How to Install Oracle Unified directory(OUD), ODSM and DIP

Note: To make installation easy – install VNC and work over vnc (temporarily)

pkg install tigervnc xvnc

Install OUD directory

Note: Make sure to select enable DIP at OUD install time First install and configure a basic OUD installation, as described in Installing and configuring OUD Directory Note: ID sync is being migrated to Oracle Directory Interrogation Platform (ODIP) Note 2: For DIP Install the full fusion middleware packages, select Do not configure. Allow conflicting structural objectclasses – compatible with ODSEE

1. /oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig set-global-configuration-prop –set single-structural-objectclass-behavior:accept -n -j /tmp/pw.txt
2. /oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig set-attribute-syntax-prop –syntax-name Directory\ String –set allow-zero-length-values:true -n -j /tmp/pw.txt
3. /oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig set-password-policy-prop –policy-name “Default Password Policy” –set allow-pre-encoded-passwords:true -n -j /tmp/pw.txt

Install weblogic server

Download from Oracle weblogic server 10.3.6 scp wls1036_generic.jar oud@odsm1:/installs weblogic download cd /installs java -d64 -jar ./wls1036_generic.jar Middleware Home: /oud/Oracle/Middleware Un-check security box (say stay uninformed), wait till it times out. After timing out (trying to connect) – select custom install leave all defaults Un-check the box – Do not configure at the complete screen

Install Oracle ADF 11.1.1.6

Download ADF (Application Development Framework) from here ADF download scp ofm_appdev_generic_11.1.1.6.0_disk1_1of1.zip oud@odsm1:/installs unzip -qq ofm_appdev_generic_11.1.1.6.0_disk1_1of1.zip ./runInstaller -jreLoc /usr/java Skip regster & updates Set the Oracle Home: Oracle_IDM1 Leave all default options

Oracle DIP Installation

Note: You can skip The IDM installation if you don’t plan to use DIP Download the full Middleware package from edelivery.oracle.com and install IDM instillation options scp V29880-01.zip oud@odsm1:/installs Note: Make sure to select Do not configure mkdir /installs/IDM cd /installs/IDM unzip -qq ../V29880-01.zip cd Disk1 ./runInstaller Skip regster Select Do Not Configure Leave the default location Un-check updates Complete install

Configuring weblogic

Configure environment variables

Note: You can skip The environment variables if you don’t plan to use DIP (add to .bashrc)<p>

export JAVA_HOME=/usr/jdk/instances/jdk1.7.0
export ORACLE_HOME=/oud/Oracle/Middleware/Oracle_IDM1
export WL_HOME=/oud/Oracle/Middleware/wlserver_10.3
export MW_HOME=/oud/Oracle/Middleware
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/oud/Oracle/Middleware/Oracle_IDM1/opmn/lib:/oud/Oracle/Middleware/Oracle_IDM1/lib

Complete the weblogic configure script

Run the below script /oud/Oracle/Middleware/oracle_common/common/bin/config.sh Choose New Domain Select OEM, ODSM, DIP Note: DIP will only be in the list of selection if it was installed Change selection to production mode Change (from weblogic) user to admin For jdk leave the default check, Administration Server and Managed Servers, Clusters, and Machines, deployment server check secure (port 7006, or 7002) Under, cluster, click next Under, Unix Machine tab, Click on Add, under name, specify the real hostname. click Next Under assign machine, assign the Administration Server and the Managed server, click next OBSOLETE – Check the box next to DIP Click Create or extend(if extend an existing domain) Note If configuring DIP, follow the post install process

Start weblogic in this order

Note: Run this only before the first startup /oud/Oracle/Middleware/oracle_common/common/bin/setNMProps.sh mkdir -p /oud/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/security cd /oud/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/security echo “username:weblogic” > boot.properties echo “password:password” >>boot.properties

Before starting weblogic

Make sure the OUD directory is up, if not start it /oud/Oracle/Middleware/Oracle_OUD1/bin/start-ds

To start weblogic

Start weblogic node manager first (needed for DIP)

cd /oud/Oracle/Middleware/wlserver_10.3/server/bin nohup ./startNodeManager.sh &

start weblogic domain

Note: To increase memory size modify/change from 512 to 2048 on setDomainEnv.sh cd /oud/Oracle/Middleware/user_projects/domains/base_domain/bin nohup ./startWebLogic.sh &

Start weblogic DIP process

Note: Follow this post install process before running this To start wls_ods1, manged node

• Note: To AutoStart DIP Managed server

mkdir -p /oud/Oracle/Middleware/user_projects/domains/base_domain/servers/wls_ods1/security echo “username:weblogic” > boot.properties echo “password:password” >>boot.properties cd /oud/Oracle/Middleware/user_projects/domains/base_domain/bin nohup ./startManagedWebLogic.sh wls_ods1 &

DIP post install

Once the instances are up and running this cd /oud/Oracle/Middleware/Oracle_IDM1/bin ./dipConfigurator Enter WLS Admin Server Host Name : dip1.domain.com Enter WLS Admin Server Port : 7001 Enter username to contact WebLogic Server : admin [Enter password to contact WebLogic Server : ] Enter backend LDAP Server HostName : dip1.domain.com Enter backend LDAP Server Port : 1389 Enter username to contact LDAP server : cn=directory manager [Enter password to contact LDAP Server : ] Enter backend LDAP Server Admin Port : ‘4444 Enter SUFFIX to store DIP metadata : dc=domain,dc=com Note: Update with latest release cd /oud/Oracle/Middleware/Oracle_IDM1/bin ./dipConfigurator setup \ -wlshost dip1.domain.com \ -wlsport 7001 \ -wlsuser admin \ -ldaphost dip1.domain.com \ -ldapport 1389 \ -isldapssl false \ -ldapuser “cn=directory manager” \ -ldapadminport 4444 \ -isclustered false Note: restart the weblogic app server before starting instance wls_ods1 Create in DIP a copy of our OU structure

Adding privileges for DIP user to new OU structure

ldapmodify -h localhost -p 1389 -D "cn=directory manager" -w - <

Configuring certificates for DIP/weblogic


#Create keystore
keytool -genkeypair -alias dip1-wl -keyalg RSA -keysize 2048 -validity 3560 -dname "cn=dip1.domain.com" -keystore /oud/certs/dip1-wl.jks -keypass password -storetype JKS -storepass password

#Reeqest certficate
keytool -certreq -alias dip1-wl -keystore /oud/certs/dip1-wl.jks -storepass password -file dip1-wl.csr

# import CA
keytool -import -trustcacerts -alias root-ca -keystore /oud/certs/dip1-wl.jks -file dip1-ca.csr -storepass password

# import signed certficate
keytool -import -alias dip1-wl -keystore /oud/certs/dip1-wl.jks -file dip1-wl-signd.csr -keypass password -storepass password

#
Under each serevr Configuration > Keystores 
Use /oud/certs/dip1-wl.jks as identiy and trus 
Note: Could be two files, trust for ca, Identity for certficate, or use the same for both
Under SSL > 
Private Key Location dip1-wl

advcance >
Hostname Verification: -> none
check the box -> Use JSSE SSL:

To configure SSL From DIP to OUD
How to - https://docs.oracle.com/cd/E14571_01/admin.1111/e10031/odip_server.htm#OIMIG1349

 	
 First export the SSL certificate from OUD store

 	
 keytool -export -alias dip1 -file /tmp/dip1-ca-root.csr -rfc -keystore /oud/certs/dip1.jks -storetype JKS


 	
 Then import to new keystore as CA trusted

 	
 keytool -importcert -trustcacerts -alias oud-cert -file /tmp/dip1-ca-root.csr -keystore /oud/certs/dip1-dip2oud.jks
 	
 keytool -importcert -trustcacerts -alias ldap1 -file /tmp/ldap1-ca-root.csr -keystore /oud/certs/dip1-dip2oud.jks
 	
 Trust this certificate? [no]:  yes


 	
 Then set for DIP the keystore location

 	
 ./manageDIPServerConfig set -h localhost -p 7005 -D admin  -attr keystorelocation -val /oud/certs/dip1-dip2oud.jks


 	
 Then configure weblogic to work with this

 	
$ORACLE_HOME/common/bin/wlst.sh



connect('admin','password','t3://dip1.domain.com:7001')
createCred(map="dip", key="jksKey", user="jksuser",password="password")


 	
 Change DIP to use SSL mode 2

 	
./manageDIPServerConfig set -attribute sslmode -val 2 -h localhost -p 7005 -D "admin"


 	
 change DIP SSL port

 	
./manageDIPServerConfig set -attribute backendhostport -val localhost:1636 -h localhost -p 7005 -D "admin"



Reference for DIP SSL
https://jvzoggel.wordpress.com/2011/12/16/configuring-ssl-for-oracle-weblogic-and-ofmw/
http://theheat.dk/blog/?p=2059
https://blogs.oracle.com/wlscoherence/entry/create_a_self_signed_sertificate
Accessing ODSM and DIP
To access the Oracle Directory Service Manager console
https://odsm1.domain.com:7002/odsm

To access the DIP console
https://odsm1.domain.com:7002/em
System Auto startup Scripts
#!/bin/bash
 
#set -x
 
export JAVA_HOME=/usr/jdk/instances/jdk1.6.0
export ORACLE_HOME=/oud/Oracle/Middleware/Oracle_IDM1
export WL_HOME=/oud/Oracle/Middleware/wlserver_10.3
export MW_HOME=/oud/Oracle/Middleware
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/oud/Oracle/Middleware/Oracle_IDM1/opmn/lib:/oud/Oracle/Middleware/Oracle_IDM1/lib
 
case $1 in 
start)
        echo Start OUD directory
	su - oud -c "/oud/Oracle/Middleware/asinst_1/OUD/bin/start-ds -Q"
 
	echo Start Weblogic NodeManager
	su - oud -c "cd /oud/Oracle/Middleware/wlserver_10.3/server/bin;
	nohup ./startNodeManager.sh &"
 
	echo Start Weblogic 
	su - oud -c "cd /oud/Oracle/Middleware/user_projects/domains/base_domain/bin;
	nohup ./startWebLogic.sh &"
;;
stop)
        echo stop OUD directory
	su - oud -c "/oud/Oracle/Middleware/asinst_1/OUD/bin/stop-ds -Q"
 
	echo Stop Weblogic and Weblogic NodeManager
	pkill -U oud java
;;
 
*) echo "Usage: $0 [start|stop]"
;;
esac

To de-install Oracle ADF
To uninstall Oracle ADF
/oud/Oracle/Middleware/oracle_common/oui/bin/runInstaller -deinstall -jreLoc /usr/java
BUG workaround fixes
Fix for odsm / ADF bug issue
ODSM/DIP bug reference
/oud/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/tmp/_WL_user/odsm_11.1.1.5.0/d89dm9/war/skins/odsmSkin.css
References
OUD install and configuration
DIP admin documentation
Oracle Unified Directory Configuration Reference