My Journey to the cloud…

In pursuit of excellence….

Migrating LDAP server to a new host

Recently there was a sudden requirement where our Micosoft AD (LDAP server) was being moved to a new host. This could have rendered all the application, where user authentication happens through LDAP, inaccessible – if the applicaiton would not have changed accordingly.

One of the critical external customer facing application was supposed to be reconfigured to point to new LDAP server.

Below step wise approach performed to achieve this

  1. Stop the oidsrv process
    -oidctl connect=fabprod server=odisrv instance=1 stop
  2. how to check if the instance is 1 or 2 (Normally it is 1)
  3. Go to LDAP log directory and look for oidsrvnn.log –> nn can be 1 or 2
  4. Disable the synchrnization profile using Oracle Directory Manager (ODM)
  5. Login to ODM using ‘orcladmin’ user account –> Server management –> Integration Server –>Configuration Set1
  6. Select the profile –> Eidt and select ‘DISABLE’ option
  7. it can be confirmed using ‘ldapsearch’ command – ldapsearch –h <OID_Host> –p <port_no> –D “cn=orcladmin” –w <password> –b “orclodipAgentName=<Profile_name>,cn=subscriber profile ,cn=changelog subscriber,cn=oracle internet directory” –s base “objectclass=*” orclodipagentcontrol
  8. Change the server name (LDAP server name) while in ODM – by going into the execution tab and the property is “Connected Directory URL“. Change this value to new host name or IP address
  9. Make sure the “highestCommittedUSN” is in sync for old and new LDAP server – if not bootstrapping needs to be done
    1. how to check the “highestCommittedUSN” in AD
      1. ldapsearch –h <AD_HOST> –p 389 –D <AD_USER> –w “<password> –b “” –s base “objectclass=*” highestCommittedUSN
  10. While in ODM,update the “last applied change number” attribute with the “highestCommittedUSN”
  11. All this would make the synchonization profile updated with the new values
  12. Remove the OID and LDAP logs. When you start the oidsrv process, these logs will be generated afresh.
  13. Start the oidsrv process
  14. Check if the process started using ‘ldapcheck’ command
  15. Confirm if the synchrnization is working
  16. Final step is to drop and recreate the plugins for external authentication. This is very much required for external authentication as the packages are tagged to the AD host.

I will cover the ‘external authentication’ in my next blog….Keep reading

-Anand

anandmandilwar's avatar

Posted by:

anandmandilwar

Enterprise Solutions Architect with 8x AWS Certified & Project Management Professional (PMP). Passionate about solving customer problems through innovative solutions and improving operational efficiency by automating everything possible.

Leave a comment

About Me

I’m a Hands-On Technical & Entrprise Solutions Architect based out of Houston, TX. I have been working on Oracle ERP, Oracle Database and Cloud technologies for over 20 years and still going strong for learning new things.

You can connect me on Linkedin and also reach out to me

I am certified for 8x AWS, OCP (Oracle Certified Professionals), PMP, ITTL and 6 Sigma.

Disclaimer

This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site.

The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. Any script available on the blog post MUST be tested before they are run against Production environment.

Recent Posts

Newsletter