Oracle® Identity Management User Reference
10g Release 2 (10.1.2) B15883-01 |
|
Previous |
Next |
Oracle Internet Directory Control Utility (oidctl
) is a command-line tool for starting and stopping Oracle Identity Management server instances. You can use this utility to start, stop, or restart the following server processes:
Oracle Internet Directory Server
Oracle Directory Integration and Provisioning Server
Oracle Directory Replication Server
The commands issued by Oracle Internet Directory Control Utility are interpreted and executed by the Oracle Internet Directory Monitor process. Before starting a server instance with this utility, make sure that the Monitor process is running. See "oidmon" .
oidctl [connect=connect_string] [host=virtual_hostname] {server=OIDLDAPD | ODISRV | OIDREPLD} instance=instance_number [configset=configuration_set_number] [flags="flagname=value ..."] {start | stop | restart}
connect=connect_string
Optional. The directory database connect string. If you already have a tnsnames.ora
file configured, then this is the net service name specified in that file, which is located in $
ORACLE_HOME
/network/admin
. If not provided, defaults to the value of $ORACLE_SID
environment variable.
host=hostname
Optional. Enables you to specify a virtual host name for the server or the name of an Oracle Application Server Identity Management Cluster Node. If not given, the default of localhost
is used.
server=OIDLDAP |ODISRV | OIDREPLD
Required. The name of the type of server process you want to start, stop, or restart. The options are:
OIDLDAPD
— Oracle Internet Directory server
ODISRV
— Oracle Directory Integration and Provisioning server
OIDREPLD
— Directory Replication server
instance=instance_number
Required. An instance number assigned to the server process. The instance number must be unique for each server process. It cannot be associated with a currently running instance of the specified server type. Value must be greater than 0 but less than 100.
configset=configuration_set_number
Optional. The configuration set number to be used when starting the server. Defaults to 0 if not specified.
flags="flagname=value | -flag value ..."
Depending on the server process and the operation you are performing, you may also need to supply some additional flags on the command-line. Enclose all flags in quotation marks and separate flagname =value or -flag value pairs with a space. If the flags are not specified on the command-line, configset values are used. See the appropriate section for the flags related to each server type:
These flags are passed to the server exactly as specified on the command-line—the oidctl
or oidmon
tools do not validate the values passed with the flags
argument. If any values are invalid, the Oracle Internet Directory server will not start, but the oidmon
tool will start. If this occurs, you should use oidctl
to stop the server instance.
start | stop | restart
Required. The operation to perform on the given server process.
-debug debug_level
Optional. If not specified the default of 0 (not enabled) is used. Debug levels are additive. Add the numbers representing the functions that you want to activate, and use the sum of those in the command-line option. For example, to trace search filter processing (512) and active connection management (256), enter 768 as the debug level (512 + 256 = 768). Debug levels are as follows:
1 — Heavy trace debugging
128 — Debug packet handling
256 — Connection management, related to network activities
512 — Search filter processing
1024 — Entry parsing
2048 — Configuration file processing
8192 — Access control list processing
491520 — Log of communication with the database
524288 — Schema related operations
4194304 — Replication specific operations
8388608 — Log of entries, operations and results for each connection
16777216 — Trace function call arguments
67108864 — Number and identity of clients connected to this server
117440511 — All possible operations and data
-l true | false
Optional. Turns replication change logging on or off. Use true
to enable change logging. Use false
to disable change logging. The default is true
.
-p ldap_port
Optional. Specifies the LDAP port that this Oracle Internet Directory server instance will use. If not specified the default 389 is used.
-server number_of_processes
The number of server processes to start on this port.
-sport ssl_port
Optional. Specifies the LDAPS port that this Oracle Internet Directory server instance will use. If not specified the default 636 is used.
-work maximum_threads
The maximum number of worker threads for this server.
host=hostname
The host name of the Oracle Internet Directory server. If not specified, then the default of localhost
is used.
port=port_number
The port number used to connect to the Oracle Internet Directory server. If not specified, then the default of 389 is used.
debug=debug_level
Optional. If not specified the default of 0 (not enabled) is used. See "-debug debug_level" for a description of the debug levels.
refresh=interval_between_refresh
The number of minutes between server refreshes for any changes in Oracle Directory Integration and Provisioning profiles. If not specified, the default of 2 is used.
grpID=group_id_profile
The group ID of profiles to be scheduled.
maxprofiles=number_of_profiles
The maximum number of Oracle Directory Integration and Provisioning profiles that can be executed concurrently for this server instance.
sslauth=ssl_mode
The number of the corresponding SSL mode. If not specified, the default of 0 is used. The modes are as follows:
0 — SSL is not used.
1 — SSL is used for encryption only, not for authentication.
2 — SSL is used for one-way authentication. With this mode you must also specify the complete path and file name of the server's Oracle Wallet.
-p directory_port_number
Required for a start operation. Port number used to connect to Oracle Internet Directory server. The default is 389.
-h directory_hostname
Required for a start operation. The host name of the Oracle Internet Directory server to which the replication server connects. If not specified, localhost
is used.
-d debug_level
Optional. If not specified the default of 0 (not enabled) is used. See "-debug debug_level" for a description of the debug levels.
-m true | false
Optional. Use true
to enable conflict resolution. Use false
to disable conflict resolution. The default value is true
.
-z transaction_size
Optional. The number of changes applied in each replication update cycle. If not specified the value from the Oracle Internet Directory server size limit configuration parameter, which has a default of 1024.
Before using Oracle Internet Directory Control, make sure that Oracle Internet Directory Monitor is running. To verify this on UNIX, enter to following at the command-line:
ps -ef | grep oidmon
See "oidmon" for more information about Oracle Internet Directory Monitor.
Using Oracle Internet Directory Control, you can perform the following tasks:
Starting an Oracle Directory Integration and Provisioning Server Instance
Stopping an Oracle Directory Integration and Provisioning Server Instance
Starting and Stopping a Server Instance on a Virtual Host or Cluster Node
When starting an Oracle Internet Directory server, you must supply the instance
, server=OIDLDAPD
, and start
arguments. All other arguments are optional.
Example:
oidctl connect=dbs1 server=OIDLDAPD instance=2 configset=5 flags="-p 636 -debug 1024 -l" start
Example:
oidctl connect=dbs1 server=OIDLDAPD instance=2 stop
A restart operation is useful when you want to refresh the server cache immediately, or when you have changed a configuration set entry and want your changes to take effect on an active server instance. When the Oracle Internet Directory server restarts, it maintains the same arguments it had before it stopped.
For example, if you changed a configuration set that was being referenced by an active instance of Oracle Internet Directory server, you could update it by restarting that server instance. You do not need to supply the configset
argument again, as it is maintained from the prior start operation.
Example:
oidctl connect=dbs1 server=OIDLDAPD instance=1 restart
To restart all active instances on a node, do not specify the instance
argument. Note that a server is momentarily unavailable to client requests during a restart.
It is recommended that you use the Oracle Internet Directory Control and Monitor utilities to start an integration and provisioning server. If these tools are not available, you can start a client-only integration and provisioning server instance using the odisrv
utility. See "odisrv".
The following example shows the recommended way to start an Oracle Directory Integration and Provisioning server. You must make sure the Monitor utility is running before you can start a server. See "oidmon".
Example:
oidctl connect=dbs1 server=ODISRV instance=1 configset=1 flags="host=ldaphost.company.com port=389 grpID=odipgroup maxprofiles=5 sslauth=2" start
Server instances that are started using the Oracle Internet Directory Control utility must also be stopped in the same way. If you started a standalone Oracle Directory Integration and Provisioning server using the odisrv
utility, you should use the stopodiserver.sh
script to stop the server.
The following example shows how to stop a server instance that was started using the Oracle Internet Directory Control utility.
Example:
oidctl server=ODISRV instance=1 stop
When starting an Oracle Directory Replication server you need to supply the information it needs to connect to the Oracle Internet Directory server.
Example:
oidctl connect=dbs1 server=OIDREPL instance=1 flags="-p 389 -h ldaphost.company.com -d 1024" start
Example:
oidctl connect=dbs1 server=OIDREPLD instance=1 stop
Use the host
argument to specify a virtual host name when starting an Oracle Internet Directory server, Oracle Directory Integration and Provisioning server, or Oracle Internet Directory Replication server on a virtual host or a Oracle Application Server Identity Management Cluster Node.
When communicating with the directory server, the directory replication server uses the virtual host name. Further, the replicaID
attribute that represents the unique replication identification for the Oracle Internet Directory node is generated once. It is independent of the host name and hence requires no special treatment in Oracle Application Server Cold Failover Cluster (Identity Management).
When communicating with the directory server, the directory integration and provisioning server uses the virtual host name.
The following example shows how to start an Oracle Internet Directory server (OIDLDAPD) on a virtual host. The same syntax can be used to also start a directory replication server (OIDREPLD) or integration and provisioning server (ODISRV) on a virtual host.
Example:
oidctl connect=dbs1 host=vhost.company.com server=OIDLDAPD instance=1 configset=2 [flags="..."] start