Advertisements
RSS

Tag Archives: OID

Oracle Internet Directory – various reminders

08 Nov

A customer uses Oracle Internet Directory as secondary LDAP. Changes to the OID structure are performed using LDAP Data Interchange Format (LDIF) scripts.

Creating users in OID with LDIF scripts:
command: ldapadd -c -h servername -p 389 -D cn=orcladmin -w myPassword -f createUsers.ldif
script:

cn=jdoe,cn=Users,dc=myDivision,dc=myCompany
cn=jdoe
sn=jdoe
objectclass=top
objectclass=person
objectclass=organizationalPerson
objectclass=inetorgPerson
objectclass=orclUserV2
description=John Doe

userpassword=welcome2011
mail=john.doe@mycompany.com

Creating groups in OID with LDIF scripts:
command: ldapadd -c -h servername -p 389 -D cn=orcladmin -w myPassword -f createGroups.ldif
script:

cn=MyGroup,cn=groups,dc=myDivision,dc=myCompany
cn=MyGroup
objectclass=top
objectclass=orclGroup
objectclass=groupOfUniqueNames
owner=cn=orcladmin

displayname=MyGroup
description=My Script Created Group
orclisvisible=true

Remove members from groups in OID with LDIF scripts:
command: ldapmodify -c -h servername -p 389 -D cn=orcladmin -w myPassword -f removeMembersFromGroup.ldif
script:

dn: cn=myGroup,cn=groups,dc=myDivision,dc=myCompany
changetype: modify
delete: uniquemember

Add members to groups in OID with LDIF scripts:
command: ldapmodify -c -h servername -p 389 -D cn=orcladmin -w myPassword -f addMembersToGroup.ldif
script:

dn: cn=myGroup,cn=groups,dc=myDivision,dc=myCompany
changetype: modify
add: uniquemember
uniquemember: cn=jdoe,cn=Users,dc=myDivision,dc=myCompany
uniquemember: cn=user2,cn=Users,dc=myDivision,dc=myCompany
uniquemember: cn=user3,cn=Users,dc=myDivision,dc=myCompany

Disable users in OID with LDIF scripts:
command: ldapmodify -c -h servername -p 389 -D cn=orcladmin -w myPassword -f DisableUsers.ldif
script:


cn=jdoe,cn=Users,dc=myDivision,dc=myCompany
changetype: modify
orclisenabled :DISABLED

 

BecauseĀ I find the ODSM console not always satisfying, I use the following SQL queries to retrieve some information:

View Oracle Directory Services change log in Oracle Database with SQL:

select * from ods_chg_log

View Oracle Directory Services Users membership in Oracle Database with SQL:

SELECT * FROM ct_hrch_query WHERE attrvalue LIKE 'cn=jdoe%'
Advertisements
 
Leave a comment

Posted by on 08-11-2011 in OID, Oracle

 

Tags: ,

Oracle Identity Management installation error

22 May

>When trying to install Oracle Internet Directory on Windows 2008 R2 the installation fails during the configuration process. The installer screen displays “Start Oracle Internet Directory: Failed.

The oidmon.log shows the following error:
[SomeDateTime] [OID] [NOTIFICATION:16] [] [OIDMON] [host: SOMEHOST] [pid: 2011] [tid: 0] Guardian: gsldda_DeleteEntry:gsldfgGetEntryID Error..1010

Which Oracle Support website recognizes as (DocID=1286775.1):

Prior to performing the config.bat process the Administrator of the Windows Server 2008 Release 2 server should:
– Install a Microsoft Loopback Adapter

The following are the steps performed on Microsoft Windows 2008 Release 2:
Start -> Computer -> Right-click, Properties -> Device Manager -> Computer Name, Right-click, Add Legacy Hardware -> Next -> Install the hardware I manually select from a list -> Next -> Network Adapters -> Microsoft on the right, Loopback adapter on the left -> Next
At this point you should be prepared to run the config.bat process.

Sadly this doesnt solve our issue. Which could be explained by the fact that this Support ID says it only happens to DHCP clients and this is not the case in our situation.

So we continue and find that the oidldap.log shows:

[SomeDateTime] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: SomeHost] [pid: 1000] [tid: 0] Main:: Exec of OIDLDAPD failed with error
[SomeDateTime] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: SomeHost] [pid: 1000] [tid: 0] Main:: FATAL : DispatcherController : OS -1 : Error creating server pool

Which points us in the direction of this Oracle Forums post by NIrving.

And indeed our sqlnet.log file is filled with errors like:
Directory does not exist for read/write […OracleHome\idm1113\Oracle_IDM1\log]

For some weird reason the “log” folder does not exist in this installation. Which is weird because we didnt have problems with this on other identical servers and installation. I just blame Windows Server OS because it’s evil. ;-)
And just simply create the “log” folder fixes this weird bug.

 
2 Comments

Posted by on 22-05-2011 in OID, OIM, Oracle

 

Tags: , ,