OID Schema Storage
Hi,
I need the information of OID Schema. The Schema of OID will be stored in which format? And the location at which the Schema gets stored in OID?
Whether it is in Database or a Flat File.
Thanks in Advance,
Sandy
Hi,
In OID, schema is stored under 'cn=subschemasubentry'. All data including schema is in the database.
You could export the OID schema through 'ldapsearch' command -
ldapsearch -h <host> -p <port> -D cn=orcladmin -w <bind_password> -b cn=subschemasubentry -s base -v "objectclass=*" > /tmp/OID_SchemaExport.ldif
-- Pramod Aravind
Similar Messages
-
Multiple OID schema's in a single database SID?
I have OID/OVD 11g installed in a development environment and during the install I used the create schema option to automatically create the required database schema. I now need to install a second seperate instance of OID/OVD, but the database schema will reside in the same database SID.
Is this possible as presumably the script will be trying to create users/tablespaces that already exist for the first instance?
I see you can install OID using an existing schema, but I'm assuming this needs to be empty and that there's on way two ldaps can share the same schema.
I guess I'm hoping the script is clever enough to modify it's user/tablespace naming details if they already exist, but this doesn't seem likely.
Any advice gratefully received.The existing schema doesnt have to be empty. If you select High Availability, the installer will automatically recognize that you want another instance of OID with the same database.
-
Can an attribute be added to the LDAP schema of OID?
Can an attribute be added to the LDAP schema of OID?Sure can. You can do it via an ldapmodify and an appropriately written LDIF file:
The following contents in an LDIF file would produce an attribute with an object ID of 1.2.3.4.500.27, a syntax of directory string, and that is single-valued.
dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 1.2.3.4.500.27 NAME <'attributeNamehere'> SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
To use this ldif, run the following command:
ldapmodify -h <OID Server hostname/IP> -p 389 -D "cn=orcladmin" -w <orcladmin Password> -f <yourfilenamehere>.ldif
Documentation:
http://download-uk.oracle.com/docs/cd/B14099_19/idmanage.1012/b14082/schema.htm#g1025702 -
i was able to create a new objectclass the first time but when i ran my code again to create another one, i got the below error. i use the below code to lookup the schema before adding an objectclass. ctx is an initialDirContext object
(DirContext)ctx.getSchema("").lookup("ClassDefinition")
and it failed right at the getSchema(""). do you have any ideas why this happen?
java.lang.StringIndexOutOfBoundsException: String index out of range: -2
at java.lang.String.substring(String.java, Compiled Code)
at com.sun.jndi.ldap.LdapSchemaParser.readOIDs(LdapSchemaParser.java, Compiled Code)
at com.sun.jndi.ldap.LdapSchemaParser.readTag(LdapSchemaParser.java, Compiled Code)
at com.sun.jndi.ldap.LdapSchemaParser.readNextTag(LdapSchemaParser.java, Compiled Code)
at com.sun.jndi.ldap.LdapSchemaParser.desc2Def(LdapSchemaParser.java:261)
at com.sun.jndi.ldap.LdapSchemaParser.objectDescs2ClassDefs(LdapSchemaParser.java:149)
at com.sun.jndi.ldap.LdapSchemaParser.LDAP2JNDISchema(LdapSchemaParser.java:112)
at com.sun.jndi.ldap.LdapSchemaCtx.createSchemaTree(LdapSchemaCtx.java:66)
at com.sun.jndi.ldap.LdapCtx.buildSchemaTree(LdapCtx.java:1363)
at com.sun.jndi.ldap.LdapCtx.getSchemaTree(LdapCtx.java:1320)
at com.sun.jndi.ldap.LdapCtx.c_getSchema(LdapCtx.java:1261)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getSchema(ComponentDirContext.java:422)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getSchema(PartialCompositeDirContext.
java:395)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getSchema(PartialCompositeDirContext.
java:384)
at javax.naming.directory.InitialDirContext.getSchema(InitialDirContext.java:241)
at com.access360.enrole.util.SchemaLoaderUtil.writeSchemaToDirectory(SchemaLoaderUtil.java:5
0)
at LdapTest.run(LdapTest.java:33)
at LdapTest.main(LdapTest.java:11)Hello Andy:
Im setting up a test case now to test your scenario. I should have an answer for you in the next day or two. Thanks for your patience.
Jay
null -
Local storage enabled per distributed-scheme
As the cache configuration xml allows you to specify local-storage true or falase for individual distributed-schemes it would seem that it is possible to have a stiuation where you have a cluster of nodes where each node is storage enabled for a different sub-set of caches/schemes.
I have never done this myself and always either storage enabled/disabled at the JVM level. Would having nodes with different caches/schemes storage enabled be a valid thing to do? I am not quite sure why I might want to do this but I was asked the question by one of our dev teams (I don't think they quite know they would want to do it either).
I suppose what I really want to know is has anyone done this before and if we did it is something likely to break?
Cheers,
JK.Hi Jonathan,
yes, it is doable, only you usually would want to specify a different override Java property for the storage-enabled flag in each service scheme.
An example on when you want to do this is when there are different services storing data in (different) partitioned cache services (and usually they also have access to a database from a cache server, e.g. by a cache store) and you want to separate deployment of the server-side of the services to different nodes due to access control or provisioning reasons.
In these cases it is even possible that the server side of one service is the client side of another service, meaning that the cache configuration of both services need to exist in some JVMs.
I posted some additional info and configuration in this forum thread some months ago:
Re: Partitioned cache - where to put what config files?
Particularly look at the later posts in the thread
Best regards,
Robert
Edited by: robvarga on Dec 5, 2008 4:16 PM
Added link to forum thread. -
Hi Everyone,
All of a sudden I am not able to start ODS instance that includes (OID and OVD). I can see OVD process is up but not OID. DB and listeners are up and running.
Any quick thoughts ?
ThanksGreat!!
Yes, that is the issue. Even though message says it is about to expire, it can not start OID. The reason is, when oidmon process tries to establish a connection to databased it expects the response "success" status. For oidmon process ,any message other than "success" is failure.
Try below:
1. Stop all components with opmnctl.
2. Reset OID schema passwords and make their passwords never to expire.
3. Start all opmn compnents.
Thanks
GK -
We have been given the task of migrating our existing identity management systems to OIM (Oracle Identity Manager).
Part of our existing system uses OID (Oracle Internet Directory). All users have an entry in OID. Some of our systems use OID for authentication.
We also use OID to hold users' entitlements/privileges that control access to our applications. We use OID groups (represented by entries based on groupOfUniqueNames and orclGroup objects) to do this. For example we might have an application called 'Finance' with three levels of access represented by OID groups e.g. 'finance_enquiry', 'finance_updater', 'finance_superuser'. Those groups would all belong to a parent group called 'finance_application'. To access the application the user needs to be a member of 'finance_application' group or one of its child groups. Access to features of the application are controlled by membership of the 3 child groups. We have an application that maintains groups, group membership, and user entitlements in OID.
As part of the migration project we want to move maintenance of groups and group membership from our own application into OIM. The above scenario seems quite basic.
My main question is how would this be done in OIM? Do our current OID groups become OIM Groups? Do they become entries in some lookup table in OIM? Are there any case studies or other documentation that describes this kind of requirement?
I've looked at the OIM Connector for OID documentation but it doesn't describe typical scenarios. It assumes that you know what you are doing.
We also want to give users the ability to request entitlements, and to provide an approval process. So we could have a user who approves/rejects entitlement requests to access to the applications they control. But that's a another topic.
Cheers,
EricPeachEye wrote:
We have been given the task of migrating our existing identity management systems to OIM (Oracle Identity Manager).
As part of the migration project we want to move maintenance of groups and group membership from our own application into OIM. The above > scenario seems quite basic.You're about to find out otherwise.
>
My main question is how would this be done in OIM? Do our current OID groups become OIM Groups? Do they become entries in some lookup table > in OIM? Are there any case studies or other documentation that describes this kind of requirement?You'll need a custom connector and lots of OIM tweaks. Your groups will stay in OID, OIM will replace the current application you use to maintain them. That's one way of doing it, no impact to OID schema is the benefit of this way, there are other ways. -
OID 11.1.1.5 ( on cluster enviroment )
when i use opmnctl startall to start service , i go error saying there is timeout occured , i tryed to open log error but i found nothing in
then i go to the following path
/u02/app/Oracle/Middlewarre/asinst_1/diagnostics/logs/OID/oid1
open log file and found the below error
[2012-10-03T02:49:08-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [oidmon]: Unable to connect to database,
will retry again after 10 sec
[2012-10-03T02:49:18-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: Connecting to database, connect string is oiddb
[2012-10-03T02:49:18-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [gsdsiConnect] ORA-28002, ORA-28002: the password will expire within 7 days
[2012-10-03T02:49:18-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [oidmon]: Unable to connect to database,
will retry again after 10 sec
[2012-10-03T02:49:28-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: Connecting to database, connect string is oiddb
[2012-10-03T02:49:28-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [gsdsiConnect] ORA-28002, ORA-28002: the password will expire within 7 days
[2012-10-03T02:49:28-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [oidmon]: Unable to connect to database,
will retry again after 10 sec
[2012-10-03T02:49:38-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: Connecting to database, connect string is oiddb
[2012-10-03T02:49:38-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [gsdsiConnect] ORA-28002, ORA-28002: the password will expire within 7 days
[2012-10-03T02:49:38-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [oidmon]: Unable to connect to database,
will retry again after 10 sec
[2012-10-03T02:49:48-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: Connecting to database, connect string is oiddb
[2012-10-03T02:49:48-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [gsdsiConnect] ORA-28002, ORA-28002: the password will expire within 7 days
[2012-10-03T02:49:48-45:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: dmmziappt1.ziic.net] [pid: 12111] [tid: 0] Guardian: [oidmon]: Unable to connect to database,
will retry again after 10 sec
can anyone help me figure out what is this error and why the oid process can't be startedHi,
Almost certainly the password for ODS, the DB user for the OID schema. Please see Note 1064334.1 for more details (and a solution) for this message.
Regards,
Colin -
OID and binding java serialized object
Hi there,
How are you doing? I am trying to bind a serialized java object to a name in Oracle Internet Diectory (oid) using JNDI.
it gives me an errror.
"OperationNotSupported LDAPA error 53: Unwilling to perform:
I have directory manager 2.1.1 and JNDI 1.2.1
I arrpeciate any clue and/or help
Thanks
nullHello:
Although OID supports calls from JNDI, the JNDI schema for storing JAVA serialized objects is not yet a standard part of the OID schema. This is easy to remedy. Go to javasoft.sun.com and download the JNDI schema for java serialized objects and load the attributes and objectclasses into OID from the ldif files provided at this web site. . Make sure the attributes are loaded before the objectclasses.
Once this schema is loaded this problem should go away
Use the ldapmodify command line tool to add the schema items from the ldif file.
Let me know if you need further assistance setting this up. A future version of OID will contain these schema items standard.
Thanks,
Jay
null -
OID Users what DB table are they stored in
Ive just loaded 400+ users from AD into OID, what database table are these users stored in as I need to assign these users to a portal group and I dont want to do it manually.
If I manually modify the password in oiddas for the migrated user then the user appears in the wwsec_$person table otherwise its not there.no need to play with OID schema.
have a look to Portal APIs http://www.oracle.com/technology/products/ias/portal/html/plsqldoc/pldoc1012/index.html
About sync between OID and Portal schema, think about startup dameon process (DIP) wich synchronize entries
oidctl instance=1 server=odisrv flags="host=iasqa-ultra1.abc.com etc....
cf : http://download-uk.oracle.com/docs/cd/B14099_07/portal.1012/b14037/cg_secur.htm#i1040238 for details.
Patrick. -
Hi,
We have Oracle Metadata Repository version 10.2.0.4 and our Oracle Identity Management version is 10.1.4.0.1
While installing/configuring OID 10.1.4.0.1 we are getting the below error.
"You must have an OID schema version 10.1.4.0.1 to 10.1.4.9.9.Please select another Metadata Repository or upgrade the OID schema in this Metadata Repository to a compatable version."
Is it possible to have oracle database 10.2.0.4 with OID 10.1.4.0.1?
How to proceed further?Hi.
We have installed Metadata Repository on the Existing database using RepCA
During installation of Oracle Identity Management we are getting the below error
"You must have an OID schema version 10.1.4.0.1 to 10.1.4.9.9.Please select another Metadata Repository or upgrade the OID schema in this Metadata Repository to a compatable version."
Here there are some of the details from metadata repository database
SQL> select * from INTERNET_APPSERVER_REGISTRY.components;
PRODUCT COMPONENT_NAME COMPONENT_VERSION
Metadata Repository Container mrc 9.0.4.0.0
SQL> select comp_id,version,status from app_registry;
COMP_ID VERSION STATUS
SYNDICATION 10.1.2.0.2 VALID
PORTAL 10.1.2.0.2 VALID
SSO 10.1.2.0.2 VALID
WORKFLOW 10.1.2.0.2 VALID
B2B 10.1.2.0.2 VALID
BAM 10.1.2.0.2 VALID
MRC 10.1.2.0.2 VALID
OCA 10.1.2.0.2 VALID
OID 10.1.2.0.2 VALID
DCM 10.1.2.0.2 VALID
DISCOVERER 10.1.2.0.2 VALID
COMP_ID VERSION STATUS
WCS 10.1.2.0.2 VALID
UDDI 10.1.2.0.2 VALID
WIRELESS 10.1.2.0.2 VALID
14 rows selected.
From the above query we see that OID version is 10.1.2.0.2 and we have to upgrade the OID schema version to 10.1.4.0.1.
Can you tell us how to upgrade the OID schema version and with proper document to follow?
Kindly update for any output from my side
Thanks -
Can't create new User Identity in OAM backed by OID
We installed with the following steps:
1) Downloaded OIM from OTN (10.1.4.0.1)
2) Installed OIM, selecting only OID, onto a dedicated XP server
3) Downloaded OAM from OTN (10.1.4.0.1)
4) Installed Identity Server onto the OID server, updating the OID schema with Oblix entries
5) Started the Identity Server service
6) Installed WebPass on top of Apache 2.0 on a separate XP server
7) Restarted Apache 2.0
8) Accessed server/identity/oblix and went through the WebPass setup
Other than seeing a bunch of A-caret characters, the screens all look good.
9) Logged in as orcladmin to OAM
10) Tried to Create User Identity
This fails with a 'You do not have sufficient access rights' error. The only user we have in the OID is orcladmin. Looking into the directory, orcladmin is a member of Oblix/Directory Administrators and Oblix/Web Masters.
We're trying to setup OAM for SSO and add custom modules for user provisioning to our application (OTM). Any help is appreciated.Hi
You have to create user workflow so as to enable user creation in OAM. If the workflow is created then make sure that user has access to the workflow.
-Kiran Thakkar -
Help me: I have locked user cn=orcladmin in oid
Hello.
Pleas help me, I have locked user cn=orcladmin in oid production environment
I have tried to unlock with this procedure, but It doesn´t work:
[oracle@appamucm01pro admin]$ /opt/oracle/mw/mw_idm/Oracle_IDM/ldap/bin/oidpasswd connect=OIDDB unlock_su_acct=true
OID DB user password:
ERROR * gsldpuUnlockSuAccount * ORA-28000:ORA-28000: the account is locked
encountered
Error in unlocking OID super user account.
[oracle@appamucm01pro admin]$
This is my oid version:
[oracle@appamucm01pro admin]$ $ORACLE_HOME/bin/oidldapd -version
oidldapd: Release 11.1.1.5.0 - Production on fri mar 1 14:38:56 2013
Copyright (c) 1982, 2011 Oracle. All rights reserved.
[oracle@appamucm01pro admin]$
[oracle@appamucm01pro admin]$Hi ,
First get your OID schema name for example suppose it's ODS the follow the following steps
1- sqlplus / as sysdba
2- alter user ODS account unlock;
it should unlock you OID user .
thanks
Amar -
Error when install OID 10.1.2.0.2
Dear gurus,
i'd like to install infrastructure 10.1.2.0.2 in 2 computers - my point is, create as guard or infrastructure guard -, but i don't install Metadata Repository. so only install OID and single sign on. and for Metadata Repository i pointed to single database instance 10.2.0.1.
but i found problem, the error message told that "Install has determined that OID schema in this Metadata Repository is not correct version to support this version of Identity Management. You must have an OID schema version 10.1.2.0.2 to 10.1.2.9.9. Please select another Metadata Repository or upgrade the OID schema in this Metadata Repository to a compatible version."
i found this error when the installation "specify repository" section. need you help. Many Thanks.
Regards,
Andes
Edited by: andes on Jul 17, 2009 1:28 AMI solved the problem bout the error, it turned out i had to install ultrasearch on my existing database 10.2.0.1. then create wksys schema.
but i found another error, after succes loading schema Metadata Repository in existing database, then i installed OID only but in "Specify Repository" section, when i pointed the database, it showed error message "The Oracle Application Server Metadata Repository that you have specified is not a compatible version for configuring Oracle Internet Directory. Please specify another database."
Need help.
Many Thanks, -
InetOrgPerson objectclass missing in OID
Hi all,
We have a serious issue in our production environment with respect to OID. We have added a custom attribute in OID using Directory Manager and attached the attribute to inetOrgPerson objectclass. We later realized that the attribute name was given wrong and deleted the attribute manually without removing reference in inetOrgPerson objectclass. After this, the inetOrgPerson objectclass is missing in OID schema due to which user creation in OIDDAS console is failing. This is highly critical for us to get fixed immediately.
Appreciate quick response.
Thanks for your help in advance.
Regards,
Mahendra.The issue is resolved. Got the inetorgperson object details from other working instance, made minor changes like removing unncessary attributes etc., and imported to the damaged instance. Bounced the OID and OC4J processes and it started working fine.
-M
Maybe you are looking for
-
Is there some preferences setting to be able to control the ordering of choices for the right-click menus?
-
I am using JDBC driver ojdbc14.jar in my Spring application. The java version is 1.4.2 and the JDev version is 10.1.2. The application works perfectly. I do not specify Types.VARCHAR etc while doing the DML operations. It works perfectly on this Jdev
-
When starting Sun One Application Server 7 I get the following error in the console: SEVERE ( 5028): ContextConfig[ROOT] Parse error in application web.xml org.xml.sax.SAXParseException: Document root element "web-app", must match DOCTYPE root "null"
-
I have the latest version of itunes installed on my laptop and when I connect a device to sync the scroll bar doesn't seem to be there to allow me to move down the page on the Summary tab - can anyone help?
-
I got a new iphone 4, now my books in my Kindle app won't download from archive. I get a message "Error, Please remove the book from your device and redownload it from your archived items." I have tried deleting and re-downloading from archive, get t