Category Archives: Oracle Unified Directory

Oracle Unified Directory

Articles in DOAG Red Stack Magazin

A while ago I wrote two articles for the DOAG Red Stack Magazin. In the meantime both articles have been published. For this reason I use the opportunity to make the PDF versions of the articles available on oradba.ch. The articles are written in German and available as Trivadis version as well Red Stack version. Although the articles versions differ only in the number of typos and layout.

None of the articles are currently available in english. On request I will write also articles about Oracle Unified Directory in English in the future. However, currently I still have a lot of ideas for blog posts about database security, enterprise user security and unified directory on my to-do list. And blog posts I usually write in english… 🙂

Start ODSM on boot using systemd

A couple of month ago I wrote blog on how to start Oracle Unified Directory (OUD) on system boot (see Start OUD Servers on Boot using systemd) using a unit file and systemd. Quite a simple and straightforward way to start OUD. Why not using the same approach for ODSM? This can be easily implemented, because my weblog infrastructure is only used for the ODSM domain.

Boot Properties File for ODSM

Normally the credentials must be specified when the weblogic server is started. To avoid this, a boot.properties file is defined. This file does contain the username and password of the weblogic admin. Excerpt from my weblogic startup log including the prompt for username and password.

...
<sep 7, 2017 6:01:09 AM CEST> <info> <weblogicserver> <bea -000377> <starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 24.141-b31 from Oracle Corporation>
<sep 7, 2017 6:01:10 AM CEST> <info> <management> <bea -141107> <version: WebLogic Server 10.3.6.0.170418 PSU Patch for BUG25388747 WED MAR 21 18:34:42 IST 2017
WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050 >
<sep 7, 2017 6:01:11 AM CEST> <info> <security> <bea -090065> <getting boot identity from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<sep 7, 2017 6:01:39 AM CEST> <notice> <weblogicserver> <bea -000365> <server state changed to STARTING>
<sep 7, 2017 6:01:39 AM CEST> <info> <workmanager> <bea -002900> <initializing self-tuning thread pool>
...

ODSM just has an admin server. So let’s create the boot.properties file in the security folder of the admin server. Since this security directory may not already exist, we must create it beforehand. On my environment I’ve put the user projects outside of my middleware folder in /u00/app/oracle/user_projects. The working directory for the next couple of commands will be /u00/app/oracle/user_projects/domains/ODSM_domain.

cd /u00/app/oracle/user_projects/domains/ODSM_domain

ls servers/AdminServer
adr  cache  data  logs  sysman  tmp

mkdir -p servers/AdminServer/security
touch servers/AdminServer/security/boot.properties

Add values for username and password to the boot.properties file.

vi servers/AdminServer/security/boot.properties

username=weblogic
password=manager

The boot.properties file fortunately does not stay like this. so. During the first start of the weblogic server, the username and password is encrypted with AES.

cat servers/AdminServer/security/boot.properties
#Thu Sep 07 06:34:11 CEST 2017
password={AES}lCtDx2TYm8rHZt/n9CiwmCgbiPjE+noBdyI+1MmJ21o\=
username={AES}4ROGb6gIkFWhqQA6uoV2mTN7cZy/jdM/pUO4aDbB74k\=

Unit File for ODSM

After the weblogic server can now be started without password input, one only need the corresponding unit file to automatically start the ODSM domain during system boot. The unit file will be created as root in the folder /usr/lib/systemd/system. For my environment I do create the following unity file. Working directory, domain name, user name etc has to be adjusted accordingly for other environments. Add the following content to the new unit file.

sudo vi /usr/lib/systemd/system/wls_odsm.service

# -----------------------------------------------------------------------
#  Trivadis AG, Infrastructure Managed Services
#  Saegereistrasse 29, 8152 Glattbrugg, Switzerland
# -----------------------------------------------------------------------
#  File-Name........: wls_odsm.service
#  Author...........: Stefan Oehrli, stefan.oehrli at trivadis.com
#  Date.............: 07. Sept 2017
#  Revision.........: 1.0
#  Purpose..........: Unit file for ODSM domain
#  Usage............: systemctl enable wls_odsm.service
#  Notes............: --
# -----------------------------------------------------------------------
#  Revision history.:  
#  07.09.2017  soe     initial release
# -----------------------------------------------------------------------

[Unit]
Description=WLS ODSM Instance
Wants=network.target
After=network.target
 
[Service]
Type=simple
User=oracle
Group=osdba
WorkingDirectory=/u00/app/oracle/user_projects/domains/ODSM_domain
ExecStart=/u00/app/oracle/user_projects/domains/ODSM_domain/startWebLogic.sh
ExecStop=/u00/app/oracle/user_projects/domains/ODSM_domain/bin/stopWebLogic.sh
StandardOutput=syslog
 
[Install]
WantedBy=multi-user.target

As soon as we have the new unit file we have to enable the service. This also creates a softlink in /etc/systemd/system/multi-user.target.wants to the new unit file.

sudo systemctl enable wls_odsm.service
Created symlink from /etc/systemd/system/multi-user.target.wants/wls_odsm.service to /usr/lib/systemd/system/wls_odsm.service.

Start the admin server for the ODSM domain using systemctl.

sudo systemctl start wls_odsm.service

Stop the admin server for the ODSM domain using systemctl.

sudo systemctl stop wls_odsm.service

Display the status of the admin server for the ODSM domain.

sudo systemctl status wls_odsm.service
 wls_odsm.service - WLS ODSM Instance
   Loaded: loaded (/usr/lib/systemd/system/wls_odsm.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-09-07 06:55:25 CEST; 1min 32s ago
 Main PID: 10645 (startWebLogic.s)
   CGroup: /system.slice/wls_odsm.service
           ├─10645 /bin/sh /u00/app/oracle/user_projects/domains/ODSM_domain/startWebLogic.sh
           ├─10648 /bin/sh /u00/app/oracle/user_projects/domains/ODSM_domain/bin/startWebLogic.sh
           └─10695 /u00/app/oracle/product/jdk1.7.0_141/bin/java -server -Xms256m -Xmx512m -XX:MaxPermSize=512m -Dweblogic.Name=AdminServer -Djava.security.polic...

Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[4]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default" is now listening on fd1...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[1]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[5]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[6]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[7]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <weblogicserver> <bea -000329> <started WebLogic Admin Server "Ad...ion Mode>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <warning> <server> <bea -002611> <hostname "
localhost", maps to multiple I...:0:0:0:1>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <weblogicserver> <bea -000365> <server state changed to RUNNING>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <weblogicserver> <bea -000360> <server started in RUNNING mode>
Hint: Some lines were ellipsized, use -l to show in full.

All in all, a simple and easy way to start the ODSM automatically at system boot.

Reference

Some references and links to MOS Notes:

Oracle Unified Directory 12 Released

Finally end of working day. But while reading some newsletter and mails on my way home, I realised that there will be some work at home. After a long wait, Oracle has finally released Oracle Unified Directory 12c 🙂

A overview of the new features:

  • Improved performance and scalability
  • Support for TNS aliases for Oracle Unified Directory deployments with Oracle Enterprise User Security (EUS) configured
  • Support for TLS 1.2 Protocols and Cipher Suites
  • Password-Based Key Derivation Function 2 Password Storage Schemes
  • ODSM Rebranding
  • Support for new log publishers that are configurable via OUDSM
  • Support for the Upgrade OUD Instance script
  • Support for WebLogic Scripting Tool provisioning commands
  • Support for new log publishers that are configurable via OUDSM
  • Support for Oracle Fusion Middleware configuration tools
  • Support for Oracle WebLogic Server 12.2.1.3
  • Support for Oracle JDK 1.8

See Fusion Middleware Release Notes What’s New in Oracle Identity Management 12c (12.2.1.3.0) for a full list of new features.

Links related to Oracle Unified Directory 12c:

Stay tuned, I’ll definitely write more blog posts on Oracle Unified Directory 12 soon.

Start OUD Servers on Boot using systemd

Starting Oracle Unified Directory on system boot is essential for production environment. Unfortunately OUD just provides a script to create the init.d script. But newer system in general use systemd initialise and startup. Nevertheless, creating a custom unit file for OUD is simple and straightforward. First, let’s create a regular init.d script with the create-rc-script from oud. The created custom script can be used as template for the systemd unit file.

create-rc-script does allow a couple of parameter to specify the script name, OS user for OUD and the JAVA_HOME. The following example of create-rc-script does show how to create a regular start script for OUD instance oud_ad_proxy.

export OUD_HOME=/u00/app/oracle/instances/oud_ad_proxy
export JAVA_HOME=/u00/app/oracle/product/jdk1.7.0_141

cd $OUD_HOME/OUD/bin
create-rc-script -f oud_ad_proxy.sh -u oracle -j $JAVA_HOME

This does create the following bornshell script for init.d.

#!/bin/sh
#
# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
#
#
# chkconfig: 345 90 30
# description: Oracle Unified Directory startup script
#


# Set the path to the Oracle Unified Directory instance to manage
INSTALL_ROOT="/u00/app/oracle/instances/oud_ad_proxy/OUD"
export INSTALL_ROOT

# Specify the path to the Java installation to use
OPENDS_JAVA_HOME="/u00/app/oracle/product/jdk1.7.0_141"
export OPENDS_JAVA_HOME

# Determine what action should be performed on the server
case "${1}" in
start)
  /bin/su - oracle -- "${INSTALL_ROOT}/bin/start-ds" --quiet
  exit ${?}
  ;;
stop)
  /bin/su - oracle -- "${INSTALL_ROOT}/bin/stop-ds" --quiet
  exit ${?}
  ;;
restart)
  /bin/su - oracle -- "${INSTALL_ROOT}/bin/stop-ds" --restart --quiet
  exit ${?}
  ;;
*)
  echo "Usage:  $0 { start | stop | restart }"
  exit 1
  ;;
esac

The same start / stop commands can now be used in the unit file. So let’s create a new custom unit file in /etc/systemd/system. The unit file is named according the old instance.

sudo vi /etc/systemd/system/oud_ad_proxy.service

Add the following content to the new unit file.

[Unit]
Description=OUD AD Proxy Instance oud_ad_proxy
Wants=network.target
After=network.target

[Service]
Type=forking
User=oracle
Group=osdba
Environment=OPENDS_JAVA_HOME="/u00/app/oracle/product/jdk1.7.0_141"
ExecStart=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/start-ds --quiet
ExecStop=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/stop-ds --quiet
ExecReload=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/stop-ds --restart --quiet
StandardOutput=syslog

[Install]
WantedBy=multi-user.target

As soon as we have the new unit file we have to enable the service.

sudo systemctl enable oud_ad_proxy.service

Start the OUD instance using systemctl.

sudo systemctl start oud_ad_proxy.service

Stop the OUD instance using systemctl.

sudo systemctl stop oud_ad_proxy.service

Display the status of the OUD service.

sudo systemctl status oud_ad_proxy.service

 oud_ad_proxy.service - OUD AD Proxy Instance oud_ad_proxy
   Loaded: loaded (/etc/systemd/system/oud_ad_proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-05-16 22:41:09 CEST; 28s ago
  Process: 18300 ExecStop=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/stop-ds --quiet (code=exited, status=0/SUCCESS)
  Process: 18397 ExecStart=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/start-ds --quiet (code=exited, status=0/SUCCESS)
 Main PID: 18477 (java)
   CGroup: /system.slice/oud_ad_proxy.service
           └─18477 /u00/app/oracle/product/jdk1.7.0_141/jre/bin/java -server -Dorg.opends.server.scriptName=start-ds org.opends.server.core.DirectoryServer --configClass org.opends.server.extensions.ConfigFileHandler -...

May 16 22:41:01 euterpe systemd[1]: Starting OUD AD Proxy Instance oud_ad_proxy...
May 16 22:41:09 euterpe systemd[1]: Started OUD AD Proxy Instance oud_ad_proxy.

Some references and links to MOS Notes:

Environment Scripts for OUD

At Trivadis we do have the TVD-BasEnv™ to standardizes and simplifies the handling of environments for Oracle database and application server landscapes. This inspired me to create something similar for Oracle Unified Directory environments. Although current versions of TVD-BasEnv™ already support OUD and OID environment. I’ve had the situation, where I need some small and slimmed down environment scripts for dedicated OUD test servers. TVD-BasEnv™ is rather complex and brings a lot of nice features for Oracle Database environments with ASM, RAC, DataGuard and more stuff which is in general not required on a simple OUD server.

My OUD Base is basically just the oudenv.sh script, some configuration files and a bunch of aliases. The directory structure for the OUD binaries, scripts and configuration files is similar to what we use in TVD-BasEnv™ and based on OFA. It is written in bash and tested on my Oracle Linux VM’s and Raspberry Pi’s with Raspbian Jessy. It should also run on any other bash environment. Um, well OUD and Raspberry Pi? Yes I’ll explain this soon in an other blog post.

Setup the Environment

In general I do use a dedicated OS user for my Oracle installations. To keep it simple and clear I name it oracle. The following commands are run on my Raspberry Pi and therefore as OS user pi. Please adjust it accordingly. Create the user and the corresponding OS groups as pi user with sudo.

pi@oud2go:~ $ sudo adduser oracle
Adding user oracle ...
Adding new group oracle (1001) ...
Adding new user oracle (1001) with group oracle ...
Creating home directory /home/oracle ...
Copying files from /etc/skel ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for oracle
Enter the new value, or press ENTER for the default
    Full Name []: oracle
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n] y
pi@oud2go:~ $ sudo addgroup oinstall
Adding group oinstall (GID 1002) ...
Done.
pi@oud2go:~ $ sudo addgroup osdba
Adding group osdba (GID 1003) ...
Done.
pi@oud2go:~ $ sudo adduser oracle oinstall
Adding user oracle to group oinstall ...
Adding user oracle to group oinstall
Done.
pi@oud2go:~ $ sudo adduser oracle osdba
Adding user oracle to group osdba ...
Adding user oracle to group osdba
Done.

Create an ORACLE_BASE directory which is used for OUD and provide access to OS user oracle.

pi@pi2go:~ $ sudo mkdir -p /u00/app/oracle
pi@pi2go:~ $ sudo chown -R oracle:oinstall /u00/app/oracle

My OUD Base is available as Bash Install script with an embedded TAR ( oudbase_install.sh) or as plain TAR file ( oudbase_install.tgz). If you use the TAR file a few manuell configuration steps are required.

Install using oudbase_install.sh

This installation is straightforward as you can see in the usage.

2016-10-15_11:41:58  START: Start of oudbase_install.sh (Version 0.1) with
2016-10-15_11:41:58  INFO : Usage, oudbase_install.sh [-hv] [-b <oracle_base>]
2016-10-15_11:41:58  INFO :   [-i <oracle_instance_base>] [-m <oracle_home_base>] [-B <oud_backup_base>]
2016-10-15_11:41:58  INFO :
2016-10-15_11:41:58  INFO :   -h                          Usage (this message)
2016-10-15_11:41:58  INFO :   -v                          enable verbose mode
2016-10-15_11:41:58  INFO :   -b <oracle_base>            ORACLE_BASE Directory. Mandatory argument.
2016-10-15_11:41:58  INFO :   -i <oracle_instance_base>   Base directory for OUD instances (default $ORACLE_BASE/instances)
2016-10-15_11:41:58  INFO :   -m <oracle_home_base>       Base directory for OUD binaries (default $ORACLE_BASE/middleware)
2016-10-15_11:41:58  INFO :   -B <oud_backup_base>        Base directory for OUD backups (default $ORACLE_BASE/backup)
2016-10-15_11:41:58  INFO :
2016-10-15_11:41:58  INFO : Logfile : /u00/app/oracle/local/log/oudbase_install.log
2016-10-15_11:41:58  ERR  : Exit Code 1. Wrong amount of arguments. See usage for correct one.

We will just provide the ORACLE_BASE and use the default values for all other settings.

oracle@pi2go:~ $ ./oudbase_install.sh -v -b /u00/app/oracle
2016-10-15_11:44:03  START: Start of oudbase_install.sh (Version 0.1) with -v -b /u00/app/oracle
2016-10-15_11:44:03  INFO : processing commandline parameter
2016-10-15_11:44:03  Installing OUD Environment
2016-10-15_11:44:03  Create required directories in ORACLE_BASE=/u00/app/oracle
2016-10-15_11:44:03  Create Directory /u00/app/oracle/etc
2016-10-15_11:44:03  Create Directory /u00/app/oracle/local
2016-10-15_11:44:03  Create Directory /u00/app/oracle/backup
2016-10-15_11:44:03  Create Directory /u00/app/oracle/middleware
2016-10-15_11:44:03  Create Directory /u00/app/oracle/instances
2016-10-15_11:44:03  Extracting file into /u00/app/oracle/local
bin/
bin/oud_export.sh
bin/oud_backup.sh
bin/oudenv.sh
bin/oudbase_install.sh
bin/oud_status.sh
config/
certificates/
doc/
etc/
etc/oudtab
etc/oudenv.conf
etc/oud._DEFAULT_.conf
lib/
log/
log/oud_status.log
log/oud_export.log
log/oud_backup.log
log/oudbase_install.log
templates/
templates/cron.d/
templates/cron.d/oud
templates/.bash_profile
templates/ldif/
templates/ldif/oud_pi_init.ldif
templates/logrotate.d/
templates/logrotate.d/oud
2016-10-15_11:44:03  Please manual adjust your .profile to load / source your OUD Environment
2016-10-15_11:44:03  END  : of oudbase_install.sh

You have to change your bash profile to make sure that the environment is loaded. Just add the following lines.

oracle@pi2go:~ $ vi .profile
# Check OUD_BASE and load if necessary
if [ "${OUD_BASE}" = "" ]
  then
    if [ -f "${HOME}/.OUD_BASE" ]
      then
        . "${HOME}/.OUD_BASE"
      else
        echo "ERROR: Could not load ${HOME}/.OUD_BASE"
    fi
fi

# define an oudenv alias
alias oud='. ${OUD_BASE}/bin/oudenv.sh'

# source oud environment
. ${OUD_BASE}/bin/oudenv.sh

During the next logon you have the OUD Base available

Manual installation using oudbase_install.tgz

Ok, it is not really more complex just un-tar the file in a directory. Normally it is $ORACLE_BASE/local. Other directory probably have to be specified in the config file.

oracle@pi2go:~ $ cd /u00/app/oracle/
oracle@pi2go:~ $ mkdir local
oracle@pi2go:~ $ cd local
oracle@pi2go:~ $ tar zxvf oudbase_install.tgz

You also have to change your bash profile as mentioned above.

Examples

A few example how to use OUD Base to simplify OUD management.

Change environment to OUD instance oud_pi.

oracle@pi2go:~/ [oud_pi] oud_pi
Source environment for OUD Instance oud_pi
--------------------------------------------------------------
 Instance Name   : oud_pi
 Instance Home   : /u00/app/oracle/instances/oud_pi
 Oracle Home     : /u00/app/oracle/middleware/oud_11.1.2.3
 Instance Status : up
 LDAP Port       : 1389
 LDAPS Port      : 1636
 Admin Port      : 4444
 Replication Port: 8989
--------------------------------------------------------------

List available / running OUD instances using oudup or via alias u.

oracle@pi2go:~/ [oud_pi] oudup
TYPE INSTANCE   STATUS PORT HOME
---- ---------- ------ ---- ----------------------------------
OUD  oud_pi     up     4444 /u00/app/oracle/instances/oud_pi

Configuration and Architecture

Config Files

The OUD Base does have the following configuration files.

File Description
.OUD_BASE This is a simple file in the user home directory. It includes the pointer to the OUD Base directory. This file is used to initiate $OUD_BASE.
oudtab oudtab is a simple file which includes all OUD instance and there ports eg. default LDAP port, admin port, SSL port and replication port.
oudenv.conf This is the main configuration file for environment variables and aliases. It is loaded when an environment is set or changed. Location of oudenv.conf is $ETC_BASE.
oud._DEFAULT_.conf This configuration file for custom environment variables. Location of oud._DEFAULT_.conf is $ETC_BASE.
oud._INSTANCE_.conf This configuration file for custom environment variables for a dedicated OUD instance eg. oud_pi Location of oud._oud_pi_.conf is $ETC_BASE.

Directories and its variables

The following directory, environment variables and aliases are defined and used in OUD Base. Most of them are inspired by OFA (Oracle Flexible Architecture) and TVD-BasEnv™.

ENV Variable Alias Path Description
$ORACLE_BASE, $cdob cdob /u00/app/oracle Base directory for the oracle binaries
$OUD_BASE, $cdl cdl $ORACLE_BASE/local OUD Base directory with the scripts, config etc
cdl.bin $ORACLE_BASE/bin Scripts directory in OUD_BASE
$ETC_BASE, $etc etc, cdl.etc $ORACLE_BASE/etc OUD Base configuration directory
$LOG_BASE, $log log, cdl.log $ORACLE_BASE/log OUD Base log directory
$ORACLE_BASE/doc OUD Base documentation directory
$ORACLE_BASE/config Local directory for configuration files, LDIF etc to build an OUD instance
$ORACLE_BASE/certificates Local directory for certificates
$ORACLE_HOME, $cdh cdh $ORACLE_BASE/middleware/oud_11.1.2.3 Oracle Unified Directory binaries eg. 11.1.2.3
$JAVA_HOME /usr/lib/jvm/jre-1.7.0-oracle-1.7.0.101-1jpp.1.el7.x86_64 Java used for OUD
$OUD_INSTANCE_BASE, $cdib cdib $ORACLE_BASE/instances Base directory for the instance homes
oud_pi Alias to set environment for OUD instance oud_pi
$OUD_INSTANCE_HOME, $cdih cdih $ORACLE_BASE/instances/oud_pi OUD Instance Home directory for Instance oud_pi
$cdic cdic $OUD_INSTANCE_HOME/OUD/config Config directory for OUD instance oud_pi
$cdil cdil $OUD_INSTANCE_HOME/OUD/logs Log directory for OUD instance oud_pi

Variables

Variable besides the ones mentioned above.

Variable Description
$OUD_INSTANCE Name of the current OUD instance
$OUD_INST_LIST List of OUD instances taken from $OUDTAB
$PWD_FILE Password file for the OUD instance eg. ${ETC_BASE}/$OUD_INSTANCE_pwd.txt or ${ETC_BASE}/pwd.txt
$PORT OUD instance port taken from oudtab file
$PORT_ADMIN OUD instance admin port taken from oudtab file
$PORT_REP OUD instance replication port taken from oudtab file
$PORT_SSL OUD instance SSL port taken from oudtab file
$OUDTAB oudtab config file eg. ${ETC_BASE}/oudtab

Aliases

Alias Description
dsc dsconfig including hostname, $PORT_ADMIN and $PWD_FILE
dsrs dsreplication status
oud_pi OUD Base does generate an alias for each OUD instance based on its name. This allows to easily change the environment from one to an other OUD instance.
oud INSTANCE Use oud INSTANCE name to change the environment to a particular OUD instance
taa tea will do a tail -f on the OUD instance access log
tae tea will do a tail -f on the OUD instance error log
tas tea will do a tail -f on the OUD instance server.out log
tarep tea will do a tail -f on the OUD instance replication log
task task does run a manage-tasks with hostname, port etc parameter
u u runs oudup to display the current OUD Instances
vio vio opens the oudtab file eg. ${ETC_BASE}/oudtab

Conclusion

Although there is the possibility to use property files for OUD I’m still happy, that I have a bunch of aliases to set or change a few directories. Eg. jump to the log directory, view config files etc. Feel free to use the OUD Base as it is on your OUD environments at your own risk. It simplifies a few settings in particular if you have multiple OUD instance on one system. You may change, modify the scripts as you like. I can not guarantee, that the scripts do not have any errors or bugs. Please test before you start using them on a production environment.

Files and References

Below you find a few references related to Raspberry Pi, USB OTG or Oracle Unified Directory:

Change LDAPS Port for OUD

Due to a typo I’ve configured the wrong port for the LDAPS connection handler on my OUD instance. But this is actually not a problem and can be corrected easily. First let’s verify the current settings of the LDAPS connection handler.

oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \
-j $ORACLE_HOME/OUD/config/pwd.txt --trustAll --no-prompt \
get-connection-handler-prop --handler-name "LDAPS Connection Handler"

Property               : Value(s)
-----------------------:-------------------------------------------------------
allow-ldap-v2          : true
allow-start-tls        : false
allowed-client         : -
denied-client          : -
enabled                : true
keep-stats             : true
key-manager-provider   : JKS
listen-address         : 0.0.0.0
listen-port            : 1689
ssl-cert-nickname      : -
ssl-cipher-suite       : jvm, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
                       : SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
                       : SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
                       : SSL_DH_anon_WITH_DES_CBC_SHA,
                       : SSL_DH_anon_WITH_RC4_128_MD5
ssl-client-auth-policy : optional
ssl-protocol           : -
trust-manager-provider : JKS
use-ssl                : true

Set the new listen-port to 1636 using dsconfig for the LDAPS connection handler.

oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \
-j $ORACLE_HOME/OUD/config/pwd.txt --trustAll \
set-connection-handler-prop --handler-name "LDAPS Connection Handler" \
--set listen-port:1636 --no-prompt

Unfortunately, a restart of the OUD instance is required to use the new settings. This can be done using stop-ds. For better readability I left out a large part of the output in the following example.

oracle@urania:~/ [oud_eus] stop-ds --restart
Stopping Server...

[12/Jul/2016:23:15:09 +0200] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
[12/Jul/2016:23:15:09 +0200] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887):  The Directory Server has started successfully

Use again dsconfig to get the new settings of the LDAPS connection handler. As you can see the listen-port is now set to 1636.

oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \
-j $ORACLE_HOME/OUD/config/pwd.txt --trustAll --no-prompt \
get-connection-handler-prop --handler-name "LDAPS Connection Handler"

Property               : Value(s)
-----------------------:-------------------------------------------------------
allow-ldap-v2          : true
allow-start-tls        : false
allowed-client         : -
denied-client          : -
enabled                : true
keep-stats             : true
key-manager-provider   : JKS
listen-address         : 0.0.0.0
listen-port            : 1636
ssl-cert-nickname      : -
ssl-cipher-suite       : jvm, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
                       : SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
                       : SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
                       : SSL_DH_anon_WITH_DES_CBC_SHA,
                       : SSL_DH_anon_WITH_RC4_128_MD5
ssl-client-auth-policy : optional
ssl-protocol           : -
trust-manager-provider : JKS
use-ssl                : true

Or just do a ldapsearch against the new LDAPS port.

oracle@urania:~/ [oud_eus] ldapsearch -h localhost -p 1636 -D "cn=Directory Manager" \
--useSSL --trustAll -j $ORACLE_HOME/OUD/config/pwd.txt \
-s base -b 'dc=postgasse,dc=org' 'objectclass=*'

dn: dc=postgasse,dc=org
orclversion: 90400
dc: postgasse
orclsubscriberfullname: postgasse
objectclass: top
objectclass: orclSubscriber
objectclass: domain

Of course it is possible with this method to change other parameter of the different connection handler.

Information on dsconfig can be found in the Oracle® Fusion Middleware Administering Oracle Unified Directory 11g Release 2 (11.1.2) A.2.4 dsconfig. See more OraDBA sticky notes.

Change default JAVA_HOME for OUD Instance

I just had a situation where I had to change the JAVA_HOME for my Oracle Unified Directory (OUD) instance. Although this is quite simple, this blog post serves as my “sticky note”.

During the setup of my OUD instance I’ve set the wrong JAVA_HOME. I’ve used JDK 1.8 instead recommended JRE 1.7. OUD does work well with Java 1.8, but it is just not a “certified configuration”. You never know which bug is coming next 😉 . Because my OUD Instance is used productive, I decided to change it back to JRE 1.7 Update 101. If you OUD server runs a couple of months, Java has to be updated regularly anyway due to vulnerabilities.

The JVM and Java arguments for each command is specified in properties file, which is in the INSTANCE_DIR/OUD/config/java.properties. To adjust the JVM settings, the OUD Instance must of course be stopped. New setting will then be applied with dsjavaproperties.

First set the proper default Java Home. I will use JRE 1.7 Update 101.

oracle@urania:~/ [oud_eus] vi $ORACLE_HOME/OUD/config/java.properties


default.java-home=/u00/app/oracle/product/java/jre1.7.0_101

Stop the Directory Server using stop-ds.

oracle@urania:~/ [oud_eus] stop-ds
Stopping Server...

[12/Jul/2016:17:43:28 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=OIDCompatibility,cn=Workflow Elements,cn=config is now taken offline
[12/Jul/2016:17:43:28 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=OracleContext0,cn=Workflow elements,cn=config is now taken offline
[12/Jul/2016:17:43:29 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=userRoot,cn=Workflow Elements,cn=config is now taken offline
[12/Jul/2016:17:43:29 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=virtualAcis,cn=Workflow Elements,cn=config is now taken offline
[12/Jul/2016:17:43:29 +0200] category=CORE severity=NOTICE msgID=458955 msg=The Directory Server is now stopped

Apply new java configuration with dsjavaproperties.

oracle@urania:~/ [oud_eus] dsjavaproperties
The operation was successful.  The server commands will use the java arguments
and java home specified in the properties file located in
/u00/app/oracle/product/middleware/oud_instances/oud_eus/OUD/config/java.properties

Start the Directory Server using start-ds.

oracle@urania:~/ [oud_eus] start-ds
[12/Jul/2016:17:44:09 +0200] category=CORE severity=INFORMATION msgID=132 msg=The Directory Server is beginning the configuration bootstrapping process
[12/Jul/2016:17:44:11 +0200] category=CORE severity=NOTICE msgID=458886 msg=Oracle Unified Directory 11.1.2.3.160419 (build 20160315213404Z, R1603151302) starting up
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381717 msg=Installation Directory:  /u00/app/oracle/product/middleware/oud_11.1.2.3.0
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381719 msg=Instance Directory:      /u00/app/oracle/product/middleware/oud_instances/oud_eus/OUD
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381713 msg=JVM Information: 1.7.0_101-b14 by Oracle Corporation, 64-bit architecture, 121634816 bytes heap size
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381714 msg=JVM Host: urania.postgasse.org, running Linux 4.1.12-37.4.1.el6uek.x86_64 amd64, 3875069952 bytes physical memory size, number of processors available 2
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381715 msg=JVM Arguments: "-Xms130m", "-Xmx130m", "-Dorg.opends.server.scriptName=start-ds"
[12/Jul/2016:17:44:17 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582978 msg=Added 16 Global Access Control Instruction (ACI) attribute types to the access control evaluation engine
[12/Jul/2016:17:44:18 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend OracleContext0 does not specify the number of lock tables: defaulting to 97
[12/Jul/2016:17:44:18 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend OracleContext0 does not specify the number of cleaner threads: defaulting to 24 threads
[12/Jul/2016:17:44:18 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend OracleContext0 does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[12/Jul/2016:17:44:18 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend OracleContext0 does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[12/Jul/2016:17:44:19 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=OracleContext0,cn=Workflow elements,cn=config containing 82 entries has started
[12/Jul/2016:17:44:19 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 5 Access Control Instruction (ACI) attribute types found in context "cn=OracleContext,dc=postgasse,dc=org" to the access control evaluation engine
[12/Jul/2016:17:44:19 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend virtualAcis does not specify the number of lock tables: defaulting to 97
[12/Jul/2016:17:44:19 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=virtualAcis,cn=Workflow Elements,cn=config containing 0 entries has started
[12/Jul/2016:17:44:20 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend userRoot does not specify the number of lock tables: defaulting to 97
[12/Jul/2016:17:44:20 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend userRoot does not specify the number of cleaner threads: defaulting to 24 threads
[12/Jul/2016:17:44:20 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend userRoot does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[12/Jul/2016:17:44:20 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend userRoot does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[12/Jul/2016:17:44:20 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=userRoot,cn=Workflow Elements,cn=config containing 141 entries has started
[12/Jul/2016:17:44:21 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend OIDCompatibility does not specify the number of lock tables: defaulting to 97
[12/Jul/2016:17:44:21 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend OIDCompatibility does not specify the number of cleaner threads: defaulting to 24 threads
[12/Jul/2016:17:44:21 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend OIDCompatibility does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[12/Jul/2016:17:44:21 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend OIDCompatibility does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[12/Jul/2016:17:44:22 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=OIDCompatibility,cn=Workflow Elements,cn=config containing 29 entries has started
[12/Jul/2016:17:44:22 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 10 Access Control Instruction (ACI) attribute types found in context "cn=OracleContext" to the access control evaluation engine
[12/Jul/2016:17:44:22 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 1 Access Control Instruction (ACI) attribute types found in context "cn=OracleSchemaVersion" to the access control evaluation engine
[12/Jul/2016:17:44:22 +0200] category=EXTENSIONS severity=INFORMATION msgID=1048797 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: urania.postgasse.org
[12/Jul/2016:17:44:22 +0200] category=CORE severity=INFORMATION msgID=731 msg=LDAP Connection Handler 0.0.0.0 port 1389 does not specify the number of request handler threads: sizing automatically to use 8 threads
[12/Jul/2016:17:44:22 +0200] category=CORE severity=INFORMATION msgID=731 msg=LDAP Connection Handler 0.0.0.0 port 1636 does not specify the number of request handler threads: sizing automatically to use 8 threads
[12/Jul/2016:17:44:22 +0200] category=CORE severity=INFORMATION msgID=720 msg=No worker queue thread pool size specified: sizing automatically to use 24 threads
[12/Jul/2016:17:44:23 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4444
[12/Jul/2016:17:44:23 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1389
[12/Jul/2016:17:44:23 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1636
[12/Jul/2016:17:44:23 +0200] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
[12/Jul/2016:17:44:23 +0200] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887):  The Directory Server has started successfully

Information on dsjavaproperties can be found in the Oracle® Fusion Middleware Administering Oracle Unified Directory 11g Release 2 (11.1.2) A.2.5 dsjavaproperties.

More short blog posts are marked as sticky notes in the future. I have enough Ideas for future short post or sticky notes. But time to write them is an other story…