Tuesday, May 01, 2012

Oracle Internet Directory (OID) 11g: Part IV - OID Installation

This is the final post in my series on OID11g. I'll try and follow-up with a few other posts but essentially from here on out you would be ready to go with OID11g. If you are interested in making your OID highly available using LDAP multi-master replication then stay tuned for that follow-up post.

So OID11g  (11.1.1.5.0) installation actually consists of three phases, namely installation, patching and configuration. That is how I've broken up this post which as a side effect I think, makes it easier to follow. To provide some further clarity, some Fusion Middleware 11.1.1.5.0 components are offered as full installers, but not all. You can get the distribution details for the components on MOS, or via the documentation on on OTN. Unfortunately, OID falls into the case requiring a software installation of 11.1.1.2.0, followed by patching to 11.1.1.5.0 and subsequent configuration to complete the "installation". Hopefully Oracle will move towards full installers for all products much like they've done for the database (and other products such as GoldenGate and so on).

Installation of 11.1.1.2.0

1. Edit your response file for silent installation. The items of interest are highlighted as shown below:

[ENGINE]
#DO NOT CHANGE THIS.
Response File Version=1.0.0.0.0


[GENERIC]


#Set this to true if installation and configuration need to be done, all other required variables need to be provided. Variable "INSTALL AND CONFIGURE LATER TYPE" must be set to false if this is set to true as the variables are mutually exclusive
INSTALL AND CONFIGURE TYPE=false


#Set this to true if only Software only installation need to be done. If this is set to true then variable "INSTALL AND CONFIGURE TYPE" must be set to false, since the variables are mutually exclusive.
INSTALL AND CONFIGURE LATER TYPE=true


#Write the name of the Oracle Home directory. The Oracle Home directory name may only contain alphanumeric , hyphen (-) , dot (.) and underscore (_) characters, and it must begin with an alphanumeric character.
ORACLE_HOME=/oracle/app/fmw/Oracle_IDM1


#Write the complete path to a valid Middleware Home.
AS_HOME_LOCATION=/oracle/app/fmw


#Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
MYORACLESUPPORT_USERNAME=


#Provide the My Oracle Support Password
MYORACLESUPPORT_PASSWORD=


#Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
DECLINE_SECURITY_UPDATES=true


#Set this to true if My Oracle Support Password is specified
SECURITY_UPDATES_VIA_MYORACLESUPPORT=false


#Provide the Proxy Host
PROXY_HOST=


#Provide the Proxy Port
PROXY_PORT=


#Provide the Proxy Username
PROXY_USER=


#Provide the Proxy Password
PROXY_PWD=


[SYSTEM]


[APPLICATIONS]

[RELATIONSHIPS]

 
2. Run the installation using OUI for OID 11.1.1.2.0, as the oracle user:

./runInstaller -silent -response /oracle/stage/rsp/oid11g-inst.rsp

Below is a sample execution run:

Starting Oracle Universal Installer...


Checking Temp space: must be greater than 80 MB. Actual 18983 MB Passed
Checking swap space: must be greater than 500 MB. Actual 7724 MB Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2012-01-24_04-05-56PM. Please wait ...[oracle@orads02 Disk1]$ Log: /u01/app/oraInventory/logs/install2012-01-24_04-05-56PM.log
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
Reading response file..
Expected result: One of enterprise-5.4,enterprise-4,enterprise-5,redhat-5.4,redhat-4,redhat-5,SuSE-10
Actual Result: redhat-5
Check complete. The overall result of this check is: Passed

CertifiedVersions Check: Success.
Checking for binutils-2.17.50.0.6; found binutils-2.17.50.0.6-14.el5-x86_64. Passed
Checking for compat-libstdc++-33-3.2.3-x86_64; found compat-libstdc++-33-3.2.3-61-x86_64. Passed
Checking for compat-libstdc++-33-3.2.3-i386; found compat-libstdc++-33-3.2.3-61-i386. Passed
Checking for elfutils-libelf-0.125; found elfutils-libelf-0.137-3.el5-i386. Passed
Checking for elfutils-libelf-devel-0.125; found elfutils-libelf-devel-0.137-3.el5-x86_64. Passed
Checking for gcc-4.1.1; found gcc-4.1.2-50.el5-x86_64. Passed
Checking for gcc-c++-4.1.1; found gcc-c++-4.1.2-50.el5-x86_64. Passed
Checking for glibc-2.5-12-x86_64; found glibc-2.5-58.el5_6.3-x86_64. Passed
Checking for glibc-2.5-12-i686; found glibc-2.5-58.el5_6.3-i686. Passed
Checking for glibc-common-2.5; found glibc-common-2.5-58.el5_6.3-x86_64. Passed
Checking for glibc-devel-2.5-x86_64; found glibc-devel-2.5-58.el5_6.3-x86_64. Passed
Checking for glibc-devel-2.5-12-i386; found glibc-devel-2.5-58.el5_6.3-i386. Passed
Checking for libaio-0.3.106-x86_64; found libaio-0.3.106-5-x86_64. Passed
Checking for libaio-0.3.106-i386; found libaio-0.3.106-5-i386. Passed
Checking for libaio-devel-0.3.106; found libaio-devel-0.3.106-5-i386. Passed
Checking for libgcc-4.1.1-x86_64; found libgcc-4.1.2-50.el5-x86_64. Passed
Checking for libgcc-4.1.1-i386; found libgcc-4.1.2-50.el5-i386. Passed
Checking for libstdc++-4.1.1-x86_64; found libstdc++-4.1.2-50.el5-x86_64. Passed
Checking for libstdc++-4.1.1-i386; found libstdc++-4.1.2-50.el5-i386. Passed
Checking for libstdc++-devel-4.1.1; found libstdc++-devel-4.1.2-50.el5-x86_64. Passed
Checking for make-3.81; found make-1:3.81-3.el5-x86_64. Passed
Checking for sysstat-7.0.0; found sysstat-7.0.2-3.el5_5.1-x86_64. Passed

Check complete. The overall result of this check is: Passed
Packages Check: Success.
Checking for VERSION=2.6.18; found VERSION=2.6.18-238.12.1.el5. Passed
Checking for hardnofiles=4096; found hardnofiles=131072. Passed
Checking for softnofiles=4096; found softnofiles=131072. Passed
Check complete. The overall result of this check is: Passed
Kernel Check: Success.
Expected result: ATLEAST=2.5-12
Actual Result: 2.5-58.el5_6.3
Check complete. The overall result of this check is: Passed
GLIBC Check: Success.
Expected result: 1024MB
Actual Result: 3948MB
Check complete. The overall result of this check is: Passed
TotalMemory Check: Success.
Expected result: LD_ASSUME_KERNEL environment variable should not be set in the environment.
Actual Result: Variable Not set.
Check complete. The overall result of this check is: Passed
Check Env Variable Check: Success.
Verifying data......
Copying Files...
-----------20%----------40%----------60%----------80%--------100%


Applying Oneoff Patch...
The installation of Oracle AS Common Toplevel Component, Oracle Identity Management 11g completed successfully.

Patching 11.1.1.2.0 to 11.1.1.5.0

1. Edit your response file for silent patching. It's not much different from the installation, the items of interest are highlighted as shown below:


[ENGINE]



#DO NOT CHANGE THIS.
Response File Version=1.0.0.0.0


[GENERIC]


#Provide the Oracle Home location. The location has to be the immediate child under the specified Middleware Home location. The Oracle Home directory name may only contain alphanumeric , hyphen (-) , dot (.) and underscore (_) characters, and it must begin with an alphanumeric character. The total length has to be less than or equal to 128 characters. The location has to be an empty directory or a valid IDM Oracle Home.
ORACLE_HOME=/oracle/app/fmw/Oracle_IDM1


#Provide existing Middleware Home location.
MIDDLEWARE_HOME=/oracle/app/fmw


#Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
MYORACLESUPPORT_USERNAME=


#Provide the My Oracle Support Password
MYORACLESUPPORT_PASSWORD=


#Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
DECLINE_SECURITY_UPDATES=true


#Set this to true if My Oracle Support Password is specified
SECURITY_UPDATES_VIA_MYORACLESUPPORT=false


#Provide the Proxy Host
PROXY_HOST=


#Provide the Proxy Port
PROXY_PORT=


#Provide the Proxy Username
PROXY_USER=


#Provide the Proxy Password
PROXY_PWD=


#Type String (URL format) Indicates the OCM Repeater URL which should be of the format [scheme[Http/Https]]://[repeater host]:[repeater port]
COLLECTOR_SUPPORTHUB_URL=


#
CONFIG_WIZARD_RESPONSE_FILE_LOCATION=0


[SYSTEM]


[APPLICATIONS]


[RELATIONSHIPS]


2. Run the patch application using OUI for OID 11.1.1.5.0, as the oracle user:


./runInstaller -silent -response /oracle/stage/rsp/oid11g-patch.rsp

Below is a sample execution run:

Starting Oracle Universal Installer...



Checking Temp space: must be greater than 80 MB. Actual 18983 MB Passed
Checking swap space: must be greater than 512 MB. Actual 7406 MB Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2012-01-24_04-27-11PM. Please wait ...[oracle@orads02 Disk1]$ Log: /u01/app/oraInventory/logs/install2012-01-24_04-27-11PM.log
Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.
Reading response file..
Verifying data......
Copying Files...
-----------20%----------40%----------60%----------80%--------100%


Applying Oneoff Patch...
The installation of Oracle AS Common Toplevel Component on Oracle AS Common Toplevel Component home ,Oracle Identity Management 11g Patchset on Oracle Identity Management 11g home completed successfully.

 

Configuring OID with ODIP, ODSM and Fusion Middleware Control in a new WebLogic Domain

At this point you now need to configure your installation of OID11g. I went with the option of configuring OID with ODIP, ODSM and Fusion Middleware Control in a new WebLogic Domain. I wanted ODIP as an option to connect and synchronize to AD, ODSM and Fusion Middleware Control (FMC) for the GUI management and monitoring, and a new WebLogic Domain (for ODSM and FMC) since I don't have one that I would like to use currently. Please check the documentation for configuration using other options.

The steps to conduct the configuration are below. Note that I've not had any success doing a silent command line installation and as such the GUI method is what is shown. I suspect this is the only option thus far unless I am missing something (not unlikely) though I have attempted many options.

1. Start the configuration as the oracle user by running '$ORACLE_HOME/bin/config.sh':

oid_inst-01

Click 'Next' to continue to the next screen...

2. Enter the credentials for the new domain's user, along with the domain name. Click on 'Next' to continue.

oid_inst-02

3. Confirm and/or correct the locations for the WebLogic Server and Oracle Instance directories as well as specify an Oracle Instance Name. When completed click 'Next' to continue.

oid_inst-03

4. The next screen concerns the usual security notifications. I do not care for security updates so I simply continued.

oid_inst-04

5. Select Oracle Internet Directory and Oracle Directory Integration Platform. The Oracle Directory Services Manager and Fusion Middleware Control management components are automatically selected for this installation. Ensure no other components are selected and click 'Next' when completed to continue.

oid_inst-05

6. Select Auto Port Configuration to allow the installer to configure ports from a predetermined range. Click 'Next' when completed to continue.

oid_inst-06

7. We already used RCU to create and configure the OID schema so here we just need to select 'Use Existing Schema', enter the connection details to the repository database in the form '::' and enter the ODS schema password. Click 'Next' when completed to continue.

oid_inst-07

8. Next up is the OID information, i.e. the realm and administrator ('orcladmin') credentials. Click 'Next' to continue to the installation summary when completed.

oid_inst-08

9. Following the installation summary you will see the configuration progress screen.

oid_inst-09

oid_inst-09b

10. If all goes well you will see the Installation Completion screen

oid_inst-10


Installation Verification

To verify a successful installation you should run the following commands:

1. Execute '$ORACLE_INSTANCE/bin/opmnctl status -l'


Processes in Instance: asinst_1
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ias-component                    | process-type       |     pid | status   |        uid |  memused |    uptime | ports
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
oid1                             | oidldapd           |    8245 | Alive    | 1068702846 |   375296 |  67:57:58 | N/A
oid1                             | oidldapd           |    8229 | Alive    | 1068702845 |    95868 |  67:57:58 | N/A
oid1                             | oidmon             |    8214 | Alive    | 1068702844 |    83744 |  67:57:58 | LDAPS:3131,LDAP:3060
EMAGENT                          | EMAGENT            |    7402 | Alive    | 1068702843 |    63908 |  68:01:31 | N/A



2. Execute the '$ORACLE_HOME/bin/ldapbind' command on the Oracle Internet Directory for non-SSL and SSL ports. Note that ORACLE_HOME must be set correctly (i.e. not the DB_HOME).

On Non-SSL ports:

$ORACLE_HOME/bin/ldapbind -h -p -D cn=orcladmin -w

On SSL ports:

$ORACLE_HOME/bin/ldapbind -h -p -D cn=orcladmin -w -U 1


Enabling WebLogic Startup


Every time an Administrator wants to run the WebLogic startup script, he/she is prompted with username and password. If the administrator wants to be configure weblogic to startup on bootup or reboot, then they will need the username and password to be automatically recognized. To enable WLS startup without password prompting create $DOMAIN_HOME/servers/AdminServer/security/boot.properties and $DOMAIN_HOME/servers/wls_ods1/security/boot.properties files with entries:

username=weblogic
password=wlsP#ssw0rd

After the initial startup, the password will be encrypted.


Summary

So now you have your first OID instance up and functional. All that is left is some configuration and tuning after some period of being operational. I will end the series on OID11g here but will try and follow-up with some further entries on setting up LDAP multi-master replication (MMR), backup/recovery and migration from 10g. I would like to point out that you should enable  anonymous binds which are disabled by default. Otherwise, you will receive the error:

"Configuration exception: Could not check for the Oracle Schema:
oracle.net.config.ConfigException: TNS-04409: Directory Service Error"

When attempting to use DBCA to add your database to OID. This can be done in two ways:

Using OEM11g Fusion Middleware Control
a. Navigate to "Identity and Access' -> oid1
b. Click on 'Oracle Internet Directory' and select 'Administration' -> 'Server Properties'
c. Switch 'Anonymous Bind' from 'Disallow except for Read Access on the root DSE' to 'Allows'
d. Click 'Apply'

Using Command-line
ldapmodify -D cn=orcladmin -q -p 3060 -h orads01.na.ds.g240.lab -f [ldifFile]

LDIF File:
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclAnonymousBindsFlag
orclAnonymousBindsFlag: 1