Oracle Internet Directory LDAP Relpica States in Fusion Middleware 11g

Oracle Internet Directory LDAP Relpica States in Fusion Middleware 11g (11.1.1)

In the Oracle Fusion Middleware 11g Documentation (I think I was referring to Version 11.1.1 of the doco), you can find OID Administrator’s Guide. As the name suggests, this is the top most important and valuable guide for Oracle Internet Directory Administrators. I think I have read most of this guide already. However I still refer this guide, since there is a lot of information provided in this guide (and it is a reference guide too).

I want to write about the LDAP Replica states mentioned in the Appendix D (How Replication Works) of this Guide. In Fusion middleware, Oracle provides lot of details about Oracle Internet Directory Replication. Earlier this information was scattered around the Oracle Support Website and was difficult to find. Now, I think Oracle collected most of this information in this guide.

If you are working or supporting or planning to implement an OID Replication High Availability environment, then you should be familiar with this section of the topic in the guide. This replica states information will be useful if you are running LDAP Based Replica (Just to refresh your memory, there are two types of Replication possible, ASR based and LDAP Based – ASR is based on Ddatabase Links, while LDAP based replication uses a LDAP Client process).

orclReplicaState Attribute

orclReplicaState attribute stores the Replication State for the LDAP Based Replication Replica. You can check the current Replica State of the OID using the ldapsearch command. (In a Live System that uses LDAP based replication, it will be set to the numeric value of 1 – which means it is in online state).

You need to run the following LDAPSEARCH and check the orclreplicastate attribute as shown below. Please make sure to replace values for the arguments specific to your site, I just gave an example.

ldapsearch -h localhost -p 389 -D cn=orcladmin -w password -b “orclreplicaid=local_replica_ID, cn=replication configuration” -s sub objectclass=*

You need to check the value of the orclreplicastate in the output. Alternatively, you can get the orclreplicastate attribute value directly as shown below example:

ldapsearch -h localhost -p 389 -D cn=orcladmin -w password -b “orclreplicaid=local_replica_ID, cn=replication configuration” -s sub objectclass=* orclreplicastate

The local_replica_ID is specific to your installation, normally it is machine_database. You can check the value using a ldapsearch query as shown below.

Ldapsearch Argument Description:

Argument	Description
-h	Hostname or IP Address of the LDAP Directory ServerI used localhost since I am running this command on the same server where OID is running.
-p	Port Number for the LDAP Directory, default LDAP port is 389, LDAPS port is 636.If you use the port 636, then you should define the –U argument.
-D	Bind DN – LDAP DN for connecting to LDAP Directory
-w	Password for the Bind DN – It is site specific.
-b	Base DN for the search – here it starts from the top.
-s base	Search Scope is base (other values are sub and one)

orclReplicaState possible values in 11g

There are 9 LDAP Replica States mentioned in this guide (In 10g OID, there are only 7 LDAP Replica states, it looks like Oracle added two more LDAP Replica states in 11.1.1). As I mentioned earlier, in a normal production system which uses LDAP based replication, the orclreplicastate will be set to the value of 1 automatically during the start of the replication server first time.

Let’s list the LDAP replica states:

LDAP Replica State	Description
0	Bootstrap - This is one of the important Value. You can setup a new LDAP based consumer replica using this value. Lets talk about it in next blog
1	Online – For regular replication processing.
2	Offline
3	Bootstrap in progress
4	Bootstrap in progress + cn=orclcontext completed
5	Bootstrap completed with failures
6	Database based
7	Sync Schema only (Not Data)
8	Bootstrap without schema sync (Only Data)

In a LDAP replication with high-availability environment, it is a must that you should understand these values and their significance. Let’s talk about these values and how we can exploit this attribute and their values in the coming blogs. Until then

Read More about Oracle Internet Directory

Fusion Middleware: New features in Oracle Internet Directory

Going forward, I am planning to write more about Fusion Middleware 10g, Fusion Middleware 11g and Oracle Database 11g. These are the areas that I am developing more interest now-a-days. I am currently working on Fusion Middleware 10g. First of all, I am learning these new software. And when I write here I feel my knowledge level increases. The first Fusion Middleware component that I am going to write about is Oracle Directory Server and Oracle Internet Directory. Both are LDAP Directories from Oracle and part of Fusion Middleware (Why two LDAP Directories as part of Fusion Middleware? – Think about it).

I worked in multiple LDAP Directories during the last few years. A LDAP Directory is software that stores information or entries or data in a tree like format for easy access, it is based on a standard. As per my experience with LDAP Directories, these are the major LDAP directories:

• Oracle Directory Server (earlier Sun Java/Iplanet Directory)
• Novell’s eDirectory (earlier NDS)
• Microsoft’s Active Directory (AD)
• Oracle Internet Directory (OID)
• openLDAP

Among these, I like Sun Java Directory (now, Oracle Directory Server) the most. It is because I worked on it first and it was from Sun, standards based, and works well in heterogeneous environments. There are other various reasons, but we will talk more about Oracle Internet Directory here.

What is Oracle Internet Directory?

Oracle Internet Directory is a LDAP Version 3 Compliant Directory Server from Oracle Corporation. Oracle Internet Directory (OID) is used in most of the Oracle Components (such as Oracle Single Sign On) and is one of the primary components delivered as part of the Fusion Middleware.

OID is used to integrate Oracle Middleware and applications and mainly used with Oracle Applications. Oracle Internet Directory stores its data in an Oracle Database. The directory store is an Oracle Database. Oracle Database is a required component to run Oracle Internet Directory. This is one of the major differences among the remaining four major LDAP directory servers.

New Features of OID in Fusion Middleware 11g

OID is delivered by Oracle for the use of Oracle Identity Management. This was part of the Oracle Application Server “Application Infrastructure” Component. So, Oracle Internet Directory is not a new component that is delivered as part of Fusion Middleware.  It was already there in Version 10g as well.

I am currently working on Oracle Internet Directory Version 10.1.4.2.0. Fusion middleware version of Oracle Internet Directory is called 11.1.1. There are few improvements between these two versions. I noticed that the improvements lie on these lines

1. Manageability Features

Oracle Directory Services Manager and integration with Weblogic Admin Server are the major changes in the OID Version 11.1.1.  Fusion Middleware is Weblogic-Centric. So it is time to learn Weblogic again. Oracle Process Manager and Notification Server (OPMN) is still used in Fusion Middleware for managing OID, as well as other components.

ODSM (Oracle Directory Services Manager) is replacing Oracle Directory Manager (oidadmin). ODSM is a new web-based management tool for managing Oracle Internet Directory in Fusion Middleware 11g.

2. Replication Features

One of the important features that you can setup is a multi-master replication using LDAP based replica model. In earlier versions, it was not possible. Earlier you need to use ASR based replication to setup a multi-master replication. Now it is possible to setup multi-master replication using LDAP based replication.

3. Instance Configuration

There are changes in configset information. Now every instance can have a separate rootDSE information. This was one of the major issue in earlier version. I need to explore this option more. I will write more about this later.

A last important note is: why Oracle is delivering two separate LDAP Directories now as part of Fusion Middleware 11g or as part of its Directory Services Offerings. Why Oracle supports Oracle Directory Server and Oracle Internet Directory? This is because; Oracle Applications are tightly integrated with Oracle Internet Directory. For Example, Oracle Single Sign On needs Oracle Internet Directory. This is one of the reasons Oracle is unable to move to Oracle Directory Server. Let’s hope this will soon change.

Let’s talk more about OID in coming weeks.  Until then

Read More about Fusion Middleware