Subscribe:
Showing posts with label LDAP. Show all posts
Showing posts with label LDAP. Show all posts

Tuesday, 20 November 2012

Configuring Oracle Unified Directory (OUD) 11g as a Directory Server


I used Oracle Unified Directory (OUD) Version 11.1.1.5.0 during my test deployment locally here. I tried to collect as much information possible in this post for configuration.
Ideally, there are three possible configuration options for OUD:
  • as a Directory Server
  • as a Replication Server
  • as a Proxy Server
Directory Server provides the main LDAP functionality in OUD. Proxy server can be used for proxying LDAP requests. And Replication Server is used for replication from one OUD to another OUD or even to another ODSEE (earlier Sun Java Directory) server. You can my previous posts on OUD here and here.
In this post, we will talk about configuring OUD after installation as a Directory Server. You can read about OUD installation in my previous post here.
Once installation is completed, you will find following files in $ORACLE_HOME Directory.
-rwxr-x---  1 oracle oracle 1152 May 17 11:16 oud-proxy-setup  -rwxr-x---  1 oracle oracle 1482 May 17 11:16 oud-proxy-setup.bat  -rwxr-x---  1 oracle oracle 1180 May 17 11:16 oud-replication-gateway-setup  -rwxr-x---  1 oracle oracle 1510 May 17 11:16 oud-replication-gateway-setup.bat  -rwxr-x---  1 oracle oracle 1141 Aug 10 16:50 oud-setup  -rwxr-x---  1 oracle oracle 1538 May 17 11:15 oud-setup.bat
In this listing, .bat files are used in windows. So, In Linux (that is what I am using), we will be using following files.
  • oud-setup – To configure Directory Server
  • oud-replication-gateway-setup – To configure Directory Replication Server
  • oud-proxy-setup – To Setup Proxy Server
You can run the script shown below.
$ ./oud-setup OUD Instance location successfully created - /u01/oracle/Middleware/Oracle_OUD1/../asinst_2 Launching graphical setup...  The graphical setup launch failed.  Check file /tmp/oud-setup-8836874387532698932.log for more details.  Launching command line setup...  Oracle Unified Directory 11.1.1.5.0 Please wait while the setup program initializes...  What would you like to use as the initial root user DN for the Directory Server? [cn=Directory Manager]: Please provide the password to use for the initial root user: Please re-enter the password for confirmation:  On which port would you like the Directory Server to accept connections from LDAP clients? [1389]: 389  ERROR:  Unable to bind to port 389.  This port may already be in use, or you may not have permission to bind to it.  On UNIX-based operating systems, non-root users may not be allowed to bind to ports 1 through 1024 On which port would you like the Directory Server to accept connections from LDAP clients? [1389]:  On which port would you like the Administration Connector to accept connections? [4444]: Do you want to create base DNs in the server? (yes / no) [yes]:  Provide the base DN for the directory data: [dc=example,dc=com]: Options for populating the database:  1)  Only create the base entry 2)  Leave the database empty 3)  Import data from an LDIF file 4)  Load automatically-generated sample data  Enter choice [1]: 1  Do you want to enable SSL? (yes / no) [no]: yes On which port would you like the Directory Server to accept connections from LDAPS clients? [1636]:  Do you want to enable Start TLS? (yes / no) [no]: yes Certificate server options:  1)  Generate self-signed certificate (recommended for testing purposes only) 2)  Use an existing certificate located on a Java Key Store (JKS) 3)  Use an existing certificate located on a JCEKS key store 4)  Use an existing certificate located on a PKCS#12 key store 5)  Use an existing certificate on a PKCS#11 token  Enter choice [1]: Provide the fully-qualified host name or IP address that will be used to generate the self-signed certificate [ut1ef1]:  Do you want to start the server when the configuration is completed? (yes / no) [yes]:  Setup Summary ============= LDAP Listener Port:            1389 Administration Connector Port: 4444 LDAP Secure Access:            Enable StartTLS Enable SSL on LDAP Port 1636 Create a new Self-Signed Certificate Root User DN:                  cn=Directory Manager Directory Data:                Create New Base DN dc=example,dc=com. Base DN Data: Only Create Base Entry (dc=example,dc=com)  Start Server when the configuration is completed  What would you like to do?  1)  Set up the server with the parameters above 2)  Provide the setup parameters again 3)  Print equivalent non-interactive command-line 4)  Cancel and exit  Enter choice [1]: 3  Equivalent non-interactive command-line to setup server:  oud-setup \ --cli \ --baseDN dc=example,dc=com \ --addBaseEntry \ --ldapPort 1389 \ --adminConnectorPort 4444 \ --rootUserDN cn=Directory\ Manager \ --rootUserPassword ****** \ --enableStartTLS \ --ldapsPort 1636 \ --generateSelfSignedCertificate \ --hostName ut1ef1 \ --no-prompt \ --noPropertiesFile  What would you like to do?  1)  Set up the server with the parameters above 2)  Provide the setup parameters again 3)  Print equivalent non-interactive command-line 4)  Cancel and exit  Enter choice [1]: 4 No configuration performed. OUD Instance directory deleted. $
Then you need to run the oud-setup with the options provided for creating the directory server.
$ ./oud-setup           –cli           –baseDN dc=example,dc=com           –addBaseEntry           –ldapPort 1389           –adminConnectorPort 4444           –rootUserDN cn=Directory\ Manager           –rootUserPassword ******           –enableStartTLS           –ldapsPort 1636           –generateSelfSignedCertificate           –hostName ut1ef1           –no-prompt           –noPropertiesFile
OUD Instance location successfully created – /u01/oracle/Middleware/Oracle_OUD1/../asinst_2
An error occurred while parsing the command-line arguments:  An unexpected error occurred while attempting to initialize the command-line arguments:  Argument “bat” does not start with one or two dashes and unnamed trailing arguments are not allowed
Here, the issue is with the rootUserPassword value. Since I put * here, it replaced with all the files in the local directory, so it failed. Replace it with the required password for the “cn=Directory Manager” as shown below.
$ ./oud-setup           --cli           --baseDN dc=example,dc=com           --addBaseEntry           --ldapPort 1389           --adminConnectorPort 4444           --rootUserDN cn=Directory\ Manager           --rootUserPassword pass_t3st           --enableStartTLS           --ldapsPort 1636           --generateSelfSignedCertificate           --hostName ut1ef1           --no-prompt           --noPropertiesFile OUD Instance location successfully created - /u01/oracle/Middleware/Oracle_OUD1/../asinst_2  Oracle Unified Directory 11.1.1.5.0 Please wait while the setup program initializes...  See /tmp/oud-setup-5822533240188214866.log for a detailed log of this operation.  Configuring Directory Server ..... Done. Configuring Certificates ..... Done. Creating Base Entry dc=example,dc=com ..... Done. Starting Directory Server ......... Done.  To see basic server configuration status and configuration you can launch /u01/oracle/Middleware/asinst_2/OUD/bin/status $  cd bin $ ./status  >>>> Specify Oracle Unified Directory LDAP connection parameters  How do you want to trust the server certificate?  1)  Automatically trust 2)  Use a truststore 3)  Manually validate  Enter choice [3]: 1  Administrator user bind DN [cn=Directory Manager]:  Password for user 'cn=Directory Manager':  --- Server Status --- Server Run Status:        Started Open Connections:         1  --- Server Details --- Host Name:                ut1ef1 Administrative Users:     cn=Directory Manager Installation Path:        /u01/oracle/Middleware/Oracle_OUD1 Instance Path:            /u01/oracle/Middleware/asinst_2/OUD Version:                  Oracle Unified Directory 11.1.1.5.0 Java Version:             1.6.0_26 Administration Connector: Port 4444 (LDAPS)  --- Connection Handlers --- Address:Port : Protocol               : State -------------:------------------------:--------- --           : LDIF                   : Disabled 0.0.0.0:161  : SNMP                   : Disabled 0.0.0.0:1389 : LDAP (allows StartTLS) : Enabled 0.0.0.0:1636 : LDAPS                  : Enabled 0.0.0.0:1689 : JMX                    : Disabled  --- Data Sources --- Base DN:     dc=example,dc=com Backend ID:  userRoot Entries:     1 Replication: Disabled
$
Now, your newly created OUD Directory Server is running in the machine. You can check this with the ldapsearch command.
$ ldapsearch -h localhost -p 1389 -D “cn=Directory Manager” -w ebs_t3st -s sub -b “dc=example,dc=com” “(objectclass=*)” cn
dn: dc=example,dc=com
$
LDAP Search command will return one entry as shown above.
Here are some of my Observations:
  • If you want to use the port 389/636 for your Directory Server, then you need to run the setup using root user. Then you need to use start-ds and stop-ds commands using root user only.
  • There are six scripts to setup OUD components (three for unix/linux and three for windows environments)
  • You can setup a new TLS based certificate as part of configuring a new Directory Server.

Okay, thats all for now. We will meet in another post. Until then
Posted by Unknown at 00:44 1 comments
Labels: , , , ,

Wednesday, 16 November 2011

Configuring Oracle Unified Directory (OUD) 11g as a Directory Server


I used Oracle Unified Directory (OUD) Version 11.1.1.5.0 during my test deployment locally here. I tried to collect as much information possible in this post for configuration.
Ideally, there are three possible configuration options for OUD:
  • as a Directory Server
  • as a Replication Server
  • as a Proxy Server
Directory Server provides the main LDAP functionality in OUD. Proxy server can be used for proxying LDAP requests. And Replication Server is used for replication from one OUD to another OUD or even to another ODSEE (earlier Sun Java Directory) server. You can my previous posts on OUD here and here.
In this post, we will talk about configuring OUD after installation as a Directory Server. You can read about OUD installation in my previous post here.
Once installation is completed, you will find following files in $ORACLE_HOME Directory.
-rwxr-x---  1 oracle oracle 1152 May 17 11:16 oud-proxy-setup

-rwxr-x---  1 oracle oracle 1482 May 17 11:16 oud-proxy-setup.bat

-rwxr-x---  1 oracle oracle 1180 May 17 11:16 oud-replication-gateway-setup

-rwxr-x---  1 oracle oracle 1510 May 17 11:16 oud-replication-gateway-setup.bat

-rwxr-x---  1 oracle oracle 1141 Aug 10 16:50 oud-setup

-rwxr-x---  1 oracle oracle 1538 May 17 11:15 oud-setup.bat
In this listing, .bat files are used in windows. So, In Linux (that is what I am using), we will be using following files.
  • oud-setup – To configure Directory Server
  • oud-replication-gateway-setup – To configure Directory Replication Server
  • oud-proxy-setup – To Setup Proxy Server
You can run the script shown below.
$ ./oud-setup
OUD Instance location successfully created - /u01/oracle/Middleware/Oracle_OUD1/../asinst_2
Launching graphical setup...

The graphical setup launch failed.  Check file /tmp/oud-setup-8836874387532698932.log for more details.

Launching command line setup...

Oracle Unified Directory 11.1.1.5.0
Please wait while the setup program initializes...

What would you like to use as the initial root user DN for the Directory
Server? [cn=Directory Manager]:
Please provide the password to use for the initial root user:
Please re-enter the password for confirmation:

On which port would you like the Directory Server to accept connections from
LDAP clients? [1389]: 389

ERROR:  Unable to bind to port 389.  This port may already be in use, or you
may not have permission to bind to it.  On UNIX-based operating systems,
non-root users may not be allowed to bind to ports 1 through 1024
On which port would you like the Directory Server to accept connections from
LDAP clients? [1389]:

On which port would you like the Administration Connector to accept
connections? [4444]:
Do you want to create base DNs in the server? (yes / no) [yes]:

Provide the base DN for the directory data: [dc=example,dc=com]:
Options for populating the database:

    1)  Only create the base entry
    2)  Leave the database empty
    3)  Import data from an LDIF file
    4)  Load automatically-generated sample data

Enter choice [1]: 1

Do you want to enable SSL? (yes / no) [no]: yes
On which port would you like the Directory Server to accept connections from
LDAPS clients? [1636]:

Do you want to enable Start TLS? (yes / no) [no]: yes
Certificate server options:

    1)  Generate self-signed certificate (recommended for testing purposes
        only)
    2)  Use an existing certificate located on a Java Key Store (JKS)
    3)  Use an existing certificate located on a JCEKS key store
    4)  Use an existing certificate located on a PKCS#12 key store
    5)  Use an existing certificate on a PKCS#11 token

Enter choice [1]:
Provide the fully-qualified host name or IP address that will be used to
generate the self-signed certificate [ut1ef1]:

Do you want to start the server when the configuration is completed? (yes /
no) [yes]:

Setup Summary
=============
LDAP Listener Port:            1389
Administration Connector Port: 4444
LDAP Secure Access:            Enable StartTLS
                               Enable SSL on LDAP Port 1636
                               Create a new Self-Signed Certificate
Root User DN:                  cn=Directory Manager
Directory Data:                Create New Base DN dc=example,dc=com.
Base DN Data: Only Create Base Entry (dc=example,dc=com)

Start Server when the configuration is completed

What would you like to do?

    1)  Set up the server with the parameters above
    2)  Provide the setup parameters again
    3)  Print equivalent non-interactive command-line
    4)  Cancel and exit

Enter choice [1]: 3

Equivalent non-interactive command-line to setup server:

oud-setup \
          --cli \
          --baseDN dc=example,dc=com \
          --addBaseEntry \
          --ldapPort 1389 \
          --adminConnectorPort 4444 \
          --rootUserDN cn=Directory\ Manager \
          --rootUserPassword ****** \
          --enableStartTLS \
          --ldapsPort 1636 \
          --generateSelfSignedCertificate \
          --hostName ut1ef1 \
          --no-prompt \
          --noPropertiesFile

What would you like to do?

    1)  Set up the server with the parameters above
    2)  Provide the setup parameters again
    3)  Print equivalent non-interactive command-line
    4)  Cancel and exit

Enter choice [1]: 4
No configuration performed. OUD Instance directory deleted.
$
Then you need to run the oud-setup with the options provided for creating the directory server.
$ ./oud-setup           –cli           –baseDN dc=example,dc=com           –addBaseEntry           –ldapPort 1389           –adminConnectorPort 4444           –rootUserDN cn=Directory\ Manager           –rootUserPassword ******           –enableStartTLS           –ldapsPort 1636           –generateSelfSignedCertificate           –hostName ut1ef1           –no-prompt           –noPropertiesFile
OUD Instance location successfully created – /u01/oracle/Middleware/Oracle_OUD1/../asinst_2
An error occurred while parsing the command-line arguments:  An unexpected error occurred while attempting to initialize the command-line arguments:  Argument “bat” does not start with one or two dashes and unnamed trailing arguments are not allowed
Here, the issue is with the rootUserPassword value. Since I put * here, it replaced with all the files in the local directory, so it failed. Replace it with the required password for the “cn=Directory Manager” as shown below.
$ ./oud-setup           --cli           --baseDN dc=example,dc=com           --addBaseEntry           --ldapPort 1389           --adminConnectorPort 4444           --rootUserDN cn=Directory\ Manager           --rootUserPassword pass_t3st           --enableStartTLS           --ldapsPort 1636           --generateSelfSignedCertificate           --hostName ut1ef1           --no-prompt           --noPropertiesFile
OUD Instance location successfully created - /u01/oracle/Middleware/Oracle_OUD1/../asinst_2

Oracle Unified Directory 11.1.1.5.0
Please wait while the setup program initializes...

See /tmp/oud-setup-5822533240188214866.log for a detailed log of this operation.

Configuring Directory Server ..... Done.
Configuring Certificates ..... Done.
Creating Base Entry dc=example,dc=com ..... Done.
Starting Directory Server ......... Done.

To see basic server configuration status and configuration you can launch /u01/oracle/Middleware/asinst_2/OUD/bin/status
$  cd bin
$ ./status

>>>> Specify Oracle Unified Directory LDAP connection parameters

How do you want to trust the server certificate?

    1)  Automatically trust
    2)  Use a truststore
    3)  Manually validate

Enter choice [3]: 1

Administrator user bind DN [cn=Directory Manager]:

Password for user 'cn=Directory Manager':

          --- Server Status ---
Server Run Status:        Started
Open Connections:         1

          --- Server Details ---
Host Name:                ut1ef1
Administrative Users:     cn=Directory Manager
Installation Path:        /u01/oracle/Middleware/Oracle_OUD1
Instance Path:            /u01/oracle/Middleware/asinst_2/OUD
Version:                  Oracle Unified Directory 11.1.1.5.0
Java Version:             1.6.0_26
Administration Connector: Port 4444 (LDAPS)

          --- Connection Handlers ---
Address:Port : Protocol               : State
-------------:------------------------:---------
--           : LDIF                   : Disabled
0.0.0.0:161  : SNMP                   : Disabled
0.0.0.0:1389 : LDAP (allows StartTLS) : Enabled
0.0.0.0:1636 : LDAPS                  : Enabled
0.0.0.0:1689 : JMX                    : Disabled

          --- Data Sources ---
Base DN:     dc=example,dc=com
Backend ID:  userRoot
Entries:     1
Replication: Disabled

$
Now, your newly created OUD Directory Server is running in the machine. You can check this with the ldapsearch command.
$ ldapsearch -h localhost -p 1389 -D “cn=Directory Manager” -w ebs_t3st -s sub -b “dc=example,dc=com” “(objectclass=*)” cn
dn: dc=example,dc=com
$
LDAP Search command will return one entry as shown above.
Here are some of my Observations:
  • If you want to use the port 389/636 for your Directory Server, then you need to run the setup using root user. Then you need to use start-ds and stop-ds commands using root user only.
  • There are six scripts to setup OUD components (three for unix/linux and three for windows environments)
  • You can setup a new TLS based certificate as part of configuring a new Directory Server.
Okay, thats all for now. We will meet in another post. Until then

Read More about Oracle Unified Directory
Posted by Unknown at 22:06 0 comments
Labels: , , , ,

Monday, 17 May 2010

Fusion Middleware: New features in Oracle Internet Directory


Going forward, I am planning to write more about Fusion Middleware 10g, Fusion Middleware 11g and Oracle Database 11g. These are the areas that I am developing more interest now-a-days. I am currently working on Fusion Middleware 10g. First of all, I am learning these new software. And when I write here I feel my knowledge level increases. The first Fusion Middleware component that I am going to write about is Oracle Directory Server and Oracle Internet Directory. Both are LDAP Directories from Oracle and part of Fusion Middleware (Why two LDAP Directories as part of Fusion Middleware? – Think about it).
I worked in multiple LDAP Directories during the last few years. A LDAP Directory is software that stores information or entries or data in a tree like format for easy access, it is based on a standard. As per my experience with LDAP Directories, these are the major LDAP directories:
  • Oracle Directory Server (earlier Sun Java/Iplanet Directory)
  • Novell’s eDirectory (earlier NDS)
  • Microsoft’s Active Directory (AD)
  • Oracle Internet Directory (OID)
  • openLDAP
Among these, I like Sun Java Directory (now, Oracle Directory Server) the most. It is because I worked on it first and it was from Sun, standards based, and works well in heterogeneous environments. There are other various reasons, but we will talk more about Oracle Internet Directory here.

What is Oracle Internet Directory?

Oracle Internet Directory is a LDAP Version 3 Compliant Directory Server from Oracle Corporation. Oracle Internet Directory (OID) is used in most of the Oracle Components (such as Oracle Single Sign On) and is one of the primary components delivered as part of the Fusion Middleware.
OID is used to integrate Oracle Middleware and applications and mainly used with Oracle Applications. Oracle Internet Directory stores its data in an Oracle Database. The directory store is an Oracle Database. Oracle Database is a required component to run Oracle Internet Directory. This is one of the major differences among the remaining four major LDAP directory servers.

New Features of OID in Fusion Middleware 11g

OID is delivered by Oracle for the use of Oracle Identity Management. This was part of the Oracle Application Server “Application Infrastructure” Component. So, Oracle Internet Directory is not a new component that is delivered as part of Fusion Middleware.  It was already there in Version 10g as well.
I am currently working on Oracle Internet Directory Version 10.1.4.2.0. Fusion middleware version of Oracle Internet Directory is called 11.1.1. There are few improvements between these two versions. I noticed that the improvements lie on these lines

1. Manageability Features

Oracle Directory Services Manager and integration with Weblogic Admin Server are the major changes in the OID Version 11.1.1.  Fusion Middleware is Weblogic-Centric. So it is time to learn Weblogic again. Oracle Process Manager and Notification Server (OPMN) is still used in Fusion Middleware for managing OID, as well as other components.
ODSM (Oracle Directory Services Manager) is replacing Oracle Directory Manager (oidadmin). ODSM is a new web-based management tool for managing Oracle Internet Directory in Fusion Middleware 11g.

2. Replication Features

One of the important features that you can setup is a multi-master replication using LDAP based replica model. In earlier versions, it was not possible. Earlier you need to use ASR based replication to setup a multi-master replication. Now it is possible to setup multi-master replication using LDAP based replication.

3. Instance Configuration

There are changes in configset information. Now every instance can have a separate rootDSE information. This was one of the major issue in earlier version. I need to explore this option more. I will write more about this later.
A last important note is: why Oracle is delivering two separate LDAP Directories now as part of Fusion Middleware 11g or as part of its Directory Services Offerings. Why Oracle supports Oracle Directory Server and Oracle Internet Directory? This is because; Oracle Applications are tightly integrated with Oracle Internet Directory. For Example, Oracle Single Sign On needs Oracle Internet Directory. This is one of the reasons Oracle is unable to move to Oracle Directory Server. Let’s hope this will soon change.
Let’s talk more about OID in coming weeks.  Until then

Read More about Fusion Middleware
Posted by Unknown at 03:37 0 comments
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)