Oracle by Example brandingMonitoring And Testing the Status of Replicated Oracle Unified Directory Servers Topology

section 0Before You Begin

This tutorial shows you how to Monitor and Testing the status of replicated Oracle Unified Directory (OUD) Servers Topology. This tutorial takes approximately 15 minutes to complete.

Background

In any Replicated Oracle Unified Directory Servers topology, changes made on one OUD server are immediately propagated, or replicated, to multiple different Oracle Unified Directory servers in the topology. You can monitor Oracle Unified Directory replication status by using the dsreplication status command to obtain replication status information.

What Do You Need?

  • An environment with:
    • At least 16 GB of physical memory
    • Oracle Enterprise Linux 6.6 or later with access to the Internet
    • oracle credentials
  • A basic understanding of Linux

This tutorial assumes that you have the following:

  • Oracle Unified Directory 12c (12.2.1.3.0) installed in the ORACLE_HOME environment.
  • This sample ldif file ds12PS3example.ldif, used for importing data while creating an OUD server instance.
  • Make sure the below set of environment variables are defined for OUD 12c
    • ORACLE_HOME=\u01\app\oracle\product\oud
    • OUD_INSTANCES=\u01\app\oracle\config\oud_instances

section 1Setup Oracle Unified Directory Replicated Servers

  1. Navigate to the ORACLE_HOME directory, where the Oracle Unified Directory software installed. Run this oud-setup utility from the command line to setup the first Oracle Unified Directory server instance. 
    # export INSTANCE_NAME=../../config/oud_instances/oudr1 
# $ORACLE_HOME/oud/oud-setup -i -n -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt -b dc=example,dc=com --adminConnectorPort 4444 -l /home/oracle/ds12PS3example.ldif 
Oracle Unified Directory 12.2.1.3.0
Please wait while the setup program initializes...

Creating instance directory /u01/app/oracle/config/oud_instances/oud1/OUD.....Done.
See /u01/app/oracle/config/oud_instances/oudr1/OUD/logs/oud-setup for a detailed log of this operation.

Configuring Directory Server ..... Done.
Importing LDIF file /home/oracle/ds12PS3example.ldif ........ Processed 15 entries, imported 15, skipped 0, rejected 0 and migrated 0 in 0 seconds (average rate 15.8/sec)

Starting Directory Server ........ Done.
To see basic server configuration status and configuration you can launch /u01/app/oracle/config/oud_instances/oud1/OUD/bin/status
    Run this oud-setup utility again, to setup the second Oracle Unified Directory server instance.
    # export INSTANCE_NAME=../../config/oud_instances/oudr2 
# ./oud-setup -i -n -p 2389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt -b dc=example,dc=com --adminConnectorPort 5444
    Note: You create the pwd.txt file, and save the password content that can be used while setup of Oracle Unified Directory as a directory server.
  1. Enable the replication between, two Oracle Unified Directory Server Instances that are created in previous step. 
    # cd $OUD_INSTANCES/oudr1/OUD/bin 
# ./dsreplication enable --port1 4444 --bindDN1 "cn=Directory Manager" --bindPasswordFile1 /home/oracle/pwd.txt --replicationPort1 8989 --port2 5444 --bindDN2 "cn=Directory Manager" --bindPasswordFile2 /home/oracle/pwd.txt --replicationPort2 9989 --adminUID admin --adminPasswordFile /home/oracle/pwd.txt --baseDN dc=example,dc=com --trustAll --no-prompt 
Establishing connections and reading configuration ..... Done.

Checking registration information ..... Done.
Updating registration information ..... Done.
Updating replication configuration for baseDN dc=example,dc=com ...... Done.
Updating replication configuration for the registration data (cn=admin data) ..... Done.
Updating replication configuration for the schema ..... Done.
Reading Updated Configuration ..... Done.

Initializing registration information on server host01.example.com:5444 with the contents of server host01.example.com:4444 ..... Done.
Initializing schema on server host01.example.com:5444 with the schema of server host01.example.com:4444 ..... Done.

Replication has been successfully enabled.  Note that for replication to work you must initialize the contents of the base DN's that are being replicated (use dsreplication initialize to do so).
See /tmp/oud-replication-1433450442521794557.log for a detailed log of this operation.
    2. Note: Here, use the same password file pwd.txt as a parameter for bindPasswordFile, and adminPasswordFile in the command dsreplication enable.
  1. Run the dsreplication initialize command to initialize a replicated server with the data from another replicated server.
    # ./dsreplication initialize --baseDN "dc=example,dc=com" --adminUID admin --adminPasswordFile /home/oracle/pwd.txt --hostSource host01.example.com --portSource 4444 --hostDestination host01.example.com --portDestination 5444 -X -n 
Establishing connections and reading configuration ..... Done.

Initializing base DN dc=example,dc=com with the contents from host01.example.com:4444:
0 entries processed (0.00% complete).
    > Time elapsed: 1 seconds.
15 entries processed (100.00% complete).
    > Time elapsed: 2 seconds.
Base DN initialized successfully.
The operation completed in 6 seconds.

See /tmp/oud-replication-4830083262234562672.log for a detailed log of this operation.

section 2Verify Replication of OUD Servers in CLI mode

  1. Launch a terminal window as oracle user. Enter the following ldapsearch command to list down details of one of the user identities uid=amccoy, from the first OUD server oudr1. 
    # cd $OUD_INSTANCES/oudr1/OUD/bin 
# ./ldapsearch -h host01.example.com -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt -b "dc=example,dc=com" uid="amccoy" 
dn: uid=amccoy,ou=People,dc=example,dc=com
mail: amccoy@example.com
sn: McCoy
roomNumber: 4023
cn: Andrew McCoy
ou: Accounting
objectClass: top
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
givenName: Andy
telephoneNumber: +1 408 666 6666
facsimileTelephoneNumber: +1 408 555 3372
userPassword: *************************************
l: Sunnyvale
uid: amccoy

    Modify the roomNumber attribute of this user identity uid=amccoy, and then press Enter at the end of each input line. The roomNumber input line must be followed by the key combination Ctrl+SHFT+d. Press the key combination Ctrl+c, after you see the message that the Modify operation is successful. 

    # ./ldapmodify -h host01.example.com -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt 
dn: uid=amccoy,ou=People,dc=example,dc=com
changetype: modify
replace: roomNumber
roomNumber: 4444

Processing MODIFY request for uid=amccoy,ou=People,dc=example,dc=com
MODIFY operation successful for DN uid=amccoy,ou=People,dc=example,dc=com

    Run the ldapsearch command from the second OUD server instance, to confirm that the change is propagated.

    # cd $OUD_INSTANCES/oudr2/OUD/bin 
# ./ldapsearch -h host01.example.com -p 2389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt -b "dc=example,dc=com" uid="amccoy"  | grep "roomNumber" 
    
roomNumber: 4444
    2. Conclusion: The attribute roomNumber value of the entry uid=amccoy changed to 4444. Hence the change is propagated to oudr2 OUD replicated server successfully.
  1. Here, delete one of the user identities uid=sjones, from the first OUD server instance. 
    # cat $OUD_INSTANCES/oudr1/OUD/bin 
# ./ldapdelete -h host01.example.com -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt  "uid=sjones,ou=People,dc=example,dc=com" 
    
Processing DELETE request for uid=sjones,ou=People,dc=example,dc=com
DELETE operation successful for DN uid=sjones,ou=People,dc=example,dc=com

    Run the ldapsearch command to list down the details of uid=sjones, from the second OUD server instance, to confirm that the change is propagated.

    # cd $OUD_INSTANCES/oudr2/OUD/bin 
# ./ldapsearch -h host01.example.com -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt -b "dc=example,dc=com" uid="sjones"
    2. Conclusion: No output shown for uid=sjones. Hence the change is propagated to oudr2 OUD replicated server successfully.
  1. Add a new user identity uid=jrhodes, to the first OUD server instance along with various attributes. Then, press Enter at the end of each input line. The last input userPassword, line must be followed by the key combination Ctrl+SHFT+d. Press the key combination Ctrl+c, after you see the message that the Modify operation is successful. 
    # cat $OUD_INSTANCES/oudr1/OUD/bin 
# ./ldapmodify -h host01.example.com -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt 
dn: uid=Johnty Rhodes,ou=People,dc=example,dc=com
changetype: add
cn: Johnty Rhodes
sn: Rhodes
givenName: Johnty
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Accounting
ou: People
l: Scottsdale
uid: jrhodes
mail: jrhodes@example.com
roomNumber: 5555
userPassword: **********
Processing ADD request for uid=Johnty Rhodes,ou=People,dc=example,dc=com
ADD operation successful for DN uid=Johnty Rhodes,ou=People,dc=example,dc=com

    Run the ldapsearch command to list down the details of uid=jrhodes from the second OUD server instance to confirm, that the change is propagated.

    # cd $OUD_INSTANCES/oudr2/OUD/bin 
# ./ldapsearch -h host01.example.com -p 1389 -D "cn=Directory Manager" -j /home/oracle/pwd.txt -b "dc=example,dc=com" uid="jrhodes"
    2. Conclusion: The new entry uid=jrhodes, details are listed here as expected. Hence the change is propagated to oudr2 OUD replicated server successfully.

section 3Verify Viewing the Minimal and Additional basic Replication status

  1. To view the minimal basic replication status information, such as No. of Entries, replication Port, and Status of replication. You use the dsreplication status command.
    # cd $OUD_INSTANCES/oudr1/OUD/bin 
# ./dsreplication status --adminUID admin --adminPasswordFile /home/oracle/pwd.txt -X --hostname host01.example.com --port 4444 
Establishing connections and reading configuration ..... Done.

dc=example,dc=com - Replication Enabled
=======================================
Server                   : Entries : M.C. [1] : A.O.M.C. [2] : Port [3] : Status [4] : Conflicts [5]
-------------------------:---------:----------:--------------:----------:------------:--------------
host01.example.com:4444  : 15      : 0        : 0            : 8989     : Normal     : 0
host01.example.com:5444  : 15      : 0        : 0            : 9989     : Normal     : 0

[1] The number of changes that are still missing on this element (and that have been applied to at least one other server).
[2] Age of oldest missing change: the age (in seconds) of the oldest change that has not yet arrived on this element.
[3] The replication port used to communicate between the servers whose contents are being replicated.
[4] The status of the replication on this element.
[5] The number of currently unresolved replication conflicts.
  2. To view the additional basic replication status information, such as Encryption, Trust, ChangeLog, and Group ID. You use the dsreplication status command in compat-view.
    # ./dsreplication status --adminUID admin --adminPasswordFile /home/oracle/pwd.txt -X --hostname host01.example.com --port 4444 --dataToDisplay compat-view 
Establishing connections and reading configuration ..... Done.

dc=example,dc=com - Replication Enabled
=======================================
Server                   : Entries : M.C. [1]: A.O.M.C. [2]: Port [3]: Encryption [4]: Trust [5]: U.C. [6]: Status [7]: ChangeLog [8]: Group ID [9]: Connected To [10]
-------------------------:---------:---------:-------------:---------:---------------:----------:---------:-----------:--------------:-------------:-------------------------------
host01.example.com:4444  : 15      : 0       : 0           : 8989    : Disabled      : Trusted  : --      : Normal    : Enabled      : 1           : 

host01.example.com:8989  :         :         :             :         :               :          :         :           :              :             : (GID=1)
host01.example.com:5444  : 15      : 0       : 0           : 9989    : Disabled      : Trusted  : --      : Normal    : Enabled      : 1           : 

host01.example.com:9989  :         :         :             :         :               :          :         :           :              :             : (GID=1)

[1] The number of changes that are still missing on this element (and that have been applied to at least one other server).
[2] Age of oldest missing change: the age (in seconds) of the oldest change that has not yet arrived on this element.
[3] The replication port used to communicate between the servers whose contents are being replicated.
[4] Whether the replication communication initiated by this element is encrypted or not.
[5] Whether the directory server is trusted or not. Updates coming from an untrusted server are discarded and not propagated.
[6] The number of untrusted changes. These are changes generated on this server while it is untrusted.
    Those changes are not propagated to the rest of the topology but are effective on the untrusted server.
[7] The status of the replication on this element.
[8] Whether the external change log is enabled for the base DN on this server or not.
[9] The ID of the replication group to which the server belongs.
[10] The replication server this server is connected to with its group ID between brackets.

section 4Verify Monitoring Advanced Replication status

  1. To Monitor the number of updates happened in Section 2, that have been sent and received by the OUD servers in a topology provides an indication of how well replication is working. You use the dsreplication status command with relevant set of parameters to dataToDisplay. 
    # cd $OUD_INSTANCES/oudr1/OUD/bin 
# ./dsreplication status -X -p 4444 --adminPasswordFile /home/oracle/pwd.txt -n --dataToDisplay sent-updates --dataToDisplay received-updates --dataToDisplay send-window 
Establishing connections and reading configuration ..... Done.

dc=example,dc=com - Replication Enabled
=======================================
Server                   : Port [1] : R.U. [2] : S.U. [3] : S.W. [4]
-------------------------:----------:----------:----------:---------
host01.example.com:4444  : 8989     : 0        : 3        : 97
host01.example.com:5444  : 9989     : 3        : 0        : 100
 
[1] The replication port used to communicate between the servers whose contents are being replicated.
[2] Received updates.
[3] Sent updates.
[4] Send window between this element and the replication server it is connected to.
    Note: The Send Updated (S.U.) column indicates the number of updates that have been sent by this directory server or replication server, hence the value is 3.
    The Received Updates (R.U.) column indicates the number of updates that have been received by this directory server or replication server, hence the value is 3.

  2. To monitor replication security, you use dsreplication status command on any OUD server in the topology that hosts a replication server. The Encryption column indicates whether the SSL protocol is enabled or disabled between two servers for specified base DN.
    # ./dsreplication status -X -p 4444 --adminPasswordFile /home/oracle/pwd.txt -n --dataToDisplay secure-conf 
Establishing connections and reading configuration ..... Done.

dc=example,dc=com - Replication Enabled
=======================================
Server                   : Port [1] : Encryption [2]
-------------------------:----------:---------------
host01.example.com:4444  : 8989     : Disabled
host01.example.com:5444  : 9989     : Disabled

[1] The replication port used to communicate between the servers whose contents are being replicated.
[2] Whether the replication communication initiated by this element is encrypted or not.
  3. To Monitor data consistency, whether each replication server in the topology is synchronized and up-to-date with the latest changes that have occurred in the topology as in Section 2. If the data is not consistent, Bad data set is indicated in the status column, otherwise Normal is indicated.
    # ./dsreplication status -X -p 4444 --adminPasswordFile /home/oracle/pwd.txt -n --dataToDisplay status --dataToDisplay generation-id 
Establishing connections and reading configuration ..... Done.

dc=example,dc=com - Replication Enabled
=======================================
Server                   : Port [1] : Status [2] : Gen. ID [3]
-------------------------:----------:------------:------------
host01.example.com:4444  : 8989     : Normal     : 256486
host01.example.com:5444  : 9989     : Normal     : 256486

[1] The replication port used to communicate between the servers whose contents are being replicated.
[2] The status of the replication on this element.
[3] The generation ID: the version of the data in each replicated base DN, for each directory server.

next stepWant to learn more ?