• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • Oracle Internet Directory OID

    Posted by "" in "10gAS, oid" on 2006-12-04

    OID which stands for Oracle Internet Directory is part of Identity Management in Infrastructure Tier of Fusion Middleware. If you are planning to configure 10g Application Server with Apps 11i or R12 , This note might be useful for you in understanding OID . Looking at importance of OID, I am going to discuss on few important things about OID today .
    OID is part of infrastructure tier in 10g Application Server (Identity Mangement from 10.1.4 onwards)

    What is OID ?
    Oracle Internet Directory (OID) is Oracle’s Implementation of LDAP (Light weight Directory Access Protocol) which is ldap version 3 compliant. OID is special kind of database repository in which information is stored in Tree structure also called DIT (Directory Information Tree).
    Similar to OID , Microsoft has its own LDAP server called Active Directory (AD) and Sun’s LDAP server is called as iPlanet .

    Where is OID code in oracle_home ?
    OID code & its corresponding log files are stored in directories under $ORACLE_HOME/ldap directory in Infrastructure Tier . This is same tier where your SSO server sits.
    OID logs are stored at $ORACLE_HOME/ldap/log (This location is quite important for apps dba’s for troubleshooting OID Issues). Few executables like oidctl, oidadmin, oidca, oidldapd are in ORACLE_HOME/bin .

    What are default ports for OID ?
    You may see different ports for OID depending on OID server version but most common is 389 non ssl OID port & 636 for SSL OID port (These are also default ldap server ports). If you don’t know which ports your OID is using refer portlist.ini in $ORACLE_HOME/install (Note that this file will not list updated port if you change OID ports after Installation)
    You should an entry like
    Oracle Internet Directory port = 389
    Oracle Internet Directory (SSL) port = 636

    How to start OID ?
    OID process is controlled by opmn (Oracle process monitor & notification server) so you by default use opmnctl command
    To Start OID opmnctl startproc ias-component=OID
    To Stop OID opmnctl stopproc ias-component=OID

    OID can also be started without OPMN by
    First start oidmon (OID Monitor Process)
    Then use oidctl (OID control)
    To stop OID without OPMN
    First stop oid process using oidctl then stop oidmon (OID monitoring process)

    When you start services using opmnctl , it inturn start oidmon & oidctl .

    How to troubleshoot OID issues ??
    Where to check for OID Logs ??
    What is OID Replication Server ??
    What is Integration & Provisioning Server in OID ??
    Coming soon …..


    Related Posts for OID


    1. Oracle Internet Directory OID
    2. Oracle Internet Directory – Basics II
    3. OID to OID/Active Directory/iPlanet other LDAP Server Integration
    4. Multi Master OID Replication
    5. OID Architecture
    6. Oracle Internet Directory , OID Troubleshooting
    7. Server Chaining in OID
    8. OID Quesries/ Scripts FAQ
    9. OIDADMIN Client
    10. Oracle Identity Management (OID) 11g installation Issues on Linux
    11. OID 11g – Oracle Directory Services Manager (ODSM)
    12. DIP : Synchronization, Provisioing, Connectors, DSS in Oracle Directory Services (ODS) 11g
    13. OID Replication – Suppliers, Consumers, DRG, ASR/LDAP based replication
    14. ASR setup has failed – Error occurred while dropping database link : ORA-02084 : database name is missing a component while Configuring Multi Master OID replication using “remtool -asrsetup”
    15. OID 11g Down : Unable to Start OID 11g using OPMN (ODS schema locked ORA-28002)
    16. OID/Directory Services 11g – Schema, Object Class, Attributes
    17. OID 11g Distributed Install : DIP/ODSM (Java Component) & OID (LDAP/REPLD) on different machine
    18. OID Server Mode R, RW, RM: LDAP: error code 53 – Server currently in read only mode
    19. How to change OID 11g database schema (ODS) password
    20. How to add custom attribute, Object Classe in OID from command line or GUI
    21. Oracle Internet Directory (OID) and Real Application Cluster (RAC) database : Things you must know
    22. How to Update User Password in OID (single account or bulk) – command line or GUI
    23. Error starting OID 11g during configuration stage of OID installation on Windows Server “ProvisionException: Failed to start the component”
    24. How to delete Entries in OID 11g in Bulk – Delete Failed : Ldap Error Code 66 Not allowed on Non-Leaf
    25. How to find latest changelog number (or changes) in OID ?
    26. Context Initialization Error on running ldapsearch commands on OID Server
    27. How to find OID version and patches applied on OID Home ?
    28. How to change OID 11g LDAP/LDAPS listen port
    29. How to find/audit Failed Login Attempts in OID 11g
    30. Step by Step configuration of OID Multi Master Replication – LDAP based in OID 11g
    31. OID 11g LDAP based Multi Master replication : Configuration Entries you must know
    32. Configure SSL for Oracle Internet Directory (OID)
    33. How to backup Oracle Internet Directory (OID) 11g – Data : Full / Partial
    34. SSL / Wallets in OID/OHS : How to manage certificates in Wallet using command line ?? ORAPKI
    35. How to debug OID : LDAP Error code 50 – Insufficient Access Rights
    36. What Hashing Algorithm OID uses to store user Password : SSHA or MD5

    88 Responses to “Oracle Internet Directory OID”

    1. Anonymous says:

      Hi Atul,

      I want’s to know what are the attributes will syn between Active directory and OID.

      Thanks
      Muralidhar Muddada

    2. Atul Kumar says:

      Muddada,
      This is configurable & you can configure what all attributes you want to synch by using profiles

      Check OID admin guide
      Atul

    3. Pavan says:

      Hi Atul,

      You might need to correct your stmt : OID which stands for Oracle Internet Directory is expected to be part of Oracle Apps Release 12 – OID is NOT a part of Apps, instead OID is a part of Oracle Database (or IAS – only executables). You can use OID for Identity Management in 11i or R12.

      Regards
      Pavan PVJ

    4. Atul Kumar says:

      Thanks Pavan for correcting this . Yes OID is not part of Apps 11i or R12. Its part of Infrastructure Tier (IM) for Fusion Middleware.

    5. soumya says:

      Its related to integration R12 with third party portal (here the Portal is websphere) , third party LDAP (Microsoft active directory).
      SSO is going to be implemented but it is also delegated to Websphere portal . R12 will be a partner application which is going to accessed thruough Websphere.

      My queries are as follows:
      1. How to address the whole scenario ?
      2. is this required to implement OID ?
      3. IS it required to implement SSO separately for oracle?
      4. Is it required to install 10iAS ?
      5. How to integrate r12 with Webshpere?
      6.How to integrate r12 with LDAP?
      7 Is there any stadard adapter available for integration of each product?
      As this scenario involves SSO , portal LDAP I am not able to make separate as all these has tobe integrated in the same scenario.

      Your valueable Input is required

      Regards

    6. Atul says:

      You have to understand requirement completely from end users on what is their definition of integration.

      It may be possible that all they need is just R12 portlets to be available on IBM websphere portal and user clicks on link and need to authenticate for R12 (means No SSO)

      1. How to address the whole scenario ?

      Install OID & SSO (IdM 10.1.4), and integrate it with R12.
      Integrate OID with AD for LDAP Integration (pointers available on this site) and delegate R12 FND authentication to OID

      Integrate Oracle SSO with IBM websphere – I am not sure about this bit. I know you can integrate Oracle Access manager with IBM webspehere but not sure about right way to integrate Oracle 10g AS SSO with IBM Websphere (Not sure if thats even requirement)

      2. is this required to implement OID ?
      Only If you wish to synch FND_USER in R12 with AD or you wish to keep same/partial user in R12 that of AD

      3. IS it required to implement SSO separately for oracle?
      If you need single sign on solution between IBM Web Sphere and R12

      4. Is it required to install 10iAS ?
      If you need SSO or LDAP integration

      5. How to integrate r12 with Webshpere?
      What you wish to achive with this integration ?

      6.How to integrate r12 with LDAP?
      This is via OID

      7 Is there any stadard adapter available for integration of each product?
      OID to R12 (FND_USER) and OID to AD -> Yes

    7. soumya says:

      Thakns alot for your response .

      Webshepre is the portal to be used . Orcale portal is not used and SSO has to be implemetded . In Websphere including R12 few other applications will be integarted . When ever user is logingin to any of the application automaticaly he can login to other application and no need of entering password repeatadely. Websphere will be integrated to Active Directory(3rd party LDAP) for password . Third party SSo will be used . In this case is it required to install oracle SSO for integration with third party SSO ? If so can u plz explain the steps briefly what should be the approach ?
      Thanks and regards

    8. Atul says:

      Integrate OID with AD and then FND_USER/R12 with OID

      Integrate third party sso server with Oracle 10g Single Sign-On Server and Orcle SSO with R12

    9. Syed says:

      Hi Atual,

      Well, is there any script or utility to get S/W version information, about EBS All inlcuding S/W’s (like Diagnost, Autocongif,form,report,EBS,DB ect..) in 1 script or using any utility. it should get info in 1 shot.

      and same for 10gAS inlcuing S/W’s (I’Mgnt ,AS, OID,SSO,FORm,REPORT,PORTal ect..)

      Thnks Man

    10. Atul says:

      Check this , you can find some here (Not all you are looking for) Metalink Note
      468311.1 Script to find Apache, Java, Jinitiator, Forms version for Oracle E-Business Suite R12

      Few are listed here
      http://www.teachmeoracle.com/version.html

    11. RS says:

      With regards to your response above under:
      Atul in April 9th, 2008 at 10:03 am
      “It may be possible that all they need is just R12 portlets to be available on IBM websphere portal and user clicks on link and need to authenticate for R12″

      Does it have JSR 168 / 286 portlets that can be provided to be integrated with Web sphere portal 6.0?
      Can have a case when after SSO the user clicks on JSR portlets in WS-Portal and rest authoristaion is done in R12 and then the portlet gets displayed on the WS-portal for the user to use.

    12. Syed says:

      Dear Atual,

      I wanna Thank you to lot of support with U and ur website comments.

      now ths issue is

      http://oradevds2.india.com:7777/sso/pages/home.jsp.

      I am Getting SSO page then i Enter orcladmin/oracle123
      i login to R12 application.
      when i log out i am not getting single sign out page.

      if i use R12 EBS user, on SSO i cant . authintication fails. Except orcladmin can login secussfully to EBS using SSO

      1) Sign out page not appear. after logout again getting SSO page.

      2) i use bi-directional provision templete. there is no EBS user in OID.

    13. Atul says:

      Syed,
      I replied to your comment in some other post and I am going to be bit harsh here that you need to read some documentation (as suggested in reply to your other comment)

      For exisitng users in ebs you manually need to migrate them to apps r12. All new users (created after ebs-oid integration) should synch automatically.

    14. Syed says:

      Hi, Atul
      As per pervious comments and the doc u directed i have doen each and every thing , more than 90% i secussfull

      but when At the time of loading data to OID.
      Following tables do not have all indexes
      CT_ORCLGUID

      bulkload -connect asdb1 -check=true -generate=true file=/export/home/oracle/users.ldif

      bulkload -connect asdb1 -load=true file=/export/home/oracle/users.ldif
      ….
      ….
      ….
      ….
      orclmailfolderdn…
      orclrealmname…
      orcldasispersonal…
      orclmailaci…
      shadowflag…
      orclcalendarresourcenumber…
      ctcalorgunit3…
      gecos…
      orclassignedpermissions…
      orclmaillistsuspendedmember…
      orcldbaqpointerattr…
      ctcalorganization…
      secretary…

      ————————————————————
      Data loaded successfully
      ————————————————————

      ————————————————————
      Verifying indexes …
      ————————————————————

      ————————————————————
      Following tables do not have all indexes
      ————————————————————
      CT_ORCLGUID

      ————————————————————
      Generating Database Statistics …
      ————————————————————
      …Setting OID server mode to read-write on “target” node…

    15. […] wish to integrate OBIEE (analytics) with Oracle Single Sign-On Server To know more about OID   click here   and   here […]

    16. Balu says:

      Hi Atul,

      I want to integrate OID with oracle BI Publisher so do we need SSO is that is mandatory to SSO with LDAP .

      Regards

      Balakrishna.

    17. bhimshan27 says:

      Atul,

      I am in urgent need of steps to integrate OID with OWSM. Immediate help on this would be appreciable.

      Thanks in advance
      BhimaShankar K

    18. raj says:

      Hello Atul
      While searching for scripts to start OID automatically during the server start (RedHat Linux ES 5) I came across your post. Though you have mentioned starting the OID components, I believe you had completely ignored specifying about starting the OID database.

      For example (Without any .sh script to do the job for me) I follow the given procedure below once after logging in as oracle
      $ lsnrctl start
      $ sqlplus “/ as sysdba”
      SQL>startup
      # To make sure OID hasn’t inserted another instance entry
      SQL> select count(*) from ods.ods_process;
      # If I find only one entry
      SQL> exit;
      $ oidmon start

      Then proceed with starting both Application server instance and internet directory instances.

      Now, please tell me how I could automize the startup of OID database startup using a script.

      Thanks and regards

    19. Atul Kumar says:

      Yes you can automate OID startup with O.S.

      Create shell script (with OID startup steps) and include it in init.d (o.s.).

      The /etc/init.d directory contains the scripts executed by init at boot time and when the init state

      For database use /etc/oratab (Y infront of corresponding database entry)

      Check this http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-boot-init-shutdown-process.html

    20. raj says:

      Hello Atul
      Thanks for the quick reply. I know I could automize the OID startup process. At the same time having troubles with starting the database for OID. Could you provide me a sample script just to start the OID database? I already made a .sh script for starting the Application instance and it works great, provided my OID is started manually.

      Thanks and regards

    21. Raj says:

      Hello Atul
      Finally I found a small piece of script which has solved my issues. I am posting the solution(s) over here, so if somebody who has just started with Oracle application server 10g could refer it.
      In order to set the oid environment by pass . oraenv, the following were added to .bash_profile for user oracle (hidden file which could be found under /home/oracle/ folder. Do not change any existing lines, just cut and paste the following:
      ########## Oracle Variables ##########
      echo ” Welcome to oracle”;
      ORACLE_BASE=/u01/app/oracle
      ORACLE_OWNER=oracle;
      export ORACLE_OWNER
      ORACLE_TERM=xterm;
      export ORACLE_TERM
      ORACLE_HOME=/u01/app/oracle/infra
      ORACLE_SID=infra
      PATH=$PATH:$ORACLE_HOME/bin
      LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/network/lib
      CLASSPATH=$ORACLE_HOME/JRE:
      $ORACLE_HOME/jlib:
      $ORACLE_HOME/rdbms/jlib
      export
      CLASSPATH
      #LD_ASSUME_KERNEL=2.4.1;
      #export LD_ASSUME_KERNEL
      THREADS_FLAG=native;
      export THREADS_FLAG
      TMP=/tmp;
      export TMP
      TMPDIR=$TMP;
      export TMPDIR
      export PATH ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH LD_PRELOAD
      ########## End of Oracle variables ##########

      This way each time when the user oracle logs in, all the environment variable for instance infra would be set!

      Now create a .sh file on oracle’s desktop with any name you wish and cut and paste the following inside the file

      $ORACLE_HOME/bin/lsnrctl start
      $ORACLE_HOME/bin/sqlplus /nolog<<EOF
      connect / as sysdba
      startup
      EOF

      you are done with starting the oiddb instance!!. Before starting oidmon just do a select count(*) from ods.ods_process to make sure the table doesn’t have multiple instance entries (ie the count(*) must return you a value ‘1’)

      Now you can proceed with opmn services. If you are hosting both infrastructure and application server (normally yes when you had installed it for testing and learning purposes) in a single box, you can include everything within your new script.

      Best regards,

    22. […] Looking at error message “unable to call fnd_ldap_wrapper” its clear that issue is with LDAP (Lightweight Directory Access Protocol) i.e. OID (Oracle Internet Directory) to know more about OID click here […]

    23. rajeshmanoharan says:

      Hi Atul,
      I have 10g (10.1.2.0.2) business intelligence installed on standalone server for discoverer and it’s integrated with EBS 11.5.10.2. Is there any possibility that I can make use of OID from the existing installation? (Like enabling the OID)
      Now I would like integrate EBS with Microsoft Active directory.
      Thanks in advance and waiting for your reply.

      Regards,
      Rajesh

    24. Atul Kumar says:

      Rajesh,
      There are two ways to install discoverer
      , standalone (without oid) or with oid.

      If you initially installed disco with oid use oid
      To integrate apps with AD

      Or install standalone oid/sso and integrate that with
      Apps and active directory.

    25. rajeshmanoharan says:

      Thank you very much Atul :)

      Regards,
      Rajesh

    26. rajeshmanoharan says:

      Hi Atul,
      Can I have another installation with BIS and OID in the single $ORACLE_HOME on another node and migrate the existing BIS to the newly installed BIS with OID? Kindly let me if this way is possible.

      Thanks in advance,

      Regards,
      Rajesh

    27. Atul Kumar says:

      Can I have another installation with BIS and OID in the single $ORACLE_HOME ?

      No, BIS middle tier and OID can’t share ORACLE_HOME . Install them in different ORACLE_HOME

    28. Sundar says:

      Atul,
      when i try to load this user using bulkload, i am getting duplicate dn error.

      the duplicateDN.log entries are cn=jguillory,cn=users,dc=seacor,dc=
      net

      cn=jguillory,cn=users,dc=seacor,dc=
      net
      The LDIF entry is
      dn: cn=JGUILLORY,cn=users,dc=seacor,dc=net
      cn: JGUILLORY
      sn: Guillory
      objectclass: top
      objectclass: person
      objectclass: inetorgperson
      objectclass: organizationalPerson
      objectclass: orcluser
      objectclass: orcluserv2
      objectclass: seaganperson
      givenname: Jarrott
      uid: JGUILLORY
      userpassword: welcome1
      mail: Jarrott.Guillory@xyz.com
      userclass: Customer
      userorgidx: 26165
      userorgname: MMS CO., LTD.

    29. Atul Kumar says:

      @Sundar,
      Login to OID ORACLE_HOME and list all users in domain seacor.net under users and see (users.ldif) if you have any duplicate entry

      $ORACLE_HOME/ldap/bin/ldifwrite connect=”” basedn=”cn=users,dc=seacor,dc=net” ldiffile=”$HOME/users.ldif”

      replace tns_alias_for_oid_db in above command

    30. Sundar says:

      Atul,

      Thanks for your help..this is what i see which is odd…i see couple of users merged causing this issue…any idea to resolve this issue? I am not sure what/how this could have happened…

      This is what i see in the ldifwrite file when i search for that particular user..

      dn: cn=JGUILLORY,cn=users,dc=seacor,dc=net
      authpassword;oid: {SASL/MD5}9tHeoTUDjxU9FfVyr8b99g==
      authpassword;orclcommonpwd: {X- ORCLLMV}C23413A8A1E7665FC2265B23734E0DAC
      authpassword;orclcommonpwd: {X- ORCLIFSMD5}fEOJleWx4HgG6OJns/lo6g==
      authpassword;orclcommonpwd: {X- ORCLWEBDAV}SfzW4BUc1a7R8XuTijTSHA==
      authpassword;orclcommonpwd: {X- ORCLNTV}A3A685F89364D4A5182B028FBE79AC38
      authpassword;orclcommonpwd: {X- ORCLWEBDAV}aFYc83CdzT9lwZeeczw1ig==
      authpassword;orclcommonpwd: {X- ORCLIFSMD5}As1xKH8xC7sMrTOKz+4nZw==
      authpassword;orclcommonpwd: {X- ORCLNTV}A3A685F89364D4A5182B028FBE79AC38
      authpassword;orclcommonpwd: {X- ORCLLMV}C23413A8A1E7665FC2265B23734E0DAC
      authpassword;orclcommonpwd: {MD5}IB8AtcpdZaHBGOXjJDFRTA==
      authpassword;oid: {SASL/MD5-U}rU98LLLkCn2K5k6MPPPGwQ==
      authpassword;oid: {SASL/MD5-DN}BJQ0HNZ/nMPIiPe2acvzKA==
      authpassword;oid: {SASL/MD5}3zXVmuoUQrmoFIXlN5mKNw==
      authpassword;orclcommonpwd: {MD5}IB8AtcpdZaHBGOXjJDFRTA==
      authpassword;oid: {SASL/MD5-DN}uU5oLzy4YRniY72gBmMwFQ==
      authpassword;oid: {SASL/MD5-U}a5uFuHASCwDFHxKh+X7ImA==
      cn: TERRYC
      cn: JGUILLORY
      createtimestamp: 20090701231213z
      createtimestamp: 20090701234025z
      creatorsname: cn=bulkload
      creatorsname: cn=bulkload
      givenname: Terry
      givenname: Jarrott
      mail: terryc@erahelicopters.com
      mail: unknowncustomer@xyz.com
      modifiersname: cn=bulkload
      modifiersname: cn=bulkload
      modifytimestamp: 20090701231213z
      modifytimestamp: 20090701234025z
      objectclass: top
      objectclass: person
      objectclass: organizationalPerson
      objectclass: seaganperson
      objectclass: orcluserv2
      objectclass: orcluser
      objectclass: organizationalPerson
      objectclass: inetorgperson
      objectclass: person
      objectclass: top
      objectclass: seaganperson
      objectclass: orcluserv2
      objectclass: orcluser
      objectclass: inetorgperson
      orclguid: 6DAE0DAC9A373825E0440003BA774D25
      orclguid: 6DAE728F39084188E0440003BA774D25
      orclnormdn: cn=terryc,cn=users,dc=seacor,dc=net
      orclnormdn: cn=jguillory,cn=users,dc=seacor,dc=net
      orclpassword: {x- orcldbpwd}1.0:8478BF68F421A840
      orclpassword: {x- orcldbpwd}1.0:91959291907A327E
      pwdchangedtime: 20090701231213z
      pwdchangedtime: 20090701234025z
      sn: Cole
      sn: Guillory
      uid: TERRYC
      uid: JGUILLORY
      userclass: Employee
      userclass: Customer
      userorgidx: 245
      userorgidx: 26165
      userorgname:: RVJBIEhFTElDT1BURVJTLCBMTEMN
      userorgname:: TU1TIENPLiwgTFRELg0=
      userpassword: {SHA}41vs5sXm4OhspR0EQOkigqnWrIo=
      userpassword: {SHA}41vs5sXm4OhspR0EQOkigqnWrIo=

    31. Atul Kumar says:

      This could be because of bulkload , what options you used during initial bulkload command ?

    32. Sundar says:

      There’s a check script which basically checks the ldif file and then the load script which is as follows…

      $ORACLE_HOME/ldap/bin/bulkload.sh -connect iasdb -generate -load
      -append $ORACLE_HOME/ldap/load/oid_user_load.ldif

    33. Atul Kumar says:

      @ Sundar,
      Restore OID from valid backup (prior to bulkload) and rerun bulkload.sh with additional -check option.

      http://download-west.oracle.com/
      docs/cd/B15904_01/manage.1012/b14082/syntax.htm#CEGJIEHI

    34. Sundar says:

      Atul,

      when you say valid backup, do you mean Database backup or backing-up of OID entries using ldifwrite?

      Is there a reference somewhere that you could point me for backing-up and restoring OID entries? That way i will take backups before using bulkload.

      Since we don’t have a valid backup of OID, I am tryig to delete the entries that we loaded using ldif file that we used to load and retry loading them again.

      I created a LDIF file as follows:

      dn: cn=SMILNER,cn=users,dc=seacor,dc=net
      changetype: delete

      and when i run this using the following command:

      ldapdelete -p 389 -h localhost -D “cn=orcladmin” -w -v -f $ORACLE_HOME/ldap/load/user_del_test.ldif

      i get the following error message:

      ldap_init( localhost, 389 )
      deleting entry dn: cn=SMILNER,cn=users,dc=seacor,dc=net
      ldap_delete: No such object
      ldap_delete: matched: cn=Users, dc=seacor,dc=net
      ldap_delete: additional info: Entry to be deleted not found.

      When i search for SMILLER in ODM under entry management or view the dump of all users from OID DB i see the dn value same as the one i have in the ldif file.

      Anything wrong with the ldif file?

      FYI, when i use ldapdelete and a issue dn as a single entry (same as in the ldif file for dn) it takes it and removes the entry.

      example:
      ldapdelete -v -D “cn=orcladmin” -w -h localhost -p 389 “cn=JGUILLORY,cn=users,dc=seacor,dc=net”

      The above command removed the entry successfully.

      Any help is highly appreciated.

      Thanks,

      Sundar

    35. Atul Kumar says:

      OID is stored in Oracle Database so there are two ways to backup/restore OID.

      1. Using Oracel Database Hot/Cold backup

      2. Using ldifwrite

      To backup & restore only users using ldap commands use ldifwrite , check steps mentioned here

      http://download.oracle.com/
      docs/cd/B14099_19/core.1012/b13995/prodtest.htm#BABEDBHI

      Focus only on tree under “cn=users, dc=seacor,dc=net “

    36. Sundar says:

      Atul,

      Thanks, I am able to delete the merged entries using ldapdelete.

      Now when we run the bulkload with -check option, there are no duplicates (which is good) but then there’s an error in schemacheck.log. Do you know what it means?

      Duplicate while inserting in Hash Table.
      Duplicate while inserting in Hash Table.
      Duplicate while inserting in Hash Table.
      Duplicate while inserting in Hash Table.
      Duplicate while inserting in Hash Table.

      Thanks for your help.

      Sundar

    37. reeta says:

      about AD & OID
      As for the AD interface, there will be synchronisation b/t the OID and AD & these can be two-way. Can the following scenario be used : At first, users are taken from the AD system to populate the OID and the Oracle HRMS BUT subsequently, we want the users from the OID to initiate the transfer whereby a user who leaves the company first has his employee file updated/deleted in Oracle and this change is done in the AD system.

      2) Suppose an account is locked out in HRMS for a particular reason. As account info is syncronized/replicated, how to ensure that the particular user still has access to other systems within the MT group.

    38. Atul Kumar says:

      Can the following scenario be used : At first, users are taken from the AD system to populate the OID and the Oracle HRMS BUT subsequently, we want the users from the OID to initiate the transfer whereby a user who leaves the company first has his employee file updated/deleted in Oracle and this change is done in the AD system.

      Yes, this process is called as boot straping and you can use ldifwrite and bulkload feature to load initial set of users and then use provisioning profile to synchronise users

    39. Will L says:

      Can someone help me. I can’t figure out why when it won’t start oidmon, oidldapd. It gives me a Process (index=1,uid=1942228545,pid=4929) time out while waiting for managed process to start
      Log:
      /oracle/middleware/asinst_1/diagnostics/logs/OID/oid1/console~OID~1.log.

      The log file doesn’t contain anything and I’m not sure how to turn up the debugging information as well.

      Thank you!

    40. Atul Kumar says:

      @ Will, Looking at log structure it seems you are using 11g OID.

      Is your database & DB listener (for OID schema) up and accessible ?

      Check OPMN logs at

      /oracle/middleware/asinst_1/diagnostics/logs/OPMN/opmn/opmn.log

      and OIDCTL logs at

      /oracle/middleware/asinst_1/diagnostics/logs/OID/oid1/oidctl.log

      OPMN start OIDCTL which in turn starts OID processes

    41. […] you wish to login to WebLogic Server using users in Oracle Internet Directory (more on OID here) or allow access to your WebServices to users in OID (OWSM Policy) then you will have to define […]

    42. varma namburi says:

      Hi Atul,

      We are using Oracle Identity Management suite 11g for single signon where OAM for identity and access management and OIM for User provisioning.OID to store the user data.I download these software from this url
      http://www.oracle.com/technology/software/products/middleware/htdocs/fmw_11_download.html

      ofm_idm_win_11.1.1.3.0_32_disk1_1of1.zip
      ofm_oam_core_win_10.1.4.3.0_disk1_1of1.zip
      ofm_oam_pm_webpass_win_10.1.4.3.0_disk1_1of1.zip
      ofm_oam_webgates_win_10.1.4.3.0_disk1_1of1.zip

      Can you please confirm whether these software are sufficient for my requirement?

    43. varma namburi says:

      Hi Atul,

      We are using Oracle Identity Management suite 11g for single signon where OAM for identity and access management and OIM for User provisioning.OID to store the user data.I download these software on x86 from this url
      http://www.oracle.com/technology/software/products/middleware/htdocs/fmw_11_download.html

      Identity Management (11.1.1.3.0)
      Access Manager Core Components (10.1.4.3.0)
      Access Manager WebGates (10.1.4.3.0)
      Policy Manager and WebPass on Third Party and non-OHS 11g Web Servers

    44. Atul Kumar says:

      @ Varma,
      You would also need
      a) Database for OID repository
      b) WebLogic to host ODSM and DIP (though this is not mandatory) you can run OID without ODSM and DIP application as well
      c) RCU (this is not mandatory again) – required to load OID schemas in database. You can create OID schema during OID install as well without RCU, but RCU gives you flexibility to change tablespaces and other things for schema.
      d) Identity Manager – OIM (Identity Manager) is not part of Identity Management (11.1.1.3.0)
      so download version OIM 9.1.0.1 separately from http://www.oracle.com/technology/software/products/ias/htdocs/101401.html

      Polease share your installation steps with readers (specially Identity Manager installation)

    45. Guest says:

      Hi Atul,

      I am very new to OIM and OVD. I am not understanding the distriction between these two. Can you please Advise?

      Thanks
      Guest

    46. Atul Kumar says:

      @ Guest

      OIM : Oracle Identity Manager (Provisioning and Identity Management software)
      OVD : Oracle Virtual Directory (Virtual directory which sits in front of multiple directory servers to give single view of ldaps servers to client )
      OID : Oracle Internet Directory (LDAP compliant Directory Server)

      More on all Oracle Identity Management Products here http://onlineappsdba.com/index.php/2010/06/01/oracle-identity-management-products-oid-ovd-oam-oim-orm-owsm-oif-esso-oes-oaam/

    47. Dan says:

      Atul,

      Firstly a big thank you for all the good work you guys are doing. These articles are immensely helpful.

      I am struggling to get information on how to enable self-service for password change and reset for the OID users. Please note I am not provisioning these users to OID using OIM. These users are being manually created in OID by the administrator. However when they access the WebGate protected resource through OAM, I would like to provide them the option to register (secret questions) and manage their passwords. My question is where would the secret questions be created and how would the users access this self-service page to change and reset passwords?

      Can these questions be set up in OAM although the user identities are in OID?

      We are using 11g.

      Thanks,
      Dan

    48. Atul Kumar says:

      @ Dan,

      OID in 10g used to come with default self service application called OIDDAS and 11g OID you can still use 10g OIDDAS application but I would not recommend you to use OIDDAS with 11g OID.

      If you have OAM with OID then questions can be set up at OAM via lost password management feature of OAM.

      IF this is what you are looking for then check http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12489/idconfig.htm#BABDFCGI

      What is version of your OAM ?

    49. […] issue (ORA-01017 Invalid Username/Password) where Oracle Database is registered with LDAP Server (OID or Microsoft Active Directory) for Enterprise User […]

    50. cristiano says:

      Do anyone know in which manner the password is stored and controlled in OID ?

      We are integrating the Sharepoint membership provider with OID but seems to not recognize the password. The Ldap Membership provider hash the password and then compare it against OID. So what is the hash Algorithm used by OID ?

      Thanks

    51. urs.shivakumar@gmail.com says:

      Hi,

      During the IDM 11.1.1.4 Configuration on Windows XP 32 bit system. I am getting the following error.

      oracle.as.provisioning.util.ConfigException:
      Error creating ASComponent oid1.
      Cause:
      An internal operation has failed: Failed to start the component

      Prerequisite:
      1. Oracle Database 11.2.0.1
      2. RCU 11.1.1.3.3
      3. Weblogic – 10.3.4
      4. FMW IDM (OID) – 11.1.1.4

      During the installation of OID, All the prerequisites were passed. Installation was successful. While Configuring OID with weblogic domain, I have faced this.

      In last step, Start Oracle Internet Directory. I am facing this error.

      Please help me to solve this error.

      Thanks,
      Shiv

    52. Shiv says:

      Hi,

      During the IDM 11.1.1.4 Configuration on Windows XP 32 bit system. I am getting the following error.

      oracle.as.provisioning.util.ConfigException:
      Error creating ASComponent oid1.
      Cause:
      An internal operation has failed: Failed to start the component

      Prerequisite:
      1. Oracle Database 11.2.0.1
      2. RCU 11.1.1.3.3
      3. Weblogic – 10.3.4
      4. FMW IDM (OID) – 11.1.1.4

      During the installation of OID, All the prerequisites were passed. Installation was successful. While Configuring OID with weblogic domain, I have faced this.

      In last step, Start Oracle Internet Directory. I am facing this error.

      Please help me to resolve this issue.

      Thanks,
      Shiv

    53. Atul Kumar says:

      @ Shiv,
      11.1.1.4 is patchset. Did you install 11.1.1.2 base reelase ?

      If yes then did this ever fail in past ?

      If you applied 11.1.1.4 on top of 11.1.1.2 and this is fresh installation (which never failed in past) then

      Run opmnctl startall from $WL_HOME/asinst_1/bin and update output here

    54. Shiv says:

      @Atul,

      Thanks Atul.

      I did as you said. This is the response for that.
      After “opmnctl startall”, I have fired “opmnctl status” also for your information.

      C:\Oracle\apps\idm11g\MWHOME\asinst_3\bin>opmnctl startall
      opmnctl startall: starting opmn and all managed processes…

      C:\Oracle\apps\idm11g\MWHOME\asinst_3\bin>opmnctl status

      Processes in Instance: asinst_3
      ——————–+—————-+——-+—–
      ias-component | process-type | pid | status
      ———————————+——————–+———+———
      EMAGENT | EMAGENT | 6484 | Alive

      C:\Oracle\apps\idm11g\MWHOME\asinst_3\bin>opmnctl startall
      opmnctl startall: starting opmn and all managed processes…

      C:\Oracle\apps\idm11g\MWHOME\asinst_3\bin>

      Please resolve this.

      Thank you Atul,
      Shiv

    55. Shiv says:

      @Atul,

      This is regarding last post in this series. I had installed 11.1.1.2 base release. On that I installed patchset 11.1.1.4. I had not configured while installing. Now once I am trying to configure, I am getting this error.

    56. Atul Kumar says:

      @ Shiv,
      Only issue I can see here could be because of RCU version mismatch.

      Currently in your setup, OID instance failed to start and installer removed configuration (related to OID from database)

      To fix this issue donot use RCU :

      1. Recreate Database (using dbca) – drop and create database
      2. Install weblogic 10.3.4
      4. Install OID 11.1.1.2 (donot configure – just install)
      5. Apply patch 11.1.1.4 for OID
      6. Configure OID (create schema during config stage)

      More steps here http://onlineappsdba.com/index.php/2011/03/23/install-oracle-identity-management-oimidm-11114-oid-ovd-oif-high-level-steps/

    57. Shiv says:

      @Atul,

      Thank you very much Atul. I will follow the steps you told. And I will let you know the result.

      Thanks Again,
      Shiv

    58. Shiv says:

      @Atul,

      I have followed exactly the steps you told with same versions. I am configuring OID Without Weblogic Domain. But Again facing error in “Configure OCM” step.

      The Error is

      oracle.as.provisioning.util.ConfigException:
      Error creating ASComponent oid1.
      Cause:
      An internal operation has failed: Failed to start the component

      Please help me to resolve this issue.

      Thanks,
      Shiv

    59. Atul Kumar says:

      @ Shiv,
      Which version of OID you are installing ?

      Which link on this site you are using to install OID ?

    60. Shiv says:

      @ Atul,

      Thanks for your response.

      I have installed IDM 11.1.1.2.0, then I have installed IDM 11.1.1.4.0 patch(patch number is (11060980).

      I have followed the steps in this link.

      http://onlineappsdba.com/index.php/2011/03/23/install-oracle-identity-management-oimidm-11114-oid-ovd-oif-high-level-steps/

      And I have referred this link also.

      http://download.oracle.com/docs/cd/E17904_01/install.1111/e12002/instps2.htm#BGBCHIJI

      Please help.

      Thanks,
      Shiv

    61. Atul Kumar says:

      @ Shiv,
      Is this on Unix ?

      What is hostname and entry in /etc/hosts ?

      Do you have IP assigned to server and if yes can you ping to this hostname/ip (entry defiend in /etc/hosts) ?

      If you are installing just OID then don;t create schema using RCU, try following –
      1. Remove database and install again
      2. Install weblogic 10.3.4
      3. Install OID 11.1.1.2 (install – donot configure)
      4. Install OID 11.1.1.4
      5. Configure OID and then during config create schema.

      See if this helps.

    62. Shiv says:

      @ Atul,

      Thanks again for your help.

      This is on Windows XP 32 bit system.

      Earlier you told me to do these steps. I followed same steps exactly.

      Again problem persists.

      Please help.

      Thanks,
      Shiv

    63. Atul Kumar says:

      @ Shiv,
      Sorry didn’t check your previous comments.

      In order to further debug this

      1. See if you can see any logs in $ORACLE_INSTANCE /diagnostics /logs /OID /oid1/*

      and
      $ORACLE_INSTANCE /diagnostics /logs /OPMN /opmn/*

      2. What is hostname and IP address of machine ?

      3. Try pinging hostane

      ping [hostname]
      ping [IP]

    64. Shiv says:

      @ Atul,

      Thanks again for your help.

      1. I can’t see the OID folder inside “$ORACLE_INSTANCE/diagnostics/logs/”

      2. I can see three log files here “$ORACLE_INSTANCE/diagnostics/logs/OPMN/opmn/*”

      debug.log -> It contains nothing. Empty file
      opmn.log -> It contains

      [2011-04-07T14:16:01][opmn][NOTIFICATION:1][90][OPMN][code:ons-internal]ONS server initiated
      [2011-04-07T14:16:01][opmn][NOTIFICATION:1][520][OPMN][code:pm-internal]Create pm state directory: C:\Oracle\apps\idm11g\MWHOME\asinst_1\config\OPMN\opmn\states
      [2011-04-07T14:16:01][opmn][TRACE:1][526][OPMN][code:pm-internal]PM state file does not exist: C:\Oracle\apps\idm11g\MWHOME\asinst_1\config\OPMN\opmn\states\.opmndat
      [2011-04-07T14:16:01][opmn][NOTIFICATION:1][675][OPMN][code:pm-internal]OPMN server ready. Request handling enabled.
      [2011-04-07T17:37:25][opmn][NOTIFICATION:1][676][OPMN][code:pm-internal]OPMN server stopped. Request handling disabled.
      [2011-04-07T17:37:25][opmn][TRACE:1][667][OPMN][code:pm-requests]Request 5 Started. Command: /shutdown
      [2011-04-07T17:37:25][opmn][TRACE:1][668][OPMN][code:pm-requests]Request 5 Completed. Command: /shutdown

      service.log -> It contains

      ——–
      11/04/07 14:16:01 startproc
      ——–

      ——–
      11/04/07 17:37:26 shutdown
      ——–

      3. I tried pinging hostname/IP. Both are working fine.

    65. Atul Kumar says:

      @ Shiv,
      In your case installation failed and installer has rolled back entire oid instance (so logs missing)

      Check installation logs under oraInventory (:\program files\Oracle\Inventory)

    66. Atul Kumar says:

      @ Shiv,
      Your problem could be because of one of following reasons (apart from few mentioned above in comments) – installation logs should tell you root cause issue

      Issue 1. TNS listener for database is listening IPv4 and the IM installation try to connect using an IPv6 or vice versa
      Fix 1: Disable IPV6 , restart machine and install everything again (including database)

      Issue 2: You are trying to use a port for OID which is already in use
      Fix 2: Default OID port in 11g are 3060 and 3131 so check if they are in use . Use different port

      Issue 3 (Unix only): You are trying to use OID port < 1024 and forgot to run oraRoot.sh (after OIM install)
      Fix 3: Run oraRoot.sh before running config.sh

      Issue 4: Database Standard Edition (SE) is used
      Fix 4: use EE (Enterprise edition) or apply patch for SE compatibility

      Issue 5(Unix only) : SE Linux is used
      Fix5: Temporarily disable enforcement (SELinux)

      I suspect you are hitting issue 1

    67. Shiv says:

      @ Atul,

      Thanks for the solution.

      I will try this & let you know.

      Thanks Again,
      Shiv

    68. […] Oracle Internet Directory Release 11.1.1.2.0 – If you wish to login to WebLogic Server using users in Oracle Internet Directory or allow access to your users in OID (OWSM Policy). […]

    69. Mohan Poojari says:

      Atul

      I have successfully imported the SSO users, groups and Portal groups after removing the authpassword attributes. The attribute userpassword has been successfully imported for each user.

      Users cannot login with the same password as in Live as it is failing on authentication. How can I get the same passwords working as in Live. I don’t want to change the password using ldapmodify.

      Thanks in advance.

      Mohan

    70. Atul Kumar says:

      @Mohan Poojari,
      Can you do ldapbind using prod user and prod password in target environment ?

      —Users cannot login with the same password as in Live as it is failing on authentication.

      Is this for portal login/password ? try and see if ldapbind works first

    71. Mohan Poojari says:

      Atul

      ldapbind is working and Portal login is also working.

      I have found the issue, it was due to a missing attribute.

      Have a good evening.

      Thanks

      Mohan

    72. Nehas says:

      Atul,

      I am using Oracle Intergrated Plateform (OIP)to synch OID (Identity store) with Sieble. I wanted to know which protocol OIP uses it connect and trasfer user credentials to sieble or any other applications.

      Thanking you in advacne

    73. siva says:

      i have question here

      1. Once i integrated the LDAP , it is going to Authenticate the User (valid user).

      2. to integrate the user and OBIEE user & Role instead of OID

      3. support think that i don’t have OID , is there way i can create my own Database and integrate tthe same to the OBIEE

      is it possible ?

    74. Rgupta says:

      how to integrate OID 11gR1(along with oAM 11gr1) with ebs r12?

      I found the oracle note used for above is 1309013.1. our need to integrate 11g OAM anlong with OID 11gR1ebs.
      In master note 1309013.1, it is mention to follow 1370938.1 for registering OID 11gr1(using OAM 11G) with EBS.
      I am using 1370938.1 but not clear what exsactly WE need to run to complete OID 11gr1 integration with EBS.

      Can you please provide step details of how to integrate OID 11gr1(using oam 11gr1 and not sso) with ebs using 1370938.1?

    75. Daniele Trabucco says:

      Help! my configuration is:

      Oracle OIM 10.3
      Oracle Weblogic 10.3.0

      I have a java application using OID for user authentication, users are created such as firstname.lastname, but if I perform with any user access in this way FIRSTNAME.LASTNAME or Firstname.laStname or by adding “space” before or after the user name, are authenticated as well! how can I set the criteria for userID?

      • Atul Kumar says:

        @ Daniele Trabucco,
        Which application is doing authentication ? You can configure application to check login attribute (cn or lastname or uid or email) as per your choie . Look for application which is doing authentication.

    76. darleys says:

      Atul ,
      here’s my situation,
      I have installed OID 11.1.1.6.0 and OAM 11.1.1.7.0 and no issues in integrating them. but when I install oracle portal 11.1.1.6.0 it asks for OID information and when I provide those information it throws an error “cannot retrieve SSO information” there is no issue in the login credential because when I provide a wrong password for ‘cn=orcladmin’ it throws an error ‘cannot login into the LDAP’ . then I did more research and it seems the OID 11g misses DAS 10g , and that’s the reason portal is not able to fetch the SSO.
      Now… please advice me of what path to take
      1. use inspre11.pl and install MRCA(10g 10.1.4.3.0) and install SSO + ODAS 10.1.4.3.0 (*** Iam not able to get the downloads at all for that)
      or

      2. install 10g OID+SSO which will automatically install ODAS 10g and then upgrade OID to 11g?

      or if you know of any other way please help me…

    77. ddawicki says:

      HI Atul, We had a working 9.0.4.0.0 after yearend passwords, except the cn=orcladmin didn’t log into the Windows Oracle Directory. 10G Application Server – 2 farms, I think I issued a bad ldapbind, tried to restart with DOS shortcut to stop and start the services and they appeared hung so interruptd them. Now they say they are not valid win32 applications when issued…

      OID port 389 can’t be accessed, ldap server not connected when issuing ldapbind -q, can’t log into Oracle Directory on Windows, ldap down. The database ods id locks up all the time. I don’t know how to change the cn=orcladmin (older version of oidpasswd), unsure where the wallet is, checked Linux, assuming it’s on Windows, can’t locate it..

      So hung up, the Enterprise Console Farms don’t start without an error connecting to the repository, cannot connect to port 389. etc…. One of the farms windows service doesn’t complete. We are production DBAs, didn’t set this up. We have a test side that works but can’t seem to get to the crux of this. I appreciate your insights very much.

    78. ram says:

      Can we use FMW forms/reports OID database and OAM to configure SSO for EBS 12.1.3, pleae advise.

    79. Krish says:

      Can we sync pwdHistory and pwdReset attributes from Source OID to Target OID.

      Can we sync the operational attributes like CreatorsName, CreateTimeStamp,ModifiersName, ModifiedTimeStamp from Source OID to Target OID.

    80. Krish says:

      Thanks Atul. I could sync the pwd attributes to target OID but could not the attributes CreatorsName, CreateTimeStamp,ModifiersName, ModifiedTimeStamp. Thanks for your input.

      PN: I really like your posts.

    81. Bheem says:

      Hi atul,

      how to check the status of OID in putty,

      Thanks,
      Bheem

    82. sundas7 says:

      Hi Experts,

      I have the old version of OIM 9.1.0 installed.I am just trying to set up a test environ here, Please let me know the best way to download and install OID 10g here. I would like to install it as an add-on component.Later I would be installing 11gr2.Please advice.Thanks sundas7

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP
    TOP