RE: Help with 10g AS and OID
- To: "Oracle-L" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 11 Jan 2006 13:42:29 -0600
George! My Brother in pain!
I tried in vain to get OiD 3.0.1 (Oracle 9.0.1) to work. Since that
post was back in the FatCity days, here's what I had to say to the list
on April 8, 2002:
--
OiD! After several weeks of pain, here's what I've learned:
1) Create your database(s) manually. The GUI creates the traditional
"the least we need to get it going without a real DBA" database. Note
159031.1 on Metalink will guide you thru the basic create.
2) If you intend on using replication (a good idea), study up on Oracle
ASR, but realize that OiD doesn't use ASR in the traditional way, at
least
according to Oracle Support. In other words, if OiD has problems
replicating, it's an OiD problem and not an ASR problem, as far as
Oracle
Support is concerned.
3) According to Oracle Support, you cannot use hot backups as a
reliable means of backup/recovery for OiD in a replicated environment.
While I agree with their reasoning in theory, I believe that a good DBA
(and
me, too!) can still use it, but with care on the recovery. For more
info,
see the OiD Admin Guide.
4) Speaking of the OiD Admin Guide: Read it, learn it, study it, know
it. All 688 pages of it. The concepts in there are KEY! The one that
burned me is the concept of a Remote Definition Site (RDS). You're
"primary" server is the MDS (Master Definition Site). We tried to treat
our
second "backup" OiD server as a read-only. Don't do it. Treat all other
replication nodes as RDSs. It will save you tons of headaches.
5) Why isn't "RDS" mentioned specifically in the OiD Admin Guide?
Because of a lack of coherent documentation. Lookup all the articles you
can on Metalink regarding OiD. Some haven't been updated for v3, but
they're still good.
6) Do not use any version below 3.0.1 of OiD, which requires (and comes
with) Oracle 9i. We had too many bugs, especially in the OiD
Administrator
program with v2.x.
7) Use Linux. There are some nasty little gotchas in NT/2000 that I
really despise (keep reading).
8) Only use an Oracle Certified platform and version of the OS. Oracle
Support will have a cow udderwise.
9+) Use scripts to startup and shutdown OiD. If you try and do it
manually and shut the oidmon down before the LDAP and replication
daemons,
the daemons won't shutdown. On Linux, you can restart the oidmon, and
the
daemons should shutdown, but on NT/2000 they will hang there forever
until
you re-freaking-boot. Who writes this crap? There's no rebooting on
Linux/Unix! I haven't tried OiD on Unix (I think OiD v3's available on
HP/Solaris), so I can't say what'll happen there. As an aside, many OiD
tools are Unix/Linux shell script, which are not directly available on
Windohs. Just another reason to avoid Windows for OiD.
10) I just started to test moving from ONames to OiD. Apparently
there's no way to create the "OracleContext" LDAP tree manually, so
you've
got to use the Oracle Net Config Assist ("netca"). I'm trying to
determine
if the "update" it does to the OiD DBs schwanzes up the rest of OiD
first
before continuing.
---
For more in-depth notes on these headaches, check out Oracle BUG 2369181
on MetaLink.
I have no idea what to do here. Oracle Names doesn't work reliably even
with 9.2.0.7.0 clients (we have BUG 4910066 for that) and I have *ZERO*
confidence in replicated OiD. Logistically, I can't keep 500+
TNSNAMES.ORAs worldwide synchronized. I would really like to know how
"Enterprises" deal with this. I have a feeling there are more George
Johnsons and Rich Jesses out there than satisfied customers confident of
their Oracle Networking.
Back to upgrading...
Rich
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Johnson, George
Sent: Wednesday, January 11, 2006 1:51 AM
To: Oracle-L
Subject: RE: Help with 10g AS and OID
We are currently in our implementation phase and it is
the biggest PITA going. We are going for full 4 site, 8 server
replication with DR fallbacks, complete with full Sign-On and Active
Directory integration. Oracle support and consultancy in the UK have
been absolutely useless, given next to support or guidance, sent us down
dead-end routes and I have sneaking suspicion have been using us a test
bed to see if this works. We have even had to write our own AD password
syncing DLL to put password changes from AD to OID because 9i DB's can't
support the Kerberos authentication that AD, OID and 10g DBs will
support, although Oracle assured us it works fine! Oh and we have just
upgraded a 9i to 10g, which screwed the OID repository up as you are
supposed to un-register before you upgrade then re-register afterwards,
otherwise you lose all the security settings for that DB! Once this SSO
"works" will be moving the TNS lookups into it, please spare me a
prayer! Other than that, it's fine!
Thanks for letting me get that off my chest!
Seriously, as with all things that can impact the
business, before you start letting management/sec. officer types get
sold on this central management/SSO stuff, take a serious long look at
what you want and do some very thorough research, we have been seriously
burned by Oracle over the OID stuff.
Rgds
--
http://www.freelists.org/webpage/oracle-l
Other related posts: