I was recently involved with a complex Oracle Directory Server migration. In the next few posts I am going to share my experience in the migration process the steps to complete a successful migration, and of curse the pitfalls/issues.
The environment involved consist.
Coming from:
Oracle Directory Server (ODSEE) Multi master / Multi Datacenter,
And Identity Synchronization for Windows (ISW) – used for
Going to:
ODSEE => Oracle Unified Directory(OUD) (12c)
Weblogic Server (Infrastructure download) (12c) (used for DIP and OUDSM)
ISW => Directory Integration Platform(DIP) (12c)
Last, Oracle Unified Directory Gateway was used to keep the environments in sync at time of the migration.
Note: With the configuration below I avoided the OUD/OID Oracle Database requirement.
Since the migration is quite complex, I divided the configuration into separate parts.
- Part 1: Downloading required software, Creating required environment, Installing OUD
- Part 2: Configuring OUD, Install and configure OUD Gateway (ODSEE replication) and required changes.
- Part 3: Install, Configure WLS, OID, OUD required for DIP Instance.
- Part 4: Configure WLS And DIP instance.
- Part 5: Configure ISW => DIP migration, configure OUD <=> AD mappings.
- Part 6: OUD Backups.
This is part 1, Downloading required software.
Creating OUD related environment
First lets create the OUD environment.
Note: I am using Solaris + ZFS to mange the file systems, feel free to use your choose file system.
1 2 3 4 5 6 7 8 |
#Create group groupadd oud; useradd -g oud oud #Create OUD filesystem zfs create rpool/export/home/oud zfs create -o mountpoint=/oud rpool/oud zfs create -o mountpoint=/installs rpool/installs mkdir /installs/OUD |
Create ~oud/.bashrc with the below content.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
#OUD .bashrc export PATH=$PATH:/oud/Oracle/Middleware/Oracle_Home/asinst_1/OUD/bin:$ORACLE_HOME/oud/bin:/oud/Oracle/Middleware/Oracle_Home/OPatch export JAVA_HOME=/usr/java export ORACLE_HOME=/oud/Oracle/Middleware/Oracle_Home export DOMAIN_HOME=/oud/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain export WL_HOME=$ORACLE_HOME/wlserver export PATH=$PATH:$ORACLE_HOME/oracle_common/common/bin #OUD file systems. cd ~oud ln -s .bashrc .bash_profile chown -R oud:oud ~oud chmod 777 /installs chown -R oud:oud /installs chown -R oud:oud /oud/ # set oud password passwd oud |
Downloading the required software
OUD requires java 1.8 and compiler software. on Solaris its as simple as running the below to install. (on linx its just you, apt, etc…)
1 2 3 4 |
pkg install --accept pkg://solaris/SUNWxwplt pkg:/developer/xopen/xcu4 make gnu-make ucb runtime/java/jre-8 developer/java/jdk-8 gcc # Verify the java version java -version |
Create install directories.
1 |
mkdir /installs/OID /installs/OUD /installs/WLS |
Below are software components you will need to successfully complete the migration.
- Weblogic: Oracle Fusion Middleware Software Downloads
Select Oracle WebLogic Server 12cR2 (12.2.1.3) >
Fusion Middleware Infrastructure installer (about 1.5GB)
Save to /installs/WLS. - OUDDownload Oracle Unified Directory 12cPS3 (12.2.1.3.0)
Select Oracle Unified Directory 12cPS3 (12.2.1.3.0) – generic
Save to /installs/OUD - OIDDownload Oracle Internet Directory 12cPS3 (12.2.1.3.0)
Select Oracle Internet Directory 12cPS3 (12.2.1.3.0)
save to /installs/OID
Installing OUD Multi-Master
Installing OUD
1 2 3 4 5 |
cd /installs/OUD java -jar fmw_12.2.1.3.0_oud.jar select> /oud/Oracle/Middleware/Oracle_Home select > Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) complete installation. |
Below are a few screen captures on the OUD installation.
Install OUD patches.
1 2 3 |
apply patch cd /installs/OUD/patch/27742743 opatch apply |
Before we continue we will need to creating certificate keys, I will be using one key for all Multi-Master DNS,IP names outline below.
If using a self signed without CA certificate, run the below.
1 |
keytool -genkeypair -alias ldap-cert -keyalg rsa -keysize 2048 -validity 3560 -dname "C=US,ST=New York,L=New York,O=domain.com,CN=ldap.domain.com" -ext "SAN=DNS:ldap1,DNS:ldap2,DNS:ldap3,DNS:ldap4,DNS:dip1,DNS:dip1.domain.com,DNS:ldap1.domain.com,DNS:ldap2.domain.com,DNS:ldap3.domain.com,DNS:ldap4.domain.com,DNS:ldap.domain.com,IP:127.0.0.1,IP:0.0.0.0,IP:10.10.10.41,IP:10.10.10.42,IP:10.10.10.43,IP:10.10.10.44,IP:10.10.10.45" -keystore ldap-cert.jks -storetype JKS -deststoretype pkcs12 |
With a CA
If using a self signed with CA certificate, run the below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# Create self signed CA keytool -genkeypair -alias ca-cert \ -keystore CA.jks \ -keyalg RSA -validity 3560 \ -dname "C=US,ST=New York,L=New York,O=domain.com,CN=ldap-ca.domain.com" \ -storepass password -keypass password \ -storetype JKS -deststoretype pkcs12 \ -ext bc=ca:true # Create cert keytool -genkeypair -alias ldap-cert \ -keystore CA.jks \ -dname "C=US,ST=New York,L=New York,O=domain.com,CN=ldap.domain.com" \ -ext "SAN=DNS:ldap1,DNS:ldap2,DNS:ldap3,DNS:ldap4,DNS:dip1,DNS:dip1.domain.com,DNS:ldap1.domain.com,DNS:ldap2.domain.com,DNS:ldap3.domain.com,DNS:ldap4.domain.com,DNS:ldap.domain.com,IP:127.0.0.1,IP:0.0.0.0,IP:10.10.10.41,IP:10.10.10.42,IP:10.10.10.43,IP:10.10.10.44,IP:10.10.10.45" \ -storepass password -keypass password \ -storetype JKS -deststoretype pkcs12 # Create cert req keytool -certreq -alias ldap-cert \ -keystore CA.jks \ -file ldap-cert.csr \ -storepass password \ -storetype JKS -deststoretype pkcs12 # Self sign cert keytool -gencert -keystore CA.jks \ -keyalg RSA -validity 3560 \ -dname "C=US,ST=New York,L=New York,O=domain.com,CN=ldap.domain.com" \ -ext "SAN=DNS:ldap1,DNS:ldap2,DNS:ldap3,DNS:ldap4,DNS:dip1,DNS:dip1.domain.com,DNS:ldap1.domain.com,DNS:ldap2.domain.com,DNS:ldap3.domain.com,DNS:ldap4.domain.com,DNS:ldap.domain.com,IP:127.0.0.1,IP:0.0.0.0,IP:10.10.10.41,IP:10.10.10.42,IP:10.10.10.43,IP:10.10.10.44,IP:10.10.10.45" \ -storepass password -alias ca-cert \ -infile ldap-cert.csr -outfile ldap-cert.cer \ -storetype JKS -deststoretype pkcs12 # Final cert keytool -importcert -keystore ldap-cert.jks \ -storepass password -alias ldap-cert \ -file ldap-cert.cer \ -noprompt -trustcacerts \ -storetype JKS -deststoretype pkcs12 # Or you can import it back to CA cert part of the chain # keytool -importcert -keystore CA.jks \ # -storepass password -alias ldap-cert \ # -file ldap-cert.cer \ # -noprompt -trustcacerts \ # -storetype JKS -deststoretype pkcs12 # Verify certifcate # keytool -v -list -keystore CA.jks # keytool -v -list -keystore ldap-cert.jks |
Lets copy the key we are going to use to /oud/certs.
1 |
cp ldap-cert.jks /oud/certs |
So far we have completed the OUD installation. In Part 2 I am going to show you – how to Configuring OUD Multi-Master, Install and configure the OUD Gateway.
To continue reading Part 2 click here.
Like what you’re reading? please provide feedback, any feedback is appreciated.
Leave a Reply