5 Installing and Configuring Oracle DIP and ODSM

This chapter describes how to install and configure Oracle Directory Integration Platform (DIP) and Oracle Directory Services Manager (ODSM).

This chapter includes the following topics:

Section 5.1, "Extending the Oracle WebLogic Domain with DIP and ODSM"
Section 5.2, "Expanding the DIP and ODSM Cluster"
Section 5.3, "Validating the Application Tier Configuration"
Section 5.4, "Backing Up the Application Tier Configuration"

5.1 Extending the Oracle WebLogic Domain with DIP and ODSM

The application tier consists of multiple computers hosting the Oracle Directory Integration Platform, Oracle Directory Services Manager, and Oracle Access Manager instances. In the complete configuration, requests are balanced among the instances on the application tier computers to create a performant and fault tolerant application environment.

Note:

Oracle Directory Integration Platform uses Quartz to maintain its jobs and schedules in the database. For the Quartz jobs to be run on different Oracle Directory Integration Platform nodes in a cluster, it is recommended that the system clocks on the cluster nodes be synchronized.

Follow these steps to install and configure Oracle Directory Integration Platform and Oracle Directory Services Manager on IDMHOST1:

Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
Ensure that port 7006 is not in use by any service on the computer by issuing these commands for the operating system you are using. If a port is not in use, no output is returned from the command.

On UNIX:
```
netstat -an | grep "7006"
```
If the port is in use (if the command returns output identifying the port), you must free it.

On UNIX:

Remove the entries for port 7006 in the /etc/services file and restart the services, or restart the computer.
Copy the staticports.ini file from the Disk1/stage/Response directory to a temporary directory.
Edit the staticports.ini file that you copied to the temporary directory to assign the following custom port:
```
# The port for ODSM Server port
ODS Server Port No = 7006
```
Start the Oracle Identity Management 11g Configuration Assistant by running the config.sh script located under the ORACLE_HOME/bin directory on IDMHOST1. For example:
```
/u01/app/oracle/product/fmw/idm/bin/config.sh
```
On the Welcome screen, click Next.
On the Select Domain screen, select Extend Existing Domain and enter the domain details:
- Host Name: idmhost1.mycompany.com
- Port: 7001
- User Name: weblogic
- User Password: <enter user password>
Click Next.
On the Specify Installation Location screen, specify the following values (the values for the Oracle Middleware Home Location and the Oracle Home Directory fields are prefilled. The values default to the Middleware Home and Oracle Home previously installed on IDMHOST1 in Section 3.2, "Configuring the WebLogic Server Domain on IDMHOST1":
- Oracle Middleware Home Location:
```
/u01/app/oracle/product/fmw
```
- Oracle Home Directory: idm
- WebLogic Server Directory:
```
/u01/app/oracle/product/fmw/wlserver_10.3
```
- Oracle Instance Location:
```
/u01/app/oracle/admin/idm_inst1
```
- Oracle Instance Name:
```
idm_inst1
```
Click Next.
On the Specify Email for Security Updates screen, specify these values:
- Email Address: Provide the email address for your My Oracle Support account.
- Oracle Support Password: Provide the password for your My Oracle Support account.
- Check the checkbox next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, select Oracle Directory Integration Platform, Management Components - Oracle Directory Services Manager and deselect all the other components.

Select the Clustered check box.

Click Next.
On the Configure Ports screen, select Specify Ports Using Configuration File and enter the full pathname to the staticports.ini file that you edited in the temporary directory

Click Next.
On the Specify OID Details screen, specify the following:
- Hostname: oid.mycompany.com
- Port: 389
- Username: cn=orcladmin
- Password: ******
Click Next.
On the Specify Schema Database screen, specify the following values:
- Connect String:
```
infradbhost1-vip.mycompany.com:1521:idmdb1^infradbhost2-vip.mycompany.com:1521:idmdb2@idmedg.mycompany.com
```
  Note:
  The RAC database connect string information needs to be provided in the format host1:port1:instance1^host2:port2:instance2@servicename.
  During this installation, it is not required for all the RAC instances to be up. If one RAC instance is up, the installation can proceed.
  
  It is required that the information provided above is complete and accurate. Specifically, the correct host, port, and instance name must be provided for each RAC instance, and the service name provided must be configured for all the specified RAC instances.
  
  Any incorrect information entered in the RAC database connect string has to be corrected manually after the installation.
- User Name: ODSSM
- Password: ******
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Configure.
On the Configuration Progress screen, multiple configuration assistants are launched in succession; this process can be lengthy. Wait until it completes.
On the Installation Complete screen, click Finish to confirm your choice to exit.

5.2 Expanding the DIP and ODSM Cluster

The following sections include the steps for extending the WebLogic Server Domain on IDMHOST2:

Section 5.2.1, "Install and Configure DIP and ODSM on IDMHOST2"
Section 5.2.2, "Post-Installation Steps"

5.2.1 Install and Configure DIP and ODSM on IDMHOST2

Follow these steps to install and configure Oracle Directory Integration Platform and Oracle Directory Service Manager on IDMHOST2:

Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
Ensure that port number 7006 is not in use by any service on the computer by issuing this command for the operating system you are using. If a port is not in use, no output is returned from the command.

On UNIX:
```
netstat -an | grep "7006"
```
If the port is in use (if the command returns output identifying the port), you must free it.

On UNIX:

Remove the entries for port 7006 in the /etc/services file if the port is in use by a service and restart the services, or restart the computer.
Copy the staticports.ini file from the Disk1/stage/Response directory to a temporary directory.
Edit the staticports.ini file that you copied to the temporary directory to assign the following custom port:
```
#The port for ODSM Server port
ODS Server Port No: 7006
```
Start the Oracle Identity Management 11g Installer as follows:

On UNIX, issue this command: runInstaller

The runInstaller file is in the ../install/platform directory where platform is a platform such as Linux or Solaris.

The Specify Oracle Inventory screen is displayed.
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:

Specify the Inventory Directory: /u01/app/oraInventory

Operating System Group Name: oinstall

A dialog box appears with the following message:

"Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option"

Login as root and run the "/u01/app/oraInventory/createCentralInventory.sh"

This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, make sure to check and see:
1. If the /etc/oraInst file exists
2. If the file exists, the Inventory directory listed is valid
3. The user performing the installation has write permissions for the Inventory directory
On the Welcome screen, click Next.
On the Select Installation Type screen, select Install and Configure and then click Next.
On the Prerequisite Checks screen, the installer completes the prerequisite checks. If any fail, please fix them and restart your Installation.

Click Next.
On the Select Domain screen, select the Expand Cluster option and specify these values:
- Hostname: idmhost1.mycompany.com
- Port: 7001
- UserName: weblogic
- User Password: <Enter the password for the webLogic user>
Click Next.
On the Specify Installation Location screen, specify these values:
- Oracle Middleware Home Location:
```
/u01/app/oracle/product/fmw
```
- Oracle Home Directory: idm
- WebLogic Server Directory:
```
/u01/app/oracle/product/fmw/wlserver_10.3
```
- Oracle Instance Location:
```
/u01/app/oracle/admin/idm_inst2
```
- Oracle Instance Name: idm_inst2
Click Next.
On the Email for Security Updates screen, specify these values:
- Email Address: Provide the email address for your My Oracle Support account.
- Oracle Support Password: Provide the password for your My Oracle Support account.
- Check the checkbox next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, de-select all the products except Oracle DIP and Management Components and then click Next.
On the Configure Ports screen, select Specify Ports Using Configuration File and enter the full pathname to the staticports.ini file that you edited in the temporary directory.

Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
On the Installation Progress screen on UNIX systems, a dialog box appears that prompts you to run the oracleRoot.sh script. Open a window, log in as root, and run the script, following the prompts in the window.

Click Next.
On the Configuration Progress screen, multiple configuration assistants are launched in succession; this process can be lengthy. Wait until it completes.
On the Installation Complete screen, click Finish to confirm your choice to exit.

5.2.2 Post-Installation Steps

In the previous section, the installer created a second Managed Server, wls_ods2 on IDMHOST2. However, the Oracle Directory Integration Platform application is not deployed on IDMHOST2 and the newly created Managed Server is not automatically started. Also, the WebLogic Administration Console shows the state of the wls_od2 Managed Server on IDMHOST2 as UNKNOWN.

Follow the post-installation steps in this section to complete the installation and configuration of the Oracle Directory Integration Platform and Oracle Directory Services Manager applications on IDMHOST2.

5.2.2.1 Copy the DIP Application from IDMHOST1 to IDMHOST2

Follow these steps to copy the Oracle Directory Integration Platform application from IDMHOST1 to IDMHOST2:

On IDMHOST2, create the following directory structure:

MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods2/stage/DIP/11.1.1.1.0

For example:

mkdir -p MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods2/stage/DIP/11.1.1.1.0/

Copy the DIP directory from IDMHOST1 to IDMHOST2.

Copy the following directory on IDMHOST1:

MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods1/stage/DIP/11.1.1.1.0/DIP

to the following location on IDMHOST2:

MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods2/stage/DIP/11.1.1.1.0/

For example, from IDMHOST1, execute this command:

scp -rp MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods1/stage/
DIP/11.1.1.1.0/DIP user@IDMHOST2://MW_HOME/user_projects/domains/IDMDomain/
servers/wls_ods2/stage/DIP/11.1.1.1.0

5.2.2.2 Set the Lis ten Address for the Managed Servers

Set the listen address for the WLS_ODS1 and WLS_ODS2 Managed Servers to the host name of their respective nodes using the Oracle WebLogic Administration Server:

Using a web browser, bring up the Oracle WebLogic Administration Server console and log in using the weblogic user credentials.
In the left pane of the WebLogic Administration Server Console, click Lock & Edit to edit the server configuration.
In the left pane of the WebLogic Server Administration Console, expand Environment and select Servers.
On the Summary of Servers page, click on the link for the wls_ods1 Managed Server.
On the Settings page for the wls_ods1 Managed Server, update the Listen Address to idmhost1.mycompany.com. This is the host name of the server where wls_ods1 is running.
Click Save to save the configuration.
Repeat steps 2 to 6 to update the Listen Address for the wls_ods2 Managed Server to idmhost2.mycompany.com. This is host name of the server where wls_ods2 is running.
Click Activate Changes to update the server configuration.

5.2.2.3 Start the wls_ods2 Managed Server on IDMHOST2

Follow these steps to start the newly created wls_ods2 Managed Server in a cluster on IDMHOST2:

In the left pane of the Oracle WebLogic Server Administration Console, expand Environment and select Clusters.
Select the cluster (cluster_ods) containing the Managed Server (wls_ods2) you want to start.
Select Control.
Under Managed Server Instances in this Cluster, select the check box next to the Managed Server (wls_ods2) you want to start and click Start.
On the Server Life Cycle Assistant page, click Yes to confirm.

Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.

5.3 Validating the Application Tier Configuration

This section includes steps for validating Oracle Directory Services Manager and Oracle Directory Integration Platform.

5.3.1 Validating Oracle Directory Services Manager

Follow these steps to validate the Oracle Directory Services Manager installation:

Bring up the Oracle Directory Services Manager (ODSM) Administration Console in a web browser. The URL to access the ODSM Administration Console is:
```
http://hostname.mycompany.com:port/odsm/faces.odsm.jspx
```
For example, on IDMHOST1, enter this URL:
```
http://idmhost1.mycompany.com:7006/odsm/faces/odsm.jspx
```
And on IDMHOST2, enter this URL:
```
http://idmhost2.mycompany.com:7006/odsm/faces/odsm.jspx
```
Validate that Oracle Directory Services Manager can create connections to Oracle Internet Directory and Oracle Virtual Directory. Follow these steps to create connections to Oracle Internet Directory and Oracle Virtual Directory:

To create connections to Oracle Internet Directory, follow these steps:
1. Launch Oracle Directory Services Manager from IDMHOST1:
```
http://idmhost1.mycompany.com:7006/odsm/faces/odsm.jspx
```
2. Create a connection to the Oracle Internet Directory virtual host by providing the information shown below in the ODSM Console:
```
Host: oid.mycompany.com
Port: 636
Enable the SSL option
User: cn=orcladmin
Password: <ldap-password>
```
To create connections to Oracle Virtual Directory, follow these steps. Create connections to each Oracle Virtual Directory node separately. Using the Oracle Virtual Directory load balancer virtual host from the ODSM Console is not supported:
1. Launch Oracle Directory Services Manager from IDMHOST1:
```
http://idmhost1.mycompany.com:7006/odsm/faces/odsm.jspx
```
2. Create a direct connection to Oracle Virtual Directory on OVDHOST1 providing the information shown below in the ODSM Console:
```
Host: ovdhost1.mycompany.com
Port: 8899  (The Oracle Virtual Directory proxy port)
Enable the SSL option
User: cn=orcladmin
Password: <ldap-password>
```

5.3.2 Validating Oracle Directory Integration Platform

Validate the Oracle Directory Integration Platform installation by using the WLST dipStatus command. To run this command, follow these steps:

Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries. For example:
```
export ORACLE_HOME=/u01/app/oracle/product/fmw/idm
```
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server. For example:
```
export WLS_HOME=/u01/app/oracle/product/fmw/wlserver_10.3
```

Run the ORACLE_HOME/bin/dipStatus -h hostName -p port -D wlsuser command.

For example, on IDMHOST1, the command and output look like this:

ORACLE_HOME/bin/dipStatus -h idmhost1.mycompany.com -p 7006 -D weblogic
[Weblogic user password]
Connection parameters initialized.
Connecting at idmhost1.mycompany.com:7006, with userid "weblogic"..
Connected successfully.

ODIP Application is active at this host and port.

For example, on IDMHOST2, the command and output look like this:

ORACLE_HOME/bin/dipStatus -h idmhost2.mycompany.com -p 7006 -D weblogic
[Weblogic user password]
Connection parameters initialized.
Connecting at idmhost2.mycompany.com:7006, with userid "weblogic"..
Connected successfully.

ODIP Application is active at this host and port.

5.4 Backing Up the Applic ation Tier Configuration

It is an Oracle best practices recommendation to create a backup file after successfully completing the installation and configuration of each tier or a logical point. Create a backup of the installation after verifying that the install so far is successful. This is a quick backup for the express purpose of immediate restore in case of problems in later steps. The backup destination is the local disk. This backup can be discarded once the enterprise deployment setup is complete. After the enterprise deployment setup is complete, the regular deployment-specific Backup and Recovery process can be initiated. More details are described in the Oracle Fusion Middleware Administrator's Guide.

For information on database backups, refer to the Oracle Database Backup and Recovery User's Guide.

To back up the installation to this point, follow these steps:

Back up the application tier:
1. Shut down the instance using opmnctl located under the ORACLE_INSTANCE/bin directory:
```
ORACLE_INSTANCE/bin/opmnctl stopall
```
2. Create a backup of the Middleware Home on the application tier as the root user:
```
tar -cvpf BACKUP_LOCATION/apptier.tar MW_HOME
```
3. Create a backup of the Instance Home on the application tier as the root user:
```
tar -cvpf BACKUP_LOCATION/instance_backup.tar ORACLE_INSTANCE
```
4. Start up the instance using opmnctl located under the ORACLE_INSTANCE/bin directory:
```
ORACLE_INSTANCE/bin/opmnctl startall
```
Perform a full database backup (either a hot or cold backup). Oracle recommends that you use Oracle Recovery Manager. An operating system tool such as tar can be used for cold backups.
Back up the Administration Server domain directory. This saves your domain configuration. The configuration files all exist under the MW_HOME/user_projects/domains/domainName directory:
```
IDMHOST1> tar cvf edgdomainback.tar MW_HOME/user_projects/domains/domainName
```
Note:
Create backups on all machines in the application tier by following the steps shown above.

For information about backing up the application tier configuration, see Section 10.4, "Performing Backups and Recoveries."