RE: Configuration of Oracle LDAP for network resolution

• From: "Goulet, Richard" <Richard.Goulet@xxxxxxxxxxx>
• To: <fnmpa@xxxxxxx>, <gil.cota@xxxxxxxxxx>
• Date: Wed, 16 Sep 2009 13:12:22 -0400

While we're on the question of LDAP, does anyone know the keywords to
extract security certificate information from LDAP?  Particularly
Common_Name, Email Address, and expiration date. 


Dick Goulet
Senior Oracle DBA/NA Team Lead
PAREXEL International

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Mark Anderson
Sent: Wednesday, September 16, 2009 12:52 PM
To: gil.cota@xxxxxxxxxx
Cc: 'oracle-l'
Subject: Re: Configuration of Oracle LDAP for network resolution

Gil,

If I understand you correctly, you will want both iAS 10.1.2.3 and 
Identity Management 10.1.4.3. They will work together; the Application 
Server will serve out Identity Management to your LDAP clients. You will

also, as you are no doubt aware, need a database instance nearby for 
Identity Management to store the identity information in (service names,

IP addresses, port numbers).

N.B. You can't get CPU patches for iAS 10.1.2.0.2 or 10.1.2.2.0 anymore,

and I believe July was the last CPU patch for Identity Management 
10.1.4.2 -- that's why I mention the specific versions above.

According to my notes, this is what I did when we set up Oracle Internet

Directory for network resolution. The versions of software referenced in

my notes are outdated now, and you may not be using HP-UX as we are, but

this may get you started if you consult the corresponding 
current-version documents for your OS.

1. I created a 10.2.0.3.0 database in its own $ORACLE_HOME. The default 
OID installation creates a database instance (I think 10.1.0.5.0) in the

Application Server + Identity Management $ORACLE_HOME but we chose to 
use the optional separate database so that we could upgrade and patch 
that database on the same schedule as our other databases, rather than 
on a schedule dictated by the availability of Application Server + 
Identity Management upgrades and patches.

2. I created a new instance of the Metadata Repository Creation 
Assistant and used it to create a metadata repository in the target 
database (ref: "Oracle Application Server Metadata Repository Creation 
Assistant User's Guide, 10g (10.1.4.0.1) for Microsoft Windows", 
Sections 1.6.1 "Run the Prerequisite Check Tool", 2.1 "Installing in a 
Database that Uses the File System" and 4.7 "Removing OracleAS Metadata 
Repository Using the cleanMR Script"). The metadata repository is the 
set of schemas where the identity information will be stored. The 
Metadata Repository Creation Assistant will only be used to create the 
schemas; then you will throw it away because it has no other function 
than to help with the OID installation. I used the Windows MRCA only 
because the HP-UX 10.1.4.0.1 MRCA was documented to be broken by Oracle.

Your MRCA connects to the database over the network and does not care if

the database is running on a different OS.

3. I installed a new instance of OID 10.1.4.0.1 + iAS 10.1.2 iAS in its 
own new $ORACLE_HOME, separate from the database $ORACLE_HOME. I told 
OID to use the metadata repository I had just created in the previous 
step. (ref: "Oracle Application Server Installation Guide, 10g Release 2

(10.1.2) for HP-UX Itanium", Sections 3.8 "Environment Variables", 5.3 
"Order of Installation for the Infrastructure", 5.25 "Installing Oracle 
Internet Directory Only", 5.27 "Install Fragment: The First Few Screens 
of the Installation" and 5.28 "Install Fragment: The Last Few Screens of

the Installation".

4. This step is probably not directly applicable to you. We exported the

identity information for our various databases from a preexisting OID at

localhost:389 ...

$ORACLE_HOME/bin/ldapsearch -h localhost -p 389 -b dc=alaska,dc=edu 
"objectclass=orclNetService" > OIDP_names_load.ldif

... and imported the connect information into the freshly created target

OID at localhost:10010:

$ORACLE_HOME/bin/ldapadd -c -v -D cn=orcladmin -w "<orclAdmin password>"

-h localhost -p 10010 -f OIDP_names_load.ldif > ldapadd.out


(Ref: Metalink Doc ID 436998.1 "Considerations For Migrating Entries 
 From One OID To Another", section "TO MIGRATE CUSTOM DATABASE
ENTRIES").


The original source for our identity information was Oracle Names, but I

was not involved in the extraction of identity information from Names 
and have no notes for it. The step above was the extraction of the 
identity information from a flawed OID installation into which the Names

information had been loaded, and the import of that OID data into a 
correctly constructed OID instance.

Good luck,

Mark

Gil Cota wrote:
>
> Hi all,
>
> I'm trying to configure an Oracle LDAP for network resolution, What 
> software should I use ? (Oracle iAS 1.2.0.2 or Identity Management ? )
>
> Does anyone have a document that can guide me step by step ?
>
> Thanks and Regards,
>
> Gil
>

--
//www.freelists.org/webpage/oracle-l


--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: Configuration of Oracle LDAP for network resolution
    • From: Bill Ferguson

• References:
  • Oracle-Apps 11.5.9 on Solaris 10
    • From: Avadhani mys
  • Configuration of Oracle LDAP for network resolution
    • From: Gil Cota
  • Re: Configuration of Oracle LDAP for network resolution
    • From: Mark Anderson

Other related posts:

• » Configuration of Oracle LDAP for network resolution- Gil Cota
• » RE: Configuration of Oracle LDAP for network resolution- Bobak, Mark
• » Re: Configuration of Oracle LDAP for network resolution- Mark Anderson
• » RE: Configuration of Oracle LDAP for network resolution - Goulet, Richard
• » Re: Configuration of Oracle LDAP for network resolution- Bill Ferguson

1. Home
2. oracle-l
3. Archive
4. 09-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---