Configuring Oracle Unified Directory (OUD) 11g as a Directory Server

I used Oracle Unified Directory (OUD) Version 11.1.1.5.0 during my test deployment locally here. I tried to collect as much information possible in this post for configuration.

Ideally, there are three possible configuration options for OUD:

• as a Directory Server
• as a Replication Server
• as a Proxy Server

Directory Server provides the main LDAP functionality in OUD. Proxy server can be used for proxying LDAP requests. And Replication Server is used for replication from one OUD to another OUD or even to another ODSEE (earlier Sun Java Directory) server. You can my previous posts on OUD here and here.

In this post, we will talk about configuring OUD after installation as a Directory Server. You can read about OUD installation in my previous post here.

Once installation is completed, you will find following files in $ORACLE_HOME Directory.

-rwxr-x---  1 oracle oracle 1152 May 17 11:16 oud-proxy-setup  -rwxr-x---  1 oracle oracle 1482 May 17 11:16 oud-proxy-setup.bat  -rwxr-x---  1 oracle oracle 1180 May 17 11:16 oud-replication-gateway-setup  -rwxr-x---  1 oracle oracle 1510 May 17 11:16 oud-replication-gateway-setup.bat  -rwxr-x---  1 oracle oracle 1141 Aug 10 16:50 oud-setup  -rwxr-x---  1 oracle oracle 1538 May 17 11:15 oud-setup.bat

In this listing, .bat files are used in windows. So, In Linux (that is what I am using), we will be using following files.

• oud-setup – To configure Directory Server
• oud-replication-gateway-setup – To configure Directory Replication Server
• oud-proxy-setup – To Setup Proxy Server

You can run the script shown below.

$ ./oud-setup OUD Instance location successfully created - /u01/oracle/Middleware/Oracle_OUD1/../asinst_2 Launching graphical setup...  The graphical setup launch failed.  Check file /tmp/oud-setup-8836874387532698932.log for more details.  Launching command line setup...  Oracle Unified Directory 11.1.1.5.0 Please wait while the setup program initializes...  What would you like to use as the initial root user DN for the Directory Server? [cn=Directory Manager]: Please provide the password to use for the initial root user: Please re-enter the password for confirmation:  On which port would you like the Directory Server to accept connections from LDAP clients? [1389]: 389  ERROR:  Unable to bind to port 389.  This port may already be in use, or you may not have permission to bind to it.  On UNIX-based operating systems, non-root users may not be allowed to bind to ports 1 through 1024 On which port would you like the Directory Server to accept connections from LDAP clients? [1389]:  On which port would you like the Administration Connector to accept connections? [4444]: Do you want to create base DNs in the server? (yes / no) [yes]:  Provide the base DN for the directory data: [dc=example,dc=com]: Options for populating the database:  1)  Only create the base entry 2)  Leave the database empty 3)  Import data from an LDIF file 4)  Load automatically-generated sample data  Enter choice [1]: 1  Do you want to enable SSL? (yes / no) [no]: yes On which port would you like the Directory Server to accept connections from LDAPS clients? [1636]:  Do you want to enable Start TLS? (yes / no) [no]: yes Certificate server options:  1)  Generate self-signed certificate (recommended for testing purposes only) 2)  Use an existing certificate located on a Java Key Store (JKS) 3)  Use an existing certificate located on a JCEKS key store 4)  Use an existing certificate located on a PKCS#12 key store 5)  Use an existing certificate on a PKCS#11 token  Enter choice [1]: Provide the fully-qualified host name or IP address that will be used to generate the self-signed certificate [ut1ef1]:  Do you want to start the server when the configuration is completed? (yes / no) [yes]:  Setup Summary ============= LDAP Listener Port:            1389 Administration Connector Port: 4444 LDAP Secure Access:            Enable StartTLS Enable SSL on LDAP Port 1636 Create a new Self-Signed Certificate Root User DN:                  cn=Directory Manager Directory Data:                Create New Base DN dc=example,dc=com. Base DN Data: Only Create Base Entry (dc=example,dc=com)  Start Server when the configuration is completed  What would you like to do?  1)  Set up the server with the parameters above 2)  Provide the setup parameters again 3)  Print equivalent non-interactive command-line 4)  Cancel and exit  Enter choice [1]: 3  Equivalent non-interactive command-line to setup server:  oud-setup \ --cli \ --baseDN dc=example,dc=com \ --addBaseEntry \ --ldapPort 1389 \ --adminConnectorPort 4444 \ --rootUserDN cn=Directory\ Manager \ --rootUserPassword ****** \ --enableStartTLS \ --ldapsPort 1636 \ --generateSelfSignedCertificate \ --hostName ut1ef1 \ --no-prompt \ --noPropertiesFile  What would you like to do?  1)  Set up the server with the parameters above 2)  Provide the setup parameters again 3)  Print equivalent non-interactive command-line 4)  Cancel and exit  Enter choice [1]: 4 No configuration performed. OUD Instance directory deleted. $

Then you need to run the oud-setup with the options provided for creating the directory server.

$ ./oud-setup           –cli           –baseDN dc=example,dc=com           –addBaseEntry           –ldapPort 1389           –adminConnectorPort 4444           –rootUserDN cn=Directory\ Manager           –rootUserPassword ******           –enableStartTLS           –ldapsPort 1636           –generateSelfSignedCertificate           –hostName ut1ef1           –no-prompt           –noPropertiesFile

OUD Instance location successfully created – /u01/oracle/Middleware/Oracle_OUD1/../asinst_2

An error occurred while parsing the command-line arguments:  An unexpected error occurred while attempting to initialize the command-line arguments:  Argument “bat” does not start with one or two dashes and unnamed trailing arguments are not allowed

Here, the issue is with the rootUserPassword value. Since I put * here, it replaced with all the files in the local directory, so it failed. Replace it with the required password for the “cn=Directory Manager” as shown below.

$ ./oud-setup           --cli           --baseDN dc=example,dc=com           --addBaseEntry           --ldapPort 1389           --adminConnectorPort 4444           --rootUserDN cn=Directory\ Manager           --rootUserPassword pass_t3st           --enableStartTLS           --ldapsPort 1636           --generateSelfSignedCertificate           --hostName ut1ef1           --no-prompt           --noPropertiesFile OUD Instance location successfully created - /u01/oracle/Middleware/Oracle_OUD1/../asinst_2  Oracle Unified Directory 11.1.1.5.0 Please wait while the setup program initializes...  See /tmp/oud-setup-5822533240188214866.log for a detailed log of this operation.  Configuring Directory Server ..... Done. Configuring Certificates ..... Done. Creating Base Entry dc=example,dc=com ..... Done. Starting Directory Server ......... Done.  To see basic server configuration status and configuration you can launch /u01/oracle/Middleware/asinst_2/OUD/bin/status $  cd bin $ ./status  >>>> Specify Oracle Unified Directory LDAP connection parameters  How do you want to trust the server certificate?  1)  Automatically trust 2)  Use a truststore 3)  Manually validate  Enter choice [3]: 1  Administrator user bind DN [cn=Directory Manager]:  Password for user 'cn=Directory Manager':  --- Server Status --- Server Run Status:        Started Open Connections:         1  --- Server Details --- Host Name:                ut1ef1 Administrative Users:     cn=Directory Manager Installation Path:        /u01/oracle/Middleware/Oracle_OUD1 Instance Path:            /u01/oracle/Middleware/asinst_2/OUD Version:                  Oracle Unified Directory 11.1.1.5.0 Java Version:             1.6.0_26 Administration Connector: Port 4444 (LDAPS)  --- Connection Handlers --- Address:Port : Protocol               : State -------------:------------------------:--------- --           : LDIF                   : Disabled 0.0.0.0:161  : SNMP                   : Disabled 0.0.0.0:1389 : LDAP (allows StartTLS) : Enabled 0.0.0.0:1636 : LDAPS                  : Enabled 0.0.0.0:1689 : JMX                    : Disabled  --- Data Sources --- Base DN:     dc=example,dc=com Backend ID:  userRoot Entries:     1 Replication: Disabled

$

Now, your newly created OUD Directory Server is running in the machine. You can check this with the ldapsearch command.

$ ldapsearch -h localhost -p 1389 -D “cn=Directory Manager” -w ebs_t3st -s sub -b “dc=example,dc=com” “(objectclass=*)” cn
dn: dc=example,dc=com

$

LDAP Search command will return one entry as shown above.

Here are some of my Observations:

• If you want to use the port 389/636 for your Directory Server, then you need to run the setup using root user. Then you need to use start-ds and stop-ds commands using root user only.
• There are six scripts to setup OUD components (three for unix/linux and three for windows environments)
• You can setup a new TLS based certificate as part of configuring a new Directory Server.

 

Okay, thats all for now. We will meet in another post. Until then

HP DIAGNOSTICS

Overview
Identifying and correcting availability and performance problems can be costly, time consuming and risky. IT organizations spend more time identifying an owner than resolving the problem.
HP Diagnostics helps to improve application availability and performance in pre-production and production environments. HP’s diagnostics software is used to drill down from the end user into application components and cross platform service calls to resolve the toughest problems. This includes slow services, methods, SQL, out of memory errors, threading problems and more.

How HP Diagnostics software works
During a performance test, HP Diagnostics software traces J2EE, .NET, ERP, and CRM business processes from the client side across all tiers of the infrastructure. The modules then break down eachtransactionresponse time into time spent in the various tiers and within individual components. 

•Easy to use view of how individual tiers, components, memory, and SQL statements impact
Overall performance of a business process under load conditions. During or after a load test, you can
inform the application team that the application is not scaling and provide actionable data to them.

• The ability to triage and find problems effectively with business context, which enables to focus onproblems impacting business processes
Why? The Benefits
Diagnostics falls into the middle ground between Quality Assurance and Operations Performance Validation.
For developers, having Diagnostics means that tracing code doesn’t have to be added and removed. This is a big side effect of why diagnostics can improve performance.
Diagnostics is the science of pinpointing the root cause of a problem. Load Runner is the first load testing tool to provide a set of Diagnostics modules that trace, time, and troubleshoot end-user transactions acrossALL tiers of the system. These modules extend LoadRunner to provide a unified view of both end-user experience and application component (method, SQL) level performance. The intuitive visual interface allows the user to drill down from a problematic business process all the way to the poorly performing component. This granularity of results ensures that every load test provides development with actionable results, thus reducing the cost and time required to optimize J2EE/.NET applications.
Diagnostics can be integrated with HP Business Availability Center software, HP LoadRunner, and HP Performance Center
As the response times alone will not suffice the report, more people(client ,developer etc)  are interested to know the key features why the bottlenecks .As a part of performance engineering identifying the root cause as where the bottleneck is and why is it caused.

Any application  framework we test has numerous lines of code.it is difficult for a developer to identify why the application response in more on load if we just produce them with response times,if team has to fix them ,they will be in a doubt as which part of the code and methods are causing the increased response time.

Supported platforms
• WebSphere, WebLogic, Oracle 10g, SAP Web
Application Server, JBoss, Tomcat, Sun ONE, ATG,Borland ES, FUJITSU Interstage, Tmax Soft JEUS,
.NET 1.1 to 3.5
• WebSphere Portal Server, WebLogic Portal Server,SAP Enterprise Portal, Oracle 12i applications

Consider a J2EE/.net framework
As of the probes are installed on each layer like web,application layer, database layer the metrics are collected by diagnostics tool illustrating the behavior of the layers when a request is sent..
Key concern when it comes to metrics:
1.J2EE/.NET Framework –Average Method response time
2. J2EE/.NET Framework-Server requests response
2. J2EE/.NET Framework-server method calls persecond

When it comes in direct invoking of the diagnostics we have the following metrics
1. Average memory used
2. Average CPU used
3. JVM heap memory used
4. Connection pool, Thread pool
5. Collection leaks
6. EJB Methods /time
7. Server requests/time
8. Worst transaction
9. Worst SQL Queries
10. Network latency
11. Server request -exceptions

The report which we consolidate will speak clearly as where the
Developer-Which method or part of code should he fix?(methods and calls)
DBA-Which query should be tuned (any indexes are used  for the query)
Integration team-Any increase in servers and CPU are necessary for scalability.

Key Functions of Diagnostics:
Various Metrics (such as JVM heap size, garbage collection frequency, method invocation counts, etc.) are grabbed by Probes which pass metric data out to the Profiler web service (installed with and runs on the same server with the probe) to produce web pages in HTML or XML or format which can be parsed dynamically by Scripts running withing load runner programmed to store diagnostics values as user-defined values along with metrics maintained by LoadRunner (such as the number of vusers running concurrently).
HP(Mercury) Tuning Console product which tracks the impact of server configuration changes on metrics

When many app servers are involved add in (Diagnostic)to LoadRunner displays metrics files obtained from the
Diagnostic Server, also called the Commander, which stores data from the Collector and Mediator which filter and aggregate data obtained from probes on app servers.
Probe Profiler Tabs
Below is the sample of the probe metric page and listen below are the few metrics.

Summary
Memory
Load
Shortest Requests
Hotspots
Slowest Methods
CPU Hotspots (Methods)
Slowest SQL
Metrics
System (Host) CPU, Memory Usage, PageInsPerSec, PageOutsPerSec, PageCutsPerSec, Disk, Network
JVM: Probe: HeapFree, HeapTotal, HeapUsed
Java Platform: Classes, GC, Threads
Mercury System
Web logic: EJB, Execute Queues, JDBC, etc.

The final summary is that report plays a major role in making the performance of the application as desired by the User (Fast and scalable).Response times can be brought down by fixing these issues.
Hence forth diagnostics is the heart and soul for the Performance engineering Practice.