Home > Oracle Apps > Migrating LDAP server to a new host

Migrating LDAP server to a new host

Recently there was a sudden requirement where our Micosoft AD (LDAP server) was being moved to a new host. This could have rendered all the application, where user authentication happens through LDAP, inaccessible – if the applicaiton would not have changed accordingly.

One of the critical external customer facing application was supposed to be reconfigured to point to new LDAP server.

Below step wise approach performed to achieve this

  1. Stop the oidsrv process
    -oidctl connect=fabprod server=odisrv instance=1 stop
  2. how to check if the instance is 1 or 2 (Normally it is 1)
  3. Go to LDAP log directory and look for oidsrvnn.log –> nn can be 1 or 2
  4. Disable the synchrnization profile using Oracle Directory Manager (ODM)
  5. Login to ODM using ‘orcladmin’ user account –> Server management –> Integration Server –>Configuration Set1
  6. Select the profile –> Eidt and select ‘DISABLE’ option
  7. it can be confirmed using ‘ldapsearch’ command – ldapsearch –h <OID_Host> –p <port_no> –D “cn=orcladmin” –w <password> –b “orclodipAgentName=<Profile_name>,cn=subscriber profile ,cn=changelog subscriber,cn=oracle internet directory” –s base “objectclass=*” orclodipagentcontrol
  8. Change the server name (LDAP server name) while in ODM – by going into the execution tab and the property is “Connected Directory URL“. Change this value to new host name or IP address
  9. Make sure the “highestCommittedUSN” is in sync for old and new LDAP server – if not bootstrapping needs to be done
    1. how to check the “highestCommittedUSN” in AD
      1. ldapsearch –h <AD_HOST> –p 389 –D <AD_USER> –w “<password> –b “” –s base “objectclass=*” highestCommittedUSN
  10. While in ODM,update the “last applied change number” attribute with the “highestCommittedUSN”
  11. All this would make the synchonization profile updated with the new values
  12. Remove the OID and LDAP logs. When you start the oidsrv process, these logs will be generated afresh.
  13. Start the oidsrv process
  14. Check if the process started using ‘ldapcheck’ command
  15. Confirm if the synchrnization is working
  16. Final step is to drop and recreate the plugins for external authentication. This is very much required for external authentication as the packages are tagged to the AD host.

I will cover the ‘external authentication’ in my next blog….Keep reading

-Anand

Advertisements
Categories: Oracle Apps
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: