|
Oracle® Application Server 10g Installation Guide
10g (9.0.4) for hp HP-UX PA-RISC (64-bit) and Linux x86 Part No. B10842-03 |
|
|
|
|
Oracle® Application Server 10g Installation Guide
10g (9.0.4) for hp HP-UX PA-RISC (64-bit) and Linux x86 Part No. B10842-03 |
|
|
|
|
Contents:
Section 3.1, "Compatibility with Release 2 (9.0.2) and Release 2 (9.0.3)"
Section 3.3, "10g (9.0.4) Metadata Repository Against a 9.0.2 Infrastructure"
Section 3.5, "10g (9.0.4) Middle Tiers and 9.0.2 Infrastructure"
Section 3.6, "9.0.2/9.0.3/10g (9.0.4) Middle Tiers, 10g (9.0.4) Identity Management"
10g (9.0.4) can interoperate with 9.0.2 and 9.0.3 in the following ways:
Middle tiers from 10g (9.0.4) can use a 9.0.2 infrastructure. A 9.0.2 infrastructure can support middle tiers from 9.0.2, 9.0.3, and 10g (9.0.4). If you want to run different releases of middle tiers against a 9.0.2 infrastructure, read Section 3.5, "10g (9.0.4) Middle Tiers and 9.0.2 Infrastructure".
Note that 9.0.2 or 9.0.3 middle tiers cannot use a 10g (9.0.4) OracleAS Metadata Repository, but they can use 10g (9.0.4) Identity Management components. See Table 3-1 for details.
For J2EE and Web Cache middle tiers in OracleAS Clusters, database-managed or file-based, all the members of an OracleAS Cluster must be of the same release (for example, all from 10g (9.0.4)). You cannot mix releases within an OracleAS Cluster. You can cluster only J2EE and Web Cache middle tier types.
Table 3-1 shows a compatibility matrix for Oracle Application Server releases.
Notes about the table:
The "OracleAS Metadata Repository" column refers to all schemas in the metadata repository except for the schemas for Oracle Internet Directory and OracleAS Single Sign-On.
The "Identity Management" column refers to the Identity Management components, plus schemas for Oracle Internet Directory and OracleAS Single Sign-On.
Table 3-1 Oracle Application Server Compatibility Matrix
| Oracle Application Server Middle Tier |
OracleAS Metadata Repository
|
Identity Management
|
Supported? | See: |
|---|---|---|---|---|
| 9.0.2 or 9.0.3 | 9.0.2 | 9.0.2 | Yes | Oracle9i Application Server Installation Guide for Release 2 (9.0.2) |
| 9.0.2 or 9.0.3 | 9.0.2 | 10g (9.0.4)
|
Yes | Section 3.6, "9.0.2/9.0.3/10g (9.0.4) Middle Tiers, 10g (9.0.4) Identity Management"
|
| 9.0.2 or 9.0.3 | 10g (9.0.4)
|
9.0.2 | No | n/a |
| 9.0.2 or 9.0.3 | 10g (9.0.4)
|
10g (9.0.4)
|
No | n/a |
| 10g (9.0.4)
|
9.0.2 | 9.0.2 | Yes | Section 3.5, "10g (9.0.4) Middle Tiers and 9.0.2 Infrastructure"
|
| 10g (9.0.4)
|
9.0.2 | 10g (9.0.4)
|
Yes | Section 3.6, "9.0.2/9.0.3/10g (9.0.4) Middle Tiers, 10g (9.0.4) Identity Management"
|
| 10g (9.0.4)
|
10g (9.0.4)
|
9.0.2 | Yes | Section 3.4, "10g (9.0.4) Middle Tiers, 10g (9.0.4) Metadata Repository, and 9.0.2 Identity Management"
|
| 10g (9.0.4)
|
10g (9.0.4)
|
10g (9.0.4)
|
Yes | This guide |
If you want to upgrade to 10g (9.0.4), see the Oracle Application Server 10g Upgrading to 10g (9.0.4) guide.
This section describes the known issues and workarounds that you should be aware of when you have a configuration that includes different versions (9.0.2, 9.0.3, and 10g (9.0.4)) of application server instances. Table 3-2 lists the issues and the configurations in which they occur:
Table 3-2 Interoperability Issues and the Configurations in Which They Appear
In 9.0.2 and 9.0.3, the installer assigns port 1810 to the Oracle Enterprise Manager Web Site, regardless of whether or not the port is already in use. If the computer where you plan to install the 9.0.2/9.0.3 instances already has a 10g (9.0.4) instance, the Oracle Enterprise Manager Application Server Control component for the 10g (9.0.4) instance might already be using port 1810.
|
Tip: In 10g (9.0.4), you can specify custom port numbers to use for each component. See Section 4.4.2, "Using Custom Port Numbers (the "Static Ports" Feature)".For the Application Server Control component, you might want to specify a port other than 1810, so that the 9.0.2 and 9.0.3 instances can use port 1810. |
For the case where Oracle Enterprise Manager 9.0.2/9.0.3 and 10g (9.0.4) are configured on the same port (1810), you can change the port used by the 10g (9.0.4) Oracle Enterprise Manager to a different port. You can then run both Oracle Enterprise Managers at the same time. To change the port on the 10g (9.0.4) Oracle Enterprise Manager, perform these steps:
In the 10g (9.0.4) home, edit the ORACLE_HOME/sysman/j2ee/config/emd-web-site.xml file and change the port value from 1810 to an unused port. The following example sets the port to 1814:
<web-site host="[ALL]" port="1814" display-name="Oracle Enterprise Manager iAS Console Website" secure="false">
If the 9.0.2/9.0.3 instance is using 1810, it is also likely that the instance is using port 1811 for RMI operations. With the 9.0.2/9.0.3 Oracle Enterprise Manager running, check which port in the 1810-1829 range is unused, and use this value.
You can run the netstat command to determine which ports are in use. The following example checks if port 1814 is in use.
prompt> netstat -n | grep 1814
Also in the 10g (9.0.4) home, enter the same port number in the ORACLE_HOME/sysman/emd/targets.xml file. The port number is specified in the StandaloneConsoleURL property of the oracle_ias target.
<Target TYPE="oracle_ias" NAME="infra.myhost.oracle.com" VERSION="1.0">
... lines not shown ...
<Property NAME="StandaloneConsoleURL"
VALUE="http://myhost.oracle.com:1814/emd/console"/>
Once you have updated these two files, you can run BOTH the 9.0.2/9.0.3 and 10g (9.0.4) Oracle Enterprise Managers at the same time.
If you have installed OracleAS Portal against a 9.0.2 metadata repository (see Section 3.5, "10g (9.0.4) Middle Tiers and 9.0.2 Infrastructure"), you have to run the OracleAS Upgrade Assistant before you can access the OracleAS Portal using the 10g (9.0.4) middle tier URL. See the Oracle Application Server 10g Upgrading to 10g (9.0.4) for details on how to run the Upgrade Assistant.
If you do not run the Upgrade Assistant, you can access Portal using the 9.0.2 middle tier URL.
An exception to this case is if no 9.0.2 middle tier was ever installed against the 9.0.2 metadata repository. In this case, since the 10g (9.0.4) middle tier is the first middle tier to be installed against the 9.0.2 metadata repository, you can access OracleAS Portal without running the Upgrade Assistant.
This error occurs in configurations that meet ALL these conditions:
A 10g (9.0.4) Business Intelligence and Forms middle tier, including the OracleAS Forms Services component, and a 9.0.2 infrastructure are running on the same computer.
You use the Internet Explorer browser to access a form.
The form needs to redirect to Oracle Delegated Administration Services to create a resource dynamically (because you entered a resource that does not yet exist).
If you meet all these conditions, you would see the FRM-92102 error when you access a form. The Forms Services application is unable to create a session after Oracle Delegated Administration Services created the resource.
If you access the same form again from a different browser, the resource now exists (the Oracle Delegated Administration Services component does not have to create it dynamically again), and you can now access the form successfully.
To avoid this error, you can install the instances on different computers, use Netscape instead of Internet Explorer to access the form, or ensure that the resources already exist.
Although the farm pages in Oracle Enterprise Manager for 9.0.2 or 9.0.3 instances contain links to the 10g (9.0.4) instances, the links are not valid. You cannot use Oracle Enterprise Manager from 9.0.2 or 9.0.3 to manage 10g (9.0.4) instances.
To manage the 10g (9.0.4) instances, use the Oracle Enterprise Manager Application Server Control for 10g (9.0.4).
If you run the dcmctl getState command from a 10g (9.0.4) instance to get information on a 9.0.2 or 9.0.3 instance, you would get an ADMN-604104 error:
prompt> dcmctl getState -i name_of_902_or_903_instance ADMN-604104 Unable to connect to the OPMN process to obtain process status table
To get information on 9.0.2 or 9.0.3 instances using the dcmctl command, use the 9.0.2 or 9.0.3 dcmctl command.
Configuration: 10g (9.0.4) middle tier, 9.0.2 infrastructure (see Section 3.5, "10g (9.0.4) Middle Tiers and 9.0.2 Infrastructure")
If you click the servlet link (inquiry, publishing, or subscription) on the UDDI page (URL: http://host:port/uddi), you will get a "500 Internal Server Error" because UDDI from the 10g (9.0.4) middle tier requires a 10g (9.0.4) OracleAS Metadata Repository.
Configuration: 10g (9.0.4) middle tier, 9.0.2 infrastructure (see Section 3.5, "10g (9.0.4) Middle Tiers and 9.0.2 Infrastructure")
You might see incorrect user resources listed in the "Resource Access Information" section in the "Edit User" page of Oracle Delegated Administration Services (URL: http://host:port/oiddas). If you view the page for different users, the page might still show the resources for the first user you viewed.
To ensure the page is displaying the correct list of resources for a user, make sure that the user is the first user you view after logging into Oracle Delegated Administration Services. If you are unsure, log out of Oracle Delegated Administration Services and log in again. Then immediately view the user whose properties you want to edit (without viewing other users).
Configuration: 9.0.2 Metadata Repository, 10g (9.0.4) Identity Management, 9.0.2 middle tier (see Section 3.6, "9.0.2/9.0.3/10g (9.0.4) Middle Tiers, 10g (9.0.4) Identity Management")
On the OracleAS Wireless page (URL: http://host:port/ptg/rm), if you add a name to the address book, the name link is not displayed. As a result, search results in no rows being found.
Configuration: 9.0.2 Metadata Repository, 9.0.2 Identity Management, middle tiers from 9.0.2, 9.0.3, and 10g (9.0.4) (see Section 3.5, "10g (9.0.4) Middle Tiers and 9.0.2 Infrastructure")
Oracle Enterprise Manager Application Server Control 10g (9.0.4) does not monitor 9.0.2.x or 9.0.3.x instances. You have to use Oracle Enterprise Manager 9.0.2 or 9.0.3 to manage these instances.
You can use Oracle Enterprise Manager 9.0.2.x (where x is 1 or later) or 9.0.3 to monitor 9.0.2.x (where x is 1 or later) or 9.0.3 instances. However you might not be able to view complete rollup metrics for 9.0.2.0 middle tiers from these Oracle Enterprise Managers. To fix this, upgrade the 9.0.2.0 middle tiers to the latest 9.0.2.x or 9.0.3.x versions. Version 9.0.3.x is applicable only to J2EE and Web Cache middle tier types.
When installing 10g (9.0.4) middle tiers against a 9.0.2 infrastructure, you will see error messages in the installer log files. These messages are due to compatibility problems.
Web clipping error messages due to WCRSYS schema not in the 9.0.2 metadata repository
Web clipping is a new feature in OracleAS Wireless 10g (9.0.4), and it requires the WCRSYS schema, which exists in OracleAS Metadata Repository 10g (9.0.4). This schema does not exist in earlier versions of the metadata repository.
In the log file ORACLE_HOME/j2ee/OC4J_Wireless/application-deployments/webclipping/OC4J_Wireless_default_island_1/application.log, you will see error messages such as:
webclipping-web: jsp: init webclipping-web: WARNING Use RAA to access Web Clipping Repository webclipping-web: FATAL Data Source to Wireless Web Clipping Repository cannot be initialized webclipping-web: WARNING An exception has occurred with the following message, set the log level to DEBUG to see the stack trace: Unable to retrieve the Schema password for base Schema WCRSYS from Oracle Internet Directory Server for the repository null. Please verify that the correct Oracle Internet Directory Server parameters are specified in /private/oracle/ias904bif/config/ias.properties. Make sure that the Oracle Internet Directory Server specified in OIDhost, OIDsslport is up and running. Base Exception : oracle.ias.repository.schema.SchemaException: Unable to retrieve Attributes for orclResourceName=WCRSYS, orclReferenceName=asdb.myhost.us.oracle.com,cn=IAS Infrastructure Databases, cn=IAS,cn=Products, cn=OracleContext from Oracle Internet Directory Server ldap://myhost.us.oracle.com:4031/. Base Exception : javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'orclResourceName=WCRSYS, orclReferenceName=asdb.myhost.us.oracle.com,cn=IAS Infrastructure Databases, cn=IAS, cn=Products, cn=OracleContext'
Web clipping error messages due to missing tables in the PORTAL schema
The Web Clipping Portlet is a new feature in OracleAS Portal 10g (9.0.4). It requires some tables in the PORTAL schema that are not in the 9.0.2 metadata repository.
In the log file ORACLE_HOME/j2ee/OC4J_Portal/application-deployments/portalTools/OC4J_Portal_default_island_1/application.log, you will see error messages such as:
webClipping: jsp: init webClipping: ServletLogger - Logging level: 3 webClipping: WARNING: Reconnecting Web Clipping Repository ... webClipping: WARNING: Use RAA to access Web Clipping Repository webClipping: ERROR: Exception occured in getting Obfuscation Key webClipping: ERROR: SQL Error Code = "6550" webClipping: WARNING: ORA-06550: line 4, column 46: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line 4, column 5: PL/SQL: SQL Statement ignored java.sql.SQLException: ORA-06550: line 4, column 46: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line 4, column 5: PL/SQL: SQL Statement ignored
This configuration is used by the configuration described in Section 3.4, "10g (9.0.4) Middle Tiers, 10g (9.0.4) Metadata Repository, and 9.0.2 Identity Management".
Figure 3-1 shows a 10g (9.0.4) middle tier using a 10g (9.0.4) metadata repository. In this setup, you have two metadata repositories: the 9.0.2 repository from the 9.0.2 infrastructure, and the 10g (9.0.4) repository, which you have to install before you can install the middle tier.
Figure 3-1 10g (9.0.4) Middle Tier Using 10g (9.0.4) Metadata Repository for its Product Metadata
To create this setup, you need to perform these steps:
Install the 9.0.2 Oracle9iAS Infrastructure if you are not already running it.
Perform these procedures:
Install the 10g (9.0.4) metadata repository.
See Section 6.19, "Installing OracleAS Metadata Repository in a New Database".
Install the 10g (9.0.4) middle tier.
See Section 7.9, "Installing J2EE and Web Cache with OracleAS Database-Based Cluster and Identity Management Access" or Section 7.13, "Installing Portal and Wireless or Business Intelligence and Forms", depending on which middle tier type you want.
Before installing a 10g (9.0.4) middle tier or a 10g (9.0.4) metadata repository against a 9.0.2 infrastructure, you need to update an entry in the 9.0.2 Oracle Internet Directory. You can do this in one of two ways.
Use the imconfig.sh script, located on the OracleAS RepCA and Utilities CD-ROM. See Section 3.4.3.1, "Using the imconfig.sh Script" for details.
Update the entry manually, as explained in Section 3.4.3.2, "Updating an Entry in the 9.0.2 Oracle Internet Directory Manually".
Both of these methods are equivalent but by running the imconfig.sh script, you save time and reduce the possibility of errors.
Follow these steps to update an entry in the 9.0.2 Oracle Internet Directory using the imconfig.sh script. This script is located in the OracleAS RepCA and Utilities CD-ROM, in the utilities/imconfig directory.
Ensure that the following requirements are met:
The ORACLE_HOME environment variable points to the 9.0.2 infrastructure home directory used by Oracle9iAS Single Sign-On.
The Oracle Internet Directory server is running.
The 9.0.2 infrastructure database and listener used by Oracle9iAS Single Sign-On are running.
Run the imconfig.sh script on the computer where the 9.0.2 Oracle9iAS Single Sign-On is installed. Use the following command:
prompt> imconfig.sh -902 -h ldaphost -p ldapPort -D ldapDN -w ldapPwd -oh oracleHome
Values you need to provide:
ldaphost - name of the computer running the 9.0.2 Oracle Internet Directory. Example: dbmachine.mydomain.com.
ldapPort - port number on which the 9.0.2 Oracle Internet Directory is listening. Example: 389.
ldapDN - DN of the Oracle Internet Directory user. Example: "cn=orcladmin".
ldapPwd - password for the Oracle Internet Directory user.
oracleHome - Oracle home directory for the 9.0.2 infrastructure database used by Oracle9iAS Single Sign-On.
Optional parameter you can specify:
-ssl - specify this parameter if ldapPort is an SSL port.
You can also update an entry in the 9.0.2 Oracle Internet Directory manually, by following these steps:
Ensure that the following requirements are met:
The ORACLE_HOME environment variable points to the 9.0.2 infrastructure home directory.
The Oracle Internet Directory server is running.
The database and listener are running.
Determine the global name of the 9.0.2 infrastructure database used by Oracle9iAS Single Sign-On.
This value is stored in the ColocatedDBCommonName field in the ORACLE_HOME/config/ias.properties file, where ORACLE_HOME is the Oracle home directory for the 9.0.2 infrastructure. If you distributed the infrastructure components over multiple computers, use the ORACLE_HOME where you configured Oracle9iAS Single Sign-On.
For example, the line in the ias.properties file might look like this:
ColocatedDBCommonName=asdb.mydomain.com
Determine the distinguished name (DN) for the database retrieved in the previous step (step 2). To do this, run this command (all on one line):
prompt> $ORACLE_HOME/bin/ldapsearch -h oidhostname -p oidport -D cn=orcladmin -w passwd -b "cn=oraclecontext" -s sub orcldbglobalname=globaldbname dn
This command returns the DN for the database. The DN looks something like: cn=ASDB,cn=OracleContext. You need this DN value in the next step (step 4).
Values you need to provide:
oidhostname - name of the computer running Oracle Internet Directory. Example: dbmachine.mydomain.com.
oidport - port number on which Oracle Internet Directory is listening. Example: 389.
passwd - password for the cn=orcladmin user.
globaldbname - global database name, retrieved in step 2. Example: asdb.mydomain.com.
Using a text editor, such as vi or emacs, create a file called addSeealso.ldif with the following lines (note: if you split long lines over several lines, make sure the continuation lines begin with a space or a tab character):
dn: orclApplicationCommonName=
ORASSO_SSOSERVER,cn=SSO,cn=Products,cn=OracleContext
changetype: modify
replace: seealso
seealso: DN of database
On the last line, replace DN of database with the DN of the infrastructure database (for example, cn=ASDB,cn=OracleContext). You determined this value from the previous step.
Run the following command to update the entry in Oracle Internet Directory (all on one line):
prompt> $ORACLE_HOME/bin/ldapmodify -h oidhostname -p oidport -D cn=orcladmin -w passwd -f addSeealso.ldif
Values you need to provide:
oidhostname - name of the computer running Oracle Internet Directory. Example: dbmachine.mydomain.com.
oidport - port number on which Oracle Internet Directory is listening. Example: 389.
passwd - password for the cn=orcladmin user.
Run the following command to verify that the entry was added (all on one line):
prompt> $ORACLE_HOME/bin/ldapsearch -h oidhostname -p oidport -D cn=orcladmin -w passwd
-b "orclApplicationCommonName=ORASSO_SSOSERVER,cn=SSO,
cn=Products,cn=OracleContext" "objectclass=*" seealso
The command returns these lines:
orclApplicationCommonName=ORASSO_SSOSERVER,cn=SSO,cn=Products, cn=OracleContext seealso=DN_of_database
Before installing the first 10g (9.0.4) middle tier that contains OracleAS Wireless, you need to shut down all 9.0.2 middle tiers that are running Oracle9iAS Wireless, if any.
After installing the first 10g (9.0.4) middle tier, you can start up the 9.0.2 middle tiers.
You can install subsequent 10g (9.0.4) middle tiers without shutting down any 9.0.2 or 10g (9.0.4) middle tiers.
If you plan to use the Wireless component from both 9.0.2 and 10g (9.0.4) releases against a 9.0.2 metadata repository, you need to perform these steps:
(optional) Back up the WIRELESS schema in the 9.0.2 metadata repository.
This step is recommended because when you install the OracleAS Wireless 10g (9.0.4) middle tier (in the next step), the Wireless Configuration Assistant upgrades the WIRELESS schema in the 9.0.2 metadata repository to 10g (9.0.4).
Reasons for backing up the schema include:
If you decide later that you do not need to use OracleAS Wireless 10g (9.0.4) and need Oracle9iAS Wireless 9.0.2 only, you can restore the schema.
If the schema upgrade fails for any reason (for example, network or hardware errors), you can restore the schema.
Install a 10g (9.0.4) middle tier (Portal and Wireless, or Business Intelligence and Forms) against the 9.0.2 infrastructure. This step upgrades the WIRELESS schema to 10g (9.0.4).
Upgrade the existing Oracle9iAS Wireless 9.0.2 middle tiers to version 9.0.2.8.0 or later. Earlier versions of Oracle9iAS Wireless are not compatible with the 10g (9.0.4) WIRELESS schema.
The steps in detail:
Back up the WIRELESS schema in the 9.0.2 metadata repository.
You can do this using the Export database utility.
prompt> exp system/password@service_name file=iasw902.dmp owner=WIRELESS
Values you need to provide:
password - password of the SYSTEM account.
service_name - local net service name that points to the 9.0.2 metadata repository, for example, asdb.
This creates a database export file called iasw902.dmp with the contents of the WIRELESS schema.
Install a 10g (9.0.4) middle tier (Portal and Wireless, or Business Intelligence and Forms) against the 9.0.2 infrastructure. See Section 7.13, "Installing Portal and Wireless or Business Intelligence and Forms" for details.
The first time you install OracleAS Wireless 10g (9.0.4) against a 9.0.2 metadata repository, the Wireless Configuration Assistant upgrades the WIRELESS schema to 10g (9.0.4). If you install additional OracleAS Wireless 10g (9.0.4) components against the same metadata repository, the configuration assistant detects that the schema is already upgraded and does not upgrade it again.
Upgrade the existing Oracle9iAS Wireless 9.0.2 middle tiers to version 9.0.2.8.0 or later. Currently, OracleMetaLink contains patches that enable you to upgrade to version 9.0.2.8.0 or 9.0.2.10.0.
To upgrade to version 9.0.2.8.0, apply one of these patches:
The Oracle9iAS Wireless 9.0.2.8.0 patch (2831134)
The Oracle9iAS 9.0.2.2.0 bundled patch set (2926973)
The Oracle9iAS 9.0.2.3.0 patch set (3038037)
To upgrade to version 9.0.2.10.0, apply the Oracle9iAS Wireless 9.0.2.10.0 patch (3174514).
You can download patches from OracleMetaLink: http://metalink.oracle.com.
If, after installing the OracleAS Wireless 10g (9.0.4), you decide that you do not want to use it and want to use Oracle9iAS Wireless 9.0.2 only, you can restore the 9.0.2 WIRELESS schema:
Remove all objects from the WIRELESS schema, which is now at version 10g (9.0.4), in the 9.0.2 metadata repository.
To do this, run the wirelessrm.sql script. The Oracle home refers to the Oracle home for the 10g (9.0.4) middle tier.
prompt> cd $ORACLE_HOME/wireless/repository/sql prompt> sqlplus system/password@service_name @wirelessrm.sql
Restore the 9.0.2 WIRELESS schema by importing the database export file created in step 1 of the previous procedure.
prompt> imp system/password@service_name file=iasw902.dmp fromuser=wireless touser=wireless
Figure 3-2 shows a 10g (9.0.4) middle tier using a 9.0.2 infrastructure (Metadata Repository and Identity Management).
Figure 3-2 10g (9.0.4) Middle Tier Using 9.0.2 Metadata Repository for its Product Metadata
For this setup, be aware of these issues:
To create this setup, you need to perform these steps:
Install the 9.0.2 Oracle9iAS Infrastructure if you are not already running it.
Perform these procedures:
Install the 10g (9.0.4) middle tier.
See Section 7.9, "Installing J2EE and Web Cache with OracleAS Database-Based Cluster and Identity Management Access" or Section 7.13, "Installing Portal and Wireless or Business Intelligence and Forms", depending on which middle tier type you want.
This section describes a configuration that consists of the following instances:
9.0.2/9.0.3 middle tiers, which require a 9.0.2 metadata repository
10g (9.0.4) Identity Management, which requires a 10g (9.0.4) metadata repository
Note that this configuration requires two metadata repositories: the 9.0.2 and 9.0.3 middle tiers use a 9.0.2 metadata repository, while the Identity Management components use a 10g (9.0.4) metadata repository.
Figure 3-3 shows this configuration:
Figure 3-3 Middle Tiers From 9.0.2/9.0.3 and Identity Management from 10g (9.0.4). Each Has Its Own Metadata Repository.
To arrive at this configuration:
First, arrive at a starting configuration that consists of an infrastructure 10g (9.0.4) and a 9.0.2 metadata repository. You can arrive at this starting configuration in one of two ways:
By upgrading a 9.0.2 infrastructure to 10g (9.0.4). See Section 3.6.2.1, "Arriving at the Starting Configuration by Upgrading".
By installing instances of the appropriate version. See Section 3.6.2.2, "Arriving at the Starting Configuration by Installing New Instances".
Then, install 9.0.2/9.0.3 middle tiers against the 9.0.2 metadata repository.
In this configuration, you cannot set up the 10g (9.0.4) Identity Management components (such as Oracle Internet Directory and OracleAS Single Sign-On) to run only in SSL mode. You have to run the Identity Management components in both SSL and non-SSL modes. This reason is that middle tiers from Release 2 (9.0.2 and 9.0.3) cannot work in SSL-only mode.
In this configuration, be aware of these issues:
You can arrive at the starting configuration by either upgrading a 9.0.2 installation or by installing all new instances.
Section 3.6.2.1, "Arriving at the Starting Configuration by Upgrading"
Section 3.6.2.2, "Arriving at the Starting Configuration by Installing New Instances"
Figure 3-4 shows arriving at the starting configuration by upgrading a 9.0.2 infrastructure.
Figure 3-4 Arriving at the Starting Configuration by Upgrading
To arrive at the starting configuration by upgrading (see Figure 3-4):
Install a 9.0.2 infrastructure.
Install a 9.0.2 metadata repository.
Upgrade the 9.0.2 infrastructure installed in step 1 to 10g (9.0.4). This gives you a 10g (9.0.4) Identity Management and a 10g (9.0.4) metadata repository.
Configure the upgraded 10g (9.0.4) Identity Management to work with 9.0.2/9.0.3 middle tiers. See one of these sections:
After you have arrived at the starting configuration, you can install 9.0.2/9.0.3 middle tiers. See Section 3.6.3, "Steps for Installing 9.0.2/9.0.3 Middle Tiers".
Figure 3-5 shows arriving at the starting configuration by installing new instances of the appropriate versions.
Figure 3-5 Arriving at the Starting Configuration by Installing New Instances
To arrive at the starting configuration by installing new instances:
Install OracleAS Infrastructure 10g (including Identity Management and OracleAS Metadata Repository).
See Section 6.17, "Installing OracleAS Infrastructure 10g" for steps.
Configure the 10g (9.0.4) Identity Management to work with 9.0.2 or 9.0.3 middle tiers. See one of these sections:
Install the metadata repository portion of the 9.0.2 Oracle9iAS Infrastructure, and point it to the 10g (9.0.4) Identity Management for the OracleAS Single Sign-On and Oracle Internet Directory components. See the Oracle9i Application Server Installation Guide for Release 2 (9.0.2).
After you have arrived at the starting configuration, you can install the 9.0.2/9.0.3 middle tiers. See Section 3.6.3, "Steps for Installing 9.0.2/9.0.3 Middle Tiers".
When you have the starting configuration, you can perform these steps to install 9.0.2/9.0.3 middle tiers:
Apply the following patches to the 9.0.2 Metadata Repository (installed in step 2 if you followed the upgrade path, installed in step 3 if you installed new instances).
Patch 3238095
Patchset 2517300 (for patching the database to 9.0.1.4, if your database is not already at that version)
Patch 2282201
Patch 2563444
You can download patches from OracleMetaLink (http://metalink.oracle.com). See the readme file for the patch for installation instructions.
Install the 9.0.2/9.0.3 middle tiers against the 9.0.2 metadata repository. For details, see the Oracle9i Application Server Installation Guide for Release 2 (9.0.2) or Release 2 (9.0.3).
(optional) Apply the following patches if you want Oracle9iAS Portal 9.0.2 to leverage multiple search bases for users and groups in OracleAS Infrastructure 10g.
For details on search bases, see the sections "Select the User Search Base" and "Select the Group Search Base" in the chapter "Considerations for Integrating with Third-Party Directories" in the Oracle Internet Directory Administrator's Guide.
Apply patch set 3038037 to the 9.0.2 middle tiers installed in the previous step. This patch set upgrades the middle tiers to 9.0.2.3.
Apply patch 2802414 to the 9.0.2 Metadata Repository.
Apply patches for upgrading the 9.0.2 Metadata Repository database to either 9.0.1.5 or 9.2.0.4, depending on which database series you are using. The dbms_ldap APIs, which are required to support multiple search bases for users and groups, require the upgraded database versions. See Section 10.2.1, "Database Version" for the patch numbers.
Follow these steps to update the 10g (9.0.4) Identity Management components, using the imconfig.sh script. This script is located on the "OracleAS RepCA and Utilities" CD-ROM, in the utilities/imconfig directory.
Ensure that the following requirements are met:
The ORACLE_HOME environment variable points to the 10g (9.0.4) infrastructure home directory used by OracleAS Single Sign-On.
The 10g (9.0.4) Oracle Internet Directory server is running.
The 10g (9.0.4) infrastructure database and listener are running.
Run the imconfig.sh script on the machine where the 10g (9.0.4) OracleAS Single Sign-On is installed. Use the following command:
prompt> imconfig.sh -10g -h ldaphost -p ldapPort -D ldapDN -w ldapPwd -oh oracleHome
Values you need to provide are:
ldaphost - name of the computer running the 10g (9.0.4) Oracle Internet Directory. Example: dbmachine.mydomain.com.
ldapPort - port number on which the 10g (9.0.4) Oracle Internet Directory is listening. Example: 389.
ldapDN - DN of the Oracle Internet Directory user. Example: "cn=orcladmin".
ldapPwd - password for the Oracle Internet Directory user.
oracleHome - Oracle home directory for the 10g (9.0.4) infrastructure database used by OracleAS Single Sign-On.
Optional parameter you can specify:
-ssl - specify this parameter if ldapPort is an SSL port.
The following preliminary steps are required to configure the 10g (9.0.4) Identity Management, before you can install 9.0.2 or 9.0.3 middle tiers:
Section 3.6.5.1, "Modify the iASAdmins Group in Oracle Internet Directory"
Section 3.6.5.2, "Update Access Policy for Metadata Repository Registration"
Section 3.6.5.3, "Update the ORASSO Schema in the Metadata Repository"
You can accomplish all of these steps much more easily by running the imconfig.sh script. See Section 3.6.4, "Configuring the 10g (9.0.4) Identity Management Using the imconfig.sh Script".
To modify the iASAdmins group in the 10g (9.0.4) Oracle Internet Directory so that 9.0.2 middle tiers can use it, perform the following procedure:
Create a text file to contain these lines, and name the file changeiASAdmins.ldif. Note: if you split long lines over several lines, make sure the continuation lines begin with a space or a tab character.
dn: cn=UserProxyPrivilege, cn=Groups,cn=oraclecontext changetype: modify replace: orclentrylevelaci orclentrylevelaci: access to entry by group="cn=iASAdmins,cn=Groups,cn=OracleContext" (browse, nodelete) by group="cn=Trusted Applications Admins, cn=Groups,cn=oraclecontext" (browse, nodelete) by dnattr=(owner) (browse,nodelete) by * (none) orclentrylevelaci: access to attr=(*) by group="cn=iASAdmins, cn=Groups,cn=OracleContext" (read,search,write,compare) by group="cn=Trusted Applications Admins, cn=Groups,cn=oraclecontext" (read, write, compare, search) by dnattr=(owner) (read,search,write,compare) by * (none)
Run the ldapmodify command on the LDIF file.
prompt> $ORACLE_HOME/bin/ldapmodify -h oidhostname -p oidport -D cn=orcladmin -w passwd -f changeiASAdmins.ldif
Values you need to provide:
oidhostname - name of the computer running Oracle Internet Directory. Example: dbmachine.mydomain.com.
oidport - port number on which Oracle Internet Directory is listening. Example: 389.
passwd - password for orcladmin. Example: welcome1.
To update the access policy in the 10g (9.0.4) Oracle Internet Directory so that 9.0.2 middle tiers can use it, perform the following procedure:
Determine the global database name of the 10g (9.0.4) OracleAS Metadata Repository used by OracleAS Single Sign-On. You will use this value in the next step.
This value is stored in the InfrastructureDBCommonName field in the ORACLE_HOME/config/ias.properties file, where ORACLE_HOME is the Oracle home directory for the 10g (9.0.4) OracleAS Metadata Repository used by OracleAS Single Sign-On.
For example, the line in the ias.properties file might look like this:
InfrastructureDBCommonName=asdb.mydomain.com
Create a text file to contain these lines, and name the file changeAccess.ldif.
On the first line, replace globalDatabaseName with the global name of your database determined in step 1. Note: if you split long lines over several lines, make sure the continuation lines begin with a space or a tab character.
dn: orclReferenceName=globalDatabaseName,cn=IAS Infrastructure Databases,cn=IAS,cn=Products,cn=oraclecontext changetype: modify replace: orclentrylevelaci orclentrylevelaci: access to entry by dn=".*,cn=IAS Instances, cn=IAS, cn=Products,cn=oraclecontext" (browse, noadd, nodelete) by * (none) orclentrylevelaci: access to attr=(*) by dn=".*,cn=IAS Instances, cn=IAS,cn=Products,cn=oraclecontext" (search, read, nowrite) by * (none)
Run the LDIF file using ldapmodify command:
prompt> $ORACLE_HOME/bin/ldapmodify -h oidhostname -p oidport -D cn=orcladmin -w passwd -f changeAccess.ldif
Values you need to provide:
oidhostname - name of the computer running Oracle Internet Directory. Example: dbmachine.mydomain.com.
oidport - port number on which Oracle Internet Directory is listening. Example: 389.
passwd - password for orcladmin. Example: welcome1.
You need to update some values in the ORASSO schema in the 10g (9.0.4) OracleAS Metadata Repository used by OracleAS Single Sign-On.
Determine the password for the ORASSO schema.
prompt> $ORACLE_HOME/bin/ldapsearch -h oidhostname -p oidport -D cn=orcladmin -w passwd -b "orclReferenceName=globalDatabaseName,cn=IAS Infrastructure Databases, cn=IAS,cn=Products,cn=oraclecontext" "orclresourcename=ORASSO" orclpasswordattribute
Values you need to provide:
oidhostname - name of the computer running Oracle Internet Directory. Example: dbmachine.mydomain.com.
oidport - port number on which Oracle Internet Directory is listening. Example: 389.
passwd - password for orcladmin. Example: welcome1.
globalDatabaseName - global database name for the metadata repository used by the 10g (9.0.4) OracleAS Single Sign-On. See step 1 in the previous procedure for instructions on how to determine this value. Example: asdb.mydomain.com.
Run the following command in SQL*Plus.
prompt> sqlplus orasso/passwd
SQL> begin wwsso_oid_integration.setdbconnect(’ssodb_hostname’,
’ssodb_port’, ’ssodb_sid’) ; end;
SQL> /
SQL> exit;
Values you need to provide:
passwd - password for the ORASSO schema, determined in step 1.
ssodb_hostname - name of the computer running the metadata repository used by the 10g (9.0.4) OracleAS Single Sign-On. Note that you need to enclose this value in single quotes. Example: ’dbmachine.mydomain.com’.
ssodb_port - port number on which the metadata repository is listening. Note that you need to enclose this value in single quotes. Example: ’1521’.
ssodb_sid - SID of the metadata repository. Note that you need to enclose this value in single quotes. Example: ’asdb’.
