Avoid password prompt when using startComponent.sh–12c

With 12c release, identity management components like OID, OUD, OHS when installed and configured in collocated mode are started using startComponent.sh and stoped using stopComponent.sh scripts located in $DOMAIN_HOME/bin

However, when starting or stopping script prompts for node manager password.

image

Above prompt can be avoided by adding storeUserConfig option. This stores the password.

[oracle@oel1 bin]$ ./startComponent.sh oid1 storeUserConfig

image

Once the password is stored, you can execute start or stop without password prompt.

[oracle@oel1 bin]$ ./stopComponent.sh oid1
[oracle@oel1 bin]$ ./startComponent.sh oid1

image

Advertisements

Oracle Internet Directory 12c 12.2.1.3 in collocated mode

To install OID in collocated mode, we must first install Oracle Fusion Middleware Infrastructure 12c followed by Oracle Internet Directory 12c. Infrastructure and and OID must be installed in same Oracle Home.

Directory Structure

[oracle@oel1 /]$ cd /u01/
[oracle@oel1 u01]$ mkdir -p oracle/product/Oracle_Home
[oracle@oel1 u01]$ mkdir -p oracle/config/Domain_Home
[oracle@oel1 u01]$ mkdir -p oracle/config/Application_Home

[oracle@oel1 u01]$ tree oracle/
oracle/
├── config
│   ├── Application_Home
│   └── Domain_Home
└── product
     └── Oracle_Home

Install Infrastructure 12c

[oracle@oel1 OAM12c]$ unzip fmw_12.2.1.3.0_infrastructure_Disk1_1of1.zip
[oracle@oel1 OAM12c]$ java -jar fmw_12.2.1.3.0_infrastructure.jar

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.
image
image

Install Oracle Internet Directory 12c

[oracle@oel1 OAM12c]$ unzip fmw_12.2.1.3.0_oid_linux64_Disk1_1of1.zip
[oracle@oel1 OAM12c]$ ./fmw_12.2.1.3.0_oid_linux64.bin

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.
image
Select Collocated in Installation Type
image
Select JDK, check below link for details on how to install JDK
https://oraidam.wordpress.com/2018/01/09/install-java-jdk/
image
image
image

Create schemas in DB

[oracle@oel1 Oracle_Home]$ cd /u01/oracle/product/Oracle_Home/oracle_common/bin/
[oracle@oel1 bin]$ ./rcu

image
image

Oracle Internet Directory (ODS) schema does not need a prefix. The prefix is required for the other schemas selected during the schema creation process.
Note: You can load only one Oracle Internet Directory (ODS) schema per Database.

If you are configuring Oracle Internet Directory in a collocated mode, the following dependent schemas are selected:
Oracle Platform Security Services (OPSS)
Audit Services (IAU)
Audit Services Append (IAU_Append)
Audit Services Viewer (IAU_Viewer)
WebLogic Services (WLS)
Common Infrastructure Service (STB)
XWin_MobaX_2018-03-05_09-33-56
Note: check troubleshoot section if any errors related to processes and open_cursors
XWin_MobaX_2018-03-05_09-43-50
Proceed on next screens to create schemas.
XWin_MobaX_2018-03-05_09-47-05


Configure Oracle Internet Directory Domain

[oracle@oel1 bin]$ cd /u01/oracle/product/Oracle_Home/oracle_common/common/bin/
[oracle@oel1 bin]$ ./config.sh

XWin_MobaX_2018-03-05_09-50-56
Select following configuration templates for OID collocated mode
• Oracle Internet Directory (Collocated) -12.2.1.3.0 [oid]
Selecting this template automatically selects the following as dependencies:
– Oracle Directory Services Manager -12.2.1.3.0 [oid]
– Oracle JRF -12.2.1.3.0 [oracle_common]
– WebLogic Coherence Cluster Extension -12.2.1.3.0 [wlserver]
– Oracle Enterprise Manager – 12.2.1.3.0 [em]
XWin_MobaX_2018-03-05_09-53-28
XWin_MobaX_2018-03-05_09-54-30
XWin_MobaX_2018-03-05_09-55-03
XWin_MobaX_2018-03-05_09-55-41
XWin_MobaX_2018-03-05_09-56-51
XWin_MobaX_2018-03-05_09-58-39
XWin_MobaX_2018-03-05_09-59-30
XWin_MobaX_2018-03-05_09-59-57
XWin_MobaX_2018-03-05_10-00-51
XWin_MobaX_2018-03-05_10-01-23
XWin_MobaX_2018-03-05_10-01-59
image
image
image
Note: Do not change the name of the default machine (oidhost1), as the WLST command oid_setup() run for setting up the OID instance, later during the post-configuration stage.
image
image
image
image
image
image

Start Servers

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin/
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &

image

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin/[oracle@oel1 bin]$ nohup ./startNodeManager.sh &

image

Initial OID setup

[oracle@oel1 bin]$ cd /u01/oracle/product/Oracle_Home/oracle_common/common/bin
[oracle@oel1 bin]$ ./wlst.sh

nmConnect(username=’weblogic’,password=’Oracle123′,domainName=’ODS_Domain’)

image
connect(‘weblogic’,’Oracle123′,’t3://oel1.mylab.com:7001′)
image

oid_setup(orcladminPassword=’Oracle123′,odsPassword=’Oracle123′,realmDN=’dc=us,dc=oracle,dc=com’)

The command oid_setup() performs the following operations:
• Sets the password for cn=orcladmin user.
• Creates the oid1 instance.
The following parameters are set by default when oid_setup is run:
– instanceName = ‘oid1’
– host = ‘hostname of the current machine’
– port = ‘3060’
– machine = ‘oidhost1’
This gets created automatically when you run config.sh.
– sslPort = ‘3131’
• Starts the OID instance oid1 .
• Creates the realm.
image

Verify

[oracle@oel1 bin]$ cd /u01/oracle/product/Oracle_Home/bin
[oracle@oel1 bin]$ ldapbind -h oel1.mylab.com -p 3060
bind successful

image
image
Troubleshoot
If you face below error while creating schemas

ERROR – RCU-6107 The database initialization parameter prerequisite check failed.
CAUSE – RCU-6107 The database initialization parameter prerequisite check failed for processes.
Current Value is 300. It should be greater than or equal to 500.
ACTION – RCU-6107 Make sure that the database initialization parameter has the required value.

ERROR – RCU-6107 The database initialization parameter prerequisite check failed.
CAUSE – RCU-6107 The database initialization parameter prerequisite check failed for open_cursors.
Current Value is 300. It should be greater than or equal to 500.
ACTION – RCU-6107 Make sure that the database initialization parameter has the required value.

Check with DB Team to set the processes and open_cursors to 500 at database and restart

SQL> alter system set processes=500 scope=spfile;
SQL> alter system set open_cursors=500 scope=spfile;

Upgrade OID 11.1.1.7 to 11.1.1.9

Download Patch : 20995629

Backup Oracle home
tar -cvf OracleIDM1_backup.tar Oracle_IDM1

Backup OID instance
tar -cvf oid_inst1_backup.tar oid_inst1

Install patch 20995629
Execute from Disk1 ./runInstaller

clip_image001

clip_image002

clip_image003

clip_image004

clip_image005

clip_image006

clip_image007

clip_image008

clip_image009

clip_image010

clip_image011

Upgrade database schema using patch set assistant

clip_image002

clip_image004

clip_image006

clip_image008

image

clip_image012

clip_image014

clip_image016

clip_image018

 

Verify the upgrade
Check Binaries: Execute $ORACLE_HOME/OPatch/opatch lsinventory
Check Schema: select comp_name,owner,version from schema_version_registry where owner = ‘ODS’;

Reset The Last Applied Change Number in a Provisioning Profile

Issue faced
EBS provisioning profile trying to retrieve number of changes are more than size limit. Time to search all changes taken more than 3600ms i.e maximum time allowed for a search to complete.

image

You can check above configuration from enterprise manager or check “orcltimelimit “ “orclsizelimit” in cn=oid,cn=osdldapd,cn=subconfigsubentry

Verification

ldapsearch -h <hostname> -p <port> -D cn=orcladmin -w xxxxxx -b “” -s base “objectclass=*” lastchangenumber

ldapsearch -h <hostname> -p <port> -D cn=orcladmin -w xxxxxx -b “cn=provisioning profiles,cn=changelog subscriber,cn=oracle internet directory” -s sub objectclass=* | grep orcllastappliedchangenumber

lastchangenumber – orcllastappliedchangenumber > Maximum number of entries to be returned by search

Solution

Reset the last applied change number in provisioning profile.

oidprovtool operation=modify ldap_host=”<hostname>” ldap_port=”<port>” \
ldap_user_dn=”cn=orcladmin” ldap_user_password=”xxxx” application_dn= \
“orclApplicationCommonName=PROD,cn=EBusiness,cn=Products,cn=OracleContext,dc=domain”\
lastchangenumber=”XXXX”

At prompt, enter following details
Interface Connection information –> <Apps_DB_host>:<Apps_DB_Port>:<Apps_SID>:<Apps_schema_user>:<apps_password>

Weblogic Security Realm WLST import and export

Export
$DOMAIN_HOME/bin/setDomainEnv.sh
java weblogic.WLST
connect(‘weblogic’,’weblogic’, ‘t3://adminhostname:7001’)
domainRuntime()
cd(‘/DomainServices/DomainRuntimeService/DomainConfiguration/IDMDomain/SecurityConfiguration/IDMDomain/DefaultRealm/myrealm/AuthenticationProviders/DefaultAuthenticator’)
cmo.exportData(‘DefaultAtn’,’/u01/export/export.ldif’, Properties())

 

Import
$DOMAIN_HOME/bin/setDomainEnv.sh
java weblogic.WLST
connect(‘weblogic’,’weblogic’, ‘t3://adminhostname:7001’)
domainRuntime()
cd(‘/DomainServices/DomainRuntimeService/DomainConfiguration/IDMDomain/SecurityConfiguration/IDMDomain/DefaultRealm/myrealm/AuthenticationProviders/DefaultAuthenticator’)
cmo.importData(‘DefaultAtn’,’/u01/export/import.ldif’, Properties())

EBS–OAM Integration: Webgate allowed access to protected page GUID=null

When a user attempts to login to Oracle E-Business Suite, after entering their credentials the following error is displayed in the browser:
Internal Error: Webgate allowed access to protected page GUID=null

or

When testing response headers in step 4.4.3 a null value is returned for USER_ORCLGUID, instead of a valid value

Bug 19438948

As a workaround specify ‘orclguid’ as a ‘Prefetched Attribute’ in Oracle Access Manager:
Logon to the OAM Console:
http://<oamserver&gt;.<domain>:<adminport>/oamconsole
Click ‘User Identity Stores’ (in the ‘Configuration’ section) > select the Identity Store with a type of ‘OID’ (e.g. ‘EBSIdStore’ or ‘OIDIdentityStore’) in the ‘OAM ID Stores’ table >
Click ‘Edit’ > Enter orclguid in the ‘Prefetched Attributes’ field and click ‘Apply’ to save