This Oracle provided security related post (Prepared by Naga Srivalli Mantravedi OUD & Security Expert) will be useful to those who are working on Fusion Middleware products, Oracle E-Business Suite, that hosts OUD & OUDSM on it. This post compose with Q & A on OUD.
 |
| Oracle Unified Directory |
What is OUD? What is so special about it?
Great product from Oracle in recent years developed as a brand new LDAP Server completely rewritten in Java language for a very large & scalable deployment and a very performant directory server implementation. Best part of this OUD server is its capacity to store billions of user data.
That is why Oracle’s recommended LDAP Server is OUD and it can be used with other Oracle products like Oracle Access Manager, Oracle E-Business Suite (R12), Oracle Identity Manager (OIM) or Oracle Fusion Middleware (FMW). Even this will be supported on Cloud services as OUD service.
What is the relationship of OUD with OID?
As we explore the OUD you can understand it better, Oracle latest LDAP v3 complaint directory service implemented in OUD that runs on JVM. Oracle annouced product replacement of Oracle Internet Directory with OUD.
What is the difference between OUD and OUDSM?
Oracle Unified Directory is an all-in-one directory solution with storage, proxy, synchronization and virtualization capabilities
Oracle Unified Directory Services Manager (OUDSM) is an interface for managing instances of Oracle Unified Directory. OUDSM enables you to configure the structure of the directory, define objects in the directory, add and configure users, groups, and other entries. OUDSM is also the interface you use to manage entries, schema, security, and other directory features.
Can we install OUD and OUDSM without RCU?
The OUD Version 12.2.1.3 and later
There are three different ways to install OUD.
1) Standalone (no WLS domain needed - No Infrastructure Install Only OUD Install)
2) OUD & OUDSM in one WLS Domain (Requires Infrastructure Install, Database with RCU config, OUD Install)
3) OUD in a Separate WLS Domain from OUDSM
- OUD in a Separate WLS Domain from OUDSM (Requires Infrastructure Install, OUD Install - No Database Required)
- OUDSM in a Separate WLS Domain from OUD (Requires Infrastructure Install, OUD Install - No Database Required - OUDSM Could be on a Different Host from the OUD instance and can be used for a Standalone OUD Instance
NOTE: Database Installation is required Only for OUD & OUDSM in a Single Domain. For OUD and OUDSM to co-exist in the same domain the Oracle Database is a mandatory requirement in which needed schema elements for OPSS and other Infrastructure data will be stored.
How to create a OUDSM domain with WLST in production domain?
You can create a domain for OUDSM without depending on the Oracle Database or the Repository Creation Utility (RCU) using the WLST command
You can follow the steps mentioned here to create a WebLogic domain for OUD/OUDSM.
After these steps, if the domain is created is under development mode. I suggest to enable the production mode manually post installation.
Follow one of the steps to enable the production mode.
1. Add this parameter "-Dweblogic.ProductionModeEnabled=true" in server start argument
1. In the left pane of the Console, under Domain Structure, select the domain name.2. Select Configuration -> General and select the Production Mode check box.3. Click Save.
2. Using WLST :
wls:/offline> connect('username','password')
wls:/[DOMAIN-NAME]/serverConfig> edit()
wls:/[DOMAIN-NAME]/edit> startEdit()
wls:/[DOMAIN-NAME]/edit !> cmo.setProductionModeEnabled(true)
wls:/[DOMAIN-NAME]/edit !> activate()
wls:/[DOMAIN-NAME]/edit> exit()
3. You can also set the value PRODUCTION_MODE to true or false in setDomainEnv.sh file
Can I Create this on OUD Domain with Cluster configuration of OUD servers?
For OUD, it is possible to deploy multiple instances on different hosts and configure replication between the instances.
If OUDSM for OUD is deployed to the Admin Server, it cannot be clustered.
Can I use same OUDSM WebLogic Console for PROD and DR environments?
Since OUDSM can be used to administer an OUD instance on any host (if the OUD instance's Admin Port is open based on the firewall configuration), then there is no need to install more than one OUDSM. OUDSM can be installed on each OUD host, but it is not needed.
OUDSM connects to each OUD instance through the OUD instance's Administration Port.
To administer OUD instances using one OUDSM installation, open admin ports on all OUD hosts so that only one OUDSM instance is needed (rather than installing an OUDSM on each host).
For OUD instances with a replication configuration, the Admin Port will need to be opened on all replicas so that dsreplication commands are successful. Additionally, if the replicas' Admin Ports are not open in the firewall configuration, OUDSM will not be able to administer an OUD instance's replication configuration successfully, and the ability to administer the replicas using OUDSM will not work.
Do you have any more queries on OUD/OUDSM???
Hope this information is given you some insights on the Oracle Unified Directory server abilities with a clarity. If you have some more questions on the OUD or OUDSM please post your questions under comment section.
