DevTech101

DevTech101
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Installing and configuring OUD Directory

Setup OUD user/group account

groupadd oud; useradd -g oud oud

Modify /etc/hosts

Make sure the FQDN is first in /etc/hosts

Create ZFS file systems

zfs create rpool/export/home/oud
zfs create -o mountpoint=/oud rpool/oud
zfs create -o mountpoint=/installs rpool/installs
mkdir /installs/OUD

Configure proper owner

cd ~oud
cp /root/.bashrc .
ln -s .bashrc .bash_profile
chown -R oud:oud ~oud
echo "export JAVA_HOME=/usr/java" >> ~oud/.bashrc
chmod 777 /installs
chown -R oud:oud /installs
chown -R oud:oud /oud/

Install needed packages

pkg install --accept pkg://solaris/SUNWxwplt java jdk-6 jdk pkg:/developer/xopen/xcu4 make gnu-make ucb

Configure passwords

passwd oud

OS Tuning

Create S50Net-Tunes.sh
vi Net-Tunes.sh

echo "Applying the fowling IP tuning" 
set -x
ndd -set /dev/ip ip_forward_directed_broadcasts 0
ndd -set /dev/ip ip_forward_src_routed 0
ndd -set /dev/ip ip_ignore_redirect 1
ndd -set /dev/ip ip_ire_arp_interval 60000
ndd -set /dev/ip ip_respond_to_echo_broadcast 0
ndd -set /dev/ip ip_respond_to_timestamp 0
ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
ndd -set /dev/ip ip_send_redirects 0
# Directory Server Tuning
ndd -set /dev/tcp tcp_time_wait_interval        30000
ndd -set /dev/tcp tcp_conn_req_max_q            4096
ndd -set /dev/tcp tcp_keepalive_interval        600000
ndd -set /dev/tcp tcp_rexmit_interval_initial   500
ndd -set /dev/tcp tcp_smallest_anon_port        8192
ndd -set /dev/tcp tcp_deferred_ack_interval     5
set +x
chmod +x Net-Tunes.sh
chown root:sys Net-Tunes.sh
cd /etc/rc2.d/
ln -s /etc/init.d/Net-Tunes.sh S50Net-Tunes.sh

Copy and extract files

scp V37478-01.zip oud@ldap1:/installs/
cd /installs/OUD;unzip -qq ../V37478-01.zip

Install OUD Directory

Note: Make sure to sue java 1.7.0_17-b02 for all products (included in sol11.1/SRU-6.0.4).

Options at installtion

./runInstaller -jreLoc /usr/java
Select the options – like below.

Inventory Directory: /oud/oraInventory
Group: oud

Select run as root (or specify a user)

/oud/oraInventory/createCentralInventory.sh
skip regster
OUD Base: /oud/Oracle/Middleware
Oracle Home: Oracle_OUD1

Before configuring / create certificate

Generate self signed certificate

keytool -genkeypair -alias ldap1 -keyalg rsa -keysize 2048 -validity 3560 -dname "cn=ldap1.domain.com" -keystore /oud/certs/ldap1.jks -storetype JKS ldap1.jks -v

Get DSEE certifcate(s)

Note The below steps are not needed any more, since we accept the remote LDAP certificate at configure time.

dsadm show-cert -F ascii /ldap1/ldap_inst1/ldap/ defaultCert > ldap1-cert-ascii
keytool -importcert -alias ldap1 -file ldap1-cert-ascii -keystore ldap1.jks -storetype JCEKS -storepass password

Verify key

keytool -list -alias ldap1 -keystore ldap1.jks -storetype JCEKS -storepass password -v

Configuring OUD Directory

Install the DS by running oud-setup

ssh -X oud@ldap1
/oud/Oracle/Middleware/Oracle_OUD1/oud-setup

Select the certificate

Select the certificate generate in /oud/certs
Note The certificate format used was/is jks, select that. Enter the cn=diretcory manager password

First OUD Directory instance setup

Make sure to check this is part of a replication topology
Select port 8989 & check SSL

Add the new configured server to ODSM console

Add the new configured server to ODSM and login.

All the other OUD directory’s

Check there is alrady a server in the topology
Enter one of the server names and port
Note: Accept the SSL certificate of all servers permanently

  • Set memory size:

Min: 256
Max: 2048
Complete the configuration
Complete configuration

Configure OUD to allow conflicting schema checking

Configure OUD to allow conflicting structural objectclasses

/oud/Oracle/Middleware/asinst_2/OUD/bin/dsconfig set-global-configuration-prop --set single-structural-objectclass-behavior:accept -n -j /tmp/pw.txt
More settings and information cohabitation odsee oud schema checking

Add an SMTP alert handler

First enable / configure a server SMTP

/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -h localhost -p 4444 -D "cn=directory manager" -j /tmp/pw.txt -n set-global-configuration-prop --set smtp-server:localhost --trustAll

Add in ODSM an SMTP alert ahndler

Add an SMTP alert handler
Name: SMTP OUD-Alerts
Email: admin@domain.com

How to start and stop the servers

As the OUD user just run

To start an instance

/oud/Oracle/Middleware/asinst_1/OUD/bin/start-ds

To stop an instance

/oud/Oracle/Middleware/asinst_1/OUD/bin/stop-ds

OUD tips and tricks

To list all index’s

/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -X list-local-db-indexes --element-name userRoot

To add a new index

Create new index with equality
/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -X create-local-db-index --element-name userRoot --index-name Ext1 --set index-type:equality
Add substring to the index
/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -X set-local-db-index-prop --element-name userRoot --index-name Ext1 --add index-type:substring

How to fully re-index (restart required)

/oud/Oracle/Middleware/asinst_1/OUD/bin/rebuild-index --baseDN dc=domain,dc=com --rebuildAll

OUD LDAP code list

OUD LDAP error code list

Appendix A

How to create a self signed certificate in pkcs#12

Refrence

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout odsm1.pem -out odsm1.pem
---
Country Name (2 letter code) []:US
State or Province Name (full name) []:New-York
Locality Name (eg, city) []:NY
Organization Name (eg, company) []:Org Name
Organizational Unit Name (eg, section) []:Org Unit Name
Common Name (e.g. server FQDN or YOUR name) []:odsm1.domain.com
Email Address []:user@domain.com
---
# Convert & store the certifacke with a password
openssl pkcs12 -export -out odsm1.pfx -in odsm1.pem -name odsm1
scp odsm1.p* oud@odsm1:/installs
mkdir /oud/Oracle/Middleware/asinst_1/OUD/keys
cp /installs/*ld*.p* /oud/Oracle/Middleware/asinst_1/OUD/keys
chown -R oud:oud /oud/Oracle/Middleware/asinst_1/OUD/keys
 
# use odsm1.pfx as pkcs12 file, add pin-password from pkcs certifacte
Replectaion port 8989 (default)
Directory Base: dc=domain,dc=com
check Enable for Fusion Application
change:
Inital Memory: 256
Max Memory: 1024
Complete.....

References

Oracle Unified Directory Configuration Reference

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
%d bloggers like this: