How to start DB, OID and ODSM

This post describes the procedure to start DB, OID and ODSM.

To start DB, follow the steps in the order given below:

1. Set the environment variables (if they are not already set) by executing the below commands:
    a. export ORACLE_HOME = /app/oracle/product/11.2.0/dbhome_1. Path of the base directory of database
    b. export PATH = /app/oracle/product/11.2.0/dbhome_1/bin: $PATH.  The bin  directory of ORACLE_HOME
    c. export LD_LIBRARY_PATH=/app/oracle/product/11.2.0/dbhome_1/lib. The lib folder of ORACLE_HOME
    d. export ORACLE_SID=orcl. Database SID
PS: All these variables can be permanently set in the session by writing these commands to ".profile" file of the unix user.
2. Start the database listener by executing the below command:
    a. lsnrctl start

3. After starting the listener, login to idle instance of database by executing:

    a. sqlplus / as sysdba

4. Start the database instance by executing
    a. startup

You have successfully started the database now. 

The next step is to start OID. In 11g, OID has ODSM which is GUI similar to "Oracle Directory Manager" in 10g version. You can just start OID process using OPMN and start working with out ODSM as ODSM is only a GUI interface provided by Oracle.

Steps to Start OID using OPMN

1. Set the environment variables required to start OID by executing the below commands:

    a. export ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_IDM1. Path of the base directory of Oracle Internet Directory

    b. export ORACLE_INSTANCE=/home/oracle/Oracle/Middleware/asinst_1. Path of the instance directory created while installation
    c. export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/ldap/bin:$ORACLE_INSTANCE/bin:$PATH. 
    d. export TNS_ADMIN=$ORACLE_INSTANCE/config
PS: Make sure the first directory of PATH variable is always bin directory of ORACLE_HOME as defined above. You might get errors while executing ldap commands if this is not maintained.
2. Start OID by executing
    a. opmnctl startall
You can check the status of OID by executing opmnctl status to verify if the status is Alive i.e., if OID is started.

You have started OID successfully. You can start working with OID now.

(Optional) The next step is to start ODSM i.e., Weblogic Managed Server. To start with you have to start Weblogic Admin Server.

Steps to start Web logic Admin and Managed Server

1. To start Weblogic Admin Server, Navigate to <WLS_DOMAIN>/bin directory and execute:

    a. ./startWeblogic

2. To start Managed Server, Navigate to <WLS_DOMAIN>/bin directory and execute:

   a. ./startManagedWeblogic <Managed_Server_Name> <Admin_Server_URL>

PS: If you get an error "Unable to get lock on "WLS_<>.DAT" file while starting Admin or Managed Server, Delete the ".DAT" files from the "<WLS_DOMAIN>/servers/<Admin or Managed>/data/store/default" and "<WLS_DOMAIN>/servers/<Admin or Managed>/data/store/diagnostics" directories and try restarting the server.

Configuration of OID

After installation you should configure OID. Follow the steps given below:
1. Browse to <Oracle_Home>/bin directory and execute config.sh

2. Select “Create New Domain” and enter the credentials and name of the domain to be created. Click Next to continue

3. Specify Weblogic sever directory, Oracle Instance location and Instance Name. Click Next to continue

4. Select the components to be configured

5. Select appropriate option to configure ports of OID

6. Select Create Schema and provide the connection details of Database.

PS: If you have already created schema using RCU, select "Use Existing Schema"

7. Enter the password of the schema owner. Click Next to continue

8. Specify OID realm, OID admin password and click Next to continue

9. Verify the installation summary. Click configure

10. Configuration progress

11. Installation complete. Click Finish to exit.

You have successfully installed and configured OID. Click here to see how to start DB, OID and ODSM

OID 11.1.1.5.0 Patch Installation

1. Download the patch from the metalink site.
2. Browse to Disk1 of patch installer directory, execute runInstaller. Click Next to continue

3. Specify the Middleware home and Oracle home directory of previous installation. Click Next to continue

4. Verify the details and click on Install

5. Installation Complete. Click finish to exit.

OID 11.1.1.3.0 Installation

In OID installation, you can create the database schema either by using RCU or by opting for create schema while installation. We are going to install OID without using RCU here.We will install 11.1.1.3.0 version first, then update the software to 11.1.1.5.0 and configure OID.


1. Download the software from the link provided in the first post.
2. Browse to Disk1 of the installer directory and execute "runInstaller". Click next to continue the installation

3. Select ‘Install Software –Do Not Configure’. We will configure after installation of 11.1.1.5.0 patch.

4. Setup will check the prerequisites. Click on Next.

5. Specify Middleware Home and Oracle Home directory location

6. Verify the installation details and click Install to install the software

7. Installation in progress. Click Finish on completion

                                                                              OID 11.1.1.5.0 Installation 

DB 11g Installation

1. Browse to installer directory and execute runInstaller.
2. Select ‘Create and configure a database’ Click Next

  3. Select ‘Server Class’ and click Next

   4. As it is not cluster installation, select ‘Single instance database installation’ and click Next.

   5. Select ‘Advanced Install’, click Next.

   6. Select Enterprise Edition and click Next

   7. Specify the Oracle Base and Oracle Home directory location

 

   8. Specify Inventory directory location and oraInventory group name

   9. Specify global database name and SID of database

   10. Specify the character set of the DB to Unicode. Click Next
PS: Default character set might be different from Unicode. This is a prerequisite for OID installation

   11. Specify the database file location for database storage, Click Next

   12. Verify the installation summary and Click Finish

   13. Installation started. First the installer will copy and extract the necessary files and then setup will start.

   14. Installation in progress. Click on Password Management, when prompted if you want to change password/unlock the users.

  




















15. After installation is successful, you will be prompted to execute two shell scripts as "root"

  


















16. Installation is successful. 

Enterprise User Security quick reference - EUSM Commands

EUSM is the utility which comes Out-Of-Box with OID. This utility can be used for mapping enterprise users/roles to database objects for Enterprise User Security setup. Below are some of the commands most commonly used for EUS:

To List Enterprise roles in OID

eusm listEnterpriseRoles domain_name=<OID Domain> realm_dn=<oid realm> ldap_host=<hostname> ldap_port=<port> ldap_user_dn=<oid administrator> ldap_user_password=<oid admin password>

To List Mappings

eusm listMappings domain_name=<OID domain> realm_dn=<realm> ldap_host=<hostname> ldap_port=<port> ldap_user_dn=<oid admin> ldap_user_password=<oid admin password>

To List Enterprise Role Info

eusm listEnterpriseRoleInfo enterprise_role=<rdn of enterprise role> domain_name=<oid domain> realm_dn=<oid realm> ldap_host=<hostname> ldap_port=<port> ldap_user_dn="<oid admin>" ldap_user_password=<oid admin password>

To Create Enterprise Role

eusm createRole enterprise_role=<rdn of the enterprise role> domain_name=<oid domain> realm_dn=<oid realm> ldap_host=<hostname> ldap_port=<port> ldap_user_dn="<oid admin>" ldap_user_password=<oid admin password>

To Create User-Schema Mapping

eusm createMapping database_name=<SID of target database> realm_dn="<oid realm>" map_type=<ENTRY/SUBTREE> map_dn="<dn of enterprise user>" schema="<name of the shared schema>" ldap_host=<oid hostname> ldap_port=<port> ldap_user_dn="<oid admin>" ldap_user_password="<oid admin password>"

To Create Proxy Permission

eusm createProxyPerm proxy_permission=<Name of the proxypermission> domain_name=<oid domain> realm_dn="<oid realm>" ldap_host=<hostname> ldap_port=<port> ldap_user_dn="<oid admin>" ldap_user_password=<oid admin password>

To Grant Proxy permission to Proxy group

eusm grantProxyPerm proxy_permission=<Name of the proxy permission> domain_name=<oid domain> realm_dn="<oid realm>" ldap_host=<hostname> ldap_port=<port> ldap_user_dn="<oid admin>" ldap_user_password=<password> group_dn="<dn of the enterprise group>"

To Map proxy permission to proxy user in DB

eusm addTargetUser proxy_permission=<Name of the proxy permission> domain_name=<oid domain> realm_dn="<oid realm>" ldap_host=<hostname> ldap_port=<port> ldap_user_dn="<oid admin>" ldap_user_password=<oid admin password> database_name=<SID of the target database> target_user=<target database user> dbuser=<Database user with DBA privileges> dbuser_password=<database user password> dbconnect_string=<database_host>:<port>:<DBSID>

Enterprise role to Global role mapping in OID

eusm addGlobalRole enterprise_role=<rdn of the enterprise role> domain_name=<oid domain> realm_dn="<oid realm>" database_name=<SID of the target database> global_role=<name of the global role defined in the target database> dbuser=<database user> dbuser_password=<database user password> dbconnect_string=<database_host>:<port>:<DBSID> ldap_host=<oid_hostname> ldap_port=<port> ldap_user_dn="<oid admin>" ldap_user_password=<oid admin password>

EUS-SQL queries

-- Get the database version
select * from v$version;
select * from role_role_privs;
select * from role_tab_privs;

-- Read all global roles present in DB
select role from dba_roles where password_required='GLOBAL';
-- Global roles to local roles mapping
select * from dba_role_privs where grantee in (select role from dba_roles where password_required='GLOBAL');
select * from dba_role_privs where grantee in ('SS_D2DB0156_INTERNAL');

-- Object privileges assigned to the user
desc DBA_TAB_PRIVS;
select * from dba_tab_privs;
select * from dba_tab_privs where grantee='GUSER_SYSDBA_D2DB0156';
select distinct grantee,table_name, privilege from DBA_TAB_PRIVS where grantee in (select granted_role from dba_role_privs where grantee in (select role from dba_roles where password_required='GLOBAL'));
select distinct grantee,table_name, privilege from DBA_TAB_PRIVS where grantee in ('LROLE_EASI_ETL');

-- System Privileges assigned to a user/Role
desc dba_sys_privs;
select * from dba_sys_privs where grantee='NAGS_CONSOLIDATION_SHARED_SCH';
select * from dba_sys_privs where grantee='GROLE_EASI_ETL';

--Grant local role to global role
grant LROLE_EASI_ETL to GROLE_EASI_ETL;

--Grant connect to GUSER_SYSDBA_D2DB0156
grant CONNECT to PROXY_USER_EUSTEST;
grant CREATE TABLE to GLOBAL_EXC_SCHEMA_TEST;

-- Global users/Shared schemas created in DB
select * from dba_users where password='GLOBAL';
select * from dba_users where username='SS_D3DB0156_INTERNAL';
select distinct password from dba_users;

-- Read the roles of the user session
select * from session_roles;
-- Read privileges of the user session
select * from session_privs;

-- Read the schmea user logged into
select sys_context('userenv','db_name'), sys_context('userenv','session_user') from dual;
SELECT sys_context('USERENV', 'CURRENT_SCHEMA') FROM DUAL;

-- Creating exclusive schema
CREATE USER global_exc_schema_test1 IDENTIFIED GLOBALLY;
drop user global_exc_schema_test1;

-- Create proxy user for EUS
CREATE USER proxy_user_eustest identified by abcd1234;
commit;
drop user proxy_user_eustest;

-- Grant connect through enterprise users to proxy user
ALTER USER global_exc_schema_test1 GRANT CONNECT THROUGH ENTERPRISE USERS;

SUSE Linux

To install additional rpm's , Insert Disk 1 of the ISO image
1. start -> Yast -> software management
2. Uncheck Name and properties and check "rpm libraries"
3. Search for the rpm, entering the name in search box.
You can see the rpms available. Select the required rpm, click accept and then install the required rpms


To disable firewall in SUSE
1. Login as root
2. Execute "/etc/init.d/SUSEfirewall2 stop"


To check the swap space availabe in SUSE
1. Login as root
2. Execute "swapon -s"


To add extra swap space

a) Login as the root user

b) Type following command to create 512MB swap file (1024 * 512MB = 524288 block size):
# dd if=/dev/zero of=/swapfile1 bs=1024 count=524288

c) Set up a Linux swap area:
# mkswap /swapfile1

d) Activate /swapfile1 swap space immediately:
# swapon /swapfile1

e) To activate /swapfile1 after Linux system reboot, add entry to /etc/fstab file. Open this file using text editor such as vi:
# vi /etc/fstab

Append following line:
/swapfile1 swap swap defaults 0 0

So next time Linux comes up after reboot, it enables the new swap file for you automatically.

g) How do I verify swap is activated or not?
Simply use free command:
$ free -m

OID 11g Installation

This post will detail the installation of Oracle Internet Directory 11.1.1.5.0.


Before starting the installation refer to the below links:
1. Link for certification matrix of OFM 11g
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html


2. Pre-requisites for installation of OID:
http://download.oracle.com/docs/html/E18558_01/fusion_requirements.htm#BABEFJBE 


Check these prior to installing OID:
 a) Make sure you have all the OS packages listed in Section 4 are installed. To do so execute:
    #rpm -q rpmName command will print the package name, version and release number of installed package 'pkgName'.

 b) The minimum open file limit required for the installation is 4096. To change open file limit login as root and edit the /etc/security/limits.conf file. Add the following two lines:

* soft  nofile  4096
* hard  nofile  4096

Then reboot the machine




Softwares required for the installation:
1. Oracle Weblogic Server 10.3.5
2. Oracle Database 11.2.0.1.0
3. Oracle Identity Management Installer 11.1.1.0
4. Oracle Identity Management Patchset 11.1.1.5.0


Installation of Oracle Weblogic Server 10.3.4:
 1. Download the software from here  
 2. Execute "wls1035_oepe111172_linux32.bin" file
 3. Specify the path of Middleware Home directory and click on next

 4. Select the Installation Type as Custom and click on next

             
 5. Select the Oracle Coherence component of WLS also and click on next

 6. Select the JDK type and click on next.

7. Give the installation path for Weblogic server and Oracle Coherence and click on Next

8. Installer will show the components to be installed and disk space required. Verify the details and Click Next to continue.

9. Installation progress screen will be shown

10. Click on Done to finish the installation

Next

OID-EUS Tips

Database privileges which cannot be assigned directly to roles

•  Assigning any privilege with “WITH GRANT OPTION”
•  INDEX privilege 
•  REFERENCES privilege.
• SYSDBA

These can be assigned only to users and assigning them to a user in DB and defining proxy for the user worked fine.

We cannot implement SYSDBA privilege for 10g or earlier versions of database through EUS. This feature is introduced in 11g database.

 To implement:

  1. Add the entry "cn=<sid>,cn=OracleContext,dc=com,GLOBAL_ROLE=SYSDBA" similar to other entries in uniquemember attribute of the enterprise role in OID using ldap commands.

 2. Make sure LDAP_DIRECTORY_SYSAUTH parameter is set to YES in the target database where EUS is enabled. This parameter is introduced in 11g and this tells the database to authenticate superuser against directory.

  # Present value of the parameter can be found by:

        sql>select * from v$parameter where name='LDAP_DIRECTORY_SYSAUTH';

 # If the value of this parameter is set to NO, then change the parameter value to YES by running:

        sql> alter system set LDAP_DIRECTORY_SYSAUTH='YES' scope=spfile

        sql> startup force; (to restart database)

PS: LDAP_DIRECTORY_SYSAUTH is not a dynamic parameter, so alter it through spfile and restart the database.