Creating the First Oracle Internet Directory Instancez:
When you install Oracle Internet Directory on a host computer, Oracle Identity Management 11g Installer creates an Oracle Fusion Middleware system component of Type=OID in a new or existing Oracle instance (ASINST). The Oracle Internet Directory component contains an OIDMON process and an Oracle Internet Directory instance (inst=1). The Oracle Internet Directory instance consists of a dispatcher process and one or more OIDLDAPD processes. The component name for the first Oracle Internet Directory component is usually oid1 and the Oracle instance name is chosen during the installation, usually asinst_1.
Oracle Identity Management 11g Installer creates the following instance-specific configuration entry for this component during installation:
cn=oid1,cn=oidldapd,cn=sub config subentry
In addition, Oracle Identity Management 11g Installer creates some file system directories under the Oracle instance directory. Some of the pathnames it creates are are specific to the component name.
For example, the pathnames under your Oracle instance on UNIX or Linux include:
If you selected Create New Domain or Extend Existing Domain during installation, the Oracle Internet Directory component is registered with a WebLogic domain. If you selected Configure Without a Domain during installation, the Oracle Internet Directory component is not registered with a domain. You can register it later from the command line. Registering with a domain in this case is optional.
Use of Oracle Internet Directory (Oracle’s LDAP) is much bigger and can’t be explained in this post but here is few bits which you is enough for time being (to get you started on OID).
OID is repository for enterprise users, groups data.
Information about various applications (Portal, BI, E-Business Suite, Collaboration Suite) registered to OID (You can register E-Business Suite or Database in OID).
Password policy for Single Sign-On Partner Applications
$ ldapdelete -h my-host-name -p 389 -D “cn=orcladmin” -w mypassword “cn=TESTENTRY,cn=OracleContext,dc=mycompany,dc=com”
There are three servers/daemon in OID:
OIDLDAPD – This is the main server/daemon waiting for ldap request (ldapsearch, ldapadd, ldapmodify, ldapdelete..). When any application want to do any ldap operation(add, modify, delete, search..) on OID object (user, group, application..), that request is fulfilled by this server/daemon.
ODISRV – also called as Oracle Directory Integration Server, this is used for integration of Various Application (Portal, BI, E-Business Suite/Apps) with OID for user/group data. If any user/group is added/deleted in Portal/BI synchronization of that user to OID is done by this Daemon (Vice Versa). If you have Integrated Apps(11i/R12) with OID/SSO then users is provisioned/de-provisioned using this daemon of OID.
OIDREPLD – Also called as OID Replication Daemon is used if you have replicated OID. By default this daemon is disabled.
LDAP stands for Lightweight Directory Access Protocol. In plain and simple terms, its a database whereby it has all the details of all of organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on corporate intranetand whether or not you know the domain name, IP address, or geographic whereabouts. An LDAP directory can be distributed among many servers on a network, then replicated and synchronized regularly. An LDAP server is also known as a Directory System Agent (DSA). Itsa not a relational database. Outlook and other email programs uses LDAP to search for a recipient in an organization.
If you want to manage an Oracle Internet Directory component with Oracle Enterprise Manager Fusion Middleware Control, you must register the component and the Oracle instance that contains it with a WebLogic domain. You can register an Oracle instance with a WebLogic domain during installation or Oracle instance creation, but you are not required to do so. If an Oracle instance was not previously registered with a WebLogic domain, you can register it by using opmnctlregisterinstance.
WE create an Oracle Internet Directory system component in an Oracle instance by using opmnctlcreatecomponent. This command automatically registers the component with a WebLogic domain at the time you create the component, as long as the instance is in a registered state.
JNDI has classes provided by SUN that will help ur appln interact with and LDAP server. JNDI appln work similarly to JDBC appln once and be free to use ‘drivers’ from different vendors. SUN provides the “driver” that will help interact with the LDAP server. Sun also provides “drivers” for other naming services (like CORBA).
$ ldapmodify -h my-host-name -p 389 -D cn=orcladmin -w mypassword -c -v -f <filename>.ldif
OID Data including status of OID Servers (OIDLAPD, ODISRV OIDREPLD) is stored in Oracle Database so in order to start OID first start Database and Database Listener. Then
To Start OID – opmnctl startproc ias-component=OID
To Stop OID – opmnctl stopproc ias-component=OID
OPMNCTL will first start OIDMON (OID Monitoring Process) and then instruct OIDCTL (OID Control) to start OIDLDAPD and ODISRV daemons.
To start OID:
Distributed, Multivendor directories glued together by referrals and references.
$ ldapadd -h my-host-name -p 389 -D “cn=orcladmin” -w mypassword -f names.ldif
SLAPD stands for Stand-Alone LDAP.Clients connect to the server over the LDAP protocol, usually using a network-based connection (though SLAPD provides a UNIX socket listener).
Yes, Following are some GUI based tools for LDAP
An online directory is a specialized database that stores and retrieves collections of information about objects. The information can represent any resources that require management.
The information in the directory is available to different clients, such as single sign-on solutions, email clients, and database applications. Oracle Internet Directory is an LDAP directory that uses an Oracle Database for storage. Clients communicate with a directory server by me of the Lightweight Directory Access Protocol (LDAP).
ldapsearch -h my-host-name -p 389 -D “cn=orcladmin” -w mypassword -b “cn=TESTENTRY,cn=OracleContext,dc=mycompany,dc=com” -s base “objectclass=*” orclnetdescstring
Logs related to OIDMON, OIDCTL, OIDLDAPD should be in $ORACLE_HOME/ldap/log directory , ODISRV related logs should be in $ORACLE_HOME/ldap/ODI/log.