Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming

transcript

Presentation #36576Presentation #36576Oracle9i LDAP: Advanced

Configuration of Directory Naming Daniel T. Liu

Senior Technical consultantFirst American Real Estate Solutions

Date: Wednesday, September 10, 2003 @ 4:30 AM - 5:30 PM Place: Moscone Room 131

Paper #36576, Daniel T. Liu, FARES

Agenda

• Net Services Basics• Connecting Methods• OID Basics• Step-by-Step Setup of

OID for Names Resolutions

• Migrating to OID• Q & A

Net Services Basics

Figure 3

C lient

OracleInternet

DirectoryServer

OracleNam esServer

OIDdb7

listener_sd8

listener_dallas

listener_sd9

listener_newyork

Oracle NetD omain : company.com

NewYork/Linux

Dallas/NT

SanDiego/Solaris

T N SN AM E.O R Adb1 =(DESCRIPTION =(ADDRESS =(PROTOCOL= TCP)(Host= host1)(Port= 1521))(CONNECT_DATA =(SID = db1)))

db2 =(DESCRIPTION =(ADDRESS =(PROTOCOL= TCP)(Host= host2)(Port= 1521)) (CONNECT_DATA =(SID = db2)) )

Net Services In a Nutshell

• What is the database instance ?– Instance name (SID)

• Where is the database instance ?– Instance address (host, IP address, port)

• How to communicate ?– Network language (protocol)

Net Services Components

• Net Services Client• Net Services Server• Oracle Net

– Oracle Net Foundation Layer– Oracle Protocol Support

• Listener

Client/Server

• Net Services Client– Enables client connections to databases across a

network. A client-side application sends a request to Oracle Net Services to be transported across the network to the server.

• Net Services Server– Enables the listener, through a protocol, to

accept connections from client application on the network.

Oracle Net

• Oracle Net Foundation Layer– Provides a standard method for a client application to

establish and maintain communication with the Oracle database server on top of industry-standard network protocol.

• Oracle Protocol Support– TCP/IP (with SSL)– Named Pipes– LU 6.2– VI

Oracle Net

Figure 1

Client Application RDMBS

Oracle Net Foundation LayerOracle Net Foundation Layer

Oracle Support P rotocolOracle Support Protocol

NAMED PIPES

TCP/IP

LU 6.2

Listener

• A separate process that resides on the server• Receives incoming client connection

requests and manages the traffic of these requests to the server

• Can listen to one or more databases either on the same system or on different system

Listener.oralistener_dallas =

(address_list = (address = (protocol = ipc)(key = db1))

(address = (protocol = tcp)(host = dallas.company.com)(port = 1521))

)sid_list_listener_dallas =

(sid_list = (sid_desc = (global_dbname = db1.company.com)(sid_name = db1)(oracle_home = d:\oracle\oracle81)

Making the Connection

• Method #1– Retrieve from user’s

memory– Lengthy connect

string• Method #2

– Look up in your phone book

– tnsnames.ora

Making the Connection

• Method #3– Call switchboard– Oracle Names Server– Oracle Internet

Directory (LDAP)

Method #1: Retrieve From User’s Memory

Create a lengthy connect string as follows:

connect scott/tiger@(description= (address = (portocol = tcp) (host=dallas.company.com)(port = 1521))(connect_data= (service_name = db1.company.com))

Method #2:Retrieve From A Client Machine

Local Naming resolves a net service name to a network address using information configure in a local naming configuration file called tnsnames.ora.

connect scott/tiger@db1.company.comtnsnames.ora file:db1.company.com

(description= (address = (portocol = tcp) (host=dallas.company.com)(port = 1521))(connect_data= (service_name = db1.company.com)))

Method #3:Retrieve From A Central System

Central Naming stored the names and address of all database services in a central place on a network.

Two popular methods:1. Oracle Names - Oracle proprietary software to store the service names on a network

2. Directory Naming - clients can use network information stored in a centralized LDAP- compliant directory server to access a database service (Oracle Internet Directory)

Oracle Internet Directory Basics

• Directory• LDAP• Oracle Internet Directory (OID)• OID Terminology• OID Architecture• How Net Services Use A Directory Server

Directory

• Primarily read-focused• Designed to handle relatively simple

transactions on relatively small units of data• Designed to be location-independent• Designed to store information in entries

• LDAP stands for Lightweight Directory Access Protocol

• It provides all users and applications in the enterprise with a single, well-defined, standard interface to a single, extensible directory

• It reduces the need to enter and coordinate redundant information in multiple services scattered across the enterprise

• Its well-defined protocol and interfaces make it more practical to deploy internet-ready applications that leverage the directory.

Oracle Internet Directory (OID)

• A general-purpose directory service that enables fast retrieval and centralized management of information

• Full-featured LDAP Version 3 compliant directory service

• Major Benefits includes:– Scalability– High Availability– Security

OID Terminology

• Entries• Distinguished Name (DN)• Directory Information Tree (DIT)• Relative Distinguished Name (RDN)• Attributes• Object Classes• Directory Schema• Naming Contexts

Directory Information Tree

DIT ( Directory Inform ation Tree ) F igure 5

o=xyz com pany

ou=sa les

cn=John

ou=accountingou=m anufacturing

cn=T imcn=Larry

cn=Jackcn=Tomcn=Anncn=M ary cn=D an

ou=m arketing

OID Architecture

• Oracle Directory Server Instance• OID Monitor• OID Control Utility (OIDCTL)• Oracle9i Database

OID Architecture

Figure 6

Oracle9i

O racle NetListener

Dispatcher

OID M onitor

OracleNet

LDAP Server Instance 2

OID ListenerDispatcher

OracleDirectory

Server

OracleDirectory

Server

OracleDirectoryM anager

OIDControlUtility

LDAP Server Instance 1

O ID ListenerDispatcher

OracleDirectory

Server

OracleNet

Oracle Net

OracleNet

Oracle Net

How Net Services Uses A Directory Server

Figure 7

O ID RepositoryDatabase

OID Server

Oracle Net

Oracle NetListener

Net Services C lient

dc=com

dc=company

dc=O racleContext

Step 1S tep 3

Step 2

S tep 5

Step 4

S tep 4

DirectoryInform ation

Step-By-Step Setup Of Oracle Internet Directory For Names Resolution

• Step #1: Planning the Network• Step #2: Installing OID Software• Step #3: Creating OID Repository Database

and OID Schema• Step #4: Starting OID Server

Step-By-Step Setup Of Oracle Internet Directory For Names Resolution

• Step #5: Setting Up Directory Tree (Adding New Entry For Naming Context)

• Step #6: Setting Up An Oracle Context• Step #7: Adding Service Names To OID• Step #8: Setting Up The Client Machine

Step #1: Planning The Network

1. Understanding the different version of Oracle Internet Directory

Oracle Internet Directory Database2.0.6 8.1.62.1.1 8.1.73.0.1 9.0.1

2. Examine Company’s Existing Oracle network environment

– List of all the network domains– Oracle database servers within each domain– Oracle instances and listeners running on each

server– Number of Oracle Clients

3. Planning the Directory Tree– Single domain called “company.com”– 6 Oracle instances registered

Figure 8

dc=com

dc=com pany

dc=O racleC ontext

cn=db1 cn=db3 cn=db7cn=db6cn=db5cn=db4

Step #2: Installing OID Software

1. Read the Installation Guide2. Prepare the environment

- PATH- ORACLE_BASE- ORACLE_HOME- NLS_LANG- PORT 389 is not in use by another process

3. Mount the CD and bring up the Universal Installer

Step #2: Installing OID Software

4. Choose installation type:- “Management and Integration” option- Then, “Oracle Internet Directory” option

5. Choose install OID schema on:- An existing database- Or, a new independent database (preferred)

6. In “Summary” window, review information7. Click “Install”, file copy process begins.

Step #3: Creating OID Repository Database and OID Schema

1. The “Configuration Tools” window appears at the end of installation

2. The Universal Installer will first create and start an OID database instance

3. Then, it creates OID schema and objects.- $ORACLE_HOME/ldap/admin/newldap.sql

4. Choose “Exit” and review log file for any installation errors

Step #4: Starting OID Server

1. After successfully completing the installation, the default OID Monitor Daemon and LDAP Server Instance will already be running against OID database instance

2. To start manually:- oidmon connect=<net_service_name> start- Oidctl connect=<net_service_name> server=oidldapd

instance=1 start

Step #5: Setting Up Directory Tree

1. Invoke the Oracle Directory Manager2. Type user name and password

(orcladmin/welcome)3. Create new admin user if needed

- Grant “Browse, Add, Delete” access rights

4. Create the Naming Context- Add new entry “dc=com”- Add new entry “dc=company” under “dc=com”

Step #6: Setting Up Oracle Context

1. Start the Net Configuration Assistant2. Choose “Directory Service Access

Configuration” option3. Choose “Create a new Oracle Context”4. Choose “Oracle Internet Directory”5. Enter LDAP server location

Step #6: Setting Up Oracle Context

6. Enter an administrative context in which to create the Oracle Context. In our case, it is “dc=company,dc=com”

7. Enter user name and password (cn=orcladmin/welcome)

8. The authenticated user is added to the following groups

- OracleDBCreators (OracleDBCreators,cn=OracleContext)- OracleNetAdmins (cn=OracleNetAdmins,cn=OracleContext)

Step #7: Adding Service Names To OIDMethod #1:1. Open Net Assistant. Under “Net Configuration”

and “Directory” node, click “Service Naming”2. Enter username and password when the “Directory

Server Authentication” window appears3. Highlight “Service Naming” node. Go to Menu

“Edit”, then “Create”, the “Net Service Name Wizard” window appears.

4. Enter Net Services Information: (Host Name, Port, Protocol, etc)

Step #7: Adding Service Names To OIDMethod #2:1. Prepare a LDIF file (example.ldif)

dn:cn=db1,dc=Oraclecontext,dc=company,dc=com

objectclass: top

objectclass: db1NetServie

cn: db1

db1NetDescString: (description =

(address = (protocol = tcp)

(host = dallas.company.com)

(port = 1521))

(connect_data = (service_name = db1.company.com)))

Step #7: Adding Service Names To OID

Method #2:1. Execute the “ldapadd” command:

- ldapadd –D {bind dn} –w {password} –h {ldap_host} –v {verbose mode} –f {ldif entry file)

- Ldapadd –D cn=orcladmin –w welcome –h server_name –v –f example.ldif

Step #8: Setting Up The Client Machine

1. Install Oracle Net client software2. Start the Net Configuration Assistant3. Click “Naming Method Configuration”

option4. Select “Directory” under Naming

Methods. Click “Finish”

Step #8: Setting Up The Client Machine

1. This process create ldap.ora file under: $ORACLE_HOME/network/admin/

2. Configure Oracle Name Server or tnsnames.ora file as backup Naming Methods:

- NAMES.DIRECTORY_PATH=(LDAP,ONAME,TNSNAMES)

# LDAP.ORA Network Configuration File:D:\oracle\ora81\network\admin\ldap.ora

# Generated by Oracle configuration tools.

DEFAULT_ADMIN_CONTEXT = "dc=company,dc=com"

DIRECTORY_SERVERS= (dliu:389:636)

DIRECTORY_SERVER_TYPE = OID

Migrating From Local Naming

1. Start Oracle Net Assistant.2. Choose Command > Directory > Import

Net Service Names.3. Enter username and password.4. “Directory Server Migration Wizard”

starts, Click Next.

5. The “Select Net Service Names” window appears. From the list, select the network domain.

6. The “Select Destination Context” window appears. Select the Directory Naming Context that contains the Oracle Context from the Directory Naming list.

7. Click “Next”. The wizard exports the net service names.

8. Click “Finish” to complete the directory Server Migration wizard. Now OID has all the database connecting information loaded.

Migrating From Oracle Names Server

Method #1: Direct Export1. Go to the Oracle Names Server, dump the

service address information to a tnsnames.ora file.

- NAMSCTL> dump_tnsnames2. Transfer the file to the LDAP server.

- ftp ldapserver.company.com- Put tnsnames.ora

3. Load the net service information.

Migrating From Oracle Names Server

Method #2: In-Direct Export1. Run DUMP_LDAP from Oracle name

Server.- NAMESCTL> dump_ldap company.com –f

sample.ldif

2. Go to LDAP server, run the “ldapadd” command.

Migrating By Proxy

• Oracle Client version is 8.1.5 or earlier.• Use Oracle Names LDAP proxy server.• See article “Migration by Proxy” in May

2001 of Oracle Magazine for details.

Summary

• Net Services Basics.• Connection Methods:• Directory• LDAP• Oracle Internet Directory (OID)• OID Terminology and Architecture.

Summary

• How Net Services saved in Directory Server.

• Step-by-Step setup of Directory Naming using Oracle Internet Directory.

• Migrating from Local Naming.• Migrating from Oracle Names Server.

ReferencesOracle9i Net Services. Release 1 (9.0.1);Oracle Internet Directory, Administrator’s Guide. Release 3.0.1;Oracle Internet Directory, Administrator’s Guide. Release 2.1.1;Net8: A Step-by-Step Setup of Oracle Names Server; Oracle Open World

2000;POracle Metalink and support papers numbers:Note: 157892.1, Quick Start Guild: Oracle Internet Directory Installation

3.0.1;Note: 112763.1, Example of LDAP setup for Net8 Administration;Note: 120717.1, Net*8 LDAP Naming: Adding TNS Service Names to an OID.

Reprinted from Oracle Internals

I would also like to acknowledge the assistance of Bob Polak of the Allant Group, Ann Collins, Larry Bailey, Husam Tomeh and Archana Sharma of FARES, and Roger Peterson of Oracle.

Thanks For Coming !!Daniel Liu Contact Information

Phone: (714)-701-3346Email: dliu@firstam.com

Email: daniel_t_liu@yahoo.com

Company Web Site:http://www.firstam.com

Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming

Documents