Oracle® Application Server Installation Guide
10g Release 2 (10.1.2) for Linux x86 B19310-03 |
|
Previous |
Next |
This chapter describes how to install Oracle Internet Directory in replicated mode, that is, how to install Oracle Internet Directory masters and replicas.
Contents:
Section 9.1, "Oracle Internet Directory Replication Overview"
Section 9.4, "Installing a Master Oracle Internet Directory"
Section 9.5, "Installing an Oracle Internet Directory Replica"
Section 9.6, "Accessing OracleAS Single Sign-On and Oracle Delegated Administration Services"
To run Oracle Internet Directory in a replication environment means that you have more than one Oracle Internet Directory, each with its own OracleAS Metadata Repository. The Oracle Internet Directory instances synchronize the data in the metadata repositories so that the data in the repositories are "loosely consistent". This means that the data in the repositories are not guaranteed to be synchronized in "real time", but the data become identical within an acceptable time interval.
For More Information
This chapter provides information from an installation point of view. For in-depth information on replication, refer to the following guides:
For information on Oracle Internet Directory replication concepts and administration, refer to Oracle Internet Directory Administrator's Guide.
For information on Oracle Internet Directory replication deployment scenarios, refer to Oracle Identity Management Concepts and Deployment Planning Guide.
Types of Replication
There are two types of replication. During installation, you select the type of replication that you want.
In fan-out replication, one Oracle Internet Directory is the master, and the other Oracle Internet Directory instances are called the Oracle Internet Directory replicas.
Clients modify the data in the master Oracle Internet Directory only. The master then propagates the changes to the replicas. These replicas, in turn, can update other Oracle Internet Directory replicas.
Figure 9-1 Example of Fan-Out Replication (LDAP Replication)
In fan-out replication, Oracle Internet Directory instances use the LDAP protocol to communicate with each other. The Select Oracle Internet Directory Replication Mode screen in the installer uses the term LDAP Replication to refer to fan-out replication.
The procedure for installing a master Oracle Internet Directory is the same as installing a "regular" (non-replicated) Oracle Internet Directory.
The procedure for installing replicas is different. When installing a replica, you must select the High Availability and Replication option in the Select Configuration Options screen, and you need to provide connect information to the master Oracle Internet Directory.
The Oracle Application Server instance that runs the Oracle Internet Directory (master or replica) can also run other Oracle Application Server components, such as the OracleAS Metadata Repository, OracleAS Single Sign-On, Oracle Delegated Administration Services, and/or Oracle Directory Integration and Provisioning.
In multimaster replication, you have one or more master Oracle Internet Directory instances. You can also have other Oracle Internet Directory instances that are replicas. Clients can update data in any Oracle Internet Directory (master or replica). The Oracle Internet Directory instances propagate the changes among themselves.
Figure 9-2 Example of Multimaster Replication (Advanced Replication)
In multimaster replication, Oracle Internet Directory instances use the Oracle Database Advanced Replication protocol to communicate with each other. The Select Oracle Internet Directory Replication Mode screen in the installer uses the term Advanced Replication to refer to multimaster replication.
The procedure for installing a master Oracle Internet Directory is the same as installing a "regular" (non-replicated) Oracle Internet Directory.
The procedure for installing replicas is different. When installing a replica, you must select the High Availability and Replication option in the Select Configuration Options screen, and you need to provide connect information to the master Oracle Internet Directory.
The Oracle Application Server instance that runs the Oracle Internet Directory (master or replica) can also run other Oracle Application Server components, such as the OracleAS Metadata Repository, OracleAS Single Sign-On, Oracle Delegated Administration Services, and/or Oracle Directory Integration and Provisioning.
Check that you meet the following requirements for installing Oracle Internet Directory in replication mode:
Each Oracle Internet Directory, whether master or replica, needs its own OracleAS Metadata Repository. You can install it with a new OracleAS Metadata Repository, or against an existing OracleAS Metadata Repository.
If installing against an existing OracleAS Metadata Repository, you can create an existing OracleAS Metadata Repository in two different ways:
You can install it by selecting the OracleAS Metadata Repository option in the Select Installation Type screen.
You can install the OracleAS Metadata Repository in an existing database. Refer to Oracle Application Server Metadata Repository Creation Assistant User's Guide for details on how to load the OracleAS Metadata Repository in an existing database.
If you are installing against an existing OracleAS Metadata Repository, the OracleAS Metadata Repository must not be already registered with another Oracle Internet Directory. If you specify an OracleAS Metadata Repository that is already registered with an Oracle Internet Directory, the installer assumes you are installing a high availability environment, and it does not display the replication options.
To install Oracle Internet Directory in replicated mode, you need a master Oracle Internet Directory and one or more Oracle Internet Directory replicas. You install them in the following order:
Install the master Oracle Internet Directory first.
Install the Oracle Internet Directory replicas. The installer will prompt you to enter connect information for the master Oracle Internet Directory.
The procedure for installing a master Oracle Internet Directory is the same as installing a "regular" (non-replicated) Oracle Internet Directory. You can install the master Oracle Internet Directory against an existing database, or you can install it with a new database.
Note:
|
You can use any of the procedures in Chapter 6, "Installing OracleAS Infrastructure" to install a master Oracle Internet Directory. Examples:
To install a master Oracle Internet Directory with a new database, follow the procedure in Section 6.20, "Installing OracleAS Infrastructure".
To install a master Oracle Internet Directory with an existing database, follow the procedure in Section 6.23, "Installing Oracle Identity Management Components Only (Including Oracle Internet Directory)" or Section 6.25, "Installing Oracle Internet Directory Only".
You can also install a master Oracle Internet Directory in high availability environments. Refer to Chapter 11, "Installing in High Availability Environments: OracleAS Cold Failover Cluster" and Chapter 12, "Installing in High Availability Environments: OracleAS Cluster (Identity Management)" for details.
You can install an Oracle Internet Directory replica against an existing database, or you can install it with a new database.
Contents of this section:
Section 9.5.2, "Installing an Oracle Internet Directory Replica with a New Database"
Section 9.5.3, "Installing an Oracle Internet Directory Replica against an Existing Database"
When installing an Oracle Internet Directory replica, remember the following:
In the Select Configuration Options screen, you must select Oracle Internet Directory and High Availability and Replication.
In the Select High Availability Option screen, select Replication.
When the installer prompts you to enter connect information for the master Oracle Internet Directory, you need to connect as the Oracle Internet Directory superuser (cn=orcladmin
). You need to know the password for the superuser.
The master Oracle Internet Directory must not already contain a registration for a database with the same global database name or SID as the OracleAS Metadata Repository to be used for the replica.
The OracleAS Metadata Repository for the replica cannot already be registered with any Oracle Internet Directory.
Follow these steps to install an Oracle Internet Directory replica with a new database:
Table 9-1 Installing an Oracle Internet Directory Replica with a New Database
|
Screen | Action |
---|---|---|
1. |
-- |
Start up the installer and complete the first few screens. Refer to Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details. Notes:
|
2. |
Select Configuration Options |
Select Oracle Internet Directory. Select High Availability and Replication. The other options on this screen are optional: Select OracleAS Single Sign-On, OracleAS Delegated Administration Services, OracleAS Directory Integration and Provisioning, and/or OracleAS Certificate Authority (OCA) if you need these components. Click Next. |
3. |
Specify Port Configuration Options |
If you want to use default ports for the components, select Automatic. If you do not want to use the default ports, and you have created a Click Next. |
4. |
Select High Availability Option |
This screen is required to install a replica. This screen appears only if you selected High Availability and Replication in the Select Configuration Options screen. Select Replication, and click Next. |
5. |
Select Oracle Internet Directory Replication Mode |
Select LDAP Replication if you want fan-out replication. Select Advanced Replication if you want multimaster replication. Click Next. |
6. |
Specify Oracle Internet Directory Master Node |
Hostname: Enter the name of the computer running the master Oracle Internet Directory. Port: Enter the port at which the master Oracle Internet Directory is listening. Do not select Use only SSL connections with this Oracle Internet Directory. If you want Oracle Internet Directory to run in SSL-only mode, you can make this configuration change after installation. Refer to Oracle Application Server Administrator's Guide for details. Click Next. |
7. |
Specify Master Oracle Internet Directory Login |
Username: Enter Password: Enter the password for the superuser. Click Next. |
8. |
Specify Namespace in Internet Directory |
Select the suggested namespace, or enter a custom namespace for the location of the default Oracle Identity Management realm. Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. Refer to Section 6.16, "What Do I Enter in the "Specify Namespace in Internet Directory" Screen?". Click Next. |
9. |
OCA screens |
If you selected OracleAS Certificate Authority (OCA) in the Select Configuration Options screen, the installer displays screens for configuring OCA. Refer to Section 6.30, "Install Fragment: OCA Screens" for details. |
10. |
Specify Database Configuration Options |
Global Database Name: Enter a name for the OracleAS Metadata Repository database. Append the domain name of your computer to the database name. Example: Note: Ensure that the master Oracle Internet Directory does not already contain a registration for a database with the same global database name or SID. (The installer checks this for you.) SID: Enter the system identifier for the OracleAS Metadata Repository database. Typically this is the same as the global database name, but without the domain name. The SID must be unique across all databases. The SID cannot be longer than eight characters. Example: Select Database Character Set: Select the character set to use. Specify Database File Location: Enter the full path to the parent directory for the data files directory. This parent directory must already exist, and you must have write permissions in this directory. The installer will create a subdirectory in this parent directory, and the subdirectory will have the same name as the SID. The data files will be placed in this subdirectory. Example: If you enter Click Next. |
11. |
Specify Database Schema Passwords |
Set the passwords for these privileged database schemas: SYS, SYSTEM, SYSMAN, and DBSNMP. You can set different passwords for each schema, or you can set the same password for all the schemas. Refer to Section 6.14, "Restrictions on the Passwords for the SYS, SYSTEM, SYSMAN, and DBSNMP Users" for rules on setting passwords for these accounts. Click Next. |
12. |
Specify Instance Name and ias_admin Password |
Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. Refer to Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details. Example: ias_admin Password and Confirm Password: Enter and confirm the password for the ias_admin user. This is the administrative user for this infrastructure instance. This password will also become the password for the following users:
Refer to Section 5.10, "The ias_admin User and Restrictions on its Password" for password requirements. Example: Click Next. |
13. |
-- |
Finish the installation. Refer to Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details. |
Follow these steps to install an Oracle Internet Directory replica against an existing database.
Table 9-2 Installing an Oracle Internet Directory Replica against an Existing Database
|
Screen | Action |
---|---|---|
1. |
-- |
Start up the installer and complete the first few screens. Refer to Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details. Note:
|
2. |
Select Configuration Options |
Select Oracle Internet Directory. Select High Availability and Replication. The other options on this screen are optional: Select OracleAS Single Sign-On, OracleAS Delegated Administration Services, OracleAS Directory Integration and Provisioning, and/or OracleAS Certificate Authority (OCA) if you need these components. Click Next. |
3. |
Specify Port Configuration Options |
If you want to use default ports for the components, select Automatic. If you do not want to use the default ports, and you have created a Click Next. |
4. |
Specify Repository |
Enter information for the OracleAS Metadata Repository that you want to use for the replica. Note:
Username: Enter the username to use to log in to the OracleAS Metadata Repository database. The user must have DBA privileges. Password: Enter the user's password. Hostname and Port: Enter the name of the computer where the database is running, and the port number at which it is listening. Use the format: Service Name: Enter the service name of the database. Note that the service name must include the database domain name. Example: Click Next. |
5. |
Select High Availability Option |
This screen is required to install a replica. If you do not see this screen, return to the Select Configuration Options screen and ensure you selected High Availability and Replication. Select Replication. Click Next. |
6. |
Select Oracle Internet Directory Replication Mode |
Select LDAP Replication if you want fan-out replication. Select Advanced Replication if you want multimaster replication. Click Next. |
7. |
Specify Oracle Internet Directory Master Node |
Hostname: Enter the name of the computer running the master Oracle Internet Directory. Port: Enter the port at which the master Oracle Internet Directory is listening. Do not select Use only SSL connections with this Oracle Internet Directory. If you want Oracle Internet Directory to run in SSL-only mode, you can make this configuration change after installation. Refer to Oracle Application Server Administrator's Guide for details. Click Next. |
8. |
Specify Master Oracle Internet Directory Login |
Username: Enter Password: Enter the password for the superuser. Click Next. |
9. |
Specify Namespace in Internet Directory |
Select the suggested namespace, or enter a custom namespace for the location of the default Oracle Identity Management realm. Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. Refer to Section 6.16, "What Do I Enter in the "Specify Namespace in Internet Directory" Screen?". Click Next. |
10. |
OCA screens |
If you selected OracleAS Certificate Authority (OCA) in the Select Configuration Options screen, the installer displays screens for configuring OCA. Refer to Section 6.30, "Install Fragment: OCA Screens" for details. |
11. |
Specify Instance Name and ias_admin Password |
Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. Refer to Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details. Example: ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. This password will also become the password for the following users:
Refer to Section 5.10, "The ias_admin User and Restrictions on its Password" for restrictions on the password. Example: Click Next. |
12. |
-- |
Finish the installation. Refer to Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details. |
To access OracleAS Single Sign-On or Oracle Delegated Administration Services on the replica node, you have to use the password for the orcladmin
user on the master Oracle Internet Directory, not the replica Oracle Internet Directory.
Example:
Enter the URL for OracleAS Single Sign-On or Oracle Delegated Administration Services in your browser:
For OracleAS Single Sign-On, the URL is: http://
host
:
port
/pls/orasso
.
For Oracle Delegated Administration Services, the URL is: http://
host
:
port
/oiddas
.
host specifies the name of the computer where you installed the Oracle Internet Directory replica.
port specifies the port number on which Oracle HTTP Server is listening.
To log in, enter orcladmin
as the user name and the password you entered when you installed the master Oracle Internet Directory. If you enter the password for the replica Oracle Internet Directory, the login will not succeed.