Oracle Directory Proxy Server (ODSEE) Installation, Configuration

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Note: For most up-to-date OUD/ODSM information click here click here
Note: If you have any issues with the Directory Server Control Center(DSCC) and you needed to re-initialize it Click here

Contents

Directory Server Control Center certificates

Make sure to setup Directory Server Control Center certificates

For a list of steps on how to configure the DSCC certificates Click Here (This is needed for DSCC replication)

Before you begin
Make sure your storage is setup with the correct block size check this first Directory Server Databases and Usage of db_stat
Another place to look on how to tune the files system is Filesystem Cache Optimization Strategies

Directory Proxy configuration

Create a Directory Proxy

Start the Directory Proxy instance

Request a self sign certificate

Install the self sign CA certificate

Install self sign certificate

At this point we would have a self sign working certificate with owner own CA certificate installed add to our proxy instance.

To get the directory proxy CA certificate run

The certificate is needed for the load balancer (NetScaler) to be able to connect to the Directory proxy’s

Proxy Server configuration tuning and changes

Heap Memory tuning (restart reqierd)

Change the proxy to use 2048M memory (from default 256M)

Directory Proxy configuration

Setup the Directory Proxy destinations

Crate a password file (used by the whole configuration) and setup the destinations

Setup the Directory Proxy LDAP Pools

Assign the pools to destinations

Assign the pools to LDAP destinations

Setup your LDAP views

Create your LDAP views and assign the pool to use

Enable the data sources

Finaley we needed to enable the data source and restart the proxy server for the LDAP connection pools to work

Disable Non secure data source (if not used)

Set the Directory Proxy weight

Directory Proxy native LDAP tuning

Directory Proxy Session Tuning

Log in as root

Then Log in as admin

Click on Directory Proxy Tab > server

Click on this proxy server and click on …

Proxy Servers > ldaproxy1:389 > General TAB

Check the box in…

VLV Request LDAPv3 control
Server Side Sorting

Proxy Servers > ldaproxy1:389 > Performance TAB

From 50 to 70 (20 per each connection)

Worker Threads: 70

Directory Proxy Access log Tuning

Click on Proxy Servers > ldaproxy2.domain.com:389 > Access Logging
Log Rotation Policy:
Size Limit: 1000
Max Files to Keep: 15

Setup Solaris (SMF) services and Auto restart

To autostrat/stop for the Directory Proxy
Note: Need to run this when the instance is down

Problems and resolution doing directory proxy configuration

Problem 1

Problem: Connections time out with error’s of LDAP to quick disconnect

  • Problem: Getting error “connection idle time-out has expired” in the access log

Solution: Modify conf.ldif from milliseconds to seconds

Solution: Set this in the /data1/ldaproxy1/config/conf.ldif on port 389/636 from 3600 milliseconds (3 seconds) to 3600000 milliseconds
Note: This is reference as seconds but relay is milliseconds

Enable all LDAP controls to pass Directory Proxy

To allow all controls true the proxy run this then restart

Disabling or limit Anonymous access

In the DSCC console change
Click on Proxy Servers > ldaproxy1.domain.com:389 > Policies
New Policy
Name: Annonymes-Policy
Connection Limit:1
Single IP Connection Limit:1
Operation Limit:1
Simultaneous Operation Limit:1
Search Limits
Minimum Size For Substrings in Searches:3
Maximum Search Time:5
Default Search Size Limit:1

Re initialize the Directory Server Control Center(DSCC)

To re-initialize the Directory Server Control Center(DSCC) run this, then restart the Sun Management web console

Troubleshooting a hung Directory Proxy

Collecting jmap create a cron job

Collecting jstat

Debugging a low performance proxy incident
Troubleshooting a Crashed Directory Proxy Server Process

Setup Directory and Proxy Server Monitoring

Sun Directory and Directory proxy server Monitoring

Note: You can not install the Monitoring Server and Client on the same server (or it will not work)
Run the JES installer and select Sun Monitoring Console version 1.0 on the Monitoring Server

On the monitoring server setup the Console

On all Directory Servers and Proxy Servers enable the monitor plugin to be able to monitor it and restart
Login to the Monitoring Console server and click on Sun Monitoring Console
In discovery enter the IP or Host of the Directory client to Monitor.

Reference are avalble here

Monitoring Console configuration reference