|
|
|
|
|
Clone and Upgrade Case Study |
|
|
|
Oracle Internet Directory |
|
|
|
March, 2021 | Version 1.01 Copyright © 2021, Oracle and/or its affiliates |
|
|
|
|
|
|
|
Clone and Upgrade Case Study |
|
|
|
Oracle Internet Directory |
|
|
|
March, 2021 | Version 1.01 Copyright © 2021, Oracle and/or its affiliates |
|
|
This document provides a description, a summary of requirements, and the setup procedure for upgrading Oracle Internet Directory (OID) from 11g to 12.2.1.4 migrating an on-premises deployment into Oracle Cloud Infrastructure (OCI). This paper is oriented to a technical audience having knowledge of Oracle Identity Management, Oracle WebLogic, Oracle Database administration, and basic operating system knowledge.
This paper discusses a mechanism for moving Oracle Internet Directory from Oracle 11g to Oracle Internet Directory 12.2.1.4 in one step without impacting the existing deployment. This document uses an example using Oracle Cloud Infrastructure, but the procedure is applicable to any target system.
This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this material is subject to the terms and conditions of your Oracle software license and service agreement, which has been executed and with which you agree to comply. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
This document is for informational purposes only and is intended solely to assist you in planning for the implementation and product features described. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.
The following revisions have been made to this white paper:
|
Date |
Revision |
Comments |
|
March, 2021 |
1 .01 |
Initial publication |
|
|
|
|
Installing 12c Oracle Internet Directory in OCI
Configuring 12c Oracle Internet Directory in OCI
11g to 12c Oracle Internet Directory Data
Export/Import Configuration
Running the Repository Creation Utility Against a
12.2+ Oracle Database
Connecting to OID Over SSL with the Default NOAUTH
SSL Mode Enabled
Many customers are looking at alternative ways of upgrading their
Identity systems from one release to another.
The traditional method of upgrading an existing system in-place is not
suitable for all. The purpose of this
paper is to show an alternative approach whereby an existing system is migrated
to a higher release on duplicate hardware.
The advantage of the approach is that the upgrade procedure can be
practiced, new hardware can be utilized and the
existing system is still available should a fallback be required.
This paper
describes a solution for the
preparation, installation, and configuration procedures, as well as operational best practices for moving Oracle Internet Directory from one set of hosts to another. The example given in this whitepaper is for
moving from on-premise into Oracle Cloud Infrastructure (OCI), however the
procedure is similar for moving between any environments. The originating
on-premises configuration will have an 11g version and its data will be
exported and then imported into a 12c version in OCI. The
solution involves setting up a
secondary 12c Oracle Internet Directory cluster within OCI and running the ldifwrite tool in the 11g on-premises configuration to
export the data and then use the bulkload tool to import the directory data into the new OCI
configuration.
This approach is to be
performed at cut-over time. It should be performed at the time that the rest of
the Oracle Identity Management stack is ready for use in the OCI environment
and the environment in the on-premises location will no longer be used for
production Identity Management. The reason is that the on-premises Oracle
Internet Directory instances are placed into read-only mode to perform the
export and should not be altered to return to read-write, as changes to the
on-premises directory would require a new export be taken.
This document covers several different topics, including OCI object creation and
administration, Oracle Fusion Middleware (FMW) installation, configuration, and
administration, and Oracle Database administration. The solution provided
combines lift and shift to OCI, while performing a software upgrade in a single
set of procedures.
This document covers the following environment configurations and assumes that the majority of administrators planning to move Oracle Internet Directory from an on-premises configuration into OCI are using similar configurations.
Oracle Internet Directory is configured as part of an enterprise or highly-available (HA) deployment. An enterprise deployment would have several instances configured over several nodes, mainly for the purpose of scaling or high availability. However, users may have all applications deployed on single server configurations.
The assumed on-premises version should be 11gR1 Patch Set 7 (Oracle Internet Directory version 11.1.1.9).
As with Oracle Internet Directory, Oracle Database are set up as part of an HA deployment. In the case of Oracle Database, HA is accomplished with Oracle Grid Infrastructure and an Oracle Real Application Cluster (RAC). However, users may also have their databases deployed on a single node configuration.
Users should have a certified license agreement for Oracle Cloud Infrastructure and a basic knowledge of OCI administration. See Oracle Cloud Infrastructure Documentation for more information.
Administrators of Oracle Internet Directory should be familiar with various environment variables that need to be configured on each host (for on-premises) or instance (for OCI). These variables are required when referencing the Oracle documentation and make executing tasks much simpler. The following is a listing of the environment variables required for the lift and shift configuration.
ORACLE_HOME: The location of the base of the Oracle Internet Directory installation.
For example:
/u01/oracle/products/dir
ORACLE_INSTANCE: The location of the base of each Oracle Internet Directory instance configuration (11g only).
11g example:
/u02/private/oracle/config/instances/oid1
DOMAIN_HOME: The location of the base of each Oracle Internet Directory instance configuration (12c only).
12c example:
/u02/private/oracle/config/domains/IAMDirectoryDomain/config/fmwconfig/components/OID
TNS_ADMIN: The location within the ORACLE_INSTANCE(11g) or DOMAIN_HOME(12c) where the database connection file,
tnsnames.ora is located.
11g example:
ORACLE_INSTANCE/config
12c example:
DOMAIN_HOME/config/fmwconfig/components/OID/config
JAVA_HOME: The location of the base Java installation.
For example:
/u01/oracle/products/jdk
ASERVER_HOME: The base location of the Administration FMW domain.
For example:
/u01/oracle/config/domains/IAMDirectoryDomain
MSERVER_HOME: The location of the Oracle Internet Directory instance domain for 12c.
For example:
/u02/private/oracle/config/domains/IAMDirectoryDomain
APPLICATION_HOME: The location of the domain’s application files
For example:
/u01/oracle/config/applications/IAMDirectoryDomain
The following is an overview of the tasks required to move Oracle Internet Directory into OCI from an on-premises implementation.
Figure 1: The High-Level Oracle Internet Directory Migration Topology below is an example architecture. Scaling may differ from a user’s implementation.
Note: Export and import only
need to be configured from one Oracle Internet Directory instance in the
on-premises environment to one instance in the OCI environment. All other
instances in the OCI environment will synchronize the data from the database,
which serves the cluster.
Figure 1: High-Level Oracle Internet Directory Lift and Shift Topology
The following are the detailed steps required to configure the lift and shift of Oracle Internet Directory in OCI.
Before any installation and configuration of software can begin, objects need to be created in your OCI tenancy. Obtaining a tenancy, creating users, and configuring the virtual networking and are not in scope for this document. Refer to the Oracle Cloud Infrastructure Documentation for more information.
In OCI, a server host is referred to as a compute instance. For each compute instance creation, there are several options for an instance images and shapes. An image is the operating system that is installed on the compute instance and a shape is the compute instance type; virtual machine or bare metal, and the resources; CPU and memory, configured on the compute instance. For each Oracle Internet Directory host that is configured in the user’s on-premises environment, a matching number of compute instances should be created in the OCI site. The operating system should be maintained. However, the version of the operating system can be upgraded according to the Oracle Fusion Middleware Supported System Configurations matrices.
Likewise, each database nodes configured in the on-premises environment should have a matching number of database instances created in OCI. Like compute instances, you have a choice of instance types. These are virtual machines, bare metal machines, and Exadata machines.
Each compute instance that is created needs storage created for it. The choice storage type used, and the sizing of the storage is up to the user and is not in scope for this document. Refer to Cloud Storage for more information. Mount points for the storage should be similar to this of the hosts in the on-premises environment.
There are several operating system requirements that need to be configured in order to perform certain aspects of the installation and configuration in the OCI compute and database instances. The following are detailed descriptions of each.
By default, OCI compute instances do not have X11 forwarding configured. X11 forwarding is required for users to use GUI-based installation and configuration tools. To enable X11, perform the following steps. Refer to the Running Graphical Applications Securely on Oracle Cloud Infrastructure white paper for more information.:
1. Log in to the instance
2. Configure SSHD to not use localhost for X11:
a. Open /etc/ssh/sshd_config in your favorite editor
b. Search for the line that has X11UseLocalhost yes (it’s commented out)
c. Remove the comment from the beginning of the line
d. Change the yes to no
e. Save the file
f. Restart SSHD: sudo systemctl restart sshd
3. Install libXrender: sudo yum install libXrender
4. Install libXtst: sudo yum install libXtst
5. Install xauth: sudo yum -y install xauth
6. Install
xterm (used to verify X configuration): sudo yum -y install xterm
7. Add the following host environment variable:
export _JAVA_OPTIONS="-Dsun.java2d.xrender=FALSE"
8. Log out of the instance
The following configurations are requirements for Fusion Middleware 12c.
1. Edit the /etc/sysctl.conf file, adding the following:
kernel.sem 256 32000 100 142
kernel.shmmax = 4294967295 (minimum requirement)
2. Activate the changes by executing: /sbin/sysctl -p
3. Edit the /etc/security/limits.conf or /etc/security/limits.d/20-nproc.conf file, depending on the OS version
* soft nofile 4096
* hard nofile 65536
* soft nproc 2047
* hard nproc 16384
As SELINUX is enabled by default in all Linux compute instances, for each port that needs to be accessed from outside of the instance, a firewall rule needs to be created on the compute instance. The steps to configure the rules are:
1. For every port that needs to be accessed, execute:
sudo
firewall-cmd --permanent --add-port=YOUR PORT/tcp
For
example
sudo
firewall-cmd --permanent --add-port==7001/tcp
Default
ports for Oracle Internet Directory are: 5556, 7001, 3060, 3131, 7574
2. Restart the firewall service after all ports are configured by
executing:
sudo systemctl restart firewalld
3. Validate the firewall configuration by executing the following:
sudo firewall-cmd --list-ports
It is not mandatory to have the same users and groups configured in your OCI instances as in your on-premise installation however it can simplify things. To this end it is recommended that the same Account Owners and groups are created in your OCI instance. To create a user called Oracle and a group called oinstall then following procedure can be used:
sudo adduser
-u 1001 oracle
sudo groupadd -g 1002 oinstall
sudo usermod -a -G oinstall oracle
sudo usermod -g oinstall oracle
For Oracle Internet Directory HA configurations with multiple instances, a load balancer is required to be set up in OCI to send traffic to all instances. The specific configurations for setting up the load balancers are not in scope for this document, with the exception that two backend sets will need to be configured. One set at the LDAP port and one set at the LDAP SSL port. Each backend set will need to have all Oracle Internet Directory instances configured to receive traffic.
Below is a summary of the OCI objects which were used in the validation of this paper
As the strategy is moving Oracle Internet Directory directly from 11g to 12c, the Fusion Middleware Infrastructure and Oracle Internet Directory binaries are required to be installed in the OCI compute nodes. The following are the steps to perform the installations. All software should be acquired from Oracle’s eDelivery web site and the user must have acquired the proper licensing for its use. The required software packages are:
· Oracle JDK 1.8.0_211 or higher
·
Oracle
Fusion Middleware 12c (12.2.1.4.0) Infrastructure
·
Oracle
Fusion Middleware 12c (12.2.1.4.0) Internet Directory
Perform the following steps on all Oracle Internet Directory compute instances.
1. Unzip the contents of contents of the acquired package into a temporary location.
2. Create the base location where the JDK will be installed:
For example:
mkdir -p /u01/oracle/products
3. Copy the *.tar.gz file from the temporary location into the base location:
For example:
cp jdk-8u261-linux-x64.tar.gz /u01/oracle/products
4. Decompress the archive:
For example:
tar zxvf
jdk-8u261-linux-x64.tar.gz
5. Remove the archive file and rename the decompressed directory
For example:
rm jdk-8u261-linux-x64.tar.gz
mv jdk1.8.0_261 jdk
6. Set the JAVA_HOME and PATH variables:
For example:
export JAVA_HOME=/u01/oracle/products/jdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
Perform the following steps on all Oracle Internet Directory compute instances. To start the installation program, perform the following steps:
1. Go to the directory where you downloaded the installation program.
2. Launch the installation program by invoking the java executable from the JDK directory on your system, as shown in the example below:
JAVA_HOME/bin/java -d64 -jar distribution_file_name.jar
In this example:
— Replace JAVA_HOME with the environment variable or actual JDK location on your system
— Replace distribution_file_name with the actual name of the distribution JAR file
If you download the distribution from the Oracle Technology Network (OTN), then the JAR file is typically packaged inside a downloadable ZIP file.
To install the software required for the initial Infrastructure domain, the distribution you want to install is:
fmw_12.2.1.4.0_infrastructure_generic.jar
When the installation program appears, you are ready to begin the installation.
The installation program displays a series of screens, in the order listed in the following table. See Installing the Infrastructure Software for more information.
If you need additional help with any of the installation screens, click the screen name or click the Help button on the screen.
Table 1: Navigating the Infrastructure Installation Screens
|
Screen |
Description |
|
Installation Inventory Setup |
On UNIX operating systems, this screen appears if you are installing any Oracle product on this host for the first time. Specify the location where you want to create your central inventory. Ensure that the operating system group name selected on this screen has write permissions to the central inventory location. Note: Oracle recommends
that you configure the central inventory directory on the products shared
volume. Example: /u01/oracle/products/oraInventory You may also need to execute the createCentralinventory.sh script as root from
the |
|
Welcome |
This screen introduces you to the product installer. |
|
Auto Updates |
Use this screen to search My Oracle Support automatically for available patches or automatically search a local directory for patches that you have already downloaded for your organization. |
|
Installation Location |
Use this screen to specify the location of your Oracle home directory. For the purposes of an enterprise deployment, enter the value of the ORACLE_HOME. |
|
Installation Type |
Use this screen to select the type of installation and as a consequence, the products and feature sets that you want to install. For this topology, select Fusion Middleware Infrastructure. Note: The topology in this
document does not include server examples. Oracle strongly recommends that
you do not install the examples into a production environment. |
|
Prerequisite Checks |
This screen verifies that your system meets the minimum necessary requirements. To view the list of tasks that gets verified, select View Successful Tasks. To view log details, select View Log. If any prerequisite check fails, then an error message appears at the bottom of the screen. Fix the error and click Rerun to try again. To ignore the error or the warning message and continue with the installation, click Skip (not recommended). |
|
Security Updates |
If you already have an Oracle Support account, use this screen to indicate how you would like to receive security updates. If you do not have one and are sure that you want to skip this step, clear the check box and verify your selection in the follow-up dialog box. |
|
Installation Summary |
Use this screen to verify installation options you selected. If you want to save these options to a response file, click Save Response File and enter the response file location and name. The response file collects and stores all the information that you have entered, and enables you to perform a silent installation (from the command line) at a later time. Click Install to begin the installation. |
|
Installation Progress |
This screen shows the installation progress. When the progress bar reaches 100% complete, click Finish to dismiss the installer, or click Next to see a summary. |
|
Installation Complete |
This screen displays the
Installation Location and the Feature Sets that are installed. Review this
information and click Finish to close the installer. |
Perform the following steps on all Oracle Internet Directory compute instances.
1. Go to the directory where you downloaded the installation program.
2. Enter the following command:
./fmw_12.2.1.4.0_oid_linux64.bin
Note: You will not be able to
execute ./fmw_12.2.1.4.0_oid_linux64.bin if it does not have execute permission. Make sure to
check and grant execute permission before running this command.
When the installation program appears, you are ready to begin the installation.
The installer shows a series of screens where you verify or enter information. The following table lists the order in which installer screens appear. If you need additional help with an installation screen, click Help.
Table 2: Navigating the Oracle Internet Directory Installation Screens
|
Screen |
Description |
|
Installation Inventory Setup |
On UNIX operating systems, this screen appears if you are installing any Oracle product on this host for the first time. Specify the location where you want to create your central inventory. Ensure that the operating system group name selected on this screen has write permissions to the central inventory location. Note: Oracle recommends
that you configure the central inventory directory on the products shared volume.
Example: /u01/oracle/products/oraInventory You may also need to execute the createCentralinventory.sh script as root from the oraInventory folder after the installer completes. |
|
Welcome |
This screen introduces you to the product installer. |
|
Auto Updates |
Use this screen to search My Oracle Support automatically for available patches or automatically search a local directory for patches that you have already downloaded for your organization. |
|
Installation Location |
Use this screen to specify the location of your Oracle home directory. For the purposes of an enterprise deployment, enter the value of the ORACLE_HOME. |
|
Installation Type |
Select Collocated OID. |
|
JDK Selection |
Use this screen to select the JDK to use for this installation. |
|
Prerequisite Checks |
This screen verifies that your system meets the minimum necessary requirements. To view the list of tasks that gets verified, select View Successful Tasks. To view log details, select View Log. If any prerequisite check fails, then an error message appears at the bottom of the screen. Fix the error and click Rerun to try again. To ignore the error or the warning message and continue with the installation, click Skip (not recommended). |
|
Installation Summary |
Use this screen to verify installation options you selected. If you want to save these options to a response file, click Save Response File and enter the response file location and name. The response file collects and stores all the information that you have entered, and enables you to perform a silent installation (from the command line) at a later time. Click Install to begin the installation. |
|
Installation Progress |
This screen shows the installation progress. When the progress bar reaches 100% complete, click Finish to dismiss the installer, or click Next to see a summary. |
|
Installation Complete |
This screen displays the
Installation Location and the Feature Sets that are installed. Review this
information and click Finish to close the installer. |
The following sections outline the steps to configure Oracle Internet Directory 12c in the OCI environment. The steps in this section cover a basic installation, if you wish a more advanced installation then refer to Installing and Configuring Oracle Internet Directory.
Prior to creating the Oracle Internet Schemas, an Oracle Database is required to be set up on the OCI database instances. The database creation is out of scope for this document; however, Fusion Middleware requires the following initialization parameters be set within the database:
Table 3: Required Database Initialization Parameters
|
Initialization Parameter |
Value |
|
dml_locks |
200 |
|
open_curcors |
1600 |
|
Sessions |
500 |
|
processes |
500 |
The schemas for Oracle Internet Directory are create using the Repository Creation Utility. Below are the steps to create the schemas. For more information, refer to Creating the Database Schemas in the Installing and Configuring Oracle Internet Directory documentation. Perform the following steps on the first Oracle Internet Directory compute instance only.
Note: If installing Oracle
Internet Directory with an Oracle Database of version 12.2 or greater, the
database password creation security will need to be disabled. See the Running the Repository
Creation Utility Against a 12.2+ Oracle Database section for details on the required procedure.
Start the Repository Creation Utility (RCU) after you verify that a certified JDK is installed on your system. To start the RCU:
1. Verify that a certified JDK already exists on your system by running java -version from the command line. For 12c (12.2.1.4.0), the certified JDK is 1.8.0_211 and later.
2. Change to the following directory:
ORACLE_HOME/oracle_common/bin
3. Enter the following command:
./rcu
Enter required information in the RCU screens to create the database schemas.
The Welcome screen is the first screen that appears when you start the RCU.
Click Next.
Use the Create Repository screen to select a method to create and load component schemas into the database.
On the Create Repository screen, select System Load and Product Load. This procedure assumes that you have the necessary permissions and privileges to perform DBA activities on your database, that is the SYSDBA privileges.
On the Database Connection Details screen, provide the database connection details for the RCU to connect to your database.
Note: If you are unsure of
the service name for your database, you can obtain it from the SERVICE_NAMES
parameter in the initialization parameter file of the database. If the
initialization parameter file does not contain the SERVICE_NAMES parameter,
then the service name is the same as the global database name, which is
specified in the DB_NAME and DB_DOMAIN parameters.
For example:
Database Type: Oracle Database
Connection String Format: Connection Parameters or Connection String
Connection String: examplehost.exampledomain.com:1521:Orcl.exampledomain.com
Host Name: examplehost.exampledomain.com
Port: 1521
Service Name: Orcl.exampledomain.com
User Name: sys
Password: ******
Role: SYSDBA
Click Next to proceed, then click OK in the dialog window that confirms a successful database connection.
Select Create new prefix, specify a custom prefix, then select the Oracle Internet Directory schema. This action automatically selects the following schemas as dependencies:
Note: Oracle Internet
Directory (ODS) schema does not need a prefix. The prefix is required for the other
schemas selected during the schema creation process. You can load only one
Oracle Internet Directory (ODS) schema per Database.
If you are configuring Oracle Internet Directory in a standalone mode, the following dependent schema is selected:
· Common Infrastructure Service (STB)
If you are configuring Oracle Internet Directory in a collocated mode, the following dependent schemas are selected:
· Oracle Platform Security Services (OPSS)
· Audit Services (IAU)
· Audit Services Append (IAU_Append)
· Audit Services Viewer (IAU_Viewer)
· WebLogic Services (WLS)
· Common Infrastructure Service (STB)
The schema Common Infrastructure Services is automatically created. This schema is dimmed; you cannot select or deselect it. This schema enables you to retrieve information from RCU during domain configuration. For more information, see Understanding the Service Table Schema in Oracle Fusion Middleware Creating Schemas with the Repository Creation Utility.
The custom prefix is used to logically group these schemas together for use in this domain only; you must create a unique set of schemas for each domain. Schema sharing across domains is not supported.
Tip: You must make a note of the custom prefix you choose to enter here; you will need this later on during the domain creation process.
Click Next to proceed, then click OK on the dialog window confirming that prerequisite checking for schema creation was successful.
On the Schema Passwords screen, specify how you want to set the schema passwords on your database, then enter and confirm your passwords.
You must make a note of the passwords you set on this screen; you will need them later on during the domain creation process.
Navigate through the remaining RCU screens to complete schema creation.
When you reach the Completion Summary screen, click Close to dismiss the RCU.
Perform the following steps on the first Oracle Internet Directory compute instance only.
Start the Configuration Wizard to begin configuring a domain. To start the Configuration Wizard:
1. Change to the following directory:
ORACLE_HOME/oracle_common/common/bin
where ORACLE_HOME is your 12c (12.2.1.4.0) Oracle home.
2. Enter the following command:
./config.sh
Enter required information in the Configuration Wizard screens to create and configure the domain for the topology.
Use the Configuration Type screen to select a Domain home directory location, optimally outside the Oracle home directory.
To specify the Domain type and Domain home directory:
On the Configuration Type screen, select Create a new domain.
In the Domain Location field, specify your Domain home directory.
For example:
The value of the ASERVER_HOME variable
On the Templates screen, make sure Create Domain Using Product Templates is selected, then select the following templates:
· Oracle Internet Directory (Collocated) - [oid]
Selecting this template automatically selects the following as dependencies:
· Oracle Directory Services Manager - [oid]
· Oracle JRF - [oracle_common]
· WebLogic Coherence Cluster Extension - [wlserver]
· Oracle Enterprise Manager - [em]
Use the Administrator Account screen to specify the user name and password for the default WebLogic Administrator account for the domain.
Oracle recommends that you make a note of the user name and password that you enter on this screen, you need these credentials later to boot and connect to the domain's Administration Server.
Use the Domain Mode and JDK screen to specify the domain mode and Java Development Kit (JDK).
On the Domain Mode and JDK screen:
· Select Production in the Domain Mode field.
· Select the Oracle HotSpot JDK in the JDK field.
Use the Database Configuration type screen to specify details about the database and database schema.
On the Database Configuration type screen, select RCU Data. This option instructs the Configuration Wizard to connect to the database and Service Table (STB) schema to automatically retrieve schema information for schemas needed to configure the domain.
After selecting RCU Data, specify details in the following fields:
Table 4: RCU Data Parameters
|
Field |
Description |
|
DBMS/Service |
Enter the database DBMS name, or service name if you selected a service type driver. Example: orcl.exampledomain.com |
|
Host Name |
Enter the name of the server hosting the database. Example: examplehost.exampledomain.com |
|
Port |
Enter the port number on which the database listens. Example: 1521 |
|
Schema Owner Schema Password |
Enter the username and password for connecting to the database's Service Table schema. This is the schema username and password entered for the Service Table component on the Schema Passwords screen in the RCU (see Specifying Schema Passwords). The default username is prefix_STB, where prefix is the custom prefix that you defined in the RCU. |
Click Get RCU Configuration when you finish specifying the database connection information. The following output in the Connection Result Log indicates that the operation succeeded:
Connecting to the database server...OK
Retrieving schema data from database server...OK
Binding local schema components with retrieved data...OK
Successfully Done.
Use the JDBC Component Schema screen to verify or specify details about the database schemas.
Verify that the values populated on the JDBC Component Schema screen are correct for all schemas. If you selected RCU Data on the previous screen, the schema table should already be populated appropriately.
Select the checkbox to select all schemas and select the Convert to GridLink option and click Next.
On the next screen, check the box next to SCAN, enter the SCAN address in the Hostname field and the listen port in the Port filed. Enter the SCAN address in the ONS Hostname field and the ONS port (typically 6200) in the ONS Port field.
Click Next.
Use the JDBC Component Schema Test screen to test the data source connections.
A green check mark in the Status column indicates a successful test. If you encounter any issues, see the error message in the Connection Result Log section of the screen, fix the problem, then try to test the connection again.
By default, the schema password for each schema component is the password you specified while creating your schemas. If you want different passwords for different schema components, manually edit them in the previous screen (JDBC Component Schema) by entering the password you want in the Schema Password column, against each row. After specifying the passwords, select the check box corresponding to the schemas that you changed the password in and test the connection again.
Use the Advanced Configuration screen to complete the domain configuration. On the Advanced Configuration screen, select:
· Administration Server
· Node Manager
· Topology
Use the Administration Server screen to select the IP address of the host.
Enter the HOSTNAME of the first Oracle Internet Directory compute instance
Leave the Port at the default of 7001.
Do not specify any server groups for the Administration Server.
Use the Node Manager screen to select the type of Node Manager you want to configure, along with the Node Manager credentials.
Select Per Domain Default Location as the Node Manager type, then specify Node Manager credentials.
Note the created credentials, they will be required later to start the Administration Server.
Click Next and proceed, as this is not applicable to Oracle Internet Directory.
Click Next and proceed, as this is not applicable to Oracle Internet Directory.
Click Next and proceed, as this is not applicable to Oracle Internet Directory.
Click Next and proceed, as this is not applicable to Oracle Internet Directory.
Use the Machines screen to update the default machine listed on the screen — oidhost1. A machine is required so that Node Manager can start and stop servers.
Select the default machine oidhost1 that is listed, set the Listen Address to the hostname of the compute instance that the Oracle Internet Directory instance will run on, and update the Listen Port to appropriate value based on the Node Manager listen port number (typically 5556).
Click to add one machine for each compute instance that will host an Oracle Internet Directory instance.
Select each machine that was created, and set the Listen Address to the hostname of the compute instance that the Oracle Internet Directory instance will run on, and set the Listen Port to appropriate value based on the Node Manager listen port number (typically 5556).
For example:
If you had 3 total Oracle Internet Directory instances, create additional machine names oidhost2 and oidhost3 and configure with the respective compute instance names for the Listen Address of reach machine.
Click to add one machine named adminhost
Select adminhost machine that was created, and set the Listen Address to the value of LOCALHOST, and update the Listen Port to appropriate value based on the Node Manager listen port number (typically 5556).
Note: Do not change the name
of the default machine (oidhost1), as the WLST command oid_setup() run for setting up the Oracle Internet Directory
instance, later during the post-configuration stage below.
Use the Assign Servers to Machines screen to assign the Administration Server to the default machine oidhost1 that is listed. On the Assign Servers to Machines screen:
In the Machines pane, select the default machine oidhost1 that is listed.
In the Servers pane, assign AdminServer to oidhost1 by:
· Clicking once on AdminServer to select it, then click the right arrow to move it beneath the selected machine (oidhost1) in the Machines pane.
Click Next and proceed, as this is not applicable to Oracle Internet Directory.
Click Next and proceed, as this is not applicable to Oracle Internet Directory.
The Configuration Summary screen shows detailed configuration information for the domain you are about to create.
Review each item on the screen and verify that the information is correct. To make any changes, go back to a screen by clicking the Back button or selecting the screen in the navigation pane. Domain creation does not start until you click Create.
The End of Configuration screen shows information about the domain you just configured. Make a note of the following items because you need them later:
· Domain Location
· Administration Server URL
You need the domain location to access scripts that start Node Manager and Administration Server, and you need the URL to access the Administration Server.
Click Finish to dismiss the Configuration Wizard.
After configuration is complete, start the servers and the processes. Perform the following steps on the first Oracle Internet Directory compute instance only.
1. Create the following directory structure:
mkdir -p ASERVER_HOME/servers/AdminServer/security
9. In a text editor, create a file called boot.properties in the security directory that you created in the previous step, and enter the Administration Server credentials that you defined when you ran the Configuration Wizard to create the domain:
username=adminuser
password=password
Execute the following to start the Node Manager:
nohup ASERVER_HOME/bin/startNodeManager.sh > ASERVER_HOME/nodemanager/nodemanager.out &
The Node Manager log files for ASERVER_HOME are located in ASERVER_HOME/nodemanager.
When you start the Administration Server, you also start the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control. Start the Administration Server via the Node Manager by executing:
cd ORACLE_HOME/oracle_common/common/bin
./wlst.sh
wls:/offline>nmConnect('NODEMANAGER_USERNAME','NODEMANAGER_PASSWORD','LOCALHOST','5556','[VALUE_OF_ASERVER_HOME]','ASERVER_HOME')
nmStart('AdminServer')
For example:
nmConnect('weblogic','password','LOCALHOST','5556','/u01/oracle/config/domains/IAMDirectoryDomain','IAMDirectoryDomain')
The initially created default domain directory will be used to run the Administration Server. You can now create a copy of the domain on the local storage for each of your managed server hosts. The domain directory on the local (or private) storage will be used to run the Managed Servers.
As described in Environment Variables section, the path to the Administration Server domain home is represented by the ASERVER_HOME variable, and the path to the Managed Server domain home is represented by the MSERVER_HOME variable.
To create the Managed Server domain directory:
1. Sign in to the host running the Administration Server, for example, OIDHOST1, and run the pack command to create a template as follows:
cd ORACLE_HOME/oracle_common/common/bin
./pack.sh -managed=true \
-domain=ASERVER_HOME \-
-template=/full_path/OID_Domain_Template.jar \
-template_name=oid_domain_template \
-log_priority=DEBUG \
-log=/tmp/pack.log
In this example:
· Replace ASERVER_HOME with the actual path to the domain directory you created.
· Replace full_path with the complete path to the location where you want to create the domain template jar file. You will need to reference this location when you copy or unpack the domain template jar file. It is recommended to choose a shared volume other than ORACLE_HOME, or write to /tmp and copy the files manually between servers.
You must specify a full path for the template jar file as part of the -template argument to the pack command:
· OID_Domain_Template.jar is a sample name for the jar file you are creating, which will contain the domain configuration files.
· oid_domain_template is the label assigned to the template data stored in the template file.
2. Make a note of the location of the OID_Domain_Template.jar file you just created with the pack command.
Tip: For more information about the pack and unpack commands, see Overview of the Pack and Unpack Commands in Creating Templates and Domains Using the Pack and Unpack Commands.
3. If you haven't already, create the recommended directory structure for the Oracle Internet Directory instance domain on the OIDHOST1 local storage device and all other Oracle Internet Directory compute instances.
4. Run the unpack command to unpack the template in the domain directory onto the local storage, as follows:
cd ORACLE_ HOME/oracle_common/common/bin
./unpack.sh -domain=MSERVER_HOME \
-overwrite_domain=true \
-template=/full_path/OID_Domain_Template.jar \
-log_priority=DEBUG \
-log=/tmp/unpack.log \
-app_dir=APPLICATION_HOME
Note:
The -overwrite_domain option in the
unpack command allows unpacking a managed server template into an existing
domain and existing applications directories. For any file that is overwritten,
a backup copy of the original is created. If any modifications had been applied
to the start scripts and ear files in the managed server domain directory, they
must be restored after this unpack operation.
In this example:
· Replace MSERVER_HOME with the complete path to the domain home to be created on the local storage disk. This is the location where the copy of the domain will be unpacked.
· Replace /full_path/OID_Domain_Template.jar with the complete path and file name of the domain template jar file that you created when you ran the pack command to pack up the domain on the shared storage device.
· Replace APPLICATION_HOME with the complete path to the Application directory for the domain on shared storage.
Tip: For more information about the pack and unpack commands, see Overview of the Pack and Unpack Commands in Creating Templates and Domains Using the Pack and Unpack Commands.
5. Change directory to the newly created Managed Server directory and verify that the domain configuration files were copied to the correct location on the OIDHOST1 local storage device.
6. Copy the OID_Domain_Template.jar to each of the Oracle Internet Domain compute instances.
7. Repeat steps 3 – 5 on each compute instance.
Execute the following to start each of the Node Managers on each of the Oracle Internet Directory compute instances:
nohup MSERVER_HOME/bin/startNodeManager.sh > MSERVER_HOME/nodemanager/nodemanager.out &
The Node Manager log files for MSERVER_HOME are located in MSERVER_HOME/nodemanager.
Use the wlst command to connect to Administration Server and set up Oracle Internet Directory. To perform the initial setup of Oracle Internet Directory, do the following on the first Oracle Internet Directory compute instance only:
1. Run the following commands from the location ORACLE_HOME/oracle_common/common/bin to launch the WLST tool:
./wlst.sh
2. Connect to the Administration Server using the following command:
connect(ADMIN_USERNAME','ADMIN_PASSWORD','t3://ADMIN_HOST:ADMIN_PORT')
For Example:
connect(weblogic','password','t3://MYHOSTNAME:7001')
3. Run the following command to perform the initial setup of Oracle Internet Directory:
/base_domain/serverConfig>oid_setup(orcladminPassword='password',odsPassword='password',realmDN='dc=us,dc=oracle,dc=com')
Where:
orcladminPassword: The password you wish to set for the cn=orcladmin user. This is the Oracle Internet Directory
admin user.
odsPassword: The password of the ODS schema user created by RCU
realmDN: The domain name for the organization
An organization with the domain
name of test.example.com would have a realmDN of dc=test,dc=example,dc=com
Note:
For information about the other optional arguments that can be used with oid_setup command, run the following command:
help('oid_setup')
The command oid_setup() performs the following operations:
· Sets the password for cn=orcladmin user
· Creates the oid1 instance. The following parameters are set by default when oid_setup() is run:
·
instanceName = 'oid1'
·
host = 'hostname of
the current machine'
·
port = '3060'
·
machine = 'oidhost1'
·
sslPort = '3131'
· Starts the Oracle Internet Directory instance oid1
· Creates the realm
Use the wlst command to connect to Administration Server and set up the other Oracle Internet Directory instances. For each additional Oracle Internet Directory, do the following:
1. Run the following commands from the location ORACLE_HOME/oracle_common/common/bin to launch the WLST tool:
./wlst.sh
10. Connect to the Administration Server using the following command:
connect('ADMIN_USERNAME','ADMIN_PASSWORD','t3://ADMIN_HOST:ADMIN_PORT')
For Example:
connect('weblogic','password','t3://MYHOSTNAME:7001')
11. Run the following command to perform the initial setup of Oracle Internet Directory:
/base_domain/serverConfig> oid_createInstance(instanceName='oid2', machine='oidhost2',port='3060',sslPort='3131', host='FQDN')
Where:
instanceName : The name of each additional Oracle Internet Directory instance
machine: The machine associated with each Oracle Internet Directory instance
port: The non-ssl port to be set for the Oracle Internet Directory instance
sslPort: The ssl port to be set for the Oracle Internet Directory instance
host: The fully qualified domain name of the compute instance that this Oracle Internet Directory will run on
12. Execute exit()
13. Repeat steps 1 – 4 for each Oracle Internet Directory instance in the domain
The following topics show the steps required to export the directory data from the 11g Oracle Internet Directory applications in the on-premises environment and import the data into the 12c Oracle Internet Directory applications in OCI.
Before any replication activities can occur, the oid1 instances in both the on-premises and OCI environments need to be running. You can validate the running oid1 instance on the first Oracle Internet Directory server in each environment with following:
ps -ef | grep oidldapd | grep -v grep | wc -l
Where a result of “0” means that the instance is not running.
Before any of the Oracle Internet Directory tools can be executed, certain environment variables are required to be set. The following can also be added to the software owner’s environment file, so that the variables are set at user login. Examples of locations are mentioned in the Environment Variables section of this document. The variables are required to be set on both the on-premises and OCI Oracle Internet Directory instance hosts.
ORACLE_HOME
ORACLE_INSTANCE
TNS_ADMIN
DOMAIN_HOME (should be set to the value of MSERVER_HOME)
Additional variables that need to be set are as follows:
PATH= $PATH:$ORACLE_HOME/bin:$ORACLE_HOME/ldap/bin:$ORACLE_INSTANCE/bin
INSTANCE_NAME=oid1
COMPONENT_NAME=oid1
Some of the Oracle Internet Directory replication requires access to the running instances, both on-premises and OCI, and the databases that they write to. In order to connect, wallet files are required to be created. The wallet files store encrypted login information for the Oracle Internet Directory instances and the databases that they connect to. Below are the steps to create the wallets. Perform the following on both the on-premises and OCI hosts. All tool execution requires Setting Environment Variables for Oracle Internet Directory Tools.
1. Obtain the TNS entry from the ORACLE_INSTANCE/config/tnsnames.ora file. The default entry is OIDDB.
2. Execute the following:
oidpasswd connect=TNS_ENTRY create_wallet=true
For example:
oidpasswd connect=OIDDB create_wallet=true
You will be prompted for a password. This will be the password for the ODS schema user in the database.
Before the directory information is exported from the on-premises side, the instances there should be set as read-only, so that new information is not written to the directory while the export is being created. Below are the steps to set the on-premises nodes as read-only. Perform the following on the first on-premises host only. All tool execution requires Setting Environment Variables for Oracle Internet Directory Tools.
1. Create an LDIF file with the following. For example, ro_change_mode.ldif:
dn: cn=OID_INSTANCE_NAME,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclservermode
orclservermode: r
dn: cn=OID_INSTANCE_NAME,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclservermode
orclservermode: r
Where OID_INSTANCE_NAME is the name of each instance. An entry is required for each instance in the Oracle Internet Directory cluster on the on-premises side.
2. Execute the following:
ldapmodify -D "cn=orcladmin" -q -h ON_PREM_FQDN -p ON_PREM_PORT -f CHANGE_LDIF_FILE
For example:
ldapmodify -D "cn=orcladmin" -q -h s_ldaphost1.example.com -p 3060 -f ro_change_mode.ldif
The Oracle Internet Directory base schema objects are populated during the initial install with the RCU utility, however applications can introduce custom extensions to the LDAP schema in the form of, but not limited to, custom objectclasses and attributetypes specific to that application. A per-requisite for the following steps is for the OCI LDAP environment to have any custom LDAP objects or schema extensions pre-applied. OAM for example is an application that falls under this category, with the schema extensions typically being applied as part of the installation/configuration process.
With the schema properly extended, the only data that needs to be exported out of the on-premises directory, is the data that does not exist in OCI . These are the baseDN that is created by the Oracle Access Manager application, named cn=OAMConfigStore, and the baseDN realm. If Oracle Access Manager is not installed in the customer’s environment, the Oracle Access Manager baseDN will not be available in the directory. The baseDN realm is a backward notated version of the customer’s domain name.
For example:
A customer whose domain name is test.example.com, the baseDN would be dc=com.
Below are the steps to export the required data. Perform the following on the on-premises host only. All tool execution requires Setting Environment Variables for Oracle Internet Directory Tools.
1. Execute the following:
ldifwrite connect="TNS_ENTRY" basedn="YOUR_BASEDN" ldiffile="BASEDN_LDIF_FILE"
Where:
TNS_ENTRY: The entry found in ORACLE_INSTANCE/config/tnsnames.ora
YOUR_BASEDN: The baseDN for the organization
BASEDN_LDIF_FILE: The file to export the data to
For example:
ldifwrite connect="OIDDB" basedn="dc=com" ldiffile="dc_com.ldif"
Sample output:
This tool can only be executed if you know database user password for OID
Enter OID Password :: ON-PREMISES_ODS_SCHEMA_PASSORD
------------------------------------------------------------
Reading entries under BaseDN "dc=com"...
------------------------------------------------------------
------------------------------------------------------------
217 Entries are written to "/u01/backup/dc_com.ldif".
------------------------------------------------------------
2. Execute the following (can be skipped if your Oracle Internet Directory environment does not have Oracle Access Manager or Oracle Identity Governance installed):
ldifwrite connect="TNS_ENTRY" basedn=" cn=OAMConfigStore" ldiffile="OAMCS_LDIF_FILE"
Where:
TNS_ENTRY: The entry found in ORACLE_INSTANCE/config/tnsnames.ora
YOUR_BASEDN: The baseDN for the Oracle Access Manager config store
OAMCS_LDIF_FILE: The file to export the data to
For example:
ldifwrite connect="OIDDB" basedn=" cn=OAMConfigStore" ldiffile="oamcs.ldif"
Sample output:
This tool can only be executed if you know database user password for OID
Enter OID Password :: ON-PREMISES_ODS_SCHEMA_PASSORD
------------------------------------------------------------
Reading entries under BaseDN "cn=oamconfigstore"...
------------------------------------------------------------
------------------------------------------------------------
1 Entries are written to "/u01/backup/oamcs.ldif"
------------------------------------------------------------
3. Combine the two above LDIF files into one file (if applicable):
cat "/u01/backup/dc_com.ldif > "/u01/backup/backup_data.ldif && cat "/u01/backup/oamcs.ldif >> "/u01/backup/backup_data.ldif
The next step is to load the exported on-premises data into the OCI directory. This is performed in several steps.
1. Copying the exported data file to the OCI directory host
2. Stopping all Oracle Internet Directory instances in OCI
3. Bulk deleting the current baseDN data
4. Bulk loading the exported data into the OCI directory
5. Starting all Oracle Internet Directory instances in OCI
Before the bulk load can be performed, the file containing the exported on-premises data must be copied to the first Oracle Internet Directory host in OCI. Note the location of the file one it is copied to the host in OCI. As the exported file is a flat text file, larger directories may need to have the file compresses prior to copying into OCI. If this is the case, ensure that the file us uncompressed on the OCI host.
Before the bulkdelete and bulkload can be executed, the Oracle Internet Directory instances are required to be shut down. Perform the following on all OCI Oracle Internet Directory hosts only. All tool execution requires Setting Environment Variables for Oracle Internet Directory Tools.
1. Run the following commands from the location ORACLE_HOME/oracle_common/common/bin to launch the WLST tool:
./wlst.sh
14. Connect to the Administration Server using the following command:
connect(ADMIN_USERNAME','ADMIN_PASSWORD','t3://ADMIN_HOST:ADMIN_PORT')
For Example:
connect(weblogic','password','t3://MYHOSTNAME:7001')
15. Run the following command to shut down the Oracle Internet Directory instance:
/base_domain/serverConfig> shutdown(name='OID_NODE')
For Example:
shutdown(name='oid1')
Since the OCI directory is created with a baseDN that is most likely a duplicate name as that of the on-premises directory, that duplicate baseDN needs to be removed from the OCI directory before the bulkload can be executed. This is to ensure that there are not conflicts with the bulkload. Perform the following on the first OCI directory host only. All tool execution requires Setting Environment Variables for Oracle Internet Directory Tools.
1. Execute the following:
bulkdelete connect=TNS_ENTRY basedn="YOUR_BASEDN" cleandb="TRUE" verbose="TRUE"
Where:
TNS_ENTRY: The entry found in ORACLE_INSTANCE/config/tnsnames.ora
YOUR_BASEDN: The baseDN for the Oracle Access Manager config store
For example:
bulkdelete connect=OIDDB basedn="dc=com" cleandb="TRUE" verbose="TRUE"
Sample output:
This tool can only be executed if you know database user password for OID
Enter OID Password :: OCI_ODS_SCHEMA_PASSORD
------------------------------------------------------------
Reading entries under BaseDN "dc=com"...
------------------------------------------------------------
bulkdelete(1): 192 entries deleted...
------------------------------------------------------------
192 Entries have been deleted.
------------------------------------------------------------
Now that the duplicate baseDN has been removed from the OCI directory, the exported on-premises data can be imported into the OCI directory using the bulkload process. Perform the following on the first OCI directory host only. All tool execution requires Setting Environment Variables for Oracle Internet Directory Tools.
1. Execute the following to check and generate the bulk load:
bulkload connect="TNS_ENTRY" append="TRUE" check="TRUE" generate="TRUE" restore="TRUE" file="LDIF_FILE"
Where:
TNS_ENTRY: The entry found in ORACLE_INSTANCE/config/tnsnames.ora
LDIF_FILE: The location of the copied file from Copying the Exported Data File to the OCI Directory Host
For example:
bulkload connect="OIDDB" append="TRUE" check="TRUE" generate="TRUE" restore="TRUE" file="/u01/backup/backup_data.ldif"
Sample output:
------------------------------------------------------------
"oiddb"...
------------------------------------------------------------
This tool can only be executed if you know database user password for OID
Enter OID Password :: OCI_ODS_SCHEMA_PASSORD
...Setting OID server mode to read-modify on "oiddb" node...
------------------------------------------------------------
Checking and Generating Internet Directory data for bulk loading
------------------------------------------------------------
Data generated successfully
------------------------------------------------------------
Note: If the above command results in conflict or
errors, these conflicts or errors MUST be resolved before the bulkload loading process can be executed. Conflict and
error resolution is not in scope for this document. See Troubleshoot bulkload Errors in Administering Oracle Internet Directory.
16. Execute the following to start the bulk loading process:
bulkload connect="[TNS_ENTRY]" load="TRUE"
Where:
TNS_ENTRY: The
entry found in ORACLE_INSTANCE/config/tnsnames.ora
For example:
bulkload connect="OIDDB" load="TRUE"
Sample output:
------------------------------------------------------------
"oiddb"...
------------------------------------------------------------
This tool can only be executed if you know database user password for OID
Enter OID Password :: OCI_ODS_SCHEMA_PASSORD
------------------------------------------------------------
Loading data on "oiddb"
------------------------------------------------------------
attr_store001...
battr_store001...
objectclass001...
attr_store002...
battr_store002...
objectclass002...
battr_store003...
objectclass003...
dn...
...
------------------------------------------------------------
Data loaded successfully
------------------------------------------------------------
Verifying indexes ...
------------------------------------------------------------
Generating Database Statistics ...
------------------------------------------------------------
...Setting OID server mode to read-write on "oiddb" node...
Once the bulkload has completed successfully, the Oracle Internet Directory instances can be restarted. Perform the following on all OCI Oracle Internet Directory hosts only. All tool execution requires Setting Environment Variables for Oracle Internet Directory Tools.
1. Run the following commands from the location ORACLE_HOME/oracle_common/common/bin to launch the WLST tool:
./wlst.sh
17. Connect to the Administration Server using the following command:
connect(ADMIN_USERNAME','ADMIN_PASSWORD','t3://ADMIN_HOST:ADMIN_PORT')
For Example:
connect(weblogic','password','t3://MYHOSTNAME:7001')
18. Run the following command to start the Oracle Internet Directory instance:
/base_domain/serverConfig> start(name='OID_NODE')
For Example:
start(name='oid1')
Due to the enhanced security of Oracle Database in versions 12.2 and later, it is necessary to disable the user password creation security in Oracle Database prior to executing the Repository Creation Utility. This is due to the ODS user not being prefixed, as the other created users are. The procedure for setting up the database objects via the RCU in Oracle Database version 12.2 and later are as follows:
1. On one database node, execute the following as the database owner:
sqlplus / as sysdba
2. If the database that you are populating is a pluggable database, execute the following, if not using a pluggable database, this step can be skipped:
alter session set
container=[PDB_NAME];
3. Disable the password creation security be executing the following:
alter profile default
limit password_verify_function null;
4. Run RCU per Creating the Required Database Schemas
5. Once RCU has completed successfully, reconnect to the database per steps 1 and 2 and execute the following to enable the password creation security:
alter profile default
limit password_verify_function
ORA12C_STRONG_VERIFY_FUNCTION;
If Oracle Internet Directory has been configured with the default NOAUTH SSL mode enabled, connections may fail if they are made over SSL. To resolve this issue, make a backup of the JAVA_HOME/jre/lib/security/java.security and edit the original, removing RC4, anon, and NULL from the jdk.tls.disabledAlgorithms line. See My Oracle Support Document ID 2518293.1 for more details.
For example, before edit:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
After edit:
jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC
— Oracle Cloud Infrastructure Documentation
— Running Graphical Applications Securely on Oracle Cloud
Infrastructure
— Oracle Fusion Middleware Supported System Configurations
— Installing and Configuring the Oracle Fusion Middleware Infrastructure
— Installing and Configuring Oracle Internet Directory
