Lets start to learn and understand some components of Oracle Fusion Middleware. I have tried to lay down the steps required for installing & configuring Oracle Identity & Access Management Suite 11gr2.
I will try to make it as simple as I can however if there is any clarification you can email me at nazim.sk@gmail.com OR nazim.shaikh@onlinedbasupport.com
Below is the list of products required for IDM Setup.
1) Oracle DB
2) RCU
3) Weblogic
4) JDK
5) SOA Suite
6) OID/IDM
7) OAM
8) WebTier OHS
9) WebGate
10) OIM Connectors — Optional can be downloaded later
11) Oracle Unified Directory — Optional can be downloaded later
Operating System – RHEL 5.8 x86-64 with 16 GB RAM and minimum i3 processor.
Download softwares from the link given below.
Oracle Database 11.2.0.1 –
http://download.oracle.com/otn/linux/oracle11g/R2/linux.x64_11gR2_database_1of2.zip
http://download.oracle.com/otn/linux/oracle11g/R2/linux.x64_11gR2_database_2of2.zip
SOA Suite 11.1.1.7.0 –
http://download.oracle.com/otn/nt/middleware/11g/111170/ofm_soa_generic_11.1.1.7.0_disk1_1of2.zip
http://download.oracle.com/otn/nt/middleware/11g/111170/ofm_soa_generic_11.1.1.7.0_disk1_2of2.zip
Oracle Identity Manager Connectors 11.1.2.2.0 –
Oracle Unified Directory 11g 11.1.2.2.0 –
Oracle Identity and Access Management 11g 11.1.2.2.0 –
https://edelivery.oracle.com/EPD/Download/process_download/V43017-01_1of2.zip?file_id=67310483&aru=17140818&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V43017-01_1of2.zip
https://edelivery.oracle.com/EPD/Download/process_download/V43017-01_2of2.zip?file_id=67310484&aru=17140818&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V43017-01_2of2.zip
Oracle Fusion Middleware Repository Creation Utility 11g 11.1.2.2.0 for Linux x86-64 –
Oracle Identity Management 11g Patch Set 6 (11.1.1.7.0) for Linux x86-64 –
Oracle Fusion Middleware Web Tier Utilities 11g Patch Set 6 (11.1.1.7.0) for Linux x86-64 –
Oracle WebLogic Server 11gR1 (10.3.6) Generic and Coherence –
Oracle Access Manager OHS 11g WebGates 11.1.2.2.0 –
———————————————————————————————————————
Lets start with Installing Oracle Database – 11.2.0.1
- Unzip the software to any location that has user privileges to run the setup (su – oracle)
- Start the Installer (runInstaller)
- Choose 1st option . Create and configure database. You can also choose Install database software only and later create a database using dbca.
- Choose System Class – Desktop / Server depending on your configuration. We chose Desktop
- Typical Install
- Provide Oracle base location,datafiles location,database name and password. Our DB Name is IDMDB
- Choose Characterset as UTF8 – Mandatory for IDM Setup
Post installation steps :
- Run root.sh as “root” user
- Prepare the database environment file
export ORACLE_BASE=/u01/oracle
export ORACLE_HOME=/u01/oracle/product/11.2.0.1
export PATH=$PATH:$ORACLE_HOME/bin
export ORACLE_SID=idmdb
export TNS_ADMIN=$ORACLE_HOME/network/admin - Tune the below parameters
ALTER system SET processes=1000 scope=spfile;
ALTER system SET sessions=1000 scope=spfile;
ALTER system SET open_cursors=1000 scope=spfile;
Execute RCU – 11.1.2.2 to create repository for IDM,OIM and OAM.
- su – oraidm
- Unzip rcu software
- Run rcu setup (/u01/rcuHome/bin) ./rcu
- Select create option
- Provide database credentials to establish a connection with the database server.
- From the selection component page, expand identity management and select OID,OIM, OAM. This will auto select other options as well (DEV_MDS,DEV_SOAINFRA,DEV_ORASDPM,DEV_IAU,DEV_OPSS)
- Set a password which will be used by these schemas. You can either provide separate passwords or same password to manage all.
- This will create the the schemas and corresponding tablespaces in the database.
Install Weblogic – 10.3.6
- Unzip custom JDK and set JAVA HOME.(File : jdk-6u45-linux-x64.bin)
export JAVA_HOME=/u01/jdk1.6.0_45
export PATH=$JAVA_HOME/bin:$PATH - Install weblogic using custom jdk 64 bit
- java -jar wls1036_generic.jar OR java -jar d64 wls1036.jar (Linux) OR java -jar -D64 wls1036.jar (Windows)
- Set middleware home directory – /u01/weblogic/fmw – You can set this to any as long as user has a permission for read,write.
- Select I wish to remain uninformed about oracle updates and click on Yes-you may have to do this multiple times.
- Select Typical Install
- Installation will create following directories (/u01/weblogic/fmw/wlserver_10.3 and /u01/weblogic/fmw/coherence_3.7)
- Complete the installation
Install IDM – 11.1.1.7.0
- su – oraidm
- Unzip IDM software to any temp location
- Execute runInstaller (Disk1/runInstaller)
- Skip software updates
- Select ‘Install Software – Do Not Configure ‘
- Oracle Middleware Home – /u01/weblogic/fmw
- Oracle Home – Oracle_IDM1
- Click Install
Install OAM – 11.1.2.2.0
- su – oraidm
- Unzip OAM software to any temp location
- Execute runInstaller (Disk1/runInstaller), specify JRE location (/u01/jdk1.6.0_45)
- Skip software updates
- Oracle Middleware Home – /u01/weblogic/fmw
- Oracle Home – Oracle_IAM1
- Click Install
Install WebTier – 11.1.1.7.0
- su – oraidm
- Unzip WebTier OHS software to any temp location
- Execute runInstaller (Disk1/runInstaller)
- Skip software updates
- Select ‘Install Software – Do Not Configure ‘
- Oracle Middleware Home – /u01/weblogic/fmw
- Oracle Home – Oracle_WT1
- Click Install
Install WebGate – 11.1.2.2.0
- su – oraidm
- Unzip OAM WebGate software to any temp location
- Execute runInstaller (Disk1/runInstaller), specify JRE location (/u01/jdk1.6.0_45)
- Skip software updates
- Oracle Middleware Home – /u01/weblogic/fmw
- Oracle Home – Oracle_OAMWebGate1
- Click Install
Install SOA Suite – 11.1.1.7.0
- su – oraidm
- Unzip SOA Suite software to any temp location
- Execute runInstaller (Disk1/runInstaller), specify JRE location (/u01/jdk1.6.0_45)
- Skip software updates
- Oracle Middleware Home – /u01/weblogic/fmw
- Oracle Home – Oracle_SOA1
- Select Weblogic Server as the option
- Click Install
Apply Interim patches on SOA Suite
- Go to /u01/OAM_Soft/Disk1….OIM_11.1.2.2_SOAPS6_PREREQS.zip
- mkdir -p /u01/soa_patches
- unzip the patch from step 1 to the directory created in step 2
[oraidm@egtapp02 soa_patches]$ unzip /u01/OAM_Soft/Disk1/OIM_11.1.2.2_SOAPS6_PREREQS.zip
Archive: /u01/OAM_Soft/Disk1/OIM_11.1.2.2_SOAPS6_PREREQS.zip
creating: SOAPATCH/
extracting: SOAPATCH/17418151.zip
extracting: SOAPATCH/17988119.zip
extracting: SOAPATCH/16170778.zip
extracting: SOAPATCH/17610621.zip
inflating: SOAPATCH/README.txt
extracting: SOAPATCH/16024267.zip
extracting: SOAPATCH/17538745.zip
extracting: SOAPATCH/18011726.zip
extracting: SOAPATCH/18011109.zip
extracting: SOAPATCH/16535743.zip
extracting: SOAPATCH/16899697.zip
extracting: SOAPATCH/14126097.zip - export ORACLE_HOME=/u01/weblogic/fmw/Oracle_SOA1
- export PATH=$ORACLE_HOME/OPatch:$PATH
- Go to the patch directory and apply the patch
[oraidm@egtapp02 SOAPATCH]$ pwd
/u01/soa_patches/SOAPATCH
[oraidm@egtapp02 SOAPATCH]$ ls
14126097.zip 16170778.zip 16899697.zip 17538745.zip 17988119.zip 18011726.zip
16024267.zip 16535743.zip 17418151.zip 17610621.zip 18011109.zip README.txt - Apply the patch
opatch napply
- Verify the patch
<code>
[oraidm@egtapp02 SOAPATCH]$ opatch lsinventory
Oracle Interim Patch Installer version 11.1.0.9.9
Copyright (c) 2012, Oracle Corporation. All rights reserved.
Oracle Home : /u01/weblogic/fmw/Oracle_SOA1
Central Inventory : /u01/oraInventory
from : /u01/weblogic/fmw/Oracle_SOA1/oraInst.loc
OPatch version : 11.1.0.9.9
OUI version : 11.1.0.9.0
Log file location : /u01/weblogic/fmw/Oracle_SOA1/cfgtoollogs/opatch/opatch2014-11-18_13-10-04PM_1.log
OPatch detects the Middleware Home as "/u01/weblogic/fmw"Lsinventory Output file location : /u01/weblogic/fmw/Oracle_SOA1/cfgtoollogs/opatch/lsinv/lsinventory2014-11-18_13-10-04PM.txt
--------------------------------------------------------------------------------
Installed Top-level Products (1):Oracle SOA Suite 11g 11.1.1.7.0
There are 1 products installed in this Oracle Home.
Interim patches (11) :Patch 18011726 : applied on Tue Nov 18 13:09:48 AST 2014
Unique Patch ID: 17116322
Created on 29 Dec 2013, 19:17:47 hrs PST8PDT
Bugs fixed:
16305694, 16104851, 13684639, 16985247, 17180084, 17005588, 16824760
17283663, 15870065, 17460621, 16363712Patch 18011109 : applied on Tue Nov 18 13:09:08 AST 2014
Unique Patch ID: 17115629
Created on 28 Dec 2013, 00:40:38 hrs PST8PDT
Bugs fixed:
17933421, 17191931Patch 17988119 : applied on Tue Nov 18 13:09:05 AST 2014
Unique Patch ID: 17114873
Created on 27 Dec 2013, 08:27:36 hrs PST8PDT
Bugs fixed:
17988119
Patch 17610621 : applied on Tue Nov 18 13:08:59 AST 2014
Unique Patch ID: 16927307
Created on 28 Oct 2013, 14:58:58 hrs PST8PDT
Bugs fixed:
17610621
Patch 17538745 : applied on Tue Nov 18 13:08:57 AST 2014
Unique Patch ID: 16974898
Created on 13 Nov 2013, 15:34:44 hrs PST8PDT
Bugs fixed:
17538745
Patch 17418151 : applied on Tue Nov 18 13:08:55 AST 2014
Unique Patch ID: 16769215
Created on 6 Sep 2013, 13:53:05 hrs PST8PDT
Bugs fixed:
17418151
Patch 16899697 : applied on Tue Nov 18 13:08:51 AST 2014
Unique Patch ID: 16440766
Created on 11 Jun 2013, 17:04:24 hrs US/Pacific
Bugs fixed:
16899697
Patch 16535743 : applied on Tue Nov 18 13:08:44 AST 2014
Unique Patch ID: 16399779
Created on 28 May 2013, 02:41:34 hrs PST8PDT
Bugs fixed:
16535743
Patch 16170778 : applied on Tue Nov 18 13:08:37 AST 2014
Unique Patch ID: 16534730
Created on 3 Jul 2013, 11:02:06 hrs PST8PDT
Bugs fixed:
16170778
Patch 16024267 : applied on Tue Nov 18 13:08:33 AST 2014
Unique Patch ID: 17017715
Created on 28 Nov 2013, 04:10:28 hrs PST8PDT
Bugs fixed:
16024267
Patch 14126097 : applied on Tue Nov 18 13:08:28 AST 2014
Unique Patch ID: 16260496
Created on 18 Apr 2013, 13:32:37 hrs PST8PDT
Bugs fixed:
14126097
--------------------------------------------------------------------------------
OPatch succeeded.
Creating Domains
- Create IDM Domain
- su – oraidm
- Prepare IDM environment
[oraidm@egtapp02 ~]$ cat oid.env
export MW_HOME=/u01/weblogic/fmw
export WL_HOME=$MW_HOME/wlserver_10.3
export ORACLE_HOME=$MW_HOME/Oracle_IDM1
export DOMAIN_HOME=$MW_HOME/user_projects/domains/IDMDomain
export JAVA_HOME=/u01/jdk_soft/jdk1.6.0.45
export ORACLE_INSTANCE=$MW_HOME/oid_ovd_instance1
export PATH=$ORACLE_HOME/bin:$ORACLE_INSTANCE/bin:$ORACLE_HOME/OPatch:$PATH: - Go to ORACLE_HOME/bin directory and execute config.sh
Provide Instance Location and Name : You can keep any name of the instance. Since this domain will be used for OID and OVD directory we have named it oid_ovd_instance1
Create custom staticports.ini file same as below and place it under any temp location. You can change the port numbers if required or keep it same.
#This port indicates the Domain port number
Domain Port No = 7002
Node Manager Port No = 5556
########################Begin section for ovd1 ################################
#This port numbers will be considered only if OVD is selected for configuration
#######################################################################################
[OVD]
#The HTTP Admin port for OVD
Oracle Virtual Directory Port No for HTTP Admin = 8899
#The SSL LDAP port for OVD
Oracle Virtual Directory (SSL) Port No for LDAP = 6052
#The Non-SSL LDAP port for OVD
Oracle Virtual Directory (Non-SSL) Port No for LDAP = 6051
#The HTTP Web Gateway port for OVD
Oracle Virtual Directory Port No for HTTP Web Gateway = 2223
########################Begin section for oid1 ################################
#This port numbers will be considered only if OID is selected for configuration
#######################################################################################
[OID]
#The Non-SSL port for OID
Oracle Internet Directory Port No = 3060
#The SSL port for OID
Oracle Internet Directory (SSL) Port No = 3061
########################Begin section for emAgent ################################
#This port numbers will be considered only if EM is selected for configuration
#######################################################################################
[EMAGENT]
#The port for EM Agent port
Oracle EM Agent Port No = 5162
########################Begin section for ods ################################
#This port numbers will be considered if ODSM or DIP or both are selected for configuration
#######################################################################################
[ODS]
#The port for ODSM Server port
ODS Server Port No = 7005
########################Begin section for opmn ################################
#This port numbers will be considered for OPMN configuration
#######################################################################################
[OPMN]
#The Local port for OPMN
OPMN Local Port No = 6800
#The Remote port for OPMN
OPMN Remote Port No = 6801
#The Request port for OPMN
OPMN Request Port No = 6802
Directory Services have different names in different products.
OVD – uses Name Space
OID – uses Realm Name
OUD – uses Base DN
We will use OVD in this configuration and hence will use a default name space as “ovd”.
Oracle Virtual Directory is an LDAP service that provides a single, abstracted view of enterprise directory servers and databases from a variety of vendors. Oracle Virtual Directory can serve as a single source of truth in an environment with multiple data sources.
Oracle Internet Directory is a specialized database that stores and retrieves collections of information about objects.Associated with each entry is a number of attributes, each of which may have one or more values assigned. For example, typical attributes for a person entry might include first and last names, e-mail addresses, the address of a preferred mail server, passwords or other login credentials, or a digitized portrait.
For us domain component’ “dc” becomes “ovd” and other dc is local depending on our current domain structure in the organization.
If your domain contains .com then your dc will look like “dc=ovd,dc=com”
Container “cn=orcladmin” is the super user to manage OID and OVD.
OVD does not hold any user information instead it keeps the metadata information of the users received from different vendors(AD,Legacy Systems,OUD etc) and passes it to OID.
As we know that OVD passes the information to OID, by default this screen will have dc=[your_domain_name],dc=com/local. Our domain is = ods.local however we have given dc=oid to keep it simple to understand.
Verify the result : Login to web logic console to verify domain (Admin Server & a Managed Server) created during domain installation process
URL- http://hostname:port/console
Below screenshot shows the 2 server’s created during domain creation process.
- Admin Server – Domains include a special WebLogic Server instance called the Administration Server, which is the central point from which you configure and manage all resources in the domain
- WLS_ODS1 Server – In a domain, server instances other than the Administration Server are referred to as Managed Servers. Managed Servers host the components and associated resources that constitute an application.WLS_ODS1 server manages our directory server (ODSM).
Verify OPMN processes which will start your background processes of OID & OVD.
opmnctl status -l
To start and opmn process execute the below commands
opmnctl stopall
As u see in the below screen shot there are 5 processes running OVD,3 OID and 1 EM).
OVD is your virtual directory running on LDAP port 6051,6052, https : 8899
OID is an internal directory running on LDAP port 3061,3060. oidmon is the process which monitors the connections and assigns the work to these 2 oid processes (oid1) which will spawn other processes.
Creating OID/OVD connections
Connect to Directory services and check the default user and group information
Give any name to the connection, server – server where IDM is installed or hosted, port – LDAP port 3060, User – orcladmin which is the super user for OID,OVD.
Go to Data Browser TAB and chec k the dc we have created during domain creation “dc=local”,”dc=oid” which contains user and group information
Log out and create a connection for OVD, port use https port i.e 8899
Create an adapter for OID. OVD has a capability of creating adapters for multiple systems (OID,AD,EBS Database,Legacy Systems). OIM/OAM has a limitation of connecting to one directory server only. Lets think of a scenario where we have Oracle EBS,Active Directory to be synced with each other. In this case we will have OID to connect with these 2 systems and store user information in the identity store. Suppose we have a third party application ie. Mircosoft SQL server,MY SQL,IDM DB and getting user information is a challenge through OID, so OVD here can create an adapter with these legacy systems and pass on the data to OID.
OVD is only a virtual directory server and does not hold any information, it is only a pointer to the data source where the user actually resides(DB,AD,Legacy) and passes the info to OID.
Below we will create an LDAP adapter for OID.
Click on the home page to see adapter information.
Extend the following schemas for OID,OIM and OAM required during integration processes. Extension will bring additional Attributes and Object class files in OID,OIM & OAM which are by default missing when we install these components.
Create a properties file for extending OID schema
Extend OID Schema
su – oraidm
vi extend_oid.props
IDSTORE_HOST :egtapp02.ods.local
IDSTORE_PORT :3060
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=oid,dc=local
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=oid,dc=local
IDSTORE_SEARCHBASE: dc=oid,dc=local
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=oid,dc=local
[oraidm@egtapp02 extend_schem]$
Set the environment
export JAVA_HOME=/u01/jdk_soft/jdk1.6.0_45
export PATH=$JAVA_HOME/bin:$PATH
export ORACLE_HOME=/u01/weblogic/fmw/Oracle_IAM1
export IDM_HOME=/u01/weblogic/fmw/Oracle_IDM1
Go to Oracle IAM home and run the configuration tool to extend the schema. You need to supply password for “orcladmin” user.
./idmConfigTool.sh -preConfigIDStore input_file/home/oraidm/extend_schema/extend_oid.props
Enter ID Store Bind DN password :
Nov 23, 2014 11:43:02 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: - LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/idm_idstore_groups_template.ldif
Nov 23, 2014 11:43:02 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/idm_idstore_groups_acl_template.ldif
Nov 23, 2014 11:43:03 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/systemid_pwdpolicy.ldif
Nov 23, 2014 11:43:03 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/idstore_tuning.ldif
Nov 23, 2014 11:43:03 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oid_schema_extn.ldif
Nov 23, 2014 11:43:05 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/oam/server/oim-intg/ldif/oid/schema/OID_oblix_pwd_schema_add.ldif
Nov 23, 2014 11:43:05 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/oam/server/oim-intg/ldif/oid/schema/OID_oim_pwd_schema_add.ldif
Nov 23, 2014 11:43:05 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/oam/server/oim-intg/ldif/oid/schema/OID_oblix_schema_add.ldif
Nov 23, 2014 11:43:22 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/oam/server/oim-intg/ldif/oid/schema/OID_oblix_schema_index_add.ldif
Nov 23, 2014 11:50:14 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/fa_pwdpolicy.ldif
The tool has completed its operation. Details have been logged to automation.log
Extend schema for OIM
su – oraidm
vi extend_oim.props
IDSTORE_HOST : egtapp02.ods.local
IDSTORE_PORT : 3060
IDSTORE_BINDDN : cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE:cn=Users,dc=oid,dc=local
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=oid,dc=local
IDSTORE_SEARCHBASE: dc=oid,dc=local
POLICYSTORE_SHARES_IDSTORE: true
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=oid,dc=local
IDSTORE_OIMADMINUSER: oimadmin
IDSTORE_OIMADMINGROUP:OIMAdministrators
./idmConfigTool.sh -prepareIDStore mode=OIM input_file=/home/oraidm/extend_schema/extend_oim.props
Enter ID Store Bind DN password :
*** Creation of oimadmin ***
Nov 23, 2014 1:44:25 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_user_template.ldif
Enter User Password for oimadmin:
Confirm User Password for oimadmin:
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_group_template.ldif
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/oim_group_member_template.ldif
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_groups_acl_template.ldif
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_reserve_template.ldif
*** Creation of Xel Sys Admin User ***
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/idm_xelsysadmin_user.ldif
Enter User Password for xelsysadm:
Confirm User Password for xelsysadm:
The tool has completed its operation. Details have been logged to automation.log
Extend OAM Schema
su – oraidm
IDSTORE_HOST : egtapp02.ods.local
IDSTORE_PORT : 3060
IDSTORE_BINDDN : cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=oid,dc=local
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=oid,dc=local
IDSTORE_SEARCHBASE: dc=oid,dc=local
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=oid,dc=local
POLICYSTORE_SHARES_IDSTORE: true
OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators
IDSTORE_OAMSOFTWAREUSER:oamLDAP
IDSTORE_OAMADMINUSER:oamadmin
./idmConfigTool.sh -prepareIDStore mode=OAM input_file=/home/oraidm/extend_schema/extend_oam.rsp
This will create OAMADMIN user which will be a superuser for OAM.
Enter ID Store Bind DN password :
*** Creation of Oblix Anonymous User ***
Nov 23, 2014 2:06:43 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_10g_anonymous_user_template.ldif
Enter User Password for oblixanonymous:
Confirm User Password for oblixanonymous:
*** Creation of oamadmin ***
Nov 23, 2014 2:07:22 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_user_template.ldif
Enter User Password for oamadmin:
Confirm User Password for oamadmin:
*** Creation of oamLDAP ***
Nov 23, 2014 2:07:28 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_user_template.ldif
Enter User Password for oamLDAP:
Confirm User Password for oamLDAP:
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/oam_user_group_read_acl_template.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_group_template.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/oam_group_member_template.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/oam_group_member_template.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_user_write_acl.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_config_acl.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oid_schemaadmin.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/fa_add_pwdpolicy.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/fa_add_pwdpolicy.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/esso_schema_extn.ldif
*** Creation of CO ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/orgunit_template.ldif
*** Creation of People ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/orgunit_template.ldif
*** Creation of vgoLocator ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/orgunit_template.ldif
*** Creation of CO ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_group_acl_template.ldif
*** Creation of People ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_group_acl_template.ldif
*** Creation of vgoLocator ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -> LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_group_acl_template.ldif
The tool has completed its operation. Details have been logged to automation.log
Creating OAM,OIM and SOA server domains
su – oraidm
cd /u01/weblogic/fmw/oracle_common/common/bin
./config.sh
Configure Security Store for OAM Domain to Database – This is specific to 11gr2 Patchset 2
Create DB security store – Mandatory step to start Admin Server for OAM,OIM & SOA server.
[oraidm@egtapp02 bin]$ ./wlst.sh /u01/weblogic/fmw/Oracle_IAM1/common/tools/configureSecurityStore.py -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/ -c IAM -m create -p oracle123
CLASSPATH=/u01/weblogic/fmw/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/weblogic/fmw/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/jdk_soft/jdk1.6.0_45/lib/tools.jar:/u01/weblogic/fmw/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/weblogic/fmw/wlserver_10.3/server/lib/weblogic.jar:/u01/weblogic/fmw/modules/features/weblogic.server.modules_10.3.6.0.jar:/u01/weblogic/fmw/wlserver_10.3/server/lib/webservices.jar:/u01/weblogic/fmw/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/u01/weblogic/fmw/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/u01/weblogic/fmw/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/u01/weblogic/fmw/oracle_common/common/wlst/lib/adfscripting.jar:/u01/weblogic/fmw/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/lib/mdswlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/auditwlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/igfwlsthelp.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/jps-wlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/jps-wls-trustprovider.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/jrf-wlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/oamap_help.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/ossoiap_help.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/ossoiap.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/sslconfigwlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/wsm-wlst.jar:/u01/weblogic/fmw/utils/config/10.3/config-launch.jar::/u01/weblogic/fmw/wlserver_10.3/common/derby/lib/derbynet.jar:/u01/weblogic/fmw/wlserver_10.3/common/derby/lib/derbyclient.jar:/u01/weblogic/fmw/wlserver_10.3/common/derby/lib/derbytools.jar::
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Info: Data source is: opss-DBDS
Info: DB JDBC driver: oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@egtodb02.ods.local:1521/idmdb
Connected:oracle.jdbc.driver.T4CConnection@1359c03a
Disconnect:oracle.jdbc.driver.T4CConnection@1359c03a
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
Nov 23, 2014 3:31:22 PM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator schemaCompatibleHandler
INFO: Credential store schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Nov 23, 2014 3:31:26 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data in progress.....
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done
Nov 23, 2014 3:31:27 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:00
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
Nov 23, 2014 3:31:27 PM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler
INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Nov 23, 2014 3:31:29 PM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler
INFO: Policy schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Nov 23, 2014 3:31:26 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data in progress.....
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done
Nov 23, 2014 3:31:27 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:00
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
Nov 23, 2014 3:31:27 PM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler
INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Nov 23, 2014 3:31:29 PM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler
INFO: Policy schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
WLS ManagedService is not up running. Fall back to use system properties for configuration.
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData
INFO: Migration of Admin Role Members started
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] migrateData - done
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData
INFO: Migration of Admin Role Members completed in 00:00:00
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator schemaCompatibleHandler
INFO: Audit store schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.audit.AuditServiceImpl registerInternal
WARNING: Cannot register to audit service for component "JPS".
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData
INFO: Migration of Audit Store data in progress.....
Nov 23, 2014 3:32:26 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData
INFO: Migration of Audit Store data completed, Time taken for migration is 00:00:47
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done
persist to output: /u01/weblogic/fmw/user_projects/domains/IAMDomain/config/fmwconfig - done
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
persist to output: /u01/weblogic/fmw/user_projects/domains/IAMDomain/config/fmwconfig - done
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
Using default context in /u01/weblogic/fmw/user_projects/domains/IAMDomain/config/fmwconfig/jps-config-migration.xml file for credential store.
Credential store location : jdbc:oracle:thin:@egtodb02.qia.local:1521/idmdb.qia.local
Credential with map Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully!
Credential for map Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is:
GenericCredential
Info: diagnostic credential created in the credential store.
Info: Create operation has completed successfully.
Lets see the procedure to start and stop all the services involved in the process of this installation.
Follow the steps give below to successfully start services for each domain
- Start DB and Listener
- Start ovd and oid instance
- Start Weblogic(IDM Domain)
- Start Managed server(ODSM)
- Start Admin server(IAM Domain)
- Start Managed server (OIM,OAM,SOA)
To start Admin and managed servers create boot.properties and place them under the directories as shown below
mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/oim_server1/security
mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/oam_server1/security
mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/soa_server1/security
cd /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/AdminServer/security
vi boot.properties
username=weblogic
password=vfr4bgt5
Create boot.properties file under IDMDomain Admin and managed serve
vi boot.properties
username=weblogic
password=vfr4bgt5
Copy this file to other managed servers security folder.
cp -r boot.properties /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/oam_server1/security/
cp -r boot.properties /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/soa_server1/security/
cp -r boot.properties /u01/weblogic/fmw/user_projects/domains/IDMDomain/servers/wls_ods1/security
Starting OVD/OID instance
/u01/weblogic/fmw/Oracle_IDM1/bin
$opmnctl startall
$opmnctl status -l
Processes in Instance: oid_ovd_instance1
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ias-component | process-type | pid | status | uid | memused | uptime | ports
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ovd1 | OVD | 8748 | Alive | 788277692 | 738084 | 0:00:59 | ldaps:6052,https:8899,ldap:6051
oid1 | oidldapd | 8840 | Alive | 788277694 | 770852 | 0:00:56 | N/A
oid1 | oidldapd | 8804 | Alive | 788277693 | 288672 | 0:00:58 | N/A
oid1 | oidmon | 8746 | Alive | 788277691 | 302060 | 0:00:59 | LDAPS:3061,LDAP:3060
EMAGENT | EMAGENT | 8747 | Alive | 788277690 | 63836 | 0:00:59 | N/A
Start Admin and managed server for IDM Domain
/u01/weblogic/fmw/user_projects/domains/IDMDomain/bin
[oraidm@egtapp02 bin]$ ls
nodemanager server_migration setDomainEnv.sh startWebLogic.sh stopWebLogic.sh
secureWebLogic.sh service_migration startManagedWebLogic.sh stopManagedWebLogic.sh
[oraidm@egtapp02 bin]$ nohup ./startWebLogic.sh &
[1] 9288
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'
Check the status of the service in nohup.out file. It should show RUNNING state.
Nov 24, 2014 9:20:00 AM oracle.ods.virtualization.engine.util.VDELogger info
INFO: Notification sent for Mapping config object reloaded
|
|
|
<Channel "Default[2]" is now listening on 127.0.0.1:7002 for protocols iiop, t3, ldap, snmp, http.>
<Channel "Default" is now listening on 192.168.1.109:7002 for protocols iiop, t3, ldap, snmp, http.>
<Channel "Default[3]" is now listening on 0:0:0:0:0:0:0:1:7002 for protocols iiop, t3, ldap, snmp, http.>
<Channel "Default[1]" is now listening on fe80:0:0:0:7ae7:d1ff:fedf:f2b2:7002 for protocols iiop, t3, ldap, snmp, http.>
Start ODSM managed server “WLS_ODS1”
[2] 9666
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'
|
|
|
Started: ADF Library non-ADFJspResourceProvider post-deployment
Finished: ADF Library non-ADFJspResourceProvider post-deployment (millis): 5
<Channel "Default" is now listening on 192.168.1.109:7005 for protocols iiop, t3, ldap, snmp, http.>
Start Admin server for IAM Domain
[oraidm@egtapp02 bin]$ ls
nodemanager server_migration setDomainEnv.sh setSOADomainEnv.sh startWebLogic.sh stopWebLogic.sh
secureWebLogic.sh service_migration setOIMDomainEnv.sh startManagedWebLogic.sh stopManagedWebLogic.sh
[oraidm@egtapp02 bin]$ nohup ./startWebLogic.sh &
[1] 10016
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'
Check the status of weblogic service in nohup.out, it should show RUNNIN state.
Start managed server for SOA
[2] 10570
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'
Check the status in nohup.out, it should show RUNNIN state.
Login to the console and check the server status. We have still not started OAM/OIM managed servers. It will be started after we configure OIM.
http://egtapp02:7001/console
Now we will configure OIM server and enable LDAP sync. Enabling LDAP sync, we will integrate OIM with OVD/OID instance.
Configure OIM server
Go to Oracle_IAM home and run config.sh script
We will start OIM server now.
/u01/weblogic/fmw/user_projects/domains/IAMDomain/bin
[oraidm@egtapp02 bin]$ nohup ./startManagedWebLogic.sh oim_server1 &
[3] 13160
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'
Check the status
Channel "Default" is now listening on 192.168.1.109:14000 for protocols iiop, t3, ldap, snmp, http.>
<Nov 24, 2014 12:00:34 PM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Nov 24, 2014 12:00:34 PM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Nov 24, 2014 12:00:35 PM AST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 192.168.1.109:14000 for protocols iiop, t3, ldap, snmp, http.>
<Nov 24, 2014 12:00:35 PM AST> <Notice> <WebLogicServer> <BEA-000330> <Started WebLogic Managed Server "oim_server1" for domain "IAMDomain" running in Production Mode>
<Nov 24, 2014 12:00:36 PM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Nov 24, 2014 12:00:36 PM AST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
Start oam managed server. In order to start OAM managed service, start node manager first.
/u01/weblogic/fmw/wlserver_10.3/server/bin
[oraidm@egtapp02 bin]$ nohup ./startNodeManager.sh &
[4] 13985
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'
[oraidm@egtapp02 bin]$ tail -f nohup.out
StateCheckInterval=500
UseMACBroadcast=false
DomainRegistrationEnabled=false
DomainsDirRemoteSharingEnabled=false
Domain name mappings:
IDMDomain -> /u01/weblogic/fmw/user_projects/domains/IDMDomain
IAMDomain -> /u01/weblogic/fmw/user_projects/domains/IAMDomain
Nov 24, 2014 12:18:54 PM weblogic.nodemanager.server.SSLListener run
INFO: Secure socket listener started on port 5556
Now start OAM managed server either from Front end or command line.
In the next section we will see how to use OIM and integrate with EBS. Later we will integrate OIM with EBS and Active Directory.
When Running the "LDAP Connector OU Lookup Reconciliation" job then getting below error-
org.identityconnectors.framework.common.exceptions.ConnectorException: No attribute named entryUUID found in entryPlease help if any idea about this error.
Hi,
When are you going to integrate this with EBS..
I am waiting since a while now
This is very helpfule instruction that solved my problem that I strugled a couple of months.
Clear step by step explanation of oracle installation and configuration. Thanks.