Oracle OUD Directory Proxy Installation Configuration

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Installing and configuring OUD proxy

Setup OUD user/group account

groupadd oud; useradd -g oud oud

Modify /etc/hosts

Make sure the FQDN is first in /etc/hosts

Create ZFS file systems

zfs create rpool/export/home/oud
zfs create -o mountpoint=/oud rpool/oud
zfs create -o mountpoint=/installs rpool/installs
mkdir /installs/OUD

Configure proper owner

groupadd oud
useradd -g oud oud
cd ~oud
cp /root/.bashrc .
ln -s .bashrc .bash_profile
chown -R oud:oud ~oud
echo “export JAVA_HOME=/usr/java” >> ~oud/.bashrc
chmod 777 /installs
chown -R oud:oud /installs
chown -R oud:oud /oud/

Install need packages

pkg install –accept pkg://solaris/SUNWxwplt java jdk-6 jdk pkg:/developer/xopen/xcu4 make gnu-make ucb

Configure passwords

passwd oud

OS Tuning

Create S50Net-Tunes.sh
vi Net-Tunes.sh

chmod +x Net-Tunes.sh
chown root:sys Net-Tunes.sh
cd /etc/rc2.d/
ln -s /etc/init.d/Net-Tunes.sh S50Net-Tunes.sh

Copy and extract files

scp V37478-01.zip oud@ldap1:/installs/
cd /installs/OUD;unzip -qq ../V37478-01.zip

Install OUD Proxy

Note: Make sure to sue java 1.7.0_17-b02 for all products (included in sol11.1/SRU-6.0.4).

Options at installtion

./runInstaller -jreLoc /usr/java

Select

Inventory Directory: /oud/oraInventory
Group: oud

  • run as root

/oud/oraInventory/createCentralInventory.sh
skip regster
OUD Base: /oud/Oracle/Middleware
Oracle Home: Oracle_OUD1

Before configuring / create certificate

Generate self signed certificate

keytool -genkeypair -alias ldproxy1 -keyalg rsa -keysize 2048 -validity 3560 -dname “cn=ldproxy1.domain.com” -keystore /oud/certs/ldproxy1.jks -storetype JKS

Verify certificate key

keytool -list -alias ldproxy1 -keystore ldproxy1.jks -v

Get DSEE certifcate(s)

Note The below steps are not needed any more, since we accept the remote LDAP certificate at configure time.
dsadm show-cert -F ascii /ldap1/ldap_inst1/ldap/ defaultCert > ldap1-cert-ascii
keytool -importcert -alias ldap1 -file ldap1-cert-ascii -keystore ldap1.jks -storetype JCEKS -storepass password

Verify key

keytool -list -alias ldap1 -keystore ldap1.jks -storetype JCEKS -storepass password -v

Configuring OUD Proxy

Install the DS by running oud-proxy-setup

ssh -X oud@ldproxy1
/oud/Oracle/Middleware/Oracle_OUD1/oud-proxy-setup

Select the certificate

Select the certificate generate in /oud/certs
Enter the cn=diretcory manager password

Select remote LDAP servers

Click next till the add remote LDAP servers screen
Click Add remote server
Select both ldap & ldaps
Select get remote server certificate and save the certificate
Add all Directory servers you would like to use with the proper ports

  • Set memory size:

Min: 256
Max: 2048
Complete the configuration
Complete configuration

Add an SMTP alert handler

First enable / configure a server SMTP

/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -h localhost -p 4444 -D “cn=directory manager” -j /tmp/pw.txt -n set-global-configuration-prop –set smtp-server:localhost –trustAll

Add in ODSM an SMTP alert ahndler

Add an SMTP alert handler
Name: SMTP OUD-Alerts
Email: sysadmin@domain.com

Proxy commend line tuning

OUD proxy thread performance tuning

Add the below commend list to a file, then execute dsconfig
/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -j /tmp/pw.txt -n -F /installs/oud_config_cmds

Modify the Max Size Limits

Under General Configuration
Size Limit: 7000

How to start and stop the servers

As the OUD user just run

To start an instance

/oud/Oracle/Middleware/asinst_1/OUD/bin/start-ds

To stop an instance

/oud/Oracle/Middleware/asinst_1/OUD/bin/stop-ds

OUD LDAP error code list

OUD LDAP error code list

Add the new configured server to ODSM console

Appendix A – Create OUD proxy from commend line

Script to configure OUD proxy from commend line

Appendix B – keytool and certificates

Appendix C – ssltap

To capture ssl traffic

References

keytool reference
SL SASL ldapsearch examples
Oracle Unified Directory Configuration Reference