1. Reference for Oracle Identity Management
  2. Command-Line Tool Reference
  3. Oracle Internet Directory Administration Tools

2 Oracle Internet Directory Administration Tools

Understand about the various command-line tools and utilities that are used to administer Oracle Internet Directory.

Note:

The term "instance" refers to an Oracle Internet Directory instance in oidctl documentation.

2.1 Oracle Internet Directory Database Password Utility

Understand about Oracle Internet Directory Database Password Utility (oidpasswd) command and how to use it.

For syntax and arguments, see Oracle Internet Directory Database Password Utility Command Reference.

2.1.1 About Oracle Internet Directory Database Password Utility

This section describes the utility of (oidpasswd) command in Oracle Internet Directory Database Password Utility.

You can use oidpasswd command for:

  • Change the password to the Oracle Internet Directory database.

    Oracle Internet Directory uses a password when connecting to an Oracle database. The default for this password matches the value you specified during installation for the Oracle Fusion Middleware administrator's password. You can change this password by using the OID Database Password Utility.

  • Create wallets for the Oracle Internet Directory database password and the Oracle directory replication server password.

  • Unlock or reset the directory superuser account, namely, cn=orcladmin.

  • Reset an access control point (ACP) so that the subtree is accessible by the Oracle Internet Directory superuser.

  • Manage the restricted superuser ACL.

2.1.2 Using oidpasswd

You can use the oidpasswd utility to change the OID Database password, create wallets for Directory Database, and manage Superuser accounts.

Using Oracle Internet Directory Database Password Utility, you can perform the following tasks:

2.1.2.1 Changing the Password of Oracle Internet Directory Database

The following example shows how to change the Oracle Internet Directory database password.

To change the Oracle Internet Directory database password, perform the following:

oidpasswd
current password: oldpassword
new password: newpassword
confirm password: newpassword
password set.

The Oracle Internet Directory Database Password Utility prompts you for the current password. Type the current password, then the new password, then a confirmation of the new password.

Note:

  • User responses are not echoed to the screen when you enter a password.

  • Whenever you change the password to the Oracle Internet Directory database by using the OID Database Password Utility, you should also run the oidemdpasswd utility. This enables the Oracle Enterprise Manager Daemon (a component of Oracle Enterprise Manager) to properly cache that password and contact the ODS schema upon starting up. Once you have run the oidemdpasswd utility, you can monitor Oracle Internet Directory processes from the Oracle Enterprise Manager.

2.1.2.2 Creating Wallets for Directory Database and Replication Server Passwords

The following example shows how to create wallets for the Oracle Internet Directory database password and the Directory Replication server password.

To create wallets for the Oracle Internet Directory database password and the Directory Replication server password, perform the following:

oidpasswd connect=dbs1 create_wallet=true

The argument create_wallet=true is mandatory in this case. Except for the connect string, no other option can be specified.

2.1.2.3 Unlocking the Superuser Account

The following example shows how to unlock the Oracle Internet Directory superuser account, cn=orcladmin.

To unlock the Oracle Internet Directory superuser account, cn=orcladmin, perform the following: 

oidpasswd connect=dbs1 unlock_su_acct=true

The argument unlock_su_acct is mandatory. Except for connect string, no other option can be specified.

2.1.2.4 Resetting the Superuser Password

If you forget the Oracle Internet Directory superuser password, you can use the oidpasswd tool to reset it.

You must provide the Oracle Internet Directory database password. When you first install Oracle Internet Directory, the superuser password and Oracle Internet Directory database password are the same. After installation, however, you can change the Oracle Internet Directory superuser password using ldapmodify. You can change the Oracle Internet Directory superuser password using the oidpasswd tool separately.

The following example shows how to reset the Oracle Internet Directory superuser password. The oidpasswd tool prompts you for the Oracle Internet Directory database password. 

oidpasswd connect=dbs1 reset_su_password=true
OID DB user password: oid_db_password
        	password: new_su_password
confirm password: new_su_password
OID super user password reset successfully
2.1.2.5 Managing Superuser Access Control Points

The following example shows how to reset a restricted ACP.

When an access control point (ACP) is set with an access control item (ACI) that has the keyword DenyGroupOverride, neither the Oracle Internet Directory superuser nor members of DirectoryAdminGroup can access the subtree under that ACP. If necessary, you can use the oidpasswd tool to reset that ACP so that the subtree is accessible by the Oracle Internet Directory superuser.

To reset a restricted ACP, use the oidpasswd utility prompt to enter the Oracle Internet Directory database password and to choose which superuser restricted ACPs to reset. 

oidpasswd conn=dbs1 manage_su_acl=true
OID DB user password: oid_db_password

The super user restricted ACP list
[1] o=oracle,c=us
[2] ou=personnel,o=oracle,c=us

Enter 'resetall' or the number(s) of the ACP to be reset separated by [,]
resetall

Once you have reset some ACPs so that the superuser can access them, you can use ldapmodify to make the subtrees inaccessible to the superuser again.

2.2 Oracle Internet Directory Control Utility

Understand about the usage of the Oracle Internet Directory Control Utility (oidctl) command.

For syntax and arguments, see Oracle Internet Directory Control Utility Command Reference.

2.2.1 About Oracle Internet Directory Control Utility

Oracle Internet Directory Control Utility (oidctl) is a command-line tool for starting and stopping Oracle Identity Management server instances.

In 12c Release 2 (12.2.1.3.0), it is typically used only to configure, start, and stop the Oracle Directory Replication Server.

Note:

  • You must set the environment variables DOMAIN_HOME, ORACLE_HOME, INSTANCE_NAME and COMPONENT_NAME before you run the oidctl command. Alternatively, you can pass the instance name and component name in the command line as name=instanceName, componentname=componentName.

  • Best practice is to create new Oracle Internet Directory instances by creating new Oracle Internet Directory components by using wlst command- oid_createInstance. You should use oidctl to create an instance only if you plan to run Oracle Internet Directory in standalone mode and not use Oracle Enterprise Manager.

  • The term "instance" refers to an Oracle Internet Directory instance in oidctl command documentation.

The commands issued by Oracle Internet Directory Control Utility are interpreted and executed by the Oracle Internet Directory Monitor process. Before starting a server instance with this utility, make sure that the Monitor process is running. See Oracle Internet Directory Monitor Command.

2.2.2 Using oidctl

From 12c Release 2 (12.2.1.3.0) onward, oidctl is used primarily to manage the replication server.

The recommended tools for creating instances and managing the LDAP server are WebLogic Domain Framework tools which includes WLST commands and startComponent.sh and stopComponent.sh, not oidctl. You should only use oidctl for these purposes if you plan to run Oracle Internet Directory in standalone mode and never use Oracle Enterprise Manager.

Before using Oracle Internet Directory Control, make sure that Oracle Internet Directory Monitor is running. To verify this on UNIX, enter to following at the command-line:

ps -ef | grep oidmon

See Oracle Internet Directory Monitor Command for more information about Oracle Internet Directory Monitor.

Using Oracle Internet Directory Control, you can perform the following tasks:

2.2.2.1 Creating an Oracle Internet Directory Instance in an Existing Component

This section describes the procedure to create an Oracle Internet Directory instance in an exiting component.

To create another Oracle Internet Directory instance within an existing component, type

oidctl connect=connect_string server=oidldapd inst=new_instance_number \
   name=instanceName componentname=componentName  \
   flags=port=non_ssl_port sport=ssl_port add

The name and component name arguments are required unless the environment variables INSTANCE_NAME and COMPONENT_NAME have been set. Typically, the inst value of the original instance is 1, the second instance you create is 2, and so forth.

As an example:

oidctl connect=oiddb server=oidldapd inst=2 "flags=port=5678 sport=5679" add
2.2.2.2 Deleting an Oracle Internet Directory Instance in a Component

This section describes the procedure to delete an Oracle Internet Directory instance in a component.

To delete one Oracle Internet Directory instance within a component, type

oidctl connect=connect_string server=oidldapd inst=new_instance_number \
   name=instanceName componentname=componentName  \
   flags=port=non_ssl_port sport=ssl_port delete

Typically, the inst value of the original instance is 1, the second instance you create is 2, and so forth.

2.2.2.3 Starting an Oracle Internet Directory Server Instance

When starting an Oracle Internet Directory server, you must supply the instance, server=OIDLDAPD, and start arguments. All other arguments are optional.

Before starting a new instance of OIDLDAPD, run the command: 

oidctl connect=connstr status

to make sure oidmon is running and that the instance number and ports that you intend to use are not already in use.

For example:

oidctl connect=dbs1 server=OIDLDAPD instance=2 flags="-p 3133 \
   -debug 1024  -l false" start
2.2.2.4 Stopping an Oracle Internet Directory Server Instance

This section describes the procedure to stop an Oracle Internet Directory server instance using command line.

Perform the following task:

oidctl connect=dbs1 server=OIDLDAPD instance=2 stop
2.2.2.5 Restarting an Oracle Internet Directory Server Instance

A restart operation is useful when you want to refresh the server cache immediately, or when you have changed a configuration set entry and want your changes to take effect on an active server instance. When the Oracle Internet Directory server restarts, it maintains the same arguments it had before it stopped.

For example, if you changed a configuration set that was being referenced by an active instance of Oracle Internet Directory server, you could update it by restarting that server instance. You do not need to supply the configset argument again, as it is maintained from the prior start operation. 

oidctl connect=dbs1 server=OIDLDAPD instance=1 restart

To restart all active instances on a node, do not specify the instance argument. Note that a server is momentarily unavailable to client requests during a restart.

2.2.2.6 Starting a Directory Replication Server Instance

When starting an Oracle Directory Replication server, you must supply the information it needs to connect to the Oracle Internet Directory server. You cannot use the add option when starting a replication server.

For example:

oidctl connect=dbs1 server=OIDREPL instance=1 flags="-p 3060 \
   -h ldaphost.example.com -d 1024" start

This command uses the same instance-specific configuration entry as instance=1.

2.2.2.7 Stopping a Directory Replication Server Instance

This example describes the usage of the command to stop a directory replication server instance.

To stop a directory replication server instance, use the following command:

oidctl connect=dbs1 server=OIDREPLD instance=1 stop
2.2.2.8 Starting and Stopping a Server Instance on a Virtual Host or Cluster Node

Use the host argument to specify a virtual host name when starting an Oracle Internet Directory server or Oracle Internet Directory Replication server on a virtual host or a Oracle Application Server Identity Management Cluster Node.

When communicating with the directory server, the directory replication server uses the virtual host name. Further, the replicaID attribute that represents the unique replication identification for the Oracle Internet Directory node is generated once. It is independent of the host name and hence requires no special treatment in Oracle Application Server Cold Failover Cluster (Identity Management).

When communicating with the directory server, the Directory Integration Platform server uses the virtual host name.

The following example shows how to start an Oracle Internet Directory server (OIDLDAPD) on a virtual host. The same syntax can be used to also start a directory replication server (OIDREPLD) on a virtual host. 

oidctl connect=dbs1 host=vhost.company.com server=OIDLDAPD instance=1 \
   configset=2 [flags="..."] start
2.2.2.9 Reporting the Status of Each Server

The status argument is used to report the status of each server running on the node.

To report the status of each server running on the node, follow the below given instruction:

oidctl connect=dbs1 status
2.2.2.10 Reporting Diagnostics

Use the -diag flag with the status argument to get detailed diagnostic information that can be useful in resolving performance issues.

The -diag flag causes oidctl to print information about each LDAP operation as it executes, including the time it spends in the database layer.

For example:

oidctl connect=dbs1 status -diag 
oidctl : ORACLE_INSTANCE is not set, defaulting to /ade/rsathyan_ldmain5/oracle/ldap/
oidctl : INSTANCE_NAME   is not set, defaulting to inst1
oidctl : COMPONENT_NAME  is not set, defaulting to oid1
  +------------------------------------------------------------------------+
  | Process      |  PID   | InstName   | CompName  | Inst# | Port | Sport  |
  +------------------------------------------------------------------------+
  | oidmon       |  12838 |      inst1 |      oid1 |       |      |        |  +------------------------------------------------------------------------+
  | oidldapd disp|  12926 |      inst1 |      oid1 |      1| 8856 |      0 |
  | oidldapd serv|  12930 |      inst1 |      oid1 |      1| 8856 |      0 |
  | Config   DN  | cn=oid1,cn=osdldapd,cn=subconfigsubentry                |
  +------------------------------------------------------------------------+
  +------------------------------------------------------------------------+
  |Printing LDAP Operation in progress status ...                          |
  +------------------------------------------------------------------------+
    Search: 
      OIDLDAPD_PID: 12930 WorkerID: 8 DBSID: 162 
      ConnDN:                                            
      BaseDN:c=us                                           
      Scope=2                                           
        Filter=(|(uid=a*)(cn=b*)(objectclass=person))                                                 ReqdAttrs:                                           
      SqlText:
        SELECT /*+ FIRST_ROWS */ dn.entryid FROM ct_dn dn WHERE dn.entryi
        d IN (SELECT /*+ INDEX( at1 VA_uid ) */ entryid FROM CT_uid at1 W
        HERE attrValue  like :0 ESCAPE '\'  UNION SELECT /*+ INDEX( at1 V
        A_cn ) */ entryid FROM CT_cn at1 WHERE attrValue  like :1 ESCAPE 
        '\'  UNION SELECT /*+ INDEX( at1 VA_objectclass ) */ entryid FROM
         CT_objectclass at1 WHERE attrValue  = 'person') AND ( (dn.parent
        dn like :bdn  ESCAPE '\' OR (dn.rdn = :rdn AND dn.parentdn = :pdn
        )) ) AND dn.entryid >= :entryThreshold 
         
      Plan Hash Value :          0
      Rows Fetched    :          0
      Number of Sorts :          0
      Disk Read       :          0
      Disk Writes     :          0
      Buffer Gets     :          0
      IO Wait Time    :          0 (ms)
      CPU Time        :          0 (ms)
  +------------------------------------------------------------------------+
2.2.2.11 Reporting Server Manageability Information

This procedure describes the server manageability information reporting.

When you run oidctl with status -opdiag interval, oidctl reads the shared memory contents for all servers in the running instances associated with the OIDMON in that environment and aggregates the operation count of each type for each OID component. It repeatedly displays current and total operation counts on the standard output at interval seconds. oidctl resets all the current values of operation count in the shared memory so that the directory server starts from zero for each type of operation for the next cycle.

For example:

$ oidctl status -opdiag 15
oidctl : ORACLE_INSTANCE is not set, defaulting to
/ade/myOID/oracle/ldap/
oidctl : INSTANCE_NAME   is not set, defaulting to inst1
oidctl : COMPONENT_NAME  is not set, defaulting to oid1
 
+--------------------------------------------------------------------------+
+--------------------------------------------------------------------------+
 |Printing completed LDAP operation counts ...                              
| +--------------------------------------------------------------------------+
  ComponentName: oid1       Current    Total
              Bind Count     : 0           0
              Add Count      : 0           0
              Delete Count   : 0           0
              Modify Count   : 0           0
              ModRdn Count   : 0           0
              Compare Count  : 0           0
              Search Count   : 0           0
              Extended Count : 0           0
. +--------------------------------------------------------------------------+
 +--------------------------------------------------------------------------+

2.3 Oracle Internet Directory Server Diagnostic Command-Line Tool

Understand about the usage of Oracle Internet Directory Server Diagnostic command-line tool (oiddiag).

This section contains the following topics:

For syntax and arguments, see Oracle Internet Directory Server Diagnostic Command Reference.

2.3.1 About Oracle Internet Directory Server Diagnostic Command-Line Tool

The Oracle Internet Directory Server Diagnostic command-line tool (oiddiag) collects diagnostic information that helps triage issues reported on Oracle Internet Directory. It is available as oiddiag for use on UNIX and Linux platforms and as oiddiag.bat for Windows.

The tool connects to the database used as the directory store (also called Metadata Repository) of Oracle Internet Directory and reads the information. The tool makes no recommendations on potential fixes to issues. Rather, it collects information to help Support and Development understand a problem and determine its solution. The tool can collect four types of diagnostic information:

  • Directory information tree (DIT)

  • Data consistency

  • Server manageability statistics

  • System and process information

If you use either the collect_all=true or the collect_sub=true arguments, you are prompted to supply the following information:

  • The fully domain-qualified database host name

  • The database listener port number

  • The database service name

  • The ODS database user password

  • The SYS database user password

    If you do not know the SYS database user password, then you can skip it by pressing the Enter key. In this case, the tool does not collect any diagnostic data that requires sysdba privileges.

  • Whether the Oracle Database connection uses SSL or not, only NoSSL Authentication (Encryption only) is supported.

If you use collect_stats=true argument, in addition to prompting for above information, a range of snapshot timestamps are also listed, and then it prompts you for following information:

  • The begin snapshot ID

  • The  end snapshot ID

The valid range for begin and end snapshot IDs are 1 ~ last ID. If you give an invalid one or leave empty, begin snapshot ID will default to 2nd last ID (or last one if there's only one snapshot ID), and end snapshot ID will default to the last ID. Also, if entered begin snapshot ID is greater than end snapshot ID, it'll be automatically swapped.

Additional directory details are prompted for generating replication related statistics:

  • The hostname of host running OID server

  • The port on which OID server is listening

  • The replication dn password

You can find the host name, port number and service name in the file tnsnames.ora, located by default in $DOMAIN_HOME/config/fmwconfig/components/OID/config/. For example, in the following tnsnames.ora file, the hostname, port number and service names are, respectively, sun16.example.com, 1521, and orcl.example.com: 

 OIDDB =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = sun16.example.com)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = orcl.example.com)
    )
  )

Note:

You must set the ORACLE_HOME environment variable before executing the OIDDIAG tool.

2.3.2 Using oiddiag

Using the Oracle Internet Directory diagnostic tool, you can collect diagnostics and stack trace information.

2.3.2.1 Collecting All Diagnostic Information

The following example shows how to collect all available diagnostic information and write it to the specified output file.

.

oiddiag collect_all=true outfile=~/myfiles/oid.log
2.3.2.2 Collecting Selected Diagnostic Information

To collect a subset of diagnostic data, you must first run the oiddiag tool with the listdiags argument.

This outputs a list of available diagnostics, which you can then edit. This list is then passed in to the collect_sub command to determine the diagnostics for which to collect output. The following example uses the default file locations of $DOMAIN_HOME/config/fmwconfig/components/OID/tools/oiddiag.txt (for the list) and $DOMAIN_HOME/config/fmwconfig/components/OID/tools/oiddiagtimestamp.log (for the output file). 

oiddiag listdiags=true
oiddiag collect_sub=true
2.3.2.3 Collecting Stack Trace Information

An important type of information that the oiddiag tool collects is the stack trace data for Oracle Internet Directory processes.

Examining the stack trace is useful if you are experiencing slow response times or if your system stops responding. Because Oracle Internet Directory is usually started as a setuid-root program, you must log in as the root user before you can use the oiddiag tool to trace the stack for any Oracle Internet Directory processes. The root user must belong to the same operating system group that the Oracle operating system user belongs to. The following example logs in as the root user and changes to the dba group before executing the oiddiag tool: 

su
newgrp dba
oiddiag collect_all=true
2.3.2.4 Collecting Diagnostic Information in HTML Format

By giving collect_stats=true [outfile=filename] command line argument, you can collect following statistics within a specified timestamp range and generate an HTML report:

  • Instance Statistics

  • Operations Statistics

  • Top Operations Statistics

  • Memory/CPU Usage Statistics

  • Network Bytes Sent/Received

  • Client Connections/Operations Statistics

  • DB Connections Statistics

  • LDAP Connections Statistics

  • Replication Operations Statistics

  • Replication Queue Statistics (for all replication agreements)

The following example shows how to collect above diagnostic information in html format and write to the specified output file:

oiddiag collect_stats=true outfile=/mypath/oiddiag.html

If output file is not supplied, the default output file would be $DOMAIN_HOME/tools/OID/logs/oiddiag<timestamp>.html

2.4 Oracle Internet Directory Monitor Command

Understand about the usage of Oracle Internet Directory Monitor command-line tool (oidmon).

This section contains the following topics:

For syntax and arguments, see Oracle Internet Directory Monitor Command Reference.

2.4.1 About Oracle Internet Directory Monitor Command

From 12c Release 2 (12.2.1.3.0) and later, you typically manage Oracle Internet Directory by using Oracle Enterprise Manager or the WebLogic Domain Framework tools which includes WLST commands and startComponent.sh and stopComponent.sh.

2.4.2 Using oidmon

Using Oracle Internet Directory Monitor, you can start and stop Oracle Internet Directory Monitor.

This section contains the following topics:

2.4.2.1 Starting Oracle Internet Directory Monitor

You should start Oracle Internet Directory Monitor before using Oracle Internet Directory Control.

For example:

oidmon connect=dbs1 sleep=15 start
2.4.2.2 Starting Oracle Internet Directory Monitor on a Virtual Host or Cluster Node

Use the host argument to specify a virtual host name when starting an Oracle Internet Directory Monitor on a virtual host or a Oracle Application Server Identity Management Cluster Node.

For example:

oidmon connect=dbs1 host=virtualhostname.company.com start
2.4.2.3 Stopping Oracle Internet Directory Monitor

Stopping Oracle Internet Directory Monitor also stops all other Oracle Internet Directory processes.

The oidmon tool does not remove server instance information from the ODS_PROCESS table. When an oidmon start operation is executed, it starts all the server processes it had stopped previously.

For example:

oidmon connect=dbs1 stop

2.5 About Oracle Internet Directory Command Line Utility - WLST

Understand about the usage of Oracle Internet Directory Server Diagnostic command-line tool (wlst).

This section contains the following topics:

2.5.1 Using WLST Command Line Utility

Using the WLST command Utility, you can perform the Oracle Internet Directory server management tasks.

You can perform Oracle Internet Directory-related tasks from the command line by using WLST Commands.

See Managing Oracle Internet Directory Components by Using WLST Commands in Oracle Fusion Middleware Administrator’s Guide for Oracle Internet Directory

2.6 Oracle Internet Directory Database Statistics Collection Tool

This section describes the Oracle Internet Directory Server Diagnostic command-line tool (oiddiag).

This section includes the following:

For syntax and arguments, see Oracle Internet Directory Database Statistics Collection Tool Command Reference.

2.6.1 About Oracle Internet Directory Database Statistics Collection Tool

Use the Oracle Internet Directory Database Statistics Collection Tool (oidstats.sql) to analyze the various database ods (Oracle Directory Server) schema objects to estimate the statistics. It is located in the following directory: $ORACLE_HOME/ldap/admin/.

You must run this utility whenever there are significant changes in directory data—including the initial load of data into the directory.

If you load data into the directory by any means other than the bulk load tool (bulkload), then you must run the Oracle Internet Directory Database Statistics Collection tool after loading. Statistics collection is essential for the Oracle Optimizer to choose an optimal plan in executing the queries corresponding to the LDAP operations. You can run Oracle Internet Directory Database Statistics Collection tool at any time, without shutting down any of the Oracle Internet Directory processes.

Note:

If you do not use the bulkload utility to populate the directory, then you must run the oidstats.sql tool to avoid significant search performance degradation.

2.6.2 Running the Oracle Internet Directory Database Statistics Collection Tool

Use the command provided in this topic to run the Oracle Internet Directory database statistics collection tool.

Execute the command as given below:

sqlplus ods@dbs1 @oidstats.sql

2.7 Oracle Internet Directory Credential Management Tool

The Oracle Internet Directory Credential Management Tool is used to add, update, or delete a credential that has been created in the Credential Store Framework.

For more information, see Updating Credential Required by Enterprise Manager to manage OID - oid_setProperties().

2.8 Oracle Internet Directory Realm Tool

The Oracle Internet Directory realm tool is used to create multiple realms in Oracle Internet Directory. The individual realms can be managed separately, so you can use oidrealm as a replacement for Delegated Administration Services.

The oidrealm tool supports creation, but not deletion, of a realm. A procedure for deleting a realm is provided in Note 604884.1, which is available on My Oracle Support at https://support.oracle.com/

For more information, see Oracle Internet Directory Realm Tool Command Reference.

2.9 Oracle Internet Directory Administration Tools Command Reference

Understand about the Oracle Internet Directory Administration Tools Command and its usage from the following topics.

This section contains the following topics:

2.9.1 Oracle Internet Directory Database Password Utility Command Reference

Understand about the oidpasswd syntax and arguments.

Syntax for oidpasswd

oidpasswd [connect=connect_string] [change_oiddb_pwd=true | create_wallet=true | unlock_su_acct=true| reset_su_password=true | manage_su_acl=true]

Arguments for oidpasswd

Arguments for oidpasswd are as follows:

connect=connect_string

Required. The directory database connect string. If you already have a tnsnames.ora file configured, then this is the net service name specified in that file, which is located by default in ORACLE_HOME/config. (You can set the TNS_ADMIN environment variable if you want to use a different location.)

change_oiddb_pwd=true | unlock_su_acct=true | reset_su_password=true | manage_su_password=true

Required. The operation you want to perform. Depending on the operation you choose, the Oracle Internet Directory Database Password Utility prompts you for additional information. The following choices are available:

  • change_oiddb_pwd=true - Changes the password to the Oracle Internet Directory database. You are prompted to provide the current database password, enter a new database password, and confirm the new password.

    Note:

    In an Oracle Real Application Clusters (Oracle RAC) environment, if you update the password on one Oracle RAC node, then you must update the wallet on the other Oracle RAC nodes. Refer to Changing the Password of the ODS Schema Used by Oracle Internet Directory topic in Additional Oracle Internet Directory High Availability Issues section in Oracle Application Server High Availability Guide for more information.

  • create_wallet=true - Create a wallet named oidpwdlldap1 for the Oracle Internet Directory database password, and a wallet, named oidpwdrsid, for the Oracle directory replication server password.

    The sid is obtained from the connected database.

    You must provide the ODS password to authenticate yourself to the ODS database before the ODS wallet can be generated. Note that the default ODS password is the same as that for the Oracle Fusion Middleware administrator.

  • unlock_su_acct=true - Unlocks a superuser account that has been locked.

  • reset_su_password=true - Resets the password for the Oracle Internet Directory superuser account. You are prompted to provide the Oracle Internet Directory database password, enter a new superuser password, and confirm the new superuser password.

  • manage_su_acl=true - Manages the restricted superuser ACL.

Related Command-Line Tools for oidpasswd

2.9.2 Oracle Internet Directory Control Utility Command Reference

Understand about the oidctl syntax and arguments.

Refer to the following sections:

Syntax for oidctl

oidctl [connect=connect_string] { server=OIDLDAPD | OIDREPLD } 
instance=instance_number [name=instance_name] [componentname=component_name]
[host=host_name] [flags="flagname=value ..." ] [ 
{start | stop | add | delete | status [-diag | -odiag interval]}

Arguments for oidctl

connect=connect_string

Required. The directory database connect string. If you already have a tnsnames.ora file configured, then this is the net service name specified in that file, which is located by default in $DOMAIN_HOME/config/fmwconfig/components/OID/config/ directory. (You can set the TNS_ADMIN environment variable if you want to use a different location.)

server=server

Required. The options are:

  • OIDLDAPD — Oracle Internet Directory server

  • OIDREPLD — Directory Replication server

instance=instance_number

Required. The numerical value of the instance. The value must be greater than 0 but less than 100.

host=host_name

Optional. Name of the logical host where the server is located or will be added. If you are using this argument, make sure oidmon is also started with the host=host_name parameter.

name=instance_name

Optional. Name of the instance to be used. The default is inst1.

componentname=component_name

Optional. Name of the component to be used. The default is oid1.

flags="flagname=value | -flag value..."

The flags argument is needed only while starting the server. If the flags consist of UNIX-style keywords, then the keyword-value pairs must be separated by spaces.

start | stop | restart | add | delete | status

Required. The operation to perform on the given server process.

  • start — Start the server=server instance=instance_number [name=instance_name componentName=component_name]

  • stop — Stop the server=server instance=instance_number [name=instance_name componentName=component_name]

  • add — Add the instance-specific configuration entry and start the server instance.

  • delete — Stop the server instance and delete the instance-specific configuration entry

  • status [-diag | -opdiag] — Report the status of running server instances. Use -diag with status to get diagnostic information. Use -opdiag, followed by interval, an integer value, with status to get the operation count for each operation for each Oracle Internet Directory component.

OIDLDAPD Flags

In 12c Release 2 (12.2.1.3.0), the recommended tools for creating instances and managing the LDAP server are WebLogic Domain Framework tools which includes WLST commands and startComponent.sh and stopComponent.sh, not oidctl. You should only use oidctl for these purposes if you plan to run Oracle Internet Directory in standalone mode and never use Oracle Enterprise Manager.

-l true | false

Optional. Turns replication change logging on or off. Use true to enable change logging. Use false to disable change logging. The default is true. This option has effect only when creating an Oracle Internet Directory instance.

-p ldap_port

Optional. Specifies the LDAP port that this Oracle Internet Directory server instance will use. If not specified the default 3060 is used.

-server number_of_processes

The number of server processes to start on this port.

-sport ssl_port

Optional. Specifies the LDAPS port that this Oracle Internet Directory server instance will use. If not specified the default 3133 is used.

-work maximum_threads

The maximum number of worker threads for this server.

OIDREPLD Flags

-p directory_port_number

Required for a start operation. Port number used to connect to Oracle Internet Directory server. The default is 3060.

-h directory_hostname

Required for a start operation. The host name of the Oracle Internet Directory server to which the replication server connects. If not specified, localhost is used.

-m true | false

Optional. Use true to enable conflict resolution. Use false to disable conflict resolution. The default value is true.

-sizelimit transaction_size

Optional. The number of changes applied in each replication update cycle. If not specified the value from the Oracle Internet Directory server size limit configuration parameter, which has a default of 1024.

Related Command-Line Tools for oidctl

See Oracle Internet Directory Monitor Command.

2.9.3 Oracle Internet Directory Server Diagnostic Command Reference

Understand about the oiddiag syntax and arguments.

Refer to the following sections:

Syntax for oiddiag

oiddiag {listdiags=true [targetfile=filename]} | {collect_all=true [outfile=filename]} | 
{collect_sub=true [infile=filename] [outfile=filename]} |{collect_stats=true [outfile=filename]}
{audit_report=true [outfile=file_name]}

Arguments for oiddiag

listdiags=true

Writes a list of available diagnostics that can be collected. The list is written to an output file, which is $DOMAIN_HOME/config/fmwconfig/components/OID/tools/oiddiag.txt by default. You should run a listdiags command before running a collect_sub command. The collect_sub command uses the file that is output by listdiags. You can edit this file as needed to contain only the diagnostic items you want.

targetfile=filename

This is the location of the output file where the diagnostic tool writes the list of available diagnostics when listdiags=true is given. If not specified, the tool writes the list to $DOMAIN_HOME/config/fmwconfig/components/OID/tools/oiddiag.txt.

collect_all=true

Collect all of the diagnostic information available and writes it to an output file. You are prompted to provide the Oracle Internet Directory database host name, listener port, net service name, and password.

outfile=filename

The name of the output file that the diagnostic information is written to. If not specified, the default output file is written to $DOMAIN_HOME/tools/OID/logs/oiddiag<timestamp>.[log|html].The timestamp format is YYYYMMDDHHmmss.

collect_sub=true

Collects a subset of diagnostic information (based on the diagnostics specified in the input file) and writes it to an output file. You are prompted to provide the Oracle Internet Directory database host name, listener port, net service name, and password.

You should run a listdiags command before running a collect_sub command. The collect_sub command uses the file that is output by listdiags. You can edit this file as needed to contain only the diagnostic items you want.

infile=filename

A file that contains the list of diagnostic items for which you want to output information. By default, the diagnostic tool looks for this file in $DOMAIN_HOME/config/fmwconfig/components/OID/tools/oiddiag.txt, which is the default target file location of the listdiags command. You can edit this file as needed to contain only the diagnostic items you want.

audit_report=true

Generates standard reports for Secure Events Tracking and writes them to an output file.

collect_stats=true

Collects the following diagnostic information available and writes it to an output file in html format:

  • Instance Statistics

  • Operations Statistics

  • Top Operations Statistics

  • Memory/CPU Usage Statistics

  • Network Bytes Sent/Received

  • Client Connections/Operations Statistics

  • DB Connections Statistics

  • LDAP Connections Statistics

  • Replication Operations

  • StatisticsReplication

  • Queue Statistics (for all replication agreements)

You are prompted to provide the Oracle Internet Directory database host name, listener port, net service name, ODS and SYS database users password, begin and end snapshot IDs, and additional directory details for replication related statistics (hostname, OID server port, replication dn password).

2.9.4 Oracle Internet Directory Monitor Command Reference

Understand about the oidmon syntax and arguments.

Refer to the following sections:

Syntax for oidmon

oidmon [connect=connect_string] [host=hostname] [sleep=seconds] start | stop

Arguments for oidmon

connect=connect_string

Required. The directory database connect string. If you already have a tnsnames.ora file configured, then this is the net service name specified in that file, which is located by default in $DOMAIN_HOME/config/fmwconfig/components/OID/config. (You can set the TNS_ADMIN environment variable if you want to use a different location.)

host=hostname

Optional. Enables you to specify a virtual host name for the server or the name of an Oracle Application Server Identity Management Cluster Node. If not given, the default of localhost is used.

sleep=seconds

Optional. The number of seconds after which Oracle Internet Directory Monitor should check for new requests from Oracle Internet Directory Control and for requests to restart any server instances that may have stopped. The default is 10 seconds.

start | stop

Required. The operation to perform (start or stop the Monitor process).

Related Command-Line Tools for oidmon

See Oracle Internet Directory Control Utility.

2.9.5 Oracle Internet Directory Database Statistics Collection Tool Command Reference

Understand about the usage of Oracle Internet Directory Database Statistics Collection Tool oidstats.sql syntax and arguments.

Refer to the following sections:

Syntax for oidstats.sql

sqlplus ods/ods_password@connect_string @oidstats.sql

Arguments for oidstats.sql

If you do not supply the ODS password on the command line, sqlplus prompts for it. Note that the default ODS password is the same as that for the Oracle Application Server administrator. (For security reasons, avoid supplying a password on the command line whenever possible. A password typed on the command line is visible on your screen. When you supply a password at a prompt, it is not visible on the screen.)

connect_string

Required. The connect string for the ODS database. This is the network service name set in the tnsnames.ora file, which is located by default in $DOMAIN_HOME/config/fmwconfig/components/OID/config/ directory. (You can set the TNS_ADMIN environment variable if you want to use a different location.)

Related Command-Line Tools for oidstats.sql

See bulkload.

2.9.6 Oracle Internet Directory Realm Tool Command Reference

Understand about the oidrealm syntax and arguments.

Refer to the following sections:

Syntax for oidrealm

The syntax for Syntax for oidrealm are as follows:

On UNIX or Linux:

oidrealm oid_host oid_port DN [-SSL]

On Windows:

oidrealm.bat oid_host oid_port DN [-SSL]

Note:

If you specify an SSL port, that port must be configured in SSL No Authentication Mode, that is, orclsslauthentication must be 1. For more information, see the section on SSL authentication modes in SSL Authentication Modes in Oracle Internet Directory.

Arguments for oidrealm

The arguments for oidrealm are as follows:

oid_host

Name of host where Oracle Internet Directory is running.

oid_port

Specifies the port number to use, which can be either SSL or non-SSL

DN

DN of realm to add

[-SSL]

Specifies that the port is an SSL port. Only no-auth mode is supported.

Example for oidrealm

$ oidrealm myhost.example.com 3133 'dc=newrealm,dc=com' -SSL
Enter OID Admin Password: password

[info] ->> /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidSubscriberCreateCommon.lst *
Feb 2, 2009 9:22:57 PM oracle.ldap.util.LDIFLoader recursiveLoad
INFO: ->> /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidSubscriberCreateCommon.lst *
[info]    ->> /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextCreate.lst *
Feb 2, 2009 9:22:57 PM oracle.ldap.util.LDIFLoader recursiveLoad
INFO:    ->> /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextCreate.lst *
[info]       -> LOADING:  /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextCreateCommon.sbs
Feb 2, 2009 9:22:57 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO:       -> LOADING:  /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextCreateCommon.sbs
[info]       ->> /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextUpgradeFrom81600.lst *Feb 2, 2009 9:22:58 PM oracle.ldap.util.LDIFLoader recursiveLoad
INFO:       ->> /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextUpgradeFrom81600.lst*
[info]          -> LOADING:  /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextUpgradeFrom81600Common.sbs
Feb 2, 2009 9:22:58 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO:          -> LOADING:  /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextUpgradeFrom81600Common.sbs
[info]       ->> /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextCreate90100Changes.lst *
Feb 2, 2009 9:23:00 PM oracle.ldap.util.LDIFLoader recursiveLoad
INFO:       ->> /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextCreate90100Changes.lst *
[info]          -> LOADING:  /scratch/mydir/mwhome/idm3/ldap/schema/oid/oidContextUpgradeFrom90000Common.sbs
Feb 2, 2009 9:23:00 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
...
...
...
...