Contents
- 1 How to Install Oracle Unified directory(OUD), ODSM and DIP
- 1.1 Install OUD directory
- 1.2 Install weblogic server
- 1.3 Install Oracle ADF 11.1.1.6
- 1.4 Oracle DIP Installation
- 1.5 Configuring weblogic
- 1.6 Complete the weblogic configure script
- 1.7 Start weblogic in this order
- 1.8 DIP post install
- 1.9 Configuring certificates for DIP/weblogic
- 1.10 Accessing ODSM and DIP
- 1.11 System Auto startup Scripts
- 1.12 To de-install Oracle ADF
- 1.13 BUG workaround fixes
- 3 References
How to Install Oracle Unified directory(OUD), ODSM and DIP
Note: To make installation easy – install VNC and work over vnc (temporarily)
1 |
pkg install tigervnc xvnc |
Install OUD directory
Note: Make sure to select enable DIP at OUD install time
First install and configure a basic OUD installation, as described in Installing and configuring OUD Directory
Note: ID sync is being migrated to Oracle Directory Interrogation Platform (ODIP)
Note 2: For DIP Install the full fusion middleware packages, select Do not configure.
Allow conflicting structural objectclasses – compatible with ODSEE
- /oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig set-global-configuration-prop –set single-structural-objectclass-behavior:accept -n -j /tmp/pw.txt
- /oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig set-attribute-syntax-prop –syntax-name Directory\ String –set allow-zero-length-values:true -n -j /tmp/pw.txt
- /oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig set-password-policy-prop –policy-name “Default Password Policy” –set allow-pre-encoded-passwords:true -n -j /tmp/pw.txt
Install weblogic server
Download from Oracle weblogic server 10.3.6
scp wls1036_generic.jar oud@odsm1:/installs
weblogic download
cd /installs
java -d64 -jar ./wls1036_generic.jar
Middleware Home: /oud/Oracle/Middleware
Un-check security box (say stay uninformed), wait till it times out.
After timing out (trying to connect) – select custom install leave all defaults
Un-check the box – Do not configure at the complete screen
Install Oracle ADF 11.1.1.6
Download ADF (Application Development Framework) from here
ADF download
scp ofm_appdev_generic_11.1.1.6.0_disk1_1of1.zip oud@odsm1:/installs
unzip -qq ofm_appdev_generic_11.1.1.6.0_disk1_1of1.zip
./runInstaller -jreLoc /usr/java
Skip regster & updates
Set the Oracle Home: Oracle_IDM1
Leave all default options
Oracle DIP Installation
Note: You can skip The IDM installation if you don’t plan to use DIP
Download the full Middleware package from edelivery.oracle.com and install
IDM instillation options
scp V29880-01.zip oud@odsm1:/installs
Note: Make sure to select Do not configure
mkdir /installs/IDM
cd /installs/IDM
unzip -qq ../V29880-01.zip
cd Disk1
./runInstaller
Skip regster
Select Do Not Configure
Leave the default location
Un-check updates
Complete install
Configuring weblogic
Configure environment variables
Note: You can skip The environment variables if you don’t plan to use DIP (add to .bashrc)<p>
1 2 3 4 5 |
export JAVA_HOME=/usr/jdk/instances/jdk1.7.0 export ORACLE_HOME=/oud/Oracle/Middleware/Oracle_IDM1 export WL_HOME=/oud/Oracle/Middleware/wlserver_10.3 export MW_HOME=/oud/Oracle/Middleware export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/oud/Oracle/Middleware/Oracle_IDM1/opmn/lib:/oud/Oracle/Middleware/Oracle_IDM1/lib |
Complete the weblogic configure script
Run the below script
/oud/Oracle/Middleware/oracle_common/common/bin/config.sh
Choose New Domain
Select OEM, ODSM, DIP
Note: DIP will only be in the list of selection if it was installed
Change selection to production mode
Change (from weblogic) user to admin
For jdk leave the default
check, Administration Server and Managed Servers, Clusters, and Machines, deployment server
check secure (port 7006, or 7002)
Under, cluster, click next
Under, Unix Machine tab, Click on Add, under name, specify the real hostname. click Next
Under assign machine, assign the Administration Server and the Managed server, click next
OBSOLETE – Check the box next to DIP
Click Create or extend(if extend an existing domain)
Note If configuring DIP, follow the post install process
Start weblogic in this order
Note: Run this only before the first startup
/oud/Oracle/Middleware/oracle_common/common/bin/setNMProps.sh
mkdir -p /oud/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/security
cd /oud/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/security
echo “username:weblogic” > boot.properties
echo “password:password” >>boot.properties
Before starting weblogic
Make sure the OUD directory is up, if not start it
/oud/Oracle/Middleware/Oracle_OUD1/bin/start-ds
To start weblogic
Start weblogic node manager first (needed for DIP)
cd /oud/Oracle/Middleware/wlserver_10.3/server/bin
nohup ./startNodeManager.sh &
start weblogic domain
Note: To increase memory size modify/change from 512 to 2048 on setDomainEnv.sh
cd /oud/Oracle/Middleware/user_projects/domains/base_domain/bin
nohup ./startWebLogic.sh &
Start weblogic DIP process
Note: Follow this post install process before running this
To start wls_ods1, manged node
- Note: To AutoStart DIP Managed server
mkdir -p /oud/Oracle/Middleware/user_projects/domains/base_domain/servers/wls_ods1/security
echo “username:weblogic” > boot.properties
echo “password:password” >>boot.properties
cd /oud/Oracle/Middleware/user_projects/domains/base_domain/bin
nohup ./startManagedWebLogic.sh wls_ods1 &
DIP post install
Once the instances are up and running this
cd /oud/Oracle/Middleware/Oracle_IDM1/bin
./dipConfigurator
Enter WLS Admin Server Host Name : dip1.domain.com
Enter WLS Admin Server Port : 7001
Enter username to contact WebLogic Server : admin
[Enter password to contact WebLogic Server : ]
Enter backend LDAP Server HostName : dip1.domain.com
Enter backend LDAP Server Port : 1389
Enter username to contact LDAP server : cn=directory manager
[Enter password to contact LDAP Server : ]
Enter backend LDAP Server Admin Port : ‘4444
Enter SUFFIX to store DIP metadata : dc=domain,dc=com
Note: Update with latest release
cd /oud/Oracle/Middleware/Oracle_IDM1/bin
./dipConfigurator setup \
-wlshost dip1.domain.com \
-wlsport 7001 \
-wlsuser admin \
-ldaphost dip1.domain.com \
-ldapport 1389 \
-isldapssl false \
-ldapuser “cn=directory manager” \
-ldapadminport 4444 \
-isclustered false
Note: restart the weblogic app server before starting instance wls_ods1
Create in DIP a copy of our OU structure
Adding privileges for DIP user to new OU structure
1 2 3 4 5 6 7 8 9 |
ldapmodify -h localhost -p 1389 -D "cn=directory manager" -w - <<EOF dn: dc=domain,dc=com changetype: modify add: aci aci: (target="ldap:///dc=domain,dc=com")(version 3.0; acl "Entry-level DIP permissions"; allow (all,proxy) groupdn="ldap:///cn=dipadmingrp,cn=DIPadmins,cn=Directory Integration Platform,cn=Products,cn=oraclecontext"; allow (all,proxy) groupdn="ldap:///cn=odipigroup,cn=DIPadmins,cn=Directory Integration Platform,cn=Products,cn=oraclecontext"; ) - add: aci aci: (targetattr="*")(version 3.0; acl "Attribute-level DIP permissions"; allow (all,proxy) groupdn="ldap:///cn=dipadmingrp,cn=DIPadmins,cn=Directory Integration Platform,cn=Products,cn=oraclecontext"; allow (all,proxy) groupdn="ldap:///cn=odipigroup,cn=DIPadmins,cn=Directory Integration Platform,cn=Products,cn=oraclecontext";) EOF |
Configuring certificates for DIP/weblogic
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
#Create keystore keytool -genkeypair -alias dip1-wl -keyalg RSA -keysize 2048 -validity 3560 -dname "cn=dip1.domain.com" -keystore /oud/certs/dip1-wl.jks -keypass password -storetype JKS -storepass password #Reeqest certficate keytool -certreq -alias dip1-wl -keystore /oud/certs/dip1-wl.jks -storepass password -file dip1-wl.csr # import CA keytool -import -trustcacerts -alias root-ca -keystore /oud/certs/dip1-wl.jks -file dip1-ca.csr -storepass password # import signed certficate keytool -import -alias dip1-wl -keystore /oud/certs/dip1-wl.jks -file dip1-wl-signd.csr -keypass password -storepass password # Under each serevr Configuration > Keystores Use /oud/certs/dip1-wl.jks as identiy and trus Note: Could be two files, trust for ca, Identity for certficate, or use the same for both Under SSL > Private Key Location dip1-wl advcance > Hostname Verification: -> none check the box -> Use JSSE SSL: |
To configure SSL From DIP to OUD
How to – https://docs.oracle.com/cd/E14571_01/admin.1111/e10031/odip_server.htm#OIMIG1349
- First export the SSL certificate from OUD store
- keytool -export -alias dip1 -file /tmp/dip1-ca-root.csr -rfc -keystore /oud/certs/dip1.jks -storetype JKS
- Then import to new keystore as CA trusted
- keytool -importcert -trustcacerts -alias oud-cert -file /tmp/dip1-ca-root.csr -keystore /oud/certs/dip1-dip2oud.jks
- keytool -importcert -trustcacerts -alias ldap1 -file /tmp/ldap1-ca-root.csr -keystore /oud/certs/dip1-dip2oud.jks
- Trust this certificate? [no]: yes
- Then set for DIP the keystore location
- ./manageDIPServerConfig set -h localhost -p 7005 -D admin -attr keystorelocation -val /oud/certs/dip1-dip2oud.jks
- Then configure weblogic to work with this
- $ORACLE_HOME/common/bin/wlst.sh
1 2 |
connect('admin','password','t3://dip1.domain.com:7001') createCred(map="dip", key="jksKey", user="jksuser",password="password") |
- Change DIP to use SSL mode 2
- ./manageDIPServerConfig set -attribute sslmode -val 2 -h localhost -p 7005 -D “admin”
- change DIP SSL port
- ./manageDIPServerConfig set -attribute backendhostport -val localhost:1636 -h localhost -p 7005 -D “admin”
Reference for DIP SSL
https://jvzoggel.wordpress.com/2011/12/16/configuring-ssl-for-oracle-weblogic-and-ofmw/
http://theheat.dk/blog/?p=2059
https://blogs.oracle.com/wlscoherence/entry/create_a_self_signed_sertificate
Accessing ODSM and DIP
To access the Oracle Directory Service Manager console
https://odsm1.domain.com:7002/odsm
To access the DIP console
https://odsm1.domain.com:7002/em
System Auto startup Scripts
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
#!/bin/bash #set -x export JAVA_HOME=/usr/jdk/instances/jdk1.6.0 export ORACLE_HOME=/oud/Oracle/Middleware/Oracle_IDM1 export WL_HOME=/oud/Oracle/Middleware/wlserver_10.3 export MW_HOME=/oud/Oracle/Middleware export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/oud/Oracle/Middleware/Oracle_IDM1/opmn/lib:/oud/Oracle/Middleware/Oracle_IDM1/lib case $1 in start) echo Start OUD directory su - oud -c "/oud/Oracle/Middleware/asinst_1/OUD/bin/start-ds -Q" echo Start Weblogic NodeManager su - oud -c "cd /oud/Oracle/Middleware/wlserver_10.3/server/bin; nohup ./startNodeManager.sh &" echo Start Weblogic su - oud -c "cd /oud/Oracle/Middleware/user_projects/domains/base_domain/bin; nohup ./startWebLogic.sh &" ;; stop) echo stop OUD directory su - oud -c "/oud/Oracle/Middleware/asinst_1/OUD/bin/stop-ds -Q" echo Stop Weblogic and Weblogic NodeManager pkill -U oud java ;; *) echo "Usage: $0 [start|stop]" ;; esac |
To de-install Oracle ADF
To uninstall Oracle ADF
/oud/Oracle/Middleware/oracle_common/oui/bin/runInstaller -deinstall -jreLoc /usr/java
BUG workaround fixes
Fix for odsm / ADF bug issue
ODSM/DIP bug reference
/oud/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/tmp/_WL_user/odsm_11.1.1.5.0/d89dm9/war/skins/odsmSkin.css
References
OUD install and configuration
DIP admin documentation
Oracle Unified Directory Configuration Reference
Leave a Reply