(1 votes, average: 1.00 out of 5)
Loading...Contents
Installing and configuring OUD Directory
Setup OUD user/group account
groupadd oud; useradd -g oud oud
Modify /etc/hosts
Make sure the FQDN is first in /etc/hosts
Create ZFS file systems
zfs create rpool/export/home/oud zfs create -o mountpoint=/oud rpool/oud zfs create -o mountpoint=/installs rpool/installs mkdir /installs/OUD
Configure proper owner
cd ~oud cp /root/.bashrc . ln -s .bashrc .bash_profile chown -R oud:oud ~oud echo "export JAVA_HOME=/usr/java" >> ~oud/.bashrc chmod 777 /installs chown -R oud:oud /installs chown -R oud:oud /oud/
Install needed packages
pkg install --accept pkg://solaris/SUNWxwplt java jdk-6 jdk pkg:/developer/xopen/xcu4 make gnu-make ucb
Configure passwords
passwd oud
OS Tuning
Create S50Net-Tunes.sh
vi Net-Tunes.sh
echo "Applying the fowling IP tuning" set -x ndd -set /dev/ip ip_forward_directed_broadcasts 0 ndd -set /dev/ip ip_forward_src_routed 0 ndd -set /dev/ip ip_ignore_redirect 1 ndd -set /dev/ip ip_ire_arp_interval 60000 ndd -set /dev/ip ip_respond_to_echo_broadcast 0 ndd -set /dev/ip ip_respond_to_timestamp 0 ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0 ndd -set /dev/ip ip_send_redirects 0 # Directory Server Tuning ndd -set /dev/tcp tcp_time_wait_interval 30000 ndd -set /dev/tcp tcp_conn_req_max_q 4096 ndd -set /dev/tcp tcp_keepalive_interval 600000 ndd -set /dev/tcp tcp_rexmit_interval_initial 500 ndd -set /dev/tcp tcp_smallest_anon_port 8192 ndd -set /dev/tcp tcp_deferred_ack_interval 5 set +x
chmod +x Net-Tunes.sh chown root:sys Net-Tunes.sh cd /etc/rc2.d/ ln -s /etc/init.d/Net-Tunes.sh S50Net-Tunes.sh
Copy and extract files
scp V37478-01.zip oud@ldap1:/installs/ cd /installs/OUD;unzip -qq ../V37478-01.zip
Install OUD Directory
Note: Make sure to sue java 1.7.0_17-b02 for all products (included in sol11.1/SRU-6.0.4).
Options at installtion
./runInstaller -jreLoc /usr/javaSelect the options – like below.
Inventory Directory: /oud/oraInventory
Group: oud
/oud/oraInventory/createCentralInventory.sh
skip regster
OUD Base: /oud/Oracle/Middleware
Oracle Home: Oracle_OUD1
Before configuring / create certificate
Generate self signed certificate
keytool -genkeypair -alias ldap1 -keyalg rsa -keysize 2048 -validity 3560 -dname "cn=ldap1.domain.com" -keystore /oud/certs/ldap1.jks -storetype JKS ldap1.jks -v
Get DSEE certifcate(s)
Note The below steps are not needed any more, since we accept the remote LDAP certificate at configure time.
dsadm show-cert -F ascii /ldap1/ldap_inst1/ldap/ defaultCert > ldap1-cert-ascii keytool -importcert -alias ldap1 -file ldap1-cert-ascii -keystore ldap1.jks -storetype JCEKS -storepass password
Verify key
keytool -list -alias ldap1 -keystore ldap1.jks -storetype JCEKS -storepass password -v
Configuring OUD Directory
Install the DS by running oud-setup
ssh -X oud@ldap1 /oud/Oracle/Middleware/Oracle_OUD1/oud-setup
Select the certificate
Select the certificate generate in /oud/certs
Note The certificate format used was/is jks, select that.
Enter the cn=diretcory manager password
First OUD Directory instance setup
Make sure to check this is part of a replication topology
Select port 8989 & check SSL
Add the new configured server to ODSM console
Add the new configured server to ODSM and login.
All the other OUD directory’s
Check there is alrady a server in the topology
Enter one of the server names and port
Note: Accept the SSL certificate of all servers permanently
- Set memory size:
Min: 256
Max: 2048
Complete the configuration
Complete configuration
Configure OUD to allow conflicting schema checking
Configure OUD to allow conflicting structural objectclasses
/oud/Oracle/Middleware/asinst_2/OUD/bin/dsconfig set-global-configuration-prop --set single-structural-objectclass-behavior:accept -n -j /tmp/pw.txtMore settings and information cohabitation odsee oud schema checking
Add an SMTP alert handler
First enable / configure a server SMTP
/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -h localhost -p 4444 -D "cn=directory manager" -j /tmp/pw.txt -n set-global-configuration-prop --set smtp-server:localhost --trustAll
Add in ODSM an SMTP alert ahndler
Add an SMTP alert handler
Name: SMTP OUD-Alerts
Email: admin@domain.com
How to start and stop the servers
As the OUD user just run
To start an instance
/oud/Oracle/Middleware/asinst_1/OUD/bin/start-ds
To stop an instance
/oud/Oracle/Middleware/asinst_1/OUD/bin/stop-ds
OUD tips and tricks
To list all index’s
/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -X list-local-db-indexes --element-name userRoot
To add a new index
Create new index with equality/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -X create-local-db-index --element-name userRoot --index-name Ext1 --set index-type:equalityAdd substring to the index
/oud/Oracle/Middleware/asinst_1/OUD/bin/dsconfig -X set-local-db-index-prop --element-name userRoot --index-name Ext1 --add index-type:substring
How to fully re-index (restart required)
/oud/Oracle/Middleware/asinst_1/OUD/bin/rebuild-index --baseDN dc=domain,dc=com --rebuildAll
OUD LDAP code list
Appendix A
How to create a self signed certificate in pkcs#12
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout odsm1.pem -out odsm1.pem --- Country Name (2 letter code) []:US State or Province Name (full name) []:New-York Locality Name (eg, city) []:NY Organization Name (eg, company) []:Org Name Organizational Unit Name (eg, section) []:Org Unit Name Common Name (e.g. server FQDN or YOUR name) []:odsm1.domain.com Email Address []:user@domain.com --- # Convert & store the certifacke with a password openssl pkcs12 -export -out odsm1.pfx -in odsm1.pem -name odsm1 scp odsm1.p* oud@odsm1:/installs mkdir /oud/Oracle/Middleware/asinst_1/OUD/keys cp /installs/*ld*.p* /oud/Oracle/Middleware/asinst_1/OUD/keys chown -R oud:oud /oud/Oracle/Middleware/asinst_1/OUD/keys # use odsm1.pfx as pkcs12 file, add pin-password from pkcs certifacte Replectaion port 8989 (default) Directory Base: dc=domain,dc=com check Enable for Fusion Application change: Inital Memory: 256 Max Memory: 1024 Complete.....