Tag Archives: sticky notes

Change LDAPS Port for OUD

Due to a typo I’ve configured the wrong port for the LDAPS connection handler on my OUD instance. But this is actually not a problem and can be corrected easily. First let’s verify the current settings of the LDAPS connection handler.

oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \
-j $ORACLE_HOME/OUD/config/pwd.txt --trustAll --no-prompt \
get-connection-handler-prop --handler-name "LDAPS Connection Handler"

Property               : Value(s)
-----------------------:-------------------------------------------------------
allow-ldap-v2          : true
allow-start-tls        : false
allowed-client         : -
denied-client          : -
enabled                : true
keep-stats             : true
key-manager-provider   : JKS
listen-address         : 0.0.0.0
listen-port            : 1689
ssl-cert-nickname      : -
ssl-cipher-suite       : jvm, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
                       : SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
                       : SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
                       : SSL_DH_anon_WITH_DES_CBC_SHA,
                       : SSL_DH_anon_WITH_RC4_128_MD5
ssl-client-auth-policy : optional
ssl-protocol           : -
trust-manager-provider : JKS
use-ssl                : true

Set the new listen-port to 1636 using dsconfig for the LDAPS connection handler.

oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \
-j $ORACLE_HOME/OUD/config/pwd.txt --trustAll \
set-connection-handler-prop --handler-name "LDAPS Connection Handler" \
--set listen-port:1636 --no-prompt

Unfortunately, a restart of the OUD instance is required to use the new settings. This can be done using stop-ds. For better readability I left out a large part of the output in the following example.

oracle@urania:~/ [oud_eus] stop-ds --restart
Stopping Server...

[12/Jul/2016:23:15:09 +0200] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
[12/Jul/2016:23:15:09 +0200] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887):  The Directory Server has started successfully

Use again dsconfig to get the new settings of the LDAPS connection handler. As you can see the listen-port is now set to 1636.

oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \
-j $ORACLE_HOME/OUD/config/pwd.txt --trustAll --no-prompt \
get-connection-handler-prop --handler-name "LDAPS Connection Handler"

Property               : Value(s)
-----------------------:-------------------------------------------------------
allow-ldap-v2          : true
allow-start-tls        : false
allowed-client         : -
denied-client          : -
enabled                : true
keep-stats             : true
key-manager-provider   : JKS
listen-address         : 0.0.0.0
listen-port            : 1636
ssl-cert-nickname      : -
ssl-cipher-suite       : jvm, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
                       : SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
                       : SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
                       : SSL_DH_anon_WITH_DES_CBC_SHA,
                       : SSL_DH_anon_WITH_RC4_128_MD5
ssl-client-auth-policy : optional
ssl-protocol           : -
trust-manager-provider : JKS
use-ssl                : true

Or just do a ldapsearch against the new LDAPS port.

oracle@urania:~/ [oud_eus] ldapsearch -h localhost -p 1636 -D "cn=Directory Manager" \
--useSSL --trustAll -j $ORACLE_HOME/OUD/config/pwd.txt \
-s base -b 'dc=postgasse,dc=org' 'objectclass=*'

dn: dc=postgasse,dc=org
orclversion: 90400
dc: postgasse
orclsubscriberfullname: postgasse
objectclass: top
objectclass: orclSubscriber
objectclass: domain

Of course it is possible with this method to change other parameter of the different connection handler.

Information on dsconfig can be found in the Oracle® Fusion Middleware Administering Oracle Unified Directory 11g Release 2 (11.1.2) A.2.4 dsconfig. See more OraDBA sticky notes.

Change default JAVA_HOME for OUD Instance

I just had a situation where I had to change the JAVA_HOME for my Oracle Unified Directory (OUD) instance. Although this is quite simple, this blog post serves as my “sticky note”.

During the setup of my OUD instance I’ve set the wrong JAVA_HOME. I’ve used JDK 1.8 instead recommended JRE 1.7. OUD does work well with Java 1.8, but it is just not a “certified configuration”. You never know which bug is coming next 😉 . Because my OUD Instance is used productive, I decided to change it back to JRE 1.7 Update 101. If you OUD server runs a couple of months, Java has to be updated regularly anyway due to vulnerabilities.

The JVM and Java arguments for each command is specified in properties file, which is in the INSTANCE_DIR/OUD/config/java.properties. To adjust the JVM settings, the OUD Instance must of course be stopped. New setting will then be applied with dsjavaproperties.

First set the proper default Java Home. I will use JRE 1.7 Update 101.

oracle@urania:~/ [oud_eus] vi $ORACLE_HOME/OUD/config/java.properties


default.java-home=/u00/app/oracle/product/java/jre1.7.0_101

Stop the Directory Server using stop-ds.

oracle@urania:~/ [oud_eus] stop-ds
Stopping Server...

[12/Jul/2016:17:43:28 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=OIDCompatibility,cn=Workflow Elements,cn=config is now taken offline
[12/Jul/2016:17:43:28 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=OracleContext0,cn=Workflow elements,cn=config is now taken offline
[12/Jul/2016:17:43:29 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=userRoot,cn=Workflow Elements,cn=config is now taken offline
[12/Jul/2016:17:43:29 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=virtualAcis,cn=Workflow Elements,cn=config is now taken offline
[12/Jul/2016:17:43:29 +0200] category=CORE severity=NOTICE msgID=458955 msg=The Directory Server is now stopped

Apply new java configuration with dsjavaproperties.

oracle@urania:~/ [oud_eus] dsjavaproperties
The operation was successful.  The server commands will use the java arguments
and java home specified in the properties file located in
/u00/app/oracle/product/middleware/oud_instances/oud_eus/OUD/config/java.properties

Start the Directory Server using start-ds.

oracle@urania:~/ [oud_eus] start-ds
[12/Jul/2016:17:44:09 +0200] category=CORE severity=INFORMATION msgID=132 msg=The Directory Server is beginning the configuration bootstrapping process
[12/Jul/2016:17:44:11 +0200] category=CORE severity=NOTICE msgID=458886 msg=Oracle Unified Directory 11.1.2.3.160419 (build 20160315213404Z, R1603151302) starting up
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381717 msg=Installation Directory:  /u00/app/oracle/product/middleware/oud_11.1.2.3.0
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381719 msg=Instance Directory:      /u00/app/oracle/product/middleware/oud_instances/oud_eus/OUD
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381713 msg=JVM Information: 1.7.0_101-b14 by Oracle Corporation, 64-bit architecture, 121634816 bytes heap size
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381714 msg=JVM Host: urania.postgasse.org, running Linux 4.1.12-37.4.1.el6uek.x86_64 amd64, 3875069952 bytes physical memory size, number of processors available 2
[12/Jul/2016:17:44:17 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381715 msg=JVM Arguments: "-Xms130m", "-Xmx130m", "-Dorg.opends.server.scriptName=start-ds"
[12/Jul/2016:17:44:17 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582978 msg=Added 16 Global Access Control Instruction (ACI) attribute types to the access control evaluation engine
[12/Jul/2016:17:44:18 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend OracleContext0 does not specify the number of lock tables: defaulting to 97
[12/Jul/2016:17:44:18 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend OracleContext0 does not specify the number of cleaner threads: defaulting to 24 threads
[12/Jul/2016:17:44:18 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend OracleContext0 does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[12/Jul/2016:17:44:18 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend OracleContext0 does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[12/Jul/2016:17:44:19 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=OracleContext0,cn=Workflow elements,cn=config containing 82 entries has started
[12/Jul/2016:17:44:19 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 5 Access Control Instruction (ACI) attribute types found in context "cn=OracleContext,dc=postgasse,dc=org" to the access control evaluation engine
[12/Jul/2016:17:44:19 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend virtualAcis does not specify the number of lock tables: defaulting to 97
[12/Jul/2016:17:44:19 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=virtualAcis,cn=Workflow Elements,cn=config containing 0 entries has started
[12/Jul/2016:17:44:20 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend userRoot does not specify the number of lock tables: defaulting to 97
[12/Jul/2016:17:44:20 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend userRoot does not specify the number of cleaner threads: defaulting to 24 threads
[12/Jul/2016:17:44:20 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend userRoot does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[12/Jul/2016:17:44:20 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend userRoot does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[12/Jul/2016:17:44:20 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=userRoot,cn=Workflow Elements,cn=config containing 141 entries has started
[12/Jul/2016:17:44:21 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend OIDCompatibility does not specify the number of lock tables: defaulting to 97
[12/Jul/2016:17:44:21 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend OIDCompatibility does not specify the number of cleaner threads: defaulting to 24 threads
[12/Jul/2016:17:44:21 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend OIDCompatibility does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[12/Jul/2016:17:44:21 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend OIDCompatibility does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[12/Jul/2016:17:44:22 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=OIDCompatibility,cn=Workflow Elements,cn=config containing 29 entries has started
[12/Jul/2016:17:44:22 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 10 Access Control Instruction (ACI) attribute types found in context "cn=OracleContext" to the access control evaluation engine
[12/Jul/2016:17:44:22 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 1 Access Control Instruction (ACI) attribute types found in context "cn=OracleSchemaVersion" to the access control evaluation engine
[12/Jul/2016:17:44:22 +0200] category=EXTENSIONS severity=INFORMATION msgID=1048797 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: urania.postgasse.org
[12/Jul/2016:17:44:22 +0200] category=CORE severity=INFORMATION msgID=731 msg=LDAP Connection Handler 0.0.0.0 port 1389 does not specify the number of request handler threads: sizing automatically to use 8 threads
[12/Jul/2016:17:44:22 +0200] category=CORE severity=INFORMATION msgID=731 msg=LDAP Connection Handler 0.0.0.0 port 1636 does not specify the number of request handler threads: sizing automatically to use 8 threads
[12/Jul/2016:17:44:22 +0200] category=CORE severity=INFORMATION msgID=720 msg=No worker queue thread pool size specified: sizing automatically to use 24 threads
[12/Jul/2016:17:44:23 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4444
[12/Jul/2016:17:44:23 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1389
[12/Jul/2016:17:44:23 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1636
[12/Jul/2016:17:44:23 +0200] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
[12/Jul/2016:17:44:23 +0200] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887):  The Directory Server has started successfully

Information on dsjavaproperties can be found in the Oracle® Fusion Middleware Administering Oracle Unified Directory 11g Release 2 (11.1.2) A.2.5 dsjavaproperties.

More short blog posts are marked as sticky notes in the future. I have enough Ideas for future short post or sticky notes. But time to write them is an other story…