10 Installing Oracle Single Sign-On and Oracle Delegated Administration Services Against Oracle Internet Directory

This chapter explains how to install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) against Oracle Internet Directory 11g Release 1 (11.1.1). It includes the following topics:

10.1 Using the inspre11.pl Script

You must use the inspre11.pl Perl script when installing Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) against Oracle Internet Directory 11g Release 1 (11.1.1). This topic describes how to use the inspre11.pl script.

The inspre11.pl script is located in the $OID11gR1_ORACLE_HOME/ldap/bin/ directory, where OID11gR1_ORACLE_HOME represents the location where Oracle Internet Directory 11g Release 1 (11.1.1) is installed. Perl is located in the $OID11gR1_ORACLE_HOME/perl/bin/ directory.

Before you execute the inspre11.pl script, you must set the following environment variables:

  • ORACLE_INSTANCE to the Oracle Internet Directory 11g Release 1 (11.1.1) Oracle Instance location.

  • ORACLE_HOME to the Oracle Internet Directory 11g Release 1 (11.1.1) Oracle Home location.

The following is the syntax for the inspre11.pl script:

$OID11gR1_ORACLE_HOME/perl/bin/perl \
$OID11gR1_ORACLE_HOME/ldap/bin/inspre11.pl OID_HOST OID_PORT {-ssl | -nonssl} \
OID_COMPONENT DB_CONNECT_STRING ODS_PASSWORD ORCLADMIN_PASSWORD \
{-op1 | -op2 | -op3}

The following list defines each of the options for the inspre11.pl script:

OID_HOST

The name of the Oracle WebLogic Server where Oracle Internet Directory is installed.

OID_PORT

The SSL or non-SSL Oracle Internet Directory port.

-ssl

Indicates the port identified by OID_PORT is the Oracle Internet Directory SSL port.

-nonssl

Indicates the port identified by OID_PORT is the Oracle Internet Directory non-SSL port.

OID_COMPONENT

The name of the Oracle Internet Directory component, such as oid1. You can identify the name of the Oracle Internet Directory component using the $ORACLE_INSTANCE/bin/opmnctl status command.

DB_CONNECT_STRING

The connection string to the database for Oracle Internet Directory. The connection string must be in the following form: host:port:sid

ODS_PASSWORD

The password for the ODS schema.

ORCLADMIN_PASSWORD

The password for the Oracle Internet Directory administrator, which is typically cn=orcladmin.

-op1

Enables anonymous bind and disables entry caching.

-op2

Resets the Oracle Internet Directory version to allow you to install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.3.0). This option also sets the seealso attribute to point to the database identified by the DB_CONNECT_STRING option.

-op3

Sets the Oracle Internet Directory version back to 11g Release 1 (11.1.1) and enables entry caching.

10.2 Procedure

Perform the following steps to install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) against Oracle Internet Directory 11g Release 1 (11.1.1):

  1. Install Oracle Internet Directory 11g Release 1 (11.1.1). Refer to Chapter 5, "Installing and Configuring Oracle Internet Directory" for more information.

  2. Execute the inspre11.pl script with -op1. This will enable anonymous bind and allow the Oracle Application Server Metadata Repository Creation Assistant to load schema into the database for Oracle Single Sign-On and Oracle Delegated Administration Services. Execute the script as follows:

    $OID11gR1_ORACLE_HOME/perl/bin/perl \
    $OID11gR1_ORACLE_HOME/ldap/bin/inspre11.pl OID_HOST OID_PORT {-ssl | -nonssl} \
    OID_COMPONENT DB_CONNECT_STRING ODS_PASSWORD ORCLADMIN_PASSWORD -op1
    
  3. Use Oracle Application Server Metadata Repository Creation Assistant Release 10.1.4.3.0 to create and load Oracle Single Sign-On 10.1.4.0.1 schema in the database.

    Note:

    You can get Oracle Application Server Metadata Repository Creation Assistant Release 10.1.4.3.0 from the Oracle Technology Network (OTN) Web site. To access the OTN Web site, go to the following URL:

    http://www.oracle.com/technology/

    When you run Oracle Application Server Metadata Repository Creation Assistant Release 10.1.4.3.0:

    • Be sure to register the schema with Oracle Internet Directory using its SSL port.

    • You might receive error messages that some database session parameters do not have appropriate values. If you receive these errors, you should reset the parameters identified by Oracle Application Server Metadata Repository Creation Assistant, adhering to the minimum values that are given. After you reset the parameters, exit Oracle Application Server Metadata Repository Creation Assistant and start it again. If you used SPFILE as the scope in any of the alter commands, you may also have to restart the database.

    • Only the schema required for Oracle Single Sign-On will be loaded, not all schema.

  4. Reset the ODS password to the value that was set when Oracle Internet Directory was installed and restart Oracle Internet Directory. You must reset the password because it was randomized when you loaded the Oracle Single Sign-On 10.1.4.0.1 schema in the database.

    Perform the following steps:

    1. Use SQL*PLUS to connect the database as the SYS user.

    2. Change the ODS password using alter user ods identified by PASSWORD, where PASSWORD represents the ODS schema password before running the Oracle Application Server Metadata Repository Creation Assistant.

    3. Set the TNS_ADMIN environment variable to point to the $ORACLE_INSTANCE/config directory.

    4. Execute the following command, where CONNECT_STRING represents the directory database connect string. If you already have a tnsnames.ora file configured, then this is the net service name specified in that file, which is located by default in the ORACLE_HOME/config/ directory. You can set the TNS_ADMIN environment variable if you want to use a different location.

      $OID11gR1_ORACLE_HOME/ldap/bin/oidpasswd \
      connect=CONNECT_STRING create_wallet=true
      
    5. Restart Oracle Internet Directory.

  5. Execute the inspre11.pl script with -op2, which resets the Oracle Internet Directory version and allows you to install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1). The -op2 option will also verify the orcldirectoryversion attribute has a value of OID 10.1.4.0.1.

    Execute the script as follows:

    $OID11gR1_ORACLE_HOME/perl/bin/perl \
    $OID11gR1_ORACLE_HOME/ldap/bin/inspre11.pl OID_HOST OID_PORT {-ssl | -nonssl} \
    OID_COMPONENT DB_CONNECT_STRING ODS_PASSWORD ORCLADMIN_PASSWORD -op2
    
  6. Install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1).

    Note:

    You can get Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1) from the Oracle Technology Network (OTN) Web site. To access the OTN Web site, go to the following URL:

    http://www.oracle.com/technology/

    If you are installing Oracle Single Sign-On or Oracle Delegated Administration Services against a Release 11.x database, you must apply patch 5649850 for release 10.1.0.5 while you install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1).

    This patch allows Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1) to connect to a Release11.x database.

    When you install Oracle Single Sign-On and Oracle Delegated Administration Services, you should apply patch 5649850 before running the Configuration Assistant on Windows systems, or when you are prompted to run the root.sh script on UNIX systems.

    Note:

    You can get patch 5649850 for release 10.1.0.5 from My Oracle Support (formerly MetaLink), located at:

    http://metalink.oracle.com/

  7. Upgrade Oracle Single Sign-On and Oracle Delegated Administration Services to Release 10g (10.1.4.3.0) by applying the Oracle Identity Management 10g (10.1.4.3.0) Patch Set. You can get the Oracle Identity Management 10g (10.1.4.3.0) Patch Set from My Oracle Support (formerly MetaLink) by searching for Bug or Patch Number 7215628.

    You can access My Oracle Support (formerly MetaLink) at:

    http://metalink.oracle.com/

  8. Execute the inspre11.pl script with -op3, which sets the Oracle Internet Directory version back to 11g Release 1 (11.1.1). For example:

    $OID11gR1_ORACLE_HOME/perl/bin/perl \
    $OID11gR1_ORACLE_HOME/ldap/bin/inspre11.pl OID_HOST OID_PORT {-ssl | -nonssl} \
    OID_COMPONENT DB_CONNECT_STRING ODS_PASSWORD ORCLADMIN_PASSWORD -op3
    

10.3 Verifying Oracle Single Sign-On and Oracle Delegated Administration Services

Verify the Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) installation against Oracle Internet Directory 11g Release 1 (11.1.1) by logging in to Oracle Delegated Administration Services. You will be redirected to Oracle Single Sign-On and prompted to log in. If you have access to the Oracle Delegated Administration Services content after logging in to Oracle Single Sign-On, the installation against Oracle Internet Directory 11g Release 1 (11.1.1) was successful.

10.4 Getting Started After Installation

The following information describes how to get started after installing Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) against Oracle Internet Directory 11g Release 1 (11.1.1).

10.4.1 Getting Started with Oracle Single Sign-On Release 10g (10.1.4.3.0)

After installing Oracle Single Sign-On Release 10g (10.1.4.3.0) against Oracle Internet Directory 11g Release 1 (11.1.1) as described in this chapter, refer to the "Basic Administration" chapter in the Oracle Application Server Single Sign-On Administrator's Guide 10g Release 10.1.4.0.1 available at:

http://www.oracle.com/technology/documentation/oim1014.html

10.4.2 Getting Started with Oracle Delegated Administration Services Release 10g (10.1.4.3.0)

After installing Oracle Delegated Administration Services Release 10g (10.1.4.3.0) against Oracle Internet Directory 11g Release 1 (11.1.1) as described in this chapter, refer to the "Getting Started with Oracle Delegated Administration Services" chapter in the Oracle Identity Management Guide to Delegated Administration 10g Release 10.1.4.0.1 available at:

http://www.oracle.com/technology/documentation/oim1014.html