Thank you for your feedback!Categories
As of 11g Release 1 (11.1.1), LDAP-based replication can be used for multimaster replication as well as one-way and two-way replication. As a result, Oracle Database Advanced Replication-based replication is less important than it was in 10g (10.1.4.0.1). The only time you must use Advanced Replication in 11g Release 1 (11.1.1) is when you have Oracle Single Sign-On configured on the same machine and you want to replicate Oracle Single Sign-On data as well as Oracle Internet Directory data.
This appendix contains the following sections:
Note:
All references to Oracle Single Sign-On and Oracle Delegated Administration Services in this appendix refer to Oracle Single Sign-On 10g (10.1.4.3.0) or later and Oracle Delegated Administration Services 10g (10.1.4.3.0) or later.In 11g Release 1 (11.1.1), you must use the command line to set up Advanced Replication. You can use the Replication Wizard in Oracle Enterprise Manager Fusion Middleware Control only for setting up LDAP-based replication.
If you are using Oracle Database Advanced Replication-based replication, all nodes in a directory replication group must be running the same version of Oracle Database.
This section describes rules and best practices to follow when setting up Advanced Replication for partial replication. It contains the following topics:
See Also:
"Content to be Replicated: Full or Partial"
.In Advanced Replication, you can only exclude naming contexts.
To exclude a naming context from replication in Oracle Database Advanced Replication-based replication, specify it using the orclexcludednamingcontext attribute of the Oracle Database Advanced Replicationn-based replication agreement entry orclagreementid=000001.
Figure C-1 and the accompanying text further exemplify the use of the naming context container and its objects.
In Figure C-1, the naming context included for replication is c=us. Within that naming context, one subtree, namely cn=users,cn=hr, c=us is excluded from replication. Moreover, two of the attributes of the c=us naming context are excluded from replication—namely, userPassword and telephonenumber.
This section describes the rules for Advanced Replication filtering.
The following naming contexts cannot be replicated:
DSE root-specific entry
orclagreementid=000001,cn=replication configuration
cn=subconfigsubentry
cn=Oracle Internet Directory
cn=subregistrysubentry
The following naming contexts cannot be excluded from replication:
cn=catalogs
cn=subschemasubentry
cn=oracleschemaversion
cn=replication configuration
This section tells you how to configure multimaster replication groups, and how to resolve conflicts manually in them. It contains these topics:
Setting Up an Advanced Replication-Based Multimaster Replication Group
Adding a Node for Advanced Replication-Based Multimaster Replication
See Also:
The chapters on Multimaster Replication in Oracle Fusion Middleware High Availability GuideThe following nine rules apply to replication based on Advanced Replication (sometimes referred to as ASR):
In this type of Directory Replication Group (DRG), there must be one node identified as the Master Definition Site (MDS): this is the group master. All other nodes taking part in the replication are replicas, which in database replication are termed "Remote Master Sites" (RMS).
Note:
Even though it is not the central master, an Oracle Database Advanced Replication-based replica is sometimes called a remote master site (RMS), due to two facts. The first is that in Advanced Replication, when information is moved from one site to another, the recipient of the transferred information is called a "remote master site." The second fact is that independent changes made directly to an Oracle Database Advanced Replication-based replica are also replicated to all members of its group, making it a "master" during that interaction. Such a group, in which changes to any member are replicated to all other members, is called a multimaster replication group.When you configure Multimaster replication, the master node for a Directory Replication Group (DRG) and each node that is to become an Oracle Database Advanced Replication-based replica must be initially empty, that is, a new Oracle Internet Directory installation.
Note:
If the Master node is not a new installation, use the procedure described in "Adding a Node for Advanced Replication-Based Multimaster Replication" to add replicas. That procedure also initializes the replication group.When you add an Oracle Database Advanced Replication-based replica, the new replica must be empty. That is, Oracle Internet Directory must be newly installed.
The sponsor node for each Oracle Database Advanced Replication-based replica can be any of the following:
A master node
An Oracle Database Advanced Replication-based replica of an existing multi-master DRG
A supplier of an LDAP replica that is not a consumer LDAP replica of any other LDAP replica
An Oracle Database Advanced Replication-based replica cannot be a consumer of an LDAP replica.
In Oracle Internet Directory 11g Release 1 (11.1.1), a node cannot be part of more than one multimaster replication group.
The data replicated between servers in a directory replication group does not include DSE root-specific data, server configuration data, and replication agreement data.
When an multimaster replication group is configured, the Oracle Single Sign-On database schema is automatically configured in replication.
When you add a node to a DRG, it must be running the same version of Oracle Internet Directory as the other nodes in the DRG. If you want to add a new 10g (10.1.4.0.1) node to a DRG containing nodes at an earlier release, first upgrade all existing nodes to 10g (10.1.4.0.1).
This section discusses the general tasks you perform when installing and setting up a multimaster replication group. It contains these topics:
Task 1: Install Oracle Internet Directory on the Master Definition Site (MDS)
Task 2: Install the Oracle Internet Directory on the Remote Master Sites (RMS)
Task 3: Set Up Advanced Replication for a Directory Replication Group
Task 5: Ensure that Oracle Directory Server Instances are Started on All the Nodes
Task 6: Start the Replication Servers on All Nodes in the DRG
Notes:
The instructions in this section apply to setting up replication in a group of empty nodes. They assume that there is no pre-existing directory data on any of the nodes in the DRG. For instructions on adding a node to an existing DRG, see "Adding a Node for Advanced Replication-Based Multimaster Replication".
During entry replication, the directory replication server does not always preserve the spaces between RDN components in the DN. In some rare cases, it may not preserve the case of the letters in the DN.
Install Oracle Internet Directory on the master definition site, as described in Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
You must be able to use Oracle Net Services to connect to the master definition site database and all other nodes in the DRG.
Note:
During installation, make sure that each Oracle Internet Directory database instance name is unique on each machine.Install Oracle Internet Directory on the remote master sites, as described in Oracle Fusion Middleware Installation Guide for Oracle Identity Management
Although Oracle recommends starting with empty replicas, you can set up replication using machines initially configured as masters rather than replicas. To use a machine initially configured as a master as an RMS, you must first migrate its metadata to the MDS, as follows:
Make sure the Oracle Internet Directory server is up and running on both the MDS and each such desired replica so that the process (remtool –backupmetadata) can succeed.
From the newly created node, run the following command:
remtool –backupmetadata \ –replica "new_node_host:new_node_port" \ –master "master_host:master_port"
where master_host:master_port are the hostname and port number for the desired replica's supplier. you are prompted for the replication DN password.
Note:
If Oracle Delegated Administration Services is not configured, you might see an error message similar to this when you run
Sign In
remtool with the -backupmetadata option:
Failed to add "orclApplicationCommonName=ias.example.com, cn=IAS Instances, cn=IAS, cn=Products, cn=OracleContext" as "uniquemember" to entry "cn=Associated Mid-tiers, orclapplicationcommonname=DASApp, cn=DAS,cn=products, cn=OracleContext at replica ldap://myhost:3060
Please ignore this error message.
Apart from loading the metadata into master replica, this tool creates a file named ocbkup.new_replica_id.TO.master_replicaid.timestamp.dat containing the metadata as backup. This file is created under the ORACLE_INSTANCE /diagnostics/logs/OID/tools directory. This file contains the changes made to master replica in LDIF format, a copy of SSO container entry [orclApplicationCommonName=ORASSO_SSOSERVER, cn=SSO, cn=Products, cn=OracleContext] and DAS URL container entry [cn=OperationURLs, cn=DAS, cn=Products, cn=OracleContext].
If the metadata backup succeeds, it displays a message in the terminal:
Backup of metadata will be stored in
ORACLE_INSTANCE/diagnostics/logs/OID/tools/ocbkup.replicaid_pilot.TO.replcicaid_master.timestamp.ldif.
Metadata copied successfully.
The message contains the actual path of ORACLE_INSTANCE and the filename.
If an error occurs during this operation, remtool reports the error in the terminal from which it was invoked. The error messages are also logged in ORACLE_INSTANCE/diagnostics/logs/OID/tools/remtool.log file.
After successfully migrating the master's metadata to the MDS, you can now safely continue with "Task 3: Set Up Advanced Replication for a Directory Replication Group" .
The following sections lead you through installing and setting up Advanced Replication by using the Replication Management Tool.
See Also:
Oracle Database Advanced Replication in the Oracle Database Documentation Library, and the online Help for the Replication Management Tool, for information on setting up Oracle Database Advanced Replication-based replication.To establish a directory replication group (DRG), you must configure the Advanced Replication environment by performing the tasks discussed in these topics:
On All Nodes, Prepare the Oracle Net Services Environment for Replication
From the MDS, Configure Advanced Replication For Directory Replication
For each node in the directory replication group, perform the steps listed here. (Each step is described more fully in the subsections that directly follow this list.)
To prepare the Oracle Net Services environment for replication:
The sqlnet.ora file should contain the following parameters at minimum:
names.directory_path = (TNSNAMES)
names.default_domain = global_database_domain
On UNIX, the sqlnet.ora file is in ORACLE_INSTANCE/network/admin.
On Microsoft Windows, the sqlnet.ora file is in %ORACLE_HOME%\network\admin.
Configure tnsnames.ora in each Oracle Internet Directory ORACLE_INSTANCE and Oracle Database ORACLE_INSTANCE.
On each node in the DRG, define all Oracle Internet Directory database instances in the DRG. Each tnsnames.ora file, in the Oracle Internet Directory ORACLE_INSTANCE and in the Oracle Database ORACLE_HOME, must contain connect descriptor information in the following format for each Oracle Internet Directory database:
net_service_name = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = HOST_NAME_OR_IP_ADDRESS) (PORT = port_no_of_listener)) (CONNECT_DATA =(service_name = service_name_of_database)))
where net_service_name is the global name of the database. For example, if the database global name is mds.sales.com, then your net_service_name must be mds.sales.com. Ensure that your database global name and your net_service_name are domain-qualified. In this example, the global name and net_service_name are domain-qualified with sales.com.
Notes:
The database global name is composed of the DB_NAME and DB_DOMAIN initialization parameters of your database. For example, if your database's DB_NAME is mds and DB_DOMAIN is sales.com, your database global name is mds.sales.com. The global name is not domain qualified if the DB_DOMAIN initialization parameter is not defined.
The value of the NAMES.DEFAULT_DOMAIN parameter in the sqlnet.ora file must match the value of the DB_DOMAIN initialization parameter of the database.
You must domain-qualify the net service name (for example, sales.com), but be sure that the domain component matches the one specified in the NAMES.DEFAULT_DOMAIN parameter in the sqlnet.ora file.
See Also:
Oracle Database Net Services Reference for more information ontnsnames.ora syntax.On UNIX, the tnsnames.ora file is in ORACLE_INSTANCE/config.
On Microsoft Windows, the tnsnames.ora file is in %ORACLE_INSTANCE%\config.
Stop and restart the listener, both in the Oracle Internet Directory ORACLE_HOME and in the Oracle Database ORACLE_HOME.
To stop the listener for the Oracle Internet Directory database, use the listener control utility, $ORACLE_HOME/bin/lsnrctl in the Oracle Database Oracle home. Type the following command at the lsnrctl command prompt:
SET PASSWORD
STOP [listener_name]
SET PASSWORD is required only if the password is set in the listener.ora file. you are prompted for the password to set. The default listener name is LISTENER.
To restart the listener for the Oracle Internet Directory database, type the following command at the lsnrctl command prompt:
START [listener_name]
quit
Test Oracle Net connections to all nodes from each node in the DRG.
IMPORTANT: Try to connect using both of these commands:
sqlplus ods@net_service_name_without_domain_name sqlplus ods@net_service_name_with_domain_name
you are prompted for the ods_password. If you cannot connect, then replication will not work.
To do this:
From the MDS console, connect as the system user on all nodes, including the MDS. Ensure the following on all nodes:
The Oracle Internet Directory database is running
The Oracle Internet Directory listener is running
The connect string is correct
The system password is correct
Ensure the following wallets exist on the remote sites:
A wallet for storing the password to the database designated for Oracle Internet Directory. This wallet is named oidpwdlldap1 and is located in the directory ORACLE_INSTANCE/OID/admin.
A wallet for storing the password of the replication administrator. This wallet is named oidpwdroracle_sid, and is located in the directory ORACLE_INSTANCE/OID/admin. (The oracle_sid is obtained from the connected database.)
If the wallets do not exist on a specific site, create them by typing the following command on the remote node:
oidpasswd connect=connect_string create_wallet=true
Check the prerequisites in the attached Note. Then, at a command prompt in the MDS, use remtool (the Replication Environment Management Tool) to configure Advanced Replication by running the following command:
$ORACLE_HOME/ldap/bin/remtool -asrsetup
See Also:
The remtool command-line tool reference in Oracle Fusion Middleware Reference for Oracle Identity Management for information about using the -asrsetup option of the Replication Environment Management Tool (remtool).
Oracle Database Administrator's Guide in the Oracle Database Documentation Library for instructions on ensuring that the database and listener are running
Oracle Database Net Services Administrator's Guide in the Oracle Database Documentation Library for instructions on ensuring that the connect string is correct
Notes:
If you encounter errors, then clean up the environment by using the -asrcleanup option of the Replication Environment Management Tool. Then repeat Step 3.
As part of "Task 3: Set Up Advanced Replication for a Directory Replication Group", the Replication Environment Management Tool (remtool) sets default values for the replication configuration parameters, which enables you to simply start the replication servers. If you want to change the replication configuration parameters, see. Chapter 41, "Managing and Monitoring Replication."
You can choose either of two ways to load data into the directory:
To add just a small number of entries to the DRG, you can wait until you have completely configured the DRG. Then use ldapadd to load the data to one of the nodes. The entries are then be replicated to the other nodes at the specified time.
To add a large amount of data to load into the DRG, use the bulkload utility:
Stop the LDAP server at all nodes of the DRG by typing:
opmnctl stopproc process-type=OID
On the node that is part of the DRG and where you have the ldif file to be loaded onto the directories, ensure that ORACLE_INSANCE is set, then enter:
bulkload connect="connect_string" check="TRUE" \ generate="TRUE" file="file_with_absolute_path_name"
Note:
If data is extracted from Oracle Internet Directory usingldifwrite, then, in addition to other options, use the restore="TRUE" option to restore the operational attributes.On the same node, ensure ORACLE_INSTANCE is set, then enter:
bulkload connect="connect_string_1" load="TRUE"
Repeat step c on the same node, each time replacing connect_string_1 with the connect string of another node in the DRG, until you have loaded the data onto all the nodes in the DRG. For example, enter:
bulkload connect="connect_string_2" load="TRUE"
then enter
bulkload connect="connect_string_3" load="TRUE"
and so on, until you loaded the data onto all the nodes in the DRG.
Notes:
See Also:
Thebulkload command-line tool reference in Oracle Fusion Middleware Reference for Oracle Identity Management for syntax and usage notesThe out-of-box configuration has Oracle Internet Directory LDAP Server instance #1 configured with change logging set to TRUE. This default instance of Oracle Internet Directory LDAP Server can be started as follows:
opmnctl startproc process-type=OID
To start replication servers on all nodes, type the following command on each node:
oidctl connect=connStr server=oidrepld instance=1 componentname=oidComponentName \ flags="-h LdapHost -p LdapPort" start
Note that the instance number need not be unique across the entire DRG.
Note:
If you are deploying a single master with read-only replica consumers, you can reduce performance overhead by turning off conflict resolution. To do so, change the value oforclconflresolution to 0 by using the following ldif file with ldapmodify:
dn: cn=configset0,cn=osdrepld,cn=subconfigsubentry changetype: modify replace: orclconflresolution orclconflresolution: 0
See Also:
Chapter 4, "Understanding Process Control of Oracle Internet Directory Components" for information on Oracle Internet Directory process control.
Test replication as described in
Note:
If you want to configure replication for Oracle Single Sign-On, then follow the postinstallation steps specific to Oracle Single Sign-On. These are found in the replication installation section of the Oracle Application Server Single Sign-On Administrator's Guide. in the 10g (10.1.4.0.1) library.Note:
A new node that you add to an existing multimaster replication group must have Oracle Internet Directory installed on it. For more information, see "Task 2: Install the Oracle Internet Directory on the Remote Master Sites (RMS)".You can add a node to a master node, or to an LDAP-based supplier replica that is not a consumer of any other LDAP based replicas, to form a multimaster DRG. When you do so, the steps in this section automatically perform an initial install and configuration of Advanced Replication.
To add a new replication node to a live, functioning replication group or to a master node of any significant size, perform the following steps:
Task 2: Identify a Sponsor Node and Install Oracle Internet Directory
Task 7: Start the Directory Replication Server on All Nodes Except the New Node
Task 10: Start the Directory Replication Server on the New Node
Note:
Commands shown in the following tasks require the following types of items to be stored as follows:Binaries: $ORACLE_HOME/bin
SQL scripts: $ORACLE_HOME/ldap/admin
UNIX scripts: $ORACLE_HOME/ldap/bin
Before beginning "Task 2: Identify a Sponsor Node and Install Oracle Internet Directory", be sure that all three of these types of items are in the path.
"On All Nodes, Prepare the Oracle Net Services Environment for Replication" describes the process that prepares this environment.
To stop the directory replication server, run the following command on each node in the LDAP replication group:
oidctl connect=connStr server=oidrepld instance=1 componentname=oidComponentName\ flags="-h LdapHost -p LdapPort" stop
You must identify a sponsor node for this Task. It is the node that supplies the data to the new node.
For the RMS, Oracle recommends that you install the new instance of Oracle Internet Directory as an Advanced Replication replica. (You could use an existing master node as the RMS, but extra manual steps are required.)
Install a new Oracle Internet Directory on the remote site.
If an existing master is used as RMS, you must follow the instructions in "If an Existing Master is Used as a Remote Master Site" to migrate the master's metadata to the sponsor node. After successfully migrating the master's metadata to the MDS, you can now safely continue with "Task 3: Switch the Sponsor Node to Read-Only Mode".
A sponsor node is the node that supplies the data to the new node. To switch the sponsor node from read/write to read-only mode, use one of the procedures in"Changing Server Mode"
Note:
While the sponsor node is in read-only mode, you may not make any updates to it. You may, however, update any of the other nodes, but those updates are not replicated immediately.Also, the sponsor node and the MDS may be the same node.
Because this may take a long time, you may start "Task 5: Perform Advanced Replication Add Node Setup" while backup is in process.
On the sponsor node, verify that ORACLE_INSTANCE is set, then enter the following command:
ldifwrite connect="connect_string" \ baseDN="orclAgreementID=000001,cn=replication configuration" \ file="output_ldif_file"
This backs up the directory of the sponsor node.
Note:
Oracle Net Service must be configured properly on all nodes for replication. See: "On All Nodes, Prepare the Oracle Net Services Environment for Replication".You can perform the Advanced Replication add node setup at the same time that you perform "Task 4: Back up the Sponsor Node by Using ldifwrite".
On the sponsor node, enter this command:
remtool -addnode
The Replication Environment Management Tool adds the node to the DRG.
Note:
When you run remtool -addnode to add the first Advanced Replication replica of a replication group, the tool does the initial replication setup for you, as if you had used remtool -asrsetup. You must specify the sponsor node's connect identifier when you use remtool -addnode.
When you use remtool -addnode, the operation might take a long time to complete, depending on the number of rows available in replicated tables and the network latency between the nodes. Use the -v option to view the progress of this operation.
If you encounter errors, then use the -asrverify option first. If it reports errors, then rectify them by using the -asrrectify option. Both -asrverify and -asrrectify list all nodes in the DRG. If the new node is in the list, remove the new node by running the Replication Environment Management tool with -delnode option. Then add the new node again using the -addnode option.
See Also:
Theremtool command-line reference in Oracle Fusion Middleware Reference for Oracle Identity Management for instructions on using the -addnode option of the Replication Environment Management ToolTo switch the sponsor node to updatable mode, use one of the procedures in "Changing Server Mode".
Note:
Task 6 is very similar to Task 3. The only difference is that theorclservermode parameter is being set back to Read/Write in this step.To start the directory replication server, type the following command on all nodes except the new node:
oidctl connect=connStr server=oidrepld instance=1 componentname=oidComponentName \ flags="-h LdapHost -p LdapPort" start
To ensure that no directory or replication processes are running on the new node, type:
opmnctl stopproc process-type=OID
To load data, ensure that ORACLE_INSTANCE is set, then type the following command on the new node:
bulkload connect="db_connect_string_of_new_node" check="TRUE" generate="TRUE" \ load="TRUE" restore="TRUE" \ file="absolute_path_to_the_ldif_file_generated_by_ldifwrite"
Note:
If you load data from an earlier version of Oracle Internet Directory, such as 10g Release 2 (10.1.2.0.2) onto a node running 10g (10.1.4.0.1), you must update the password policy entries as described in "Password Policy and Fan-out Replication".To start the directory server, type the following command on the new node:
opmnctl startproc process-type=OID
Note:
If you must change configuration or agreement parameters, see Chapter 41, "Managing and Monitoring Replication".To start the directory replication server, type the following command on the new node:
oidctl connect=connStr server=oidrepld instance=1 componentname=oidComponentName \ flags="-h LdapHost -p LdapPort" start
Notes:
If a directory server instance is participating in a replication agreement, do not use the bulkload tool to add data into the node. Instead, use ldapadd.
If Oracle Single Sign-On is desired in replication, then follow the postinstallation steps in the replication installation section of the Oracle Application Server Single Sign-On Administrator's Guide in the 10g (10.1.4.0.1) library.
At times, you may want to delete a node from a DRG (for example, if the addition of a new node did not fully succeed as a result of system errors).
To delete a replication node, perform the tasks described in these topics:
To stop the directory replication server, run the following command on each node in the DRG:
oidctl connect=connStr server=oidrepld instance=1 componentname=oidComponentName \ flags="-h LdapHost -p LdapPort" stop
On the node to be deleted, shut down Oracle Internet Directory.
opmnctl stopproc process-type=OID
See Also:
Theopmn command-line tool reference in Oracle Fusion Middleware Reference for Oracle Identity Management for more information about shutting down Oracle Internet Directory.From the MDS, run the following script:
remtool -delnode
The Replication Environment Management Tool deletes the node from the replication group.
See Also:
Theremtool command-line tool reference in Oracle Fusion Middleware Reference for Oracle Identity Management for instructions on using the -delnode option of the Replication Environment Management ToolThis process can take a long time, depending on your system resources and the size of your DRG. If you use the -v option, the tool keeps you informed of its progress.
Note:
If you encounter errors, then use the-asrverify option first. If it reports errors, then rectify them by using the -asrrectify option. Both -asrverify and -asrrectify list all nodes in the DRG. If the node to be deleted is in the list, then delete it by running the Replication Environment Management tool again, using the -delnode option.To start the directory replication server, type the following command on each of the remaining nodes of the DRG:
oidctl connect=connStr server=oidrepld instance=1 componentname=oidComponentName \ flags="-h LdapHost -p LdapPort" start
See Also:
Theopmn command-line tool reference in Oracle Fusion Middleware Reference for Oracle Identity Management