Presentation #36576 Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming Daniel T. Liu Senior Technical consultant First American Real Estate Solutions Date: Wednesday, September 10, 2003 @ 4:30 AM - 5:30 PM Place: Moscone Room 131
84
Embed
Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming
Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming. Daniel T. Liu Senior Technical consultant First American Real Estate Solutions. Date: Wednesday, September 10, 2003 @ 4:30 AM - 5:30 PM Place: Moscone Room 131. Agenda. Net Services Basics Connecting Methods - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Central Naming stored the names and address of all database services in a central place on a network.
Two popular methods:1. Oracle Names - Oracle proprietary software to store the service names on a network
2. Directory Naming - clients can use network information stored in a centralized LDAP- compliant directory server to access a database service (Oracle Internet Directory)
Paper #36576, Daniel T. Liu, FARES
16
Oracle Internet Directory Basics
• Directory• LDAP• Oracle Internet Directory (OID)• OID Terminology• OID Architecture• How Net Services Use A Directory Server
Paper #36576, Daniel T. Liu, FARES
17
Directory
• Primarily read-focused• Designed to handle relatively simple
transactions on relatively small units of data• Designed to be location-independent• Designed to store information in entries
Paper #36576, Daniel T. Liu, FARES
18
LDAP
• LDAP stands for Lightweight Directory Access Protocol
• It provides all users and applications in the enterprise with a single, well-defined, standard interface to a single, extensible directory
Paper #36576, Daniel T. Liu, FARES
19
LDAP
• It reduces the need to enter and coordinate redundant information in multiple services scattered across the enterprise
• Its well-defined protocol and interfaces make it more practical to deploy internet-ready applications that leverage the directory.
Paper #36576, Daniel T. Liu, FARES
20
Oracle Internet Directory (OID)
• A general-purpose directory service that enables fast retrieval and centralized management of information
• Full-featured LDAP Version 3 compliant directory service
• Major Benefits includes:– Scalability– High Availability– Security
Paper #36576, Daniel T. Liu, FARES
21
OID Terminology
• Entries• Distinguished Name (DN)• Directory Information Tree (DIT)• Relative Distinguished Name (RDN)• Attributes• Object Classes• Directory Schema• Naming Contexts
Paper #36576, Daniel T. Liu, FARES
22
Directory Information Tree
DIT ( Directory Inform ation Tree ) F igure 5
roo t
o=xyz com pany
c=us
ou=sa les
cn=John
ou=accountingou=m anufacturing
cn=T imcn=Larry
c=uk
cn=Jackcn=Tomcn=Anncn=M ary cn=D an
ou=m arketing
Paper #36576, Daniel T. Liu, FARES
23
OID Architecture
• Oracle Directory Server Instance• OID Monitor• OID Control Utility (OIDCTL)• Oracle9i Database
Paper #36576, Daniel T. Liu, FARES
24
OID Architecture
Figure 6
Oracle9i
O racle NetListener
Dispatcher
OID M onitor
O /S
OracleNet
LDAP Server Instance 2
OID ListenerDispatcher
OracleDirectory
Server
OracleDirectory
Server
OracleDirectoryM anager
OIDControlUtility
LDAP Server Instance 1
O ID ListenerDispatcher
OracleDirectory
Server
O/S
LDAP
OracleNet
Oracle Net
OracleNet
LDAP
Oracle Net
Paper #36576, Daniel T. Liu, FARES
25
How Net Services Uses A Directory Server
Figure 7
DIT
O ID RepositoryDatabase
OID Server
Oracle Net
DB1
Oracle NetListener
Net Services C lient
dc=com
dc=company
dc=O racleContext
Step 1S tep 3
Step 2
S tep 5
Step 4
S tep 4
DirectoryInform ation
Tree
DIT
Paper #36576, Daniel T. Liu, FARES
26
Step-By-Step Setup Of Oracle Internet Directory For Names Resolution
• Step #1: Planning the Network• Step #2: Installing OID Software• Step #3: Creating OID Repository Database
and OID Schema• Step #4: Starting OID Server
Paper #36576, Daniel T. Liu, FARES
27
Step-By-Step Setup Of Oracle Internet Directory For Names Resolution
• Step #5: Setting Up Directory Tree (Adding New Entry For Naming Context)
• Step #6: Setting Up An Oracle Context• Step #7: Adding Service Names To OID• Step #8: Setting Up The Client Machine
Paper #36576, Daniel T. Liu, FARES
28
Step #1: Planning The Network
1. Understanding the different version of Oracle Internet Directory
Oracle Internet Directory Database2.0.6 8.1.62.1.1 8.1.73.0.1 9.0.1
– List of all the network domains– Oracle database servers within each domain– Oracle instances and listeners running on each
server– Number of Oracle Clients
Paper #36576, Daniel T. Liu, FARES
30
Step #1: Planning The Network
3. Planning the Directory Tree– Single domain called “company.com”– 6 Oracle instances registered
Figure 8
dc=com
dc=com pany
dc=O racleC ontext
cn=db1 cn=db3 cn=db7cn=db6cn=db5cn=db4
Paper #36576, Daniel T. Liu, FARES
31
Step #2: Installing OID Software
1. Read the Installation Guide2. Prepare the environment
- PATH- ORACLE_BASE- ORACLE_HOME- NLS_LANG- PORT 389 is not in use by another process
3. Mount the CD and bring up the Universal Installer
Paper #36576, Daniel T. Liu, FARES
32
Step #2: Installing OID Software
4. Choose installation type:- “Management and Integration” option- Then, “Oracle Internet Directory” option
5. Choose install OID schema on:- An existing database- Or, a new independent database (preferred)
6. In “Summary” window, review information7. Click “Install”, file copy process begins.
Paper #36576, Daniel T. Liu, FARES
33
Step #3: Creating OID Repository Database and OID Schema
1. The “Configuration Tools” window appears at the end of installation
2. The Universal Installer will first create and start an OID database instance
3. Then, it creates OID schema and objects.- $ORACLE_HOME/ldap/admin/newldap.sql
4. Choose “Exit” and review log file for any installation errors
Paper #36576, Daniel T. Liu, FARES
34
Step #4: Starting OID Server
1. After successfully completing the installation, the default OID Monitor Daemon and LDAP Server Instance will already be running against OID database instance
2. To start manually:- oidmon connect=<net_service_name> start- Oidctl connect=<net_service_name> server=oidldapd
instance=1 start
Paper #36576, Daniel T. Liu, FARES
35
Paper #36576, Daniel T. Liu, FARES
36
Paper #36576, Daniel T. Liu, FARES
37
Paper #36576, Daniel T. Liu, FARES
38
Paper #36576, Daniel T. Liu, FARES
39
Paper #36576, Daniel T. Liu, FARES
40
Paper #36576, Daniel T. Liu, FARES
41
Paper #36576, Daniel T. Liu, FARES
42
Paper #36576, Daniel T. Liu, FARES
43
Paper #36576, Daniel T. Liu, FARES
44
Paper #36576, Daniel T. Liu, FARES
45
Paper #36576, Daniel T. Liu, FARES
46
Step #5: Setting Up Directory Tree
1. Invoke the Oracle Directory Manager2. Type user name and password
(orcladmin/welcome)3. Create new admin user if needed
- Grant “Browse, Add, Delete” access rights
4. Create the Naming Context- Add new entry “dc=com”- Add new entry “dc=company” under “dc=com”
Paper #36576, Daniel T. Liu, FARES
47
Paper #36576, Daniel T. Liu, FARES
48
Paper #36576, Daniel T. Liu, FARES
49
Paper #36576, Daniel T. Liu, FARES
50
Paper #36576, Daniel T. Liu, FARES
51
Paper #36576, Daniel T. Liu, FARES
52
Paper #36576, Daniel T. Liu, FARES
53
Paper #36576, Daniel T. Liu, FARES
54
Paper #36576, Daniel T. Liu, FARES
55
Paper #36576, Daniel T. Liu, FARES
56
Paper #36576, Daniel T. Liu, FARES
57
Step #6: Setting Up Oracle Context
1. Start the Net Configuration Assistant2. Choose “Directory Service Access
Configuration” option3. Choose “Create a new Oracle Context”4. Choose “Oracle Internet Directory”5. Enter LDAP server location
Paper #36576, Daniel T. Liu, FARES
58
Step #6: Setting Up Oracle Context
6. Enter an administrative context in which to create the Oracle Context. In our case, it is “dc=company,dc=com”
7. Enter user name and password (cn=orcladmin/welcome)
8. The authenticated user is added to the following groups
Net Service Names.3. Enter username and password.4. “Directory Server Migration Wizard”
starts, Click Next.
Paper #36576, Daniel T. Liu, FARES
76
Migrating From Local Naming
5. The “Select Net Service Names” window appears. From the list, select the network domain.
6. The “Select Destination Context” window appears. Select the Directory Naming Context that contains the Oracle Context from the Directory Naming list.
Paper #36576, Daniel T. Liu, FARES
77
Migrating From Local Naming
7. Click “Next”. The wizard exports the net service names.
8. Click “Finish” to complete the directory Server Migration wizard. Now OID has all the database connecting information loaded.
Paper #36576, Daniel T. Liu, FARES
78
Migrating From Oracle Names Server
Method #1: Direct Export1. Go to the Oracle Names Server, dump the
service address information to a tnsnames.ora file.
- NAMSCTL> dump_tnsnames2. Transfer the file to the LDAP server.
- ftp ldapserver.company.com- Put tnsnames.ora
3. Load the net service information.
Paper #36576, Daniel T. Liu, FARES
79
Migrating From Oracle Names Server
Method #2: In-Direct Export1. Run DUMP_LDAP from Oracle name
Server.- NAMESCTL> dump_ldap company.com –f
sample.ldif
2. Go to LDAP server, run the “ldapadd” command.
Paper #36576, Daniel T. Liu, FARES
80
Migrating By Proxy
• Oracle Client version is 8.1.5 or earlier.• Use Oracle Names LDAP proxy server.• See article “Migration by Proxy” in May
2001 of Oracle Magazine for details.
Paper #36576, Daniel T. Liu, FARES
81
Summary
• Net Services Basics.• Connection Methods:• Directory• LDAP• Oracle Internet Directory (OID)• OID Terminology and Architecture.
Paper #36576, Daniel T. Liu, FARES
82
Summary
• How Net Services saved in Directory Server.
• Step-by-Step setup of Directory Naming using Oracle Internet Directory.
• Migrating from Local Naming.• Migrating from Oracle Names Server.
Paper #36576, Daniel T. Liu, FARES
83
ReferencesOracle9i Net Services. Release 1 (9.0.1);Oracle Internet Directory, Administrator’s Guide. Release 3.0.1;Oracle Internet Directory, Administrator’s Guide. Release 2.1.1;Net8: A Step-by-Step Setup of Oracle Names Server; Oracle Open World
2000;POracle Metalink and support papers numbers:Note: 157892.1, Quick Start Guild: Oracle Internet Directory Installation
3.0.1;Note: 112763.1, Example of LDAP setup for Net8 Administration;Note: 120717.1, Net*8 LDAP Naming: Adding TNS Service Names to an OID.
Reprinted from Oracle Internals
I would also like to acknowledge the assistance of Bob Polak of the Allant Group, Ann Collins, Larry Bailey, Husam Tomeh and Archana Sharma of FARES, and Roger Peterson of Oracle.
Paper #36576, Daniel T. Liu, FARES
84
Thanks For Coming !!Daniel Liu Contact Information