Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) B14085-02 |
|
Previous |
Next |
This section includes general approaches for diagnosing problems with the Oracle directory integration and provisioning server. It contains the following topics:
After you start the Oracle directory integration and provisioning server, you can verify that it is running by following these steps:
On UNIX, use the following command to verify that odisrv
process is running:
ps -ef | grep odisrv
For Windows operating systems, obtain the value of process ID (PID) for the odisrv
process from $ORACLE_HOME/ldap/log/oidmon.log. Then, launch Task Manager and click the Processes tab to verify that the process is running.
If the Oracle directory integration and provisioning server is not running, then examine the $ORACLE_HOME/ldap/log/oidmon.log file to determine the reason why the server did not start.
If the log file shows any database related errors:
Verify that a value is set for ORACLE_
SID
.
Verify that the connect string assigned to ORACLE_
SID
is specified in the $ORACLE_HOME/network/admin/tnsnames.ora file.
Ensure that the log file lists valid values for the server instance
number and the configset
number arguments. If the values are set correctly, then examine the file $ORACLE_HOME/ldap/log/odisrv_xx.log where xx
is the number of the started instance. If the odisrv_xx.log file indicates a registration error, then re-register the Oracle directory integration and provisioning server by using odisrvreg
.
If you do not find any errors in the previous step, then examine the file $ORACLE_HOME/ldap/log/odisrv_jvm_yyy.log, where yyy is the process identifier of the odisrv
process that should have started. Look for the file with the latest timestamp.
After you start the Oracle directory integration and provisioning server, you can verify that it is running by following these steps:
On UNIX, use the following command to verify that odisrv
process is running:
ps -ef | grep odisrv
For Windows operating systems, obtain the value of process ID (PID) for the odisrv
process from the $ORACLE_HOME/ldap/log/odisrv_xx.log file, where xx
is the number of the started instance. Then, launch Task Manager and click the Processes tab to verify that the process is running.
If the Oracle directory integration and provisioning server is not running, examine the odisrv_xx.log file. If the file contains a registration error, then re-register the Oracle directory integration and provisioning server by using odisrvreg
.
If you do not find any errors in the previous step, then examine the file $ORACLE_HOME/ldap/log/odisrv_jvm_yyy.log, where yyy is the process identifier of the odisrv
process that should have started. Look for the file with the latest timestamp.
This section discusses the oditest
and DIP Tester utilities that you can use to troubleshoot synchronization problems.
Troubleshooting synchronization can be complex if there are numerous profiles running or if the synchronization interval for a particular profile is set to occur too infrequently. In such cases, the behavior of any connector can be tested using the oditest
utility as follows:
If numerous profiles are running, then use the Directory Integration and Provisioning Assistant to selectively disable the profile you want to troubleshoot. If a single profile is running, then stop the directory integration and provisioning server.
Go to $ORACLE_HOME/bin and run the oditest
utility using the following syntax:
oditest sync | prov profile_name host=host_of_Oracle_Internet_Directory \ port=port_for_Oracle_Internet_Directory binddn=bind_DN \ bindpass=password_for_the_bind_DN sslauth=0 debug=63
The following example shows how to run the oditest
utility with a SunONE Directory Server synchronization profile:
oditest sync IplanetImport host=my-oidhost port=3060 binddn=cn=orcladmin bindpass=welcome1 sslauth=0 debug=63
See Also: The chapter on logging, auditing, and debugging the directory in Oracle Internet Directory Administrator's Guide |
The DIP Tester utility is a standalone, platform independent Java application that aids in the configuration, testing, and debugging of Oracle Internet Directory implementations that synchronize with SunONE (iPlanet) Directory Server or Microsoft Active Directory. The utility uses the Directory Integration and Provisioning Assistant (dipassistant
) to modify profiles and also uses standard LDAP tools (ldapadd
, ldapmodify
, ldapdelete
, and ldapsearch
) for many behind-the-scenes operations. The DIP Tester utility has been tested on Oracle Internet Directory Release 10g (9.0.4) through Oracle Application Server 10g Release 2 (10.1.2) for Solaris, Linux, and Windows platforms. You can download DIP Tester from Oracle Technology Network at http://www.oracle.com/technology/index.html
. The download includes graphical user interface (GUI) and command-line versions of the DIP Tester utility. Both versions are installed automatically with a single install script.
As you follow the troubleshooting procedure in this section, you can use DIP Tester to:
Make changes to a directory integration profile
View log files
Create test entries
Get or set the last applied change key
Dump entire profile contents
Reload the map file
Start and stop the directory integration and provisioning server
Capture errors in trace files for uploading to Oracle Support
Perform initial bootstrapping of users
Note: When the directory integration and provisioning server performs a synchronization, it reads the last applied change key and caches the value. At the next synchronization interval, the directory integration and provisioning server updates Oracle Internet Directory with the last execution time and the cached value of the last applied change key.Before you manually change the last applied change key in a synchronization profile, be sure to stop the directory integration and provisioning server. Otherwise at the next interval your change will be overwritten by the cached value. In fact, you should always stop the directory integration and provisioning server before changing any values in a synchronization profile. |
DIP Tester is installed in the $ORACLE_HOME/bin directory.
See Also: The README.txt and DIP Tester User's Guide, located in the directory where you installed the DIP Tester utility |