Oracle oid admin tool

You can edit this file as needed to contain only the diagnostic items you want. Collect all of the diagnostic information available and writes it to an output file. You are prompted to provide the Oracle Internet Directory database host name, listener port, net service name, and password. The name of the output file that the diagnostic information is written to. Collects a subset of diagnostic information based on the diagnostics specified in the input file and writes it to an output file.

A file that contains the list of diagnostic items for which you want to output information. The following example shows how to collect all available diagnostic information and write it to the specified output file. To collect a subset of diagnostic data, you must first run the oiddiag tool with the listdiags argument. This outputs a list of available diagnostics, which you can then edit.

An important type of information that the oiddiag tool collects is the stack trace data for Oracle Internet Directory processes. Examining the stack trace is useful if you are experiencing slow response times or if your system stops responding.

Because Oracle Internet Directory is usually started as a setuid-root program, you must log in as the root user before you can use the oiddiag tool to trace the stack for any Oracle Internet Directory processes. The root user must belong to the same operating system group that the Oracle operating system user belongs to.

The following example logs in as the root user and changes to the dba group before executing the oiddiag tool:. Both opmnctl and Fusion Middleware Control use the Oracle Process Manager and Notification Server to issue commands to the Oracle Internet Directory Monitor, oidmon , which initiates, monitors, and terminates directory server processes.

Enables you to specify a virtual host name for the server or the name of an Oracle Application Server Identity Management Cluster Node. If not given, the default of localhost is used. The number of seconds after which Oracle Internet Directory Monitor should check for new requests from Oracle Internet Directory Control and for requests to restart any server instances that may have stopped.

The default is 10 seconds. When an oidmon start operation is executed, it starts all the server processes it had stopped previously.

Arguments to opmnctl are case-sensitive. Be sure to type them exactly as shown. For example, -adminUsername must have only the letter U in upper case. Arguments for opmnctl consist of commands and several types of properties. This section describes the following types of arguments:. The command indicates the operation to perform. The following commands are relevant to Oracle Internet Directory:. Creates a componen and automatically registers the component with a WebLogic domain, as long as the instance is in a registered state.

Registers an Oracle instance that was not previously registered with a domain. This scenario occurs if you chose Configure Without a Domain during installation of Oracle Internet Directory or if you created an Oracle instance from the command line and did not register the instance.

Registers an existing Oracle Internet Directory component that was not previously registered with a domain. This scenario occurs if you created a new component in an Oracle instance using opmnctl createcomponent and did not register the component.

A text file containing the WebLogic administrator password. You are prompted for the administrator password if this parameter is missing. Best security practice is to provide the password in response to a prompt. If you must use a file containing the password in clear text, protect it with file permissions and delete it when it is no longer needed.

No OPMN configuration properties are required with the opmnctl commands shown in this chapter. This is required for createcomponent. The name of an Oracle Internet Directory component, such as oid1. The component name must be unique within the Oracle instance. If it is not, the command fails. The file that contains the ODS password in cleartext. You are prompted for the ODS password if this parameter is missing. Required only for the first Oracle Internet Directory component in an instance.

The Oracle Internet Directory namespace. You are prompted for the Oracle Internet Directory superuser password if this parameter is missing. The command uses a default available port if this parameter is missing. This command creates a component and registers it with a WebLogic domain, as long as the instance is in a registered state:.

The opmnctl command prompts for the WebLogic administrator's user name if you do not supply it. It also prompts for the passwords if you do not supply password file names on the command line. The opmnctl command also uses available ports if you do not specify -Port or -Sport. You are promted for the WebLogic administrator's user name and password if you do not supply them.

You must update the registration of an Oracle Internet Directory component in a registered Oracle instance whenever you change any of the configuration attributes orclhostname , orclsslport , or orclnonsslport in the instance-specific configuration entry by using LDAP tools or ODSM, or if you change the password for the EMD administrator by using oidpasswd. If you do not update the component registration, you will be unable to use Fusion Middleware Control or wlst to manage that component.

If you update these attributes by using Fusion Middleware Control or wlst , you do not have to update the component registration. This example deletes an Oracle Internet Directory component that has been registered with a WebLogic server:. The following example shows how to stop all running directory server processes Oracle Internet Directory and Oracle Directory Replication server. You must run this utility whenever there are significant changes in directory data—including the initial load of data into the directory.

If you load data into the directory by any means other than the bulk load tool bulkload , then you must run the Oracle Internet Directory Database Statistics Collection tool after loading. Statistics collection is essential for the Oracle Optimizer to choose an optimal plan in executing the queries corresponding to the LDAP operations. If you do not supply the ODS password on the command line, sqlplus prompts for it. Oracle Internet Directory Monitor Command.

Oracle Internet Directory Realm Tool. Using oidpasswd. Oracle Internet Directory uses a password when connecting to an Oracle database.

The default for this password matches the value you specified during installation for the Oracle Fusion Middleware administrator's password. Create wallets for the Oracle Internet Directory database password and the Oracle directory replication server password. You can use the oidpasswd utility to change the OID Database password, create wallets for Directory Database, and manage Superuser accounts. Unlocking the Superuser Account.

Resetting the Superuser Password. Managing Superuser Access Control Points. Type the current password, then the new password, then a confirmation of the new password. Once you have run the oidemdpasswd utility, you can monitor Oracle Internet Directory processes from the Oracle Enterprise Manager. The following example shows how to create wallets for the Oracle Internet Directory database password and the Directory Replication server password. To create wallets for the Oracle Internet Directory database password and the Directory Replication server password, perform the following:.

Except for the connect string, no other option can be specified. Except for connect string, no other option can be specified. If you forget the Oracle Internet Directory superuser password, you can use the oidpasswd tool to reset it. You must provide the Oracle Internet Directory database password.

When you first install Oracle Internet Directory, the superuser password and Oracle Internet Directory database password are the same. After installation, however, you can change the Oracle Internet Directory superuser password using ldapmodify.

You can change the Oracle Internet Directory superuser password using the oidpasswd tool separately. The following example shows how to reset the Oracle Internet Directory superuser password.

The oidpasswd tool prompts you for the Oracle Internet Directory database password. If necessary, you can use the oidpasswd tool to reset that ACP so that the subtree is accessible by the Oracle Internet Directory superuser. To reset a restricted ACP, use the oidpasswd utility prompt to enter the Oracle Internet Directory database password and to choose which superuser restricted ACPs to reset.

Once you have reset some ACPs so that the superuser can access them, you can use ldapmodify to make the subtrees inaccessible to the superuser again. Using oidctl. Oracle Internet Directory Control Utility oidctl is a command-line tool for starting and stopping Oracle Identity Management server instances. In 12c Release 2 You should use oidctl to create an instance only if you plan to run Oracle Internet Directory in standalone mode and not use Oracle Enterprise Manager.

The term "instance" refers to an Oracle Internet Directory instance in oidctl command documentation. Before starting a server instance with this utility, make sure that the Monitor process is running. You should only use oidctl for these purposes if you plan to run Oracle Internet Directory in standalone mode and never use Oracle Enterprise Manager.

To verify this on UNIX, enter to following at the command-line:. Starting a Directory Replication Server Instance. Stopping a Directory Replication Server Instance.

Reporting the Status of Each Server. Reporting Diagnostics. Reporting Server Manageability Information. This section describes the procedure to create an Oracle Internet Directory instance in an exiting component.

Typically, the inst value of the original instance is 1 , the second instance you create is 2 , and so forth. This section describes the procedure to delete an Oracle Internet Directory instance in a component. All other arguments are optional. This section describes the procedure to stop an Oracle Internet Directory server instance using command line. A restart operation is useful when you want to refresh the server cache immediately, or when you have changed a configuration set entry and want your changes to take effect on an active server instance.

When the Oracle Internet Directory server restarts, it maintains the same arguments it had before it stopped.

For example, if you changed a configuration set that was being referenced by an active instance of Oracle Internet Directory server, you could update it by restarting that server instance. You do not need to supply the configset argument again, as it is maintained from the prior start operation. To restart all active instances on a node, do not specify the instance argument.

Note that a server is momentarily unavailable to client requests during a restart. When starting an Oracle Directory Replication server, you must supply the information it needs to connect to the Oracle Internet Directory server. You cannot use the add option when starting a replication server. When communicating with the directory server, the directory replication server uses the virtual host name. Further, the replicaID attribute that represents the unique replication identification for the Oracle Internet Directory node is generated once.

When communicating with the directory server, the Directory Integration Platform server uses the virtual host name. The status argument is used to report the status of each server running on the node. Use the -diag flag with the status argument to get detailed diagnostic information that can be useful in resolving performance issues. The -diag flag causes oidctl to print information about each LDAP operation as it executes, including the time it spends in the database layer.

When you run oidctl with status -opdiag interval , oidctl reads the shared memory contents for all servers in the running instances associated with the OIDMON in that environment and aggregates the operation count of each type for each OID component.

It repeatedly displays current and total operation counts on the standard output at interval seconds. Using oiddiag. The Oracle Internet Directory Server Diagnostic command-line tool oiddiag collects diagnostic information that helps triage issues reported on Oracle Internet Directory. You can also use ldifwrite to back up information from all or part of a directory.

Table lists and describes the command-line tools for managing replication, and points you to further information. Replication Environment Management Tool. This tool ensures that Advanced Replication is properly configured for directory replication. In the event of a directory replication failure, this tool looks for the problems and seeks to rectify them.

If it cannot solve the problem, then it gives you a report of the nature of the problem and points you to a possible solution. The "remtool" command-line tool reference in Oracle Identity Management User Reference for syntax and examples. OID Reconciliation Tool. When a replication conflict arises, Oracle directory replication server places the change in the retry queue and tries to apply it from there for a specified number of times. If it fails after that specified number, then the replication server puts the change in the human intervention queue.

From there, the replication server repeats the change application process at less frequent intervals while awaiting your action. Reconcile the conflicting changes on the consumer with those on the supplier by using the OID Reconciliation Tool. Human Intervention Queue Manipulation Tool. Once you have reconciled conflicting changes by using the OID Reconciliation Tool, the Human Intervention Queue Manipulation Tool enables you to move them from the human intervention queue to either the retry queue or the purge queue.

Moving the change to the purge queue means that there are no further attempts to re-apply the change log entry. Use this tool to migrate data from application-specific repositories into Oracle Internet Directory. Use this tool to analyze the various database ods schema objects to estimate the statistics. You must run this utility whenever there are significant changes in directory data—including the initial load of data into the directory. If you load data into the directory by any means other than the bulkload tool bulkload.

Statistics collection is essential for the Oracle Optimizer to choose an optimal plan in executing the queries corresponding to the LDAP operations. Oracle Internet Directory uses a password when connecting to an Oracle database. The default for this password matches the value you specified during installation for the Oracle Application Server administrator's password.

Create a wallet, named oidpwdlldap1 , for the Oracle Internet Directory database password, and a wallet, named oidpwdr sid , for the Oracle directory replication server password. The sid is obtained not from the environment variable SID but from the connected database. Oracle Internet Directory routine administration tasks are described throughout this manual.

Table points you to the information you need for some of the more common tasks. Move replication changes from human intervention queue to either the retry queue or the purge queue.

Configure server instance parameters by using command-line tools. Configure server instance parameters by using Oracle Directory Manager. Connect to a directory by using Oracle Directory Manager. Skip Headers. See Also : "Oracle Internet Directory Architecture" for a conceptual explanation of directory server instances. At the system prompt, enter: oidadmin. The Oracle Directory Manager Connect dialog box appears. View Refresh — Updates data stored in memory to reflect changes in the database Tear-Off —Generates a secondary dialog containing the fields and values displayed in Oracle Directory Manager's right pane.

Create Entry —Displays the New Entry dialog box that you use to add a new directory entry Refresh Entry —Updates data for entries stored in memory to reflect changes in the database Refresh Subtree Entries —Updates the children of entries stored in memory to reflect changes in the database Configure Search Filter —Narrows the range of entries the navigator pane displays according to whatever filter you specify Drop Index —Removes an index from an attribute.

Refresh Entry —Updates data for entries stored in memory to reflect changes in the database Refresh Subtree Entries —Updates the children of entries stored in memory to reflect changes in the database Configure Search Filter —Narrows the range of entries the navigator pane displays according to whatever filter you specify Drop Index —Removes an index from an attribute.

To connect to an additional directory server: In the navigator pane, select Oracle Internet Directory Servers. In the right pane, choose New. If you make the configuration in both Oracle Directory Manager and the directory server, and the configuration in Oracle Directory Manager does not match the one in the directory server, then Oracle Internet Directory resolves the conflict as follows: If the value you set in Oracle Directory Manager is greater than that in the directory server, then the configuration of the server prevails.

To configure the display and duration of searches in Oracle Directory Manager: In the navigator pane, expand Oracle Internet Directory Servers , and select the server you want to configure.

To configure the display and duration of searches in an Oracle directory server: In the navigator pane, expand Oracle Internet Directory Servers and select a directory server instance.

Choose Apply. The following sections provide examples of the recommended approach. Log in as orcladmin. Expand Server Management. Click Default Configuration. Click Apply. Expand Directory Server. Right click Default Configuration Set. Click Create Like. Click OK.

Arguments that must be escaped from the shell are shown in double quotes ". Use the appropriate quote characters for your shell environment.

Useful in creating and dropping the indexes. The "ldapadd" command-line tool reference in Oracle Identity Management User Reference ldapaddmt Use this tool to add several entries concurrently by using this shared-server tool. The "ldapbind" command-line tool reference in Oracle Identity Management User Reference ldapcompare Use this tool to see whether an entry contains a specified attribute value. The "ldapcompare" command-line tool reference in Oracle Identity Management User Reference ldapdelete Use this tool to delete entries.

The "ldapdelete" command-line tool reference in Oracle Identity Management User Reference ldapmoddn Use this tool to modify the DN or RDN of an entry, rename an entry or a subtree, or move an entry or a subtree under a new parent. The "ldapmoddn" command-line tool reference in Oracle Identity Management User Reference ldapmodify Use this tool to create, update, and delete attribute data for an entry.

The "ldapmodify" command-line tool reference in Oracle Identity Management User Reference ldapmodifymt Use this tool to modify several entries concurrently by using this shared-server tool.

The "ldapmodifymt" command-line tool reference in Oracle Identity Management User Reference ldapsearch Use this tool to search for directory entries. The "remtool" command-line tool reference in Oracle Identity Management User Reference for syntax and examples OID Reconciliation Tool When a replication conflict arises, Oracle directory replication server places the change in the retry queue and tries to apply it from there for a specified number of times.

At this point, you need to: Examine the change in the human intervention queues Reconcile the conflicting changes on the consumer with those on the supplier by using the OID Reconciliation Tool Place the change either back into the retry queue or into the purge queue " "About the Oracle Internet Directory Reconciliation Tool" The "oidreconcile" command-line tool reference in Oracle Identity Management User Reference Human Intervention Queue Manipulation Tool Once you have reconciled conflicting changes by using the OID Reconciliation Tool, the Human Intervention Queue Manipulation Tool enables you to move them from the human intervention queue to either the retry queue or the purge queue.

See Also: The "ldifmigrator" command-line tool reference in Oracle Identity Management User Reference for instructions on using this tool. See Also: The "oidstats. Note: To change the ODS database user password, you must use the oidpasswd tool. If you change the ODS database user password by any other means, then Oracle Internet Directory instances fail to start. All rights reserved. Home Solution Area Contents Index.

Solution Area. Create — Adds an object Create Like —Adds a new object by using the object selected in the navigator pane as a template Connect — Connects to a directory server selected in the navigator pane D isconnect —Disconnects from a directory server selected in the navigator pane Exit —Exits Oracle Directory Manager. Edit — Modifies an object Remove —Removes a selected object Find Object Classes or Find Attributes —Searches for either an object class or an attribute, depending on the context.

Refresh — Updates data stored in memory to reflect changes in the database Tear-Off —Generates a secondary dialog containing the fields and values displayed in Oracle Directory Manager's right pane. Add Object Classes —Adds an object class to an existing entry. Chapter 7, "Attribute Uniqueness in the Directory". Chapter 10, "Logging, Auditing, and Monitoring the Directory".

Chapter 16, " Directory Storage of Password Verifiers". Chapter 5, " Oracle Directory Server Administration". Unique instance number for a given server ID on a given host. Process ID of the server that is up and running. Command line arguments that need to be passed to the server instance.