once you try to configure OIM 11gR2ps2 with OID after following the documentation you run into an issue where you run following command and see errors as below
LDAPConfigPostSetup.sh <MW_Home>/IAM_Home/server/ldap_config_util
you get following error
[Enter OIM admin password:]
javax.naming.NamingException: Config location must be a directory [Root exception is oracle.ods.virtualization.config.ConfigException: Config location must be a directory]
Unable to get either LDAP, OIM connection or LDAPSync is not enabled and reason is:Config location must be a directory
javax.management.InstanceNotFoundException: javax.management.InstanceNotFoundException: com.oracle:type=OVD,context=oim,name=AdaptersConfig.
this is because system is trying to look for OIM folder under OVD folder at
$DOMAIN_HOME/ config/ fmwconfig/ovd/oim
but see /default folder under /ovd and /oim folder does't exist
this happen because you are missing instructions to create libOVD that is required to have it after 11.1.1.3 version because you don't need to have OVD installed in order for LDAP sync. libOVD is created to do the syncing with OID and OIM.
here are oracle documentation that can be followed to create libOVD.
set ORACLE_HOME to $MIDDLEWARE_HOME/oracle_common
eg., /scratch/uday/work_100910/mw3727/oracle_common/
set WL_HOME to $MIDDLEWARE_HOME/wlserver_10.3
eg., /scratch/uday/work_100910/mw3727/wlserver_10.3/
JAVA_HOME to $BADE_HOME/jdk6
eg., /scratch/uday/work_100910/mw3727/jdk160_21/
Run "$MW_HOME/oracle_common/bin/libovdconfig.sh". This will create the directory structure containing OVD config files for OIM usecase & copy the config file templates. In the given example, the contextName is assumed to be "oim", in which case, the OVD configuration files would be created under "<DOMAIN_HOME>/config/fmwconfig/ovd/oim".
Actual command :
sh $MW_HOME/oracle_common/bin/libovdconfig.sh -domainPath <Full_Path_Domain> -contextName oim -host <AdminServer Host> -port <AdminServer port> -userName <AdminServer username>
NOTE : Since libOVD is included in OIM, both are deployed on the same web container, hence the Admin Server host and Admin Server port should be of the machine where OIM resides. It is not the one where OID is installed.
eg.,
sh $MW_HOME/oracle_common/bin/libovdconfig.sh -domainPath $MW_HOME/user_projects/domains/base_domain -contextName oim -host adcxyz.us.oracle.com -port 7001 -userName weblogic
Enter AdminServer Password:
Successfully created OVD config files
CSF Credential creation successful
Permission Grant successful
Successfully configured OVD MBeans
Run "$MW_HOME/oracle_common/bin/libovdadapterconfig.sh" or .bat, with template being "oim template". This will create adapters with the information that you give when running this script, based on the OIM template. In the given example, the contextName is assumed to be "oim".
Actual command :
sh $MW_HOME/oracle_common/bin/libovdadapterconfig.sh -domainPath <Full_Path_Domain> -contextName oim -host <AdminServer Host> -port <AdminServer port> -userName <AdminServer username> -adapterName <adapter_name> -adapterTemplate adapter_template_oim.xml -bindDN <LDAP BindDN> -createChangelogAdapter -dataStore <LDAP Directory Type> -ldapHost <LDAP Host> -ldapPort <LDAP port> -remoteBase <remote base> -root <virtual base>
NOTE :
2) In the parameters that you are passing while running the tool, value for -dataStore argument should be back-end directory type. Valid supported values for this parameter (when using the adapter_template_oim.xml) are OID, ACTIVE_DIRECTORY, IPLANET, OUD.
3) If you are using SSL port for the ldapPort, give the parameter '-enableSSL' in the libovdadapterconfig.sh/.bat command.
In addition, If the Backend LDAP server port is SSL, OIM user will need to use keytool to import the trusted certificate from the Backend LDAP server into Identity Virtualization Library(libOVD) keystore.
Follow the steps (3) & (4) as documented in
http://download.oracle.com/docs/cd/E15523_01/oid.1111/e10046/basic_adapters.htm#CHDBBFHA
eg., non SSL
sh $MW_HOME/oracle_common/bin/libovdadapterconfig.sh -domainPath $MW_HOME/user_projects/domains/base_domain -contextName oim -host adcxyz.us.oracle.com -port 7001 -userName weblogic -adapterName LDAP1 -adapterTemplate adapter_template_oim.xml -bindDN "cn=orcladmin" -createChangelogAdapter -dataStore OID -ldapHost adc11111111.us.oracle.com -ldapPort 3060 -remoteBase "dc=us,dc=oracle,dc=com" -root "dc=us,dc=oracle,dc=com"
Enter AdminServer Password:
Enter LDAP Server Password:
eg., SSL
sh $MW_HOME/oracle_common/bin/libovdadapterconfig.sh -domainPath $MW_HOME/user_projects/domains/base_domain -contextName oim -host adcxyz.us.oracle.com -port 7001 -userName weblogic -adapterName LDAP1 -adapterTemplate adapter_template_oim.xml -bindDN "cn=orcladmin" -createChangelogAdapter -dataStore OID -ldapHost adc11111111.us.oracle.com -ldapPort 3161 -enableSSL -remoteBase "dc=us,dc=oracle,dc=com" -root "dc=us,dc=oracle,dc=com"
Enter AdminServer Password:
Enter LDAP Server Password:
eg.,
cd /scratch/uday/work_100910/mw3727/user_projects/domains/imdomain989/bin/
./stopManagedWebLogic.sh oim_server1
./stopWebLogic.sh
./startWebLogic.sh
./startManagedWebLogic.sh oim_server1
In IAM view,
cd iam-build
ant stop-wls
ant start-wls
Login to OIM Advanced Console,
Under Configuration, click 'Manage IT Resource'.
Select the Resource Type : Directory Server.
Edit the IT Resource Configuration.
Enter the values for the 'Search Base' of the libOVD server and 'Reservation Container'.
eg.,
Search Base : dc=oracle,dc=com
Reservation Container : cn=reserve,dc=us,dc=oracle,dc=com
For SH, the installation,configuration tool would set these once the
appropriate server option is chosen (OVD or libOVD). Still the install
implementation has to be done.
Restart WLS server.
Try accessing the server and manage users and roles through OIM console.
To verify that the data is pushed to OID, verify through ODSM or JExplorer.
LDAPConfigPostSetup.sh <MW_Home>/IAM_Home/server/ldap_config_util
you get following error
[Enter OIM admin password:]
javax.naming.NamingException: Config location must be a directory [Root exception is oracle.ods.virtualization.config.ConfigException: Config location must be a directory]
Unable to get either LDAP, OIM connection or LDAPSync is not enabled and reason is:Config location must be a directory
javax.management.InstanceNotFoundException: javax.management.InstanceNotFoundException: com.oracle:type=OVD,context=oim,name=AdaptersConfig.
this is because system is trying to look for OIM folder under OVD folder at
$DOMAIN_HOME/ config/ fmwconfig/ovd/oim
but see /default folder under /ovd and /oim folder does't exist
this happen because you are missing instructions to create libOVD that is required to have it after 11.1.1.3 version because you don't need to have OVD installed in order for LDAP sync. libOVD is created to do the syncing with OID and OIM.
here are oracle documentation that can be followed to create libOVD.
Set these environment variables before executing the scripts to configure libOVD
set ORACLE_HOME to $MIDDLEWARE_HOME/oracle_common
eg., /scratch/uday/work_100910/mw3727/oracle_common/
set WL_HOME to $MIDDLEWARE_HOME/wlserver_10.3
eg., /scratch/uday/work_100910/mw3727/wlserver_10.3/
JAVA_HOME to $BADE_HOME/jdk6
eg., /scratch/uday/work_100910/mw3727/jdk160_21/
VI) Execute these scripts to configure libOVD. Pls. substitute to the appropriate information of your machine and directory path.
a) To create libOVD config files and layout the directory structure:
Run "$MW_HOME/oracle_common/bin/libovdconfig.sh". This will create the directory structure containing OVD config files for OIM usecase & copy the config file templates. In the given example, the contextName is assumed to be "oim", in which case, the OVD configuration files would be created under "<DOMAIN_HOME>/config/fmwconfig/ovd/oim".
Actual command :
sh $MW_HOME/oracle_common/bin/libovdconfig.sh -domainPath <Full_Path_Domain> -contextName oim -host <AdminServer Host> -port <AdminServer port> -userName <AdminServer username>
NOTE : Since libOVD is included in OIM, both are deployed on the same web container, hence the Admin Server host and Admin Server port should be of the machine where OIM resides. It is not the one where OID is installed.
eg.,
sh $MW_HOME/oracle_common/bin/libovdconfig.sh -domainPath $MW_HOME/user_projects/domains/base_domain -contextName oim -host adcxyz.us.oracle.com -port 7001 -userName weblogic
Enter AdminServer Password:
Successfully created OVD config files
CSF Credential creation successful
Permission Grant successful
Successfully configured OVD MBeans
b) To create User and Changelog adapter. (This will create adapters with the information that you give when running this script, based on the OIM template.): Type in a single line.
Run "$MW_HOME/oracle_common/bin/libovdadapterconfig.sh" or .bat, with template being "oim template". This will create adapters with the information that you give when running this script, based on the OIM template. In the given example, the contextName is assumed to be "oim".
Actual command :
sh $MW_HOME/oracle_common/bin/libovdadapterconfig.sh -domainPath <Full_Path_Domain> -contextName oim -host <AdminServer Host> -port <AdminServer port> -userName <AdminServer username> -adapterName <adapter_name> -adapterTemplate adapter_template_oim.xml -bindDN <LDAP BindDN> -createChangelogAdapter -dataStore <LDAP Directory Type> -ldapHost <LDAP Host> -ldapPort <LDAP port> -remoteBase <remote base> -root <virtual base>
NOTE :
1) Since libOVD is included in OIM, both are deployed on the same web container, hence the Admin Server host and Admin Server port should be of the machine where OIM resides. It is not the one where OID is installed.
2) In the parameters that you are passing while running the tool, value for -dataStore argument should be back-end directory type. Valid supported values for this parameter (when using the adapter_template_oim.xml) are OID, ACTIVE_DIRECTORY, IPLANET, OUD.
3) If you are using SSL port for the ldapPort, give the parameter '-enableSSL' in the libovdadapterconfig.sh/.bat command.
In addition, If the Backend LDAP server port is SSL, OIM user will need to use keytool to import the trusted certificate from the Backend LDAP server into Identity Virtualization Library(libOVD) keystore.
Follow the steps (3) & (4) as documented in
http://download.oracle.com/docs/cd/E15523_01/oid.1111/e10046/basic_adapters.htm#CHDBBFHA
eg., non SSL
sh $MW_HOME/oracle_common/bin/libovdadapterconfig.sh -domainPath $MW_HOME/user_projects/domains/base_domain -contextName oim -host adcxyz.us.oracle.com -port 7001 -userName weblogic -adapterName LDAP1 -adapterTemplate adapter_template_oim.xml -bindDN "cn=orcladmin" -createChangelogAdapter -dataStore OID -ldapHost adc11111111.us.oracle.com -ldapPort 3060 -remoteBase "dc=us,dc=oracle,dc=com" -root "dc=us,dc=oracle,dc=com"
Enter AdminServer Password:
Enter LDAP Server Password:
eg., SSL
sh $MW_HOME/oracle_common/bin/libovdadapterconfig.sh -domainPath $MW_HOME/user_projects/domains/base_domain -contextName oim -host adcxyz.us.oracle.com -port 7001 -userName weblogic -adapterName LDAP1 -adapterTemplate adapter_template_oim.xml -bindDN "cn=orcladmin" -createChangelogAdapter -dataStore OID -ldapHost adc11111111.us.oracle.com -ldapPort 3161 -enableSSL -remoteBase "dc=us,dc=oracle,dc=com" -root "dc=us,dc=oracle,dc=com"
Enter AdminServer Password:
Enter LDAP Server Password:
VII) Restart Webcontainer and OIM server
eg.,
cd /scratch/uday/work_100910/mw3727/user_projects/domains/imdomain989/bin/
./stopManagedWebLogic.sh oim_server1
./stopWebLogic.sh
./startWebLogic.sh
./startManagedWebLogic.sh oim_server1
In IAM view,
cd iam-build
ant stop-wls
ant start-wls
VIII) For now till the Installation and Configuration code is ready, do this to wire OIM to libOVD
Login to OIM Advanced Console,
Under Configuration, click 'Manage IT Resource'.
Select the Resource Type : Directory Server.
Edit the IT Resource Configuration.
Enter the values for the 'Search Base' of the libOVD server and 'Reservation Container'.
eg.,
Search Base : dc=oracle,dc=com
Reservation Container : cn=reserve,dc=us,dc=oracle,dc=com
For SH, the installation,configuration tool would set these once the
appropriate server option is chosen (OVD or libOVD). Still the install
implementation has to be done.
Restart WLS server.
Try accessing the server and manage users and roles through OIM console.
To verify that the data is pushed to OID, verify through ODSM or JExplorer.
No comments:
Post a Comment