5 Configuring Oracle Directory Integration Platform

Configure Oracle Directory Integration Platform (ODIP) after you install Oracle Internet Directory binaries.

The configuration steps presented here assume that you have completed the installation steps covered in:

Note:

Ensure that you install Oracle Fusion Middleware Infrastructure too. Installation of ODIP requires Infrastructure to be installed.

Refer to the following sections to create the database schemas, configure a WebLogic domain, and verify the configuration:

Creating the Database Schemas

Before you can configure an Oracle Directory Integration Platform (ODIP) domain, you must install required schemas on a certified database for use with this release of Oracle Fusion Middleware.

Note:

You can skip this section if OID is configured as a backend directory and you've already created a schema for OID collocated mode as described in Creating the Database Schemas.

Installing and Configuring a Certified Database

Before you create the database schemas, you must install and configure a certified database, and verify that the database is up and running.

Note:

For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), you must modify the wallet settings and set the environment variables as described in Settings to connect to Autonomous Transaction Processing Database, and apply patches on ORACLE HOME as described in Applying Patches on ORACLE HOME.

See About Database Requirements for an Oracle Fusion Middleware Installation.

Starting the Repository Creation Utility

Start the Repository Creation Utility (RCU) after you verify that a certified JDK is installed on your system.

To start the RCU:

  1. Verify that a certified JDK already exists on your system by running java -version from the command line. For 14c (14.1.2.1.0), the certified JDK is 17.0.12 and later.
  2. Ensure that the JAVA_HOME environment variable is set to the location of the certified JDK.
  3. Change to the following directory:
    • (UNIX) ORACLE_HOME/oracle_common/bin
    • (Windows) ORACLE_HOME\oracle_common\bin
  4. Enter the following command:
    • (UNIX) ./rcu
    • (Windows) rcu.bat

Navigating the Repository Creation Utility Screens to Create Schemas

Enter required information in the RCU screens to create the database schemas.

Introducing the RCU

The Welcome screen is the first screen that appears when you start the RCU.

Click Next.

Selecting a Method of Schema Creation

Use the Create Repository screen to select a method to create and load component schemas into the database.

On the Create Repository screen:
  • If you have the necessary permissions and privileges to perform DBA activities on your database, select System Load and Product Load. This procedure assumes that you have SYSDBA privileges.

  • If you do not have the necessary permissions or privileges to perform DBA activities in the database, you must select Prepare Scripts for System Load on this screen. This option generates a SQL script that you can give to your database administrator. See About System Load and Product Load in Creating Schemas with the Repository Creation Utility.

  • If the DBA has already run the SQL script for System Load, select Perform Product Load.

    Note:

    For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), you must create schemas as a Normal user, and though, you do not have full SYS or SYSDBA privileges on the database, you must select System Load and Product Load.

Providing Database Connection Details

On the Database Connection Details screen, provide the database connection details for the RCU to connect to your database.

Note: As of Oracle Fusion Middleware 14c (14.1.2.1.0), new schemas are created with editions-based redefinition (EBR) views enabled by default. Oracle Internet Directory schemas do not support EBR, therefore, in order to use the EBR functionality with your non-OAM schemas (such as SOA), you will have to run the RCU twice. The first time that RCU is run, select Oracle EBR Database for the non-OAM schemas. The second time you run RCU, select Oracle Database for your Oracle Internet Directory schemas.

To provide the database connection details:

  1. On the Database Connection Details screen, provide the database connection details. You have two options when creating schemas:
    • Creating schemas for components that support EBR (SOA)
    • Creating schemas for components that do not support EBR (OIM)

    For example, when you are creating schemas for components that support EBR:

    • Database Type: Oracle EBR Database
    • Connection String Format: Connection Parameters or Connection String
    • Connection String: examplehost.exampledomain.com:1521:Orcl.exampledomain.com
    • Host Name: examplehost.exampledomain.com
    • Port: 1521
    • Service Name: Orcl.exampledomain.com
    • Username: sys
    • Password: ******
    • Role: SYSDBA

    When you are creating schemas for components that do not support EBR, select Oracle Database as the Database Type.

  2. Click Next to proceed, then click OK in the dialog window that confirms a successful database connection.

For information about specifying connection credentials when connecting to an Oracle database, see Connection Credentials for Oracle Databases and Oracle Databases with Edition-Based Redefinition.

Specifying a Custom Prefix and Selecting Schemas

Select Create new prefix, specify a custom prefix, then select the Oracle Internet Directory schema. This action automatically selects the following schemas as dependencies:

  • ODS — Select this schema only if ODIP needs to be wired against OID backend directory installed in same domain.

  • Oracle Platform Security Services

  • Audit Services

  • Audit Services Append

  • Audit Services Viewer

  • WebLogic Services

The schema Common Infrastructure Services is also automatically created. This schema is dimmed; you cannot select or deselect it. This schema enables you to retrieve information from RCU during domain configuration. For more information, see Understanding the Service Table Schema in Creating Schemas with the Repository Creation Utility.

The custom prefix is used to logically group these schemas together for use in this domain only; you must create a unique set of schemas for each domain. Schema sharing across domains is not supported.

Tip:

For more information about custom prefixes, see Understanding Custom Prefixes in Creating Schemas with the Repository Creation Utility.

For more information about how to organize your schemas in a multi-domain environment, see Planning Your Schema Creation in Creating Schemas with the Repository Creation Utility.

Tip:

You must make a note of the custom prefix you choose to enter here; you will need this later on during the domain creation process.

Click Next to proceed, then click OK on the dialog window confirming that prerequisite checking for schema creation was successful.

Specifying Schema Passwords

On the Schema Passwords screen, specify how you want to set the schema passwords on your database, then enter and confirm your passwords.

Note:

For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), the schema password must be minimum 12 characters, and must contain at least one uppercase, one lower case, and one number.

You must make a note of the passwords you set on this screen; you will need them later on during the domain creation process.

Click Next.

Completing Schema Creation

Navigate through the remaining RCU screens to complete schema creation.

On the Map Tablespaces screen, the Encrypt Tablespace check box appears only if you enabled Transparent Data Encryption (TDE) in the database (Oracle or Oracle EBR) when you start the RCU.

To complete schema creation:
  1. On the Map Tablespaces screen, select Encrypt Tablespace if you want to encrypt all new tablespaces that the RCU creates.
  2. In the Completion Summary screen, click Close to dismiss the RCU.

    For an Autonomous Transaction Processing Shared (ATP-S) database, in the Map Tablespaces screen you must override the default tablespaces and the temporary tablespaces, and also override the additional tablespaces, if applicable. See Map Tablespaces.

    If you encounter any issues when you create schemas on an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), see Troubleshooting Tips for Schema Creation on an Autonomous Transaction Processing Database in Creating Schemas with the Repository Creation Utility and Issues Related to Product Installation and Configuration on an Autonomous Database in Release Notes for Oracle Fusion Middleware Infrastructure.

Configuring Oracle Directory Integration Platform with Backend Directories

Oracle Directory Integration Platform (ODIP) can be configured with the Oracle Internet Directory (OID), Oracle Unified Directory (OUD), or Oracle Directory Server Enterprise Edition (ODSEE).

Note:

When configuring ODIP with backend directories, you must set the environment variable ORACLE_HOME for ODIP, to the top level Oracle home, wherever required.

For example, for Oracle Internet Directory or Infrastructure installation, if wlserver is installed under /home/Oracle/Middleware/Oracle_Home, then ORACLE_HOME must be set to /home/Oracle/Middleware/Oracle_Home.

Installing ODIP Without a Database

You can install and configure Oracle Directory Integration Platform (ODIP) to run without a database.

To configure Oracle Directory Integration Platform (ODIP) to work without creating and using a database, create the following Python script, oudscript.py, which creates a domain for ODIP without a database. Note: replace password in the script with your WebLogic password. This sample assumes /oracle/mw_oud14c as the Oracle Unified Directory home. Be sure to use the directory information that matches your installation.

setTopologyProfile('Compact')
selectTemplate('Basic WebLogic Server Domain')
selectTemplate('Oracle Directory Integration Platform')
loadTemplates()
setOption('AppDir', '${MW_HOME}/applications/dip1')
cd(r'/Security/base_domain/User/weblogic')
cmo.setPassword(xxxxxx)
writeDomain('${MW_HOME}/domains/dip1')
closeTemplate()
readDomain('${MW_HOME}/domains/dip1')
cd('Servers/AdminServer')
cmo.setListenPort(7007)
cmo.setListenAddress('')
create('AdminServer','SSL')
cd('SSL/AdminServer')
cmo.setEnabled(true)
cmo.setListenPort(7008)
cd('/Servers/wls_ods1')
cmo.setListenPort(7009)
create('wls_ods1','SSL')
cd('SSL/wls_ods1')
cmo.setEnabled(true)
cmo.setListenPort(7010)
updateDomain()
closeDomain()

You can deploy this with wlst.sh by running the command wlst.sh oudscript.py. After running the script, use the dipConfigurator to configure ODIP. See Configuring Oracle Internet Directory in Administering Oracle Directory Integration Platform.