repository for Oracle Infrastructure/Identity Management
Posted at Wednesday, June 04, 2008
Install the Respository Configuration Assistant Software
Prepare the kernel for RepCA:
Unpack the Software and Install:
Run the root.sh script as root:
Update /etc/oratab:
Prepare the destination database for the installation of the OracleAS Repository:
If not already present, install Ultrasearch Database Option:
Check that all prerequisites for Installing the Metadata Repository Configuration Assistant are met:
Install the Metadata Repository Configuration Assistant:
Resize any files as prompted:
Before Installing the OracleAS Infrastructure/Identity Management you have to address the following bugs:
Bug 5612298 (SEE METALINK - Note:550260.1)
Download Patch 5612298 for HP-UX PA-RISC (64-bit) or HP-UX Itanium
MR schemas and objects will need to be cleaned up within the Database using the MRCA Installation Guide instructions.
Follow instructions in Patch 5612298 readme file:
After the MRCA successful installs, copy the patch ldap.tar to $ORACLE_HOME and extract the ldap.tar file from the $ORACLE_HOME by doing the following steps:
cp ldap.tar $ORACLE_HOME
cd $ORACLE_HOME
tar xvf ldap.tar
Note that the aforementioned note mentions HP-UX as the platform, but this has effected me on Linux as well! Also, it is the MRCA $ORACLE_HOME in which you should unpack this .tar file.
Warning to Have SSO Schema Version at 10.1.4.0.1 During Installation (SEE METALINK - Note:433208.1)
1. Connect to the Oracle Database as SYSDBA and perform the following:
SQL> update orasso.wwc_version$ set version='10.1.4.0.1';
SQL> Commit;
2. Re-start the Oracle Identity Management 10g (10.1.4.0.1) installation
Accomplishing the above will allow for a successful posthumous install of OracleAS Infrastructure/Identity Management...
Prepare the kernel for RepCA:
# su - root
# vi /etc/sysctl.conf
# /sbin/sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_max = 262144
kernel.shmmax = 4294967295
kernel.sem = 256 32000 100 142
fs.file-max = 206173
net.ipv4.ip_local_port_range = 1024 65000
kernel.msgmni = 2878
kernel.msgmnb = 65535
Unpack the Software and Install:
# cpio -idmv < as_linux_x86_mrca_101203.cpio
# export DISPLAY=192.168.1.3:0.0
# cd Disk1
# ./runInstaller
Run the root.sh script as root:
# pwd
/u01/app/oracle/product/mrca
# ./root.sh
Update /etc/oratab:
# echo "mrca:/u01/app/oracle/product/mrca:N" >> /etc/oratab
# export ORACLE_SID=mrca
# . oraenv
Prepare the destination database for the installation of the OracleAS Repository:
SQL> alter system set sga_target=600M scope=spfile;
SQL> alter system set pga_aggregate_target=96M scope=spfile;
SQL> alter system set java_pool_size=120M scope=spfile;
SQL> alter system set shared_pool_size=175M scope=spfile;
SQL> alter system set db_cache_size=144M scope=spfile;
SQL> alter system set sessions=400 scope=spfile;
# srvctl stop database -d em
# srvctl start database -d em
If not already present, install Ultrasearch Database Option:
# export ORACLE_SID=em1
# . oraenv
# export DISPLAY=192.168.1.3:0.0
# dbca
Check that all prerequisites for Installing the Metadata Repository Configuration Assistant are met:
# export ORACLE_SID=mrca
# . oraenv
# cd $ORACLE_HOME/repca/prereq
# DBPrereqChecker -DBHOST rac1.colestock.test -DBPORT 1521 -DBNAME em.colestock.test -SYSPWD password -LOGDIR /tmp/
Starting validation DatabasePrerequisite
Validation Succeeded -> DatabasePrerequisite
Validation check complete
Install the Metadata Repository Configuration Assistant:
# cd $ORACLE_HOME
# pwd
/u01/app/oracle/product/mrca
# ./runRepca
Resize any files as prompted:
SQL> alter database datafile '+DATA/em/datafile/undotbs1.261.655668297' resize 600M;
SQL> alter database datafile '+DATA/em/datafile/system.258.655668171' resize 1G;
SQL> alter database datafile '+DATA/em/datafile/undotbs2.260.655668271' resize 750M;
Before Installing the OracleAS Infrastructure/Identity Management you have to address the following bugs:
Bug 5612298 (SEE METALINK - Note:550260.1)
Download Patch 5612298 for HP-UX PA-RISC (64-bit) or HP-UX Itanium
MR schemas and objects will need to be cleaned up within the Database using the MRCA Installation Guide instructions.
Follow instructions in Patch 5612298 readme file:
After the MRCA successful installs, copy the patch ldap.tar to $ORACLE_HOME and extract the ldap.tar file from the $ORACLE_HOME by doing the following steps:
cp ldap.tar $ORACLE_HOME
cd $ORACLE_HOME
tar xvf ldap.tar
Note that the aforementioned note mentions HP-UX as the platform, but this has effected me on Linux as well! Also, it is the MRCA $ORACLE_HOME in which you should unpack this .tar file.
Warning to Have SSO Schema Version at 10.1.4.0.1 During Installation (SEE METALINK - Note:433208.1)
1. Connect to the Oracle Database as SYSDBA and perform the following:
SQL> update orasso.wwc_version$ set version='10.1.4.0.1';
SQL> Commit;
2. Re-start the Oracle Identity Management 10g (10.1.4.0.1) installation
Accomplishing the above will allow for a successful posthumous install of OracleAS Infrastructure/Identity Management...
Labels: Application Servers, Installation
_507.png)
Subscribe
