Deploying Oracle Unified Directory as a Replication Server

Before You Begin

This tutorial shows you how to setup Oracle Unified Directory as a Replication Server. This tutorial takes approximately 15 minutes to complete.

Background

Oracle Unified Directory can be setup to fulfill different roles. These roles include setting up OUD as directory server, a proxy server, a replication server, and replication gateway

What Do You Need?

• An environment with:
• At least 16 GB of physical memory
• Oracle Enterprise Linux 6.6 or later with access to the Internet
• oracle credentials
• A basic understanding of Linux

This tutorial assumes that you have already installed and configured the following:

• A collocated install of Oracle Fusion Middleware Infrastructure 12.2.1.3.0 and Oracle Unified Directory 12.2.1.3.0.
• Oracle Unified Directory Services Manager (OUDSM) domain configured and Administration Server running in this domain.
• ds12PS3example.ldif Sample test data
  Note: This sample file has a few example users, you can import this ldif file when you set up the first directory server in the replication topology.
• changeTelephoneNumberTo8888.ldif Test input file
  Note: This sample test file has a single attribute modification, which can be useful to simulate one of the scenarios between two replication servers.

Configuring Oracle Unified Directory Server as a Replication Server

1. Launch a terminal window as oracle and enter the following command to check that your PATH is pointing to the correct version of the JDK:

# java -version

java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

Note: The certified minimum java version is 1.8.0_144

2. Navigate to the ORACLE_HOME directory, where Oracle Unified Directory software installed.
   Run the oud-setup, this command launches a Java-based graphical user interface (GUI) installer, that enables to set replication server instances, and get them running.
   

# cd $OUD_ORACLE_HOME
#./oud-setup  

3. Follow the table below to guide you through the setup screens, of the initial replication server instance:

   Step	Window Description	Choices or Values
   1.	Welcome	Click Next
   2.	Server Administration Settings	Instance Path: /u01/app/oracle/config/oud_instances/oud1_repl Host Name: host01.example.com Administration Port(s): Enable Administration only with LDAP LDAP Port: 4444 Root User DN: cn=Directory Manager Password: ******** Password (confirm): ********
   3.	Ports	Select LDAP, and enter the port number on which the directory server listens for connections. The default secure port is 1389. Select LDAPS, and enter the port number. The default secure port is 1686. Select Certificate, Generate Self-Signed Certificate (recommended for testing only) Click Next
   4.	Topology Options	Select This server will be part of replication topology Select Configure as Secure Make sure the default Replication port: 8989
   5.	Directory Data	Select Directory Base DN: dc=example,dc=com Select Import Data from LDIF File Click Browse Choose location of LDIF File
   6.	Server Tuning	Click Next
   7.	Review	Select Start Server When Configuration has completed Click Finish
   8.	Finished	Click Close

4. Navigate to the ORACLE_HOME directory, again run the oud-setup, to setup the second replication server, and get this running.
   

# cd $OUD_ORACLE_HOME
#./oud-setup  

5. Follow the table below to guide you through the setup screens, of the second directory server in the replication topology:

   Step	Window Description	Choices or Values
   1.	Welcome	Click Next
   2.	Server Administration Settings	Instance Path: /u01/app/oracle/config/oud_instances/oud2_repl Host Name: host01.example.com Administration Port(s): Enable Administration only with LDAP LDAP Port: 5444 Root User DN: cn=Directory Manager Password: ******** Password (confirm): *******
   3.	Ports	Select LDAP, and enter the port number on which the directory server listens for connections. The default secure port is 2389. Select LDAPS, and enter the port number. The default secure port is 2686. Select Certificate, Generate Self-Signed Certificate (recommended for testing only) Click Next
   4.	Topology Options	Select This server will be part of replication topology Enable Configure as Secure Make sure the default Replication port: 9989 Select There is already server in the topology Host name: host01.example.com Administrator Connector Port: 4444 Admin user: cn=Directory Manager Admin Password: ********
   5.	Certificate Not Trusted	Click Accept Permanently
   6.	Create Global Administrator	Global Administrator ID: admin Global Administrator Password: cn=Directory Manager Global Administrator Password (confirm): *******
   7.	Data Replication	Select dc=example,dc=com
   8.	Oracle Components Integration	Check No specific integration
   9.	Server Tuning	Click Next
   10.	Review	Verify that Start Server When Configuration has completed option is Checked Click Finish
   11.	Finished	Click Close

Launch the OUDSM Application to Create Two New Directory Server connections

1. Launch Firefox browser, type http://host01.example.com:7001/oudsm to access OUDSM application.
   
   

   

2. Create a first new connection with the following details, for the first directory server oud1_repl. The password you provide for oudconn1_repl directory server connection must be same as in step 3-2 of section 1.
   
   • Name: oudconn1_repl
   • Server: hostname
   • Administration Port: 4444
   • SSL Enabled: Selected
   • Password: ********
   • Start Page: Home
   Click Login button, then Click Yes,trust always in Server Certification Validation window, for the first time.
   
   Note: Create a second new connection oudconn2_repl, use the Administration port 5444 of the second directory server oud2_repl. The password you provide for oudconn2_repl directory server connection must be same as in step 5-2 of section 1.

Verify Replication Using OUDSM

1. In OUDSM application, first connect to the oudconn1_repl, later to oudconn2_repl directory servers connections. Navigate to the Data Browser tab of the connection oudconn1_repl. Then, verify that the roomnumber attribute has a value 1327, for uid=jjones by navigating to the relevant entry in Optional Attributes under the Attributes tab.
   

   

   Note: The two connection names referred above were created in step 2 of section 2.


2. Navigate to one of the user identities uid=jjones, under the Data Tree.
   

   

   Delete the roomnumber attribute.
   

   

   Note: Click Apply to save the changes, without fail.


3. Now, go to the Data Browser tab of the second directory server connection oudconn2_repl of oud2_repl directory server in the replication topology.
   

   

   Navigate to the same user identity uid=jjones, under the Data Tree. Select the roomnumber optional attribute under the Attributes tab, in the rightpane. You observe the roomnumber attribute has no value.
   

   

   Conclusion: This confirms that changes made in the first directory server oud1_repl, are replicated accordingly to the second directory server oud2_repl.

Verify Replication Using the Command Line (CLI)

1. Launch a terminal window as oracle and enter the following ldapsearch command from first directory server oud1_repl.
   

   # cd $OUD_INSTANCES/oud1_repl/bin
   
   # ./ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt  -b "dc=example,dc=com" "uid=bandrews"
   dn: uid=bandrews,ou=People,dc=example,dc=com
   mail: bandrews@example.com
   sn: Andrews
   roomNumber: 4471
   cn: Barry Andrews
   ou: Product Development
   objectClass: top
   objectClass: inetOrgPerson
   objectClass: organizationalPerson
   objectClass: person
   givenName: Barry
   telephoneNumber: +1 408 555 6249
   facsimileTelephoneNumber: +1 408 555 9332
   userPassword: *******************************************************************
   l: Cupertino
   uid: bandrews
   

   Note: Execute the same command from any server, since the two directory servers are in replication topology. For example, from oud2_repl server i.e. $OUD_INSTANCES/oud2_repl/bin to confirm the output same, Use the port number 2389.
   Note: The pwd.txt file has the password ******** which is same as in step 3-2, and step 4-2 of section 1.
2. Enter the following ldapmodify command to update the telephoneNumber in the first directory server oud1_repl for one of the user identities.
   

   # cd $OUD_INSTANCES/oud1_repl/bin
   
   # ./ldapmodify -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt -f /home/oracle/changeTelephonenumber.ldif 
   Processing MODIFY request for uid=bandrews,ou=People,dc=example,dc=com
   MODIFY operation successful for DN uid=bandrews,ou=People,dc=example,dc=com
   

   # ./ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt  -b "dc=example,dc=com" "uid=bandrews"
   

   Note: You observe the same output as in step 1, except the new updated telephoneNumber: +1 408 555 8888 as per the modify request.
3. Enter the following ldapsearch command to fetch details of one of the user identities, from the second directory server oud2_repl .
   

   # cd $OUD_INSTANCES/oud2_repl/bin
   
   # ./ldapsearch -h localhost -p 2389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt  -b "dc=example,dc=com" "uid=bandrews"
   dn: uid=bandrews,ou=People,dc=example,dc=com
   mail: bandrews@example.com
   sn: Andrews
   roomNumber: 4471
   cn: Barry Andrews
   ou: Product Development
   objectClass: top
   objectClass: inetOrgPerson
   objectClass: organizationalPerson
   objectClass: person
   givenName: Barry
   telephoneNumber: +1 408 555 8888
   facsimileTelephoneNumber: +1 408 555 9332
   userPassword: *******************************************************************
   l: Cupertino
   uid: bandrews
   

   Conclusion: You observe the telephoneNumber: +1 408 555 8888 got updated in the second directory server. This confirms that replication between the two replication server instances is successful.

Want to Learn More?

• Understanding the Oracle Unified Directory Replication Model