This chapter describe how to upgrade Oracle Internet Directory high availability environments that were supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4).
This chapter contains the following sections:
Summary of Oracle Internet Directory High Availability Upgrade Starting Points
Before You Begin Upgrading Your Oracle Identity Management High Availability Environment
The following high availability topologies are supported for upgrade from Oracle Identity Management 10g Release 2 (10.1.2) and 10g (10.1.4):
High Availability Topologies Based on a Distributed Identity Management Environment
High Availability Topologies Based on a Colocated Identity Management Environment
High Availability Environments Based on Standalone Oracle Internet Directory Instances
This type of topology is based on the Oracle Internet Directory and Oracle Directory Integration Platform components when they are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services.
This was the recommended topology for high availability environments in Oracle Application Server 10g. It is sometimes referred to as a distributed Oracle Identity Management environment or a non-colocated Identity Management environment.
Refer to Section 4.2.2, "Upgrading a Non-Colocated Identity Management Environment" for a description the single-node variant of a non-colocated Identify Management high availability environment.
This type of topology is based on the Oracle Internet Directory and Oracle Directory Integration Platform components when they are installed and configured in the same Oracle home as Oracle Single Sign-On and Oracle Delegated Administration Services.
This type of environment is referred to as a colocated Identity Management environment. For more information, refer to Section 4.2.1, "Upgrading a Colocated Identity Management Environment" for a description of a single-node variant of a colocated Identity Management high availability environment.
Because Oracle Single Sign-On and Oracle Delegated Administration Services are not available in Oracle Fusion Middleware 11g, the upgrade of this topology requires some additional steps.
This type of topology is based on Oracle Internet Directory when it is upgraded without an associated Oracle Directory Integration Platform instance.
This Oracle Internet Directory topology can be upgraded and associated with a local Oracle WebLogic Server domain, an existing remote domain, or with no Oracle WebLogic Server domain.
For more information, see Section 5.3.2.1, "When is Oracle WebLogic Server Required?".
Before you begin using the procedures in this chapter, note the following:
The procedures in this chapter typically involve two host computers. For the purposes of the examples in this chapter, the two hosts are referred to as IDMHOST1 and IDMHOST2.
Some of the examples in this chapter provide the commands required to perform particular tasks on a UNIX system. The commands for Windows are similar, but you would replace the environment variables with the Windows equivalent (for example, %ORACLE_HOME%).
Before you begin the upgrade procedures in this chapter, be sure the following prerequisites have been met.
Oracle Identity Management 10g Components Are Installed and Running on IDMHOST1
It is assumed that the Oracle Identity Management 10g components you are about to upgrade are installed and running on IDMHOST1. This is important because the Oracle Identity Management 11g components that you are upgrading must be installed on the same host as the Oracle Identity Management 10g components.
All Other Oracle Application Server 10g Instances That Use the Same Metadata Repository Are Stopped
Before you begin the upgrade, stop all the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances, except the instances that you are about to upgrade.
In addition, stop all the Oracle Application Server 10g instances that share the same OracleAS Metadata Repository as the Oracle Internet Directory instance you are about to upgrade. For example, if you have any Oracle Portal 10g or other Oracle Identity Management 10g instances running, be sure to stop those instances as well. This will ensure that no other Oracle Application Server components are accessing the repository during the upgrade.
All Instances of Oracle Enterprise Manager Are Stopped
Before you begin any of the high availability procedures documented in this chapter, be sure to stop all instances of Oracle Enterprise Manager that are managing the Oracle Internet Directory instances you are about to upgrade.
This step is important because Oracle Enterprise Manager Application Server Control sometimes accesses the Oracle Internet Directory schema (the ODS schema) when it monitors and configures the Oracle Internet Directory target. To avoid any possibility of conflict when you are upgrading the Oracle Internet Directory middle tier and schema, it is important to stop all instances of Oracle Enterprise Manager during the upgrade process.
For information on stopping and starting Application Server Control, refer to the Oracle Application Server Administrator's Guide in the Oracle Application Server 10g documentation library.
Load Balancer Is Configured to Route Only to Primary Instance
Before you begin the upgrade, make sure the load balancer virtual servers are routing requests only to the primary instance of the OracleAS Cluster (Identity Management) node.
The primary instance of the OracleAS Cluster is the first node where you installed Oracle Internet Directory.
Any Modifications to ias.properties Have Been Removed
If you have modified the ias.properties file in the Oracle Identity Management Oracle home to redefine port values, then you must update the ias.properties file with the actual, physical port values for each OID instance before upgrade.
Some organizations modify the ias.properties file, for example, to reference specific load balancer ports. If you performed such a customization, be sure to restore the ias.properties to its original state so it references the actual ports of the Oracle Internet Directory instances in your environment.
The Current Version of the Database is Supported by Oracle Fusion Middleware 11g
The procedures in this chapter assume you are storing the Oracle Internet Directory schema (the ODS schema) in a Real Application Clusters (RAC) database that has been upgraded to a database version supported by Oracle Fusion Middleware 11g.
For more information database requirements for upgrade, as well as additional upgrade information for Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware Upgrade Planning Guide.
This chapter describes how to upgrade Oracle Internet Directory high availability environments that were supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4).
High Availability Configurations for Administration Tools
This chapter does not provide information on configuring the administration tools (such as Oracle WebLogic Server Administration Console, Oracle Enterprise Manager Fusion Middleware Control, or Oracle Directory Services Manager) for high availability.
For information about the supported high availability topologies in Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware High Availability Guide.
Before you begin these procedures, review the procedures and prerequisites available in Chapter 5, "Upgrading Oracle Internet Directory Environments".
The procedures in this chapter assume your organization can support a limited amount of Identity Management downtime.
If your organization has no tolerance for Identity Management downtime, consider the following approach to the upgrade process:
Configure your existing Oracle Identity Management 10g environment using Oracle Internet Directory Advanced Replication.
Use the upgrade procedures in Section 10.3.2, "Upgrading One Replica at a Time".
When you implement Oracle Internet Directory Advanced Replication, you can route client traffic to one replica while upgrading the other replica. The result is an upgrade procedure that requires little or no downtime while each replica is upgraded.
For more information about using Oracle Internet Directory replication, refer to the following sections in the Oracle Internet Directory Administrator's Guide in the 10g (10.1.4) documentation library on the Oracle Technology Network (OTN):
"Oracle Internet Directory Replication Concepts"
"Oracle Internet Directory Replication Installation and Configuration"
The Oracle Identity Management 10g (10.1.4) documentation library is available on OTN at the following URL:
http://www.oracle.com/technetwork/documentation/oim1014-097544.html
Perform the following tasks to upgrade an Oracle Internet Directory and Oracle Directory Integration Platform high availability environment when both components are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services:
Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home
Task 6: On IDMHOST2, Install Oracle WebLogic Server and Create the Middleware Home
Task 8: Copy the Oracle Directory Integration Platform Directory from IDMHOST1 to IDMHOST2
Task 9: On IDMHOST2, Set the Anonymous Bind Property to Allow
Task 11: Verify That the Components Are Up and Running on IDMHOST2
For information on installing the Oracle WebLogic Server, see "Preparing for Installation" and "Running the Installation Program in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory 11g on IDMHOST1, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.7.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:
Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.
Enter the following command to start the Upgrade Assistant.
On UNIX system:
./ua
On Windows systems:
ua.bat
The Upgrade Assistant displays the Welcome screen.
Click Next to display the Specify Operation screen.
Select Upgrade Identity Management Instance on the Specify Operation screen.
Refer to Table 8-1 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.
After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:
Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.
Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.
Provides a progress screen so you can see the status of the upgrade as it proceeds.
Alerts you of any errors or problems that occur during the upgrade.
See Also:
"Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant
Displays the End of Upgrade screen, which confirms that the upgrade was complete.
Exit the Upgrade Assistant.
Table 8-1 Upgrade Assistant Screens That Require Input During an Oracle Internet Directory and Oracle Directory Integration Platform Upgrade
| Upgrade Assistant Screen | Description | 
|---|---|
| Specify Source Home | Select the 10g Release 2 (10.1.2) or 10g (10.1.4) source Oracle home. If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide. | 
| Specify Destination Instance | Enter the complete path to the 11g Oracle instance, or click Browse to locate the instance directory. | 
| Specify WebLogic Server | Enter the host and Administration Server port for the Oracle WebLogic Server you configured in "Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home". Note this information is required if you are upgrading Oracle Directory Integration Platform. It is also required if you associated your Oracle Internet Directory 11g installation with Oracle WebLogic Server. | 
| Warning Dialog Box | The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance. This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home. If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance. | 
| Specify Upgrade Options | Select the upgrade options you want to apply to the Oracle Identity Management upgrade: 
 Click Help to display more information about the upgrade options on this screen. | 
| Specify OID Details | Use this screen to enter the details required to connect to the Oracle Internet Directory 10g instance, including the physical host and the password to the Oracle Internet Directory super user account ( For more information, click Help. | 
| Specify Database Details | Use this screen to enter the details required to connect to the database where the Oracle Identity Management schemas reside, including the host, service name, port, and SYS password for the database. Note the following important information about this screen: 
 | 
| Root action required screen | This is only if you are using privileged port on a UNIX system. A configuration script needs to be run as root before upgrade can proceed. Leaving this window open, open another window, and run the  When the script has completed, return to the Upgrade Assistant and click OK. | 
After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform instances to 11g, update the dip-config.xml file so it references the Oracle Internet Directory Virtual Host Name (for example, oid.mycompany.com), which is associated with the load balancer that is directing traffic to your Oracle Internet Directory instances.
If the load balancer/virtual host has a different port value than the Oracle Internet Directory physical port value, then you must also change the port.
This task is accomplished using the manageDIPServerConfig command, as described in the following procedure.
Use the following procedure perform this step on IDMHOST1:
Make a backup of the dip-config.xml file, which is located under the following directory:
MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers
       /wls_ods1/applications/DIP_11.1.1.2.0/configuration/
Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries.
For example:
export ORACLE_HOME=/u01/app/oracle/product/11g/mw_home/idm
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server. For example:
export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
Run the following command to update the value of the Oracle Internet Directory host and port:
ORACLE_HOME/bin/manageDIPServerConfig set -h hostName -p port -D wlsuser -attr oidhostport -val OIDVIRTUALHOSTNAME:PORT
For example, on IDMHOST1, the command and output are shown below:
ORACLE_HOME/bin/manageDIPServerConfig set
      -h idmhost1.mycompany.com 
      -p 7005 
      -D weblogic 
      -attr oidhostport 
      val oid.mycompany.com:636
      [Weblogic user password]
      Connection parameters initialized.
      Connecting at idmhost1.mycompany.com:7005, with userid "weblogic"..
      Connected successfully
      The attribute oidhostport is successfully changed to value
      oid.mycompany.com:636
Using the WebLogic Server Administration Console, stop and start the wls_ods1 managed server.
Use the following OPMN command to verify that Oracle Internet Directory is up and running:
ORACLE_INSTANCE/opmnctl status
The output of the command should be similar to the following example:
Processes in Instance: oid_instance1 ---------------------------------+--------------------+---------+--------- ias-component | process-type | pid | status ---------------------------------+--------------------+---------+--------- oid1 | oidldapd | 31394 | Alive oid1 | oidldapd | 31392 | Alive oid1 | oidmon | 31384 | Alive
Use the ldapbind command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind tool enables you to determine whether you can authenticate a client to a server.
For non-SSL:
ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q ldapbind -h idmhost2.mycompany.com -p 389 -D "cn=orcladmin" -q ldapbind -h oid.mycompany.com -p 389 -D "cn=orcladmin" -q
For SSL:
ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1 ldapbind -h idmhost2.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1 ldapbind -h oid.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
where:
U = SSL authentication mode
1 = No authentication required
2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).
3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).
Validate the Oracle Directory Integration Platform installation by using the WLST dipStatus command. To run this command, follow these steps:
Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries. For example:
export ORACLE_HOME=/u01/app/oracle/product/11g/fmw_home/ods
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server.
For example:
export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
Run the following command:
$ORACLE_HOME/bin/dipStatus -h <hostName> -p <port> -D <wlsuser>
For example, on IDMHOST1, the command and successful output are shown below:
$ORACLE_HOME/bin/dipStatus
    -h idmhost1.mycompany.com 
    -p 7005 
    -D weblogic
    [Weblogic user password]
     Connection parameters initialized.
     Connecting at idmhost1.mycompany.com:7005, with userid "weblogic"..
     Connected successfully.
     ODIP Application is active at this host and port.
Verify the Oracle Directory Services Manager installation by bringing up the ODSM Administration Console in a web browser.
The URL to access the ODSM Administration Console is:
http://hostname.mycompany.com:<port>/odsm/faces/odsm.jspx
For example, on IDMHOST1, enter this URL:
http://idmhost1.mycompany.com:7005/odsm/faces/odsm.jspx
For information on installing the Oracle WebLogic Server, see "Preparing for Installation" and "Running the Installation Program in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory 11g on IDMHOST2, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.7.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
The Oracle Directory Integration Platform application is deployed on IDMHOST1 as an externally staged application. The application must be copied from IDMHOST1 to IDMHOST2; otherwise, the managed server on IDMHOST2 is listed in the Oracle WebLogic Server administration console as being in an "unknown" state:
Locate the applications directory in the Oracle WebLogic Server domain directory on IDMHOST1:
MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers
       /wls_ods1/applications
Copy the applications directory on and its contents on IDMHOST1 to the same location in the domain directory on IDMHOST2.
For example:
scp -rp MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers /wls_ods1/applications user@IDMHOST2:MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig /servers/wls_ods2/applications
After you install and configure the second Oracle Internet Directory instance on IDMHOST2, you must set the "Anonymous Bind" server property to "allow," so it matches the first, upgraded Oracle Internet Directoryinstance on IDMHOST1.
This property allows the Oracle Single Sign-On 10g and Oracle Delegated Administration Services 10g (specifically, OC4J_Security) to correctly use the second Oracle Internet Directory instance on IDMHOST2. Without this alteration to the second Oracle Internet Directory, the OC4J_Security instance on IDMHOST2 will not start.
To modify the anonymous bind property with Oracle Enterprise Manager Fusion Middleware Control:
Log in to Fusion Middleware Control.
Navigate to the home page of the Oracle Internet Directory instance on IDMHOST2.
From the Oracle Internet Directory menu, select Administration, and then Server Properties.
Select Allows from the Anonymous Bind drop-down menu.
Click Apply
Start Oracle Single Sign-On as you normally would.
Follow these steps to start the wls_ods2 managed server in a cluster:
Open a browser and navigate to the WebLogic Administration Console at:
http://idmhost1.mycompany.com:port/console
Login to the WebLogic Administration Console using the administrator credentials.
In the left pane of the WebLogic Administration Console, expand Environment and select Clusters.
Select the cluster (cluster_ods) containing the managed server (wls_ods2) you want to start.
Select Control.
Under Managed Server Instances in this Cluster, select the check box next to the managed server (wls_ods2) you want to start and click Start.
On the Server Life Cycle Assistant page, click Yes to confirm.
Note:
Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.
Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.
The procedure for upgrading an Oracle Internet Directory high availability environment based on colocated Oracle Identity Management components is similar to the procedure described in Section 8.3, "Upgrading Oracle Internet Directory and Oracle Directory Integration Platform in a High Availability Environment".
However, there are additional steps required when upgrading this specific topology. Specifically, after you upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g, you must then disable Oracle Internet Directory and Oracle Directory Integration Platform in the Oracle Application Server 10g Oracle home.
Perform the following tasks to upgrade an Oracle Internet Directory and Oracle Directory Integration Platform high availability environment when both components are installed on a separate host from Oracle Single Sign-On and Oracle Delegated Administration Services:
Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home
Task 7: On IDMHOST2, Install Oracle WebLogic Server and Create the Middleware Home
Task 10: Copy the Oracle Directory Integration Platform Directory from IDMHOST1 to IDMHOST2
Task 11: On IDMHOST2, Set the Anonymous Bind Property to Allow
Task 14: Verify That the Components Are Up and Running on IDMHOST2
For information on installing the Oracle WebLogic Server, see "Preparing for Installation" and "Running the Installation Program in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory 11g on IDMHOST1, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.7.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:
Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.
Enter the following command to start the Upgrade Assistant.
On UNIX system:
./ua
On Windows systems:
ua.bat
The Upgrade Assistant displays the Welcome screen.
Click Next to display the Specify Operation screen.
Select Upgrade Identity Management Instance on the Specify Operation screen.
Refer to Table 8-1 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.
After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:
Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.
Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.
Provides a progress screen so you can see the status of the upgrade as it proceeds.
Alerts you of any errors or problems that occur during the upgrade.
See Also:
"Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant
Displays the End of Upgrade screen, which confirms that the upgrade was complete.
Exit the Upgrade Assistant.
After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform instances to 11g, update the dip-config.xml file so it references the Oracle Internet Directory Virtual Host Name (for example, oid.mycompany.com). This can be done using the manageDIPServerConfig command.
Refer to Section 8.3.4, "Task 4: On IDMHOST1, Configure Oracle Directory Integration Platform to Use the Oracle Internet Directory Virtual Host" for specific instructions for this task.
After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform components on IDMHOST1, you cannot start Oracle Internet Directory or use the Oracle Single Sign-On 10g component until you disassociate Oracle Internet Directory from the Oracle Single Sign-On and Oracle Delegated Administration Services components in the 10g Oracle home.
For specific instructions for performing this task, see the following:
Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.
Before you can expand the Oracle WebLogic Server cluster you created on IDMHOST1 to include IDMHOST2, you must install the Oracle WebLogic Server binary files on IDMHOST2 and create Middleware home on IDMHOST2.
Note:
When installing the Middleware home for the second (and any subsequent) Oracle Internet Directory installations, you must specify a path for the Middleware home that is identical to the first Oracle Internet Directory.
For example, suppose you are using the Linux operating system and you installed the first Oracle Internet Directory in a Middleware home in the following directory on IDMHOST1:
/dua1/Oracle/Middleware/
When you are prompted for the Middleware home on IDMHOST2, you must enter the identical path specification.
For information on installing the Oracle WebLogic Server, see "Preparing for Installation" and "Running the Installation Program in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
To install and configure Oracle Internet Directory 11g on IDMHOST2, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.7.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
The Oracle Directory Integration Platform application is deployed on IDMHOST1 as an externally staged application. The application must be copied from IDMHOST1 to IDMHOST2; otherwise, the managed server on IDMHOST2 is listed in the Oracle WebLogic Server administration console as being in an "unknown" state:
Locate the applications directory in the Oracle WebLogic Server domain directory on IDMHOST1:
MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers
       /wls_ods1/applications
Copy the applications directory on and its contents on IDMHOST1 to the same location in the domain directory on IDMHOST2.
For example:
scp -rp MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig/servers /wls_ods1/applications user@IDMHOST2:MW_HOME/user_projects/domains/IDMDomain/config/fmwconfig /servers/wls_ods2/applications
After you install and configure the second Oracle Internet Directory instance on IDMHOST2, you must set the "Anonymous Bind" server property to "allow," so it matches the first, upgraded Oracle Internet Directoryinstance on IDMHOST1.
This property allows the Oracle Single Sign-On 10g and Oracle Delegated Administration Services 10g (specifically, OC4J_Security) to correctly use the second Oracle Internet Directory instance on IDMHOST2. Without this alteration to the second Oracle Internet Directory, the OC4J_Security instance on IDMHOST2 will not start.
To modify the anonymous bind property with Oracle Enterprise Manager Fusion Middleware Control:
Log in to Fusion Middleware Control.
Navigate to the home page of the Oracle Internet Directory instance on IDMHOST2.
From the Oracle Internet Directory menu, select Administration, and then Server Properties.
Select Allows from the Anonymous Bind drop-down menu.
Click Apply
Start Oracle Single Sign-On as you normally would.
After you upgrade the Oracle Internet Directory and Oracle Directory Integration Platform components on IDMHOST1, you cannot start Oracle Internet Directory or use the Oracle Single Sign-On 10g component until you disassociate Oracle Internet Directory from the Oracle Single Sign-On and Oracle Delegated Administration Services components in the 10g Oracle home.
For specific instructions for performing this task, see the following:
Follow these steps to start the wls_ods2 managed server in a cluster:
Open a browser and navigate to the WebLogic Administration Console at:
http://idmhost1.mycompany.com:port/console
Login to the WebLogic Administration Console using the administrator credentials.
In the left pane of the WebLogic Administration Console, expand Environment and select Clusters.
Select the cluster (cluster_ods) containing the managed server (wls_ods2) you want to start.
Select Control.
Under Managed Server Instances in this Cluster, select the check box next to the managed server (wls_ods2) you want to start and click Start.
On the Server Life Cycle Assistant page, click Yes to confirm.
Note:
Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.
Use the procedure documented in "Task 5: On IDMHOST1, Verify the Oracle Internet Directory and Oracle Directory Integration Platform Upgrade" to verify the Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Directory Services Manager components on IDMHOST2.
If you are using Oracle Internet Directory in a high availability environment without Oracle Directory Integration Platform or the other Oracle Identity Management 10g components, then the following procedure applies.
When you upgrade such an environment to Oracle Fusion Middleware 11g, note that you can choose to install Oracle Internet Directory in one of the following topologies:
Upgrading Oracle Internet Directory With a Local Oracle WebLogic Server Domain
Upgrading Oracle Internet Directory With a Remote Domain or No Domain
Perform the following tasks to upgrade an Oracle Internet Directory-only high availability environment to 11g:
Task 1: On IDMHOST1, Install Oracle WebLogic Server and Create the Middleware Home
Task 2: On IDMHOST1, Install and Configure Oracle Internet Directory 11g Release 1 (11.1.1.7.0)
Task 3: On IDMHOST1, Upgrade Oracle Internet Directory to 11g
Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance
Task 5: On IDMHOST2, Install Oracle Internet Directory 11g Release 1 (11.1.1.7.0)
Task 6: On IDMHOST2, Register the Oracle Internet Directory Instance with the Domain on IDMHOST1
Task 7: On IDMHOST2, Verify the Oracle Internet Directory Instance
For information on installing the Oracle WebLogic Server, see "Preparing for Installation" and "Running the Installation Program in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory 11g on IDMHOST1, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.7.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory 10g instance on IDMHOST1 to Oracle Internet Directory 11g.
Use the instructions in Section 8.3.3, "Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g" to upgrade the Oracle Internet Directory instance.
Use the following OPMN command to verify that Oracle Internet Directory is up and running:
ORACLE_INSTANCE/opmnctl status
The output of the command should be similar to the following example:
Processes in Instance: oid_instance1 ---------------------------------+--------------------+---------+--------- ias-component | process-type | pid | status ---------------------------------+--------------------+---------+--------- oid1 | oidldapd | 31394 | Alive oid1 | oidldapd | 31392 | Alive oid1 | oidmon | 31384 | Alive
Use the ldapbind command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind tool enables you to determine whether you can authenticate a client to a server.
For non-SSL:
ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q ldapbind -h idmhost2.mycompany.com -p 389 -D "cn=orcladmin" -q ldapbind -h oid.mycompany.com -p 389 -D "cn=orcladmin" -q
For SSL:
ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1 ldapbind -h idmhost2.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1 ldapbind -h oid.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
where:
U = SSL authentication mode
1 = No authentication required
2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).
3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).
To install and configure Oracle Internet Directory 11g on IDMHOST2, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.7.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
Register the Oracle Internet Directory instance on IDMHOST2 with the Oracle WebLogic Server domain on IDMHOST1, using the following OPMN command.
ORACLE_INSTANCE/opmnctl registerinstance -adminHost adminHostName -adminPort adminServerPort -adminUsername DOMAIN_ADMINISTRATOR_USERNAME -oracleInstance ORACLE_INSTANCE_HOME
For example:
ORACLE_INSTANCE/opmnctl registerinstance
     -adminHost IDMHOST1 MYCOMPANY.COM 
     -adminPort 7001 
     -adminUsername weblogic
     -oracleInstance /u01/app/oracle/product/11g/instances/oid_inst2
Use the procedure in Section 8.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST2.
This section provides the upgrade procedure when you want to use a remote Oracle WebLogic Server domain to register the upgraded Oracle Internet Directory 11g instances.
These steps are also applicable if you do not plan to register the Oracle Internet Directory instances with an Oracle WebLogic Server domain:
Task 1: On IDMHOST1, Install and Configure Oracle Internet Directory 11g Release 1 (11.1.1.7.0)
Task 2: On IDMHOST1, Upgrade Oracle Internet Directory to 11g
Task 3: On IDMHOST1, Verify the Oracle Internet Directory Instance
Task 4: On IDMHOST2, Install and Configure Oracle Internet Directory 11g Release 1 (11.1.1.7.0)
Task 5: Verify the Oracle Internet Directory Instances on IDMHOST1 and IDMHOST2
To install and configure Oracle Internet Directory 11g on IDMHOST1, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.7.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory 10g instance on IDMHOST1 to Oracle Internet Directory 11g.
Use the instructions in Section 8.3.3, "Task 3: On IDMHOST1, Upgrade Oracle Internet Directory and Oracle Directory Integration Platform to 11g" to upgrade the Oracle Internet Directory instance.
Use the procedure in Section 8.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST1.
To install and configure Oracle Internet Directory 11g on IDMHOST2, refer to the chapter "Installing and Configuring Oracle Identity Management (11.1.1.7.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
Use the procedure in Section 8.5.1.4, "Task 4: On IDMHOST1, Verify the Upgraded Oracle Internet Directory Instance" to verify the Oracle Internet Directory instance on IDMHOST1.
Register both Oracle Internet Directory instances on IDMHOST1 and IDMHOST2 with the existing, remote Oracle WebLogic Server domain, using the following OPMN command.
ORACLE_INSTANCE/opmnctl registerinstance -adminHost adminHostName -adminPort adminServerPort -adminUsername DOMAIN_ADMINISTRATOR_USERNAME -oracleInstance ORACLE_INSTANCE_HOME
For example:
ORACLE_INSTANCE/opmnctl registerinstance
     -adminHost IDMHOST1 MYCOMPANY.COM 
     -adminPort 7001 
     -adminUsername weblogic 
     -oracleInstance /u01/app/oracle/product/11g/instances/oid_inst2