Monday, September 12, 2011

Fusion Applications: Extending the Domain with Oracle Virtual Directory


In my previous post, ODSM was configured to manage OID. In the post I will describe the steps you need to take to configure Oracle Virtual Directory (OVD) and create a connection in ODSM to manage OVD.

Oracle Virtual Directory is an LDAP version 3 enabled service that provides virtualized abstraction of one or more enterprise data sources into a single directory view. Oracle Virtual Directory provides the ability to integrate LDAP-aware applications into diverse directory environments while minimizing or eliminating the need to change either the infrastructure or the applications. Oracle Virtual Directory supports a diverse set of clients, such as Web Applications and portals, and it can connect to directories, databases and Web Services.

First lets start by adding another hostname ovdhost1.mycompany.com to our hosts file. My hosts file looks like this.


Before starting the configuration wizard shutdown Oracle HTTP Server. OVD is started using OPMN and the installation wizard assigns default port 6700 to OPMN and 5162 to EMagent and these ports are already in use by Oracle HTTP Server. After the configuration wizard finishes we will change the default port of OPMN and EMagent of OVD to avoid conflicting ports.

Now go to directory /u01/app/oracle/product/fmw/idm/bin and issue command

./config.sh

On the Welcome screen click Next.


On the Select Domain screen select option Configure Without A Domain and click on Next. The Specify Installation Location screen shows.


MW_HOME and ORACLE_HOME directories are prepopulated. Specify the following values for the other fields and click on Next:
  • Oracle Instance Location - /u01/app/oracle/admin/ovd_inst1

  • Oracle Instance Name - ovd_inst1
On the next screen select not to be informed about security updates and click on Next.


On the Configure Components screen select only component Oracle Virtual Directory and click on Next. Now the Configure Ports screen shows.


Select file staticports.ini from directory /home/oracle/install/idm/Disk1/stage/Response and uncomment the lines for OVD ports (6501/7501) as shown in screenshot above and click on Next.


Specify OVD information as stated above and click on Next. On the Installation Summary screen click on Configure to start the configuration on OVD. If all went well you'll see following progress screen with all steps succeeded.


Click on Next and the Installation Complete screens shows with all configuration paths and ports.


Click on Finish to close the configuration wizard. Now it is best to reboot the server to be sure that all processes shutdown gracefully.

Startup OVD sequence


First we will change the ports of OPMN and EMagent of OVD. Go to directory /u01/app/oracle/admin/ovd_inst1/config/OPMN/opmn and open file ports.prop and change the ports of OPMN and EMagent to unique unused ports. Do the same for file opmn.xml.


Create a startup script for OVD that looks like this.
#!/bin/sh
#
#
# startOVD.sh
#
#
echo "Starting Oracle Virtual Directory"

ORACLE_HOME=/u01/app/oracle/product/fmw/idm
ORACLE_INSTANCE=/u01/app/oracle/admin/ovd_inst1
PATH=$ORACLE_HOME/opmn/bin:$ORACLE_HOME/bin:$ORACLE_HOME/ldap/bin
:$ORACLE_HOME/ldap/admin:$PATH
export ORACLE_HOME
export ORACLE_INSTANCE
export PATH

echo "ORACLE_HOME set as $ORACLE_HOME"
echo "ORACLE_INSTANCE set as $ORACLE_INSTANCE"
echo "PATH set as $PATH"

opmnctl startall

Add this script to the overall startup script we created in the previous post.
#!/bin/sh
#
#
# startAll.sh
#
#
echo "Starting Oracle Virtual Directory"
./startOVD.sh

echo "Starting Oracle Internet Directory"
./startOID.sh

echo "Starting Oracle HTTP Server"
./startwebtier.sh

echo "Starting Oracle Weblogic Server"
./startweblogic.sh

Start script startAll.sh and OVD, OID, HTTP Server and Weblogic will be started. After this start ODSM Managed Server as described in the previous post and all components will now be up and running.

Check that OID, OVD and the EMagents started correctly



Registering OVD with the Oracle WebLogic Server Domain

Now that we have OVD up and running, we have to register OVD with Weblogic to be monitered by Enterprise Manager.

Go to directory /u01/app/oracle/admin/ovd_inst1/bin and issue command
./opmnctl registerinstance -adminHost ADMINVHN.mycompany.com 
-adminPort 7001 -adminUsername weblogic

Output looks like this.


Now go to directory /u01/app/oracle/admin/ovd_inst1/EMAGENT/EMAGENT/bin and issue command
./emctl switchOMS http://ADMINVNH:7001/em/upload

Output looks like this.


Now open a brower and start EM by url http://adminvhn.mycompany.com:7001/em. Choose menu Farm - Agent Monitored Targets and click on the Configure icon for OVD.


On the next screen add weblogic admin username and password and click on Apply.


OVD will now be monitored by EM

Configuring OVD to Accept Server Authentication Only Mode SSL Connections

Go to directory /u01/app/oracle/product/fmw/oracle_common/bin and issue the following commands


Script will prompt for several values. Output will look like this


Creating ODSM connections to OVD


The installation manual states using user oimAdminUser to connect to OVD. This user has not yet been created. I will create this user manually. Create two files oimadminuser.ldif and oimadmingroup.ldif as following.

oimadinuser.ldif
dn: cn=oimAdminUser,cn=systemids,dc=mycompany,dc=com
cn: oimAdminUser
sn: oimAdminUser
description: oimAdminUser
givenname: oimAdminUser
uid: oimAdminUser
mail: oimAdminUser
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
userPassword: fusionapps1

oimadmingroup.ldif
dn: cn=oimAdminGroup,cn=Groups,dc=mycompany,dc=com
cn: oimAdminGroup
description: OIM administrator role
uniquemember: cn=oimAdminUser,cn=systemids,dc=mycompany,dc=com
objectclass: top
objectclass: groupOfUniqueNames

Create the oimAdminUser by issueing the following commands:


Create the oimAdminGroup by issueing the following commands:


Start ODSM by opening a browser on url http://admin.mycompany.com/odsm and choose from the connection menu to create a new connection. Provide values specifed as below and click on Connect.


A popup now shows with the SSL certificate.


Choose Always and you will have a connection setup for OVD. We will now create a Adapter for OID.


Choose tab Adapter and from the left pane click on icon marked above with a red square.  The next screen starts up.


Provide values as stated above and click on Next.



In screen above select Use DNS for Auto Discovery - No. Set Host to idstore.mycompany.com with port 3060. Set Server proxy Bind DN to oimAdminUser we created prior. Supply oimAdminUser password and click on Next. The connection to OID will now be tested with user oimAdminUser.


Click on Next. On the next screen specify Remote Base and Mapped Namespace.


Click on Next. Now a Summary screen shows.


Click on Finish to close the Adapter creation wizard.


From the left pane select User Adapter and click on tab Plug-ins.  Select UserManagement and click on the Edit icon.


Set parameter oamEnabled to True and click on OK.

Now we will create a ChangeLog Adapter. From the left pane select the create Adapater icon and supply the below values.



Click on Next. The Connection properties screen shows.



In screen above select Use DNS for Auto Discovery - No. Set Host to policystore.mycompany.com with port 3060. Set Server proxy Bind DN to oimAdminUser we created prior. Supply oimAdminUser password and click on Next. The connection to OID will now be tested with user oimAdminUser. When successful click on Next.


Leave Remote Base empty and set Mapped Namespace to cn=changelog and click on Next. On the Summary screen click Finish to close the wizard. Open the properties of the ChangeLog Adapter, then change and add the following parameters.


This concludes the configuration of Oracle Virtual Directory. In the next post the Weblogic domain will be extended with Oracle Access Manager.

2 comments:

  1. [...] setting up a connection to Oracle Virtual Directory (OVD). We will setup this in the next post and then go back and create a connection from ODSM to [...]

    ReplyDelete
  2. [...] my previous post I described the steps needed to configure Oracle Virtual Directory for virtualizing LDAP. In this [...]

    ReplyDelete