Friday, February 3, 2012

OIM 11g - Active Directory Integration Logging in a clustered environment

I was trying to debug an issue with Active Directory Connector customization. Wanted to turn the debug logs on but logging.xml file was getting overwritten after a restart of OIM managed servers. Found the issue and documented some notes below.

OIM documentation for setting detailed logging for connectors etc is posted here.  OIM used weblogic Oracle Diagnostic Logging (ODL) feature. Primary components of this feature are message types and levels, log handler and logger configurations.

Instead of updating logging.xml on the managed server in a standalone install, updates such as below must be made on the admin server configuration files. Ofcourse this requires managed servers to be restarted for immediate effect. An example is given below:

file location of the admin server of clsuter in my case:
/kpsoftfileshare/orafmw/admin/IDMDomain/adminserver/IDMDomain/config/fmwconfig/servers/wls_oim1
/kpsoftfileshare/orafmw/admin/IDMDomain/adminserver/IDMDomain/config/fmwconfig/servers/wls_oim2

take a backup of logging.xml and update with components as below. In this case i used AD connector logging handlers.

in the log_handler section:
<log_handler name='adcs-handler' level='TRACE:32' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='logreader:' value='off'/>
<property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/ActiveDirectory.log'/>
<property name='format' value='ODL-Text'/>
<property name='useThreadName' value='true'/>
<property name='locale' value='en'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler>

in the loggers section:

<logger name="OIMCP.ADCS" level="TRACE:32" useParentHandlers="false">
<handler name="adcs-handler"/>
<handler name="console-handler"/>
</logger>



Posted by at
Labels: ,

Thursday, January 19, 2012

Export all metadata in oim 11.1.1.3


1.       cd to /home/orafmw/oracle/middleware/iam/common/bin
2.       ./wlst.sh
3.       connect('weblogic','xxxxxxx','t3://oim.kpsoft.org:7001')  [here weblogic is username, weblogic120 is password and the host is of the domain's admin server]
4.       exportMetadata(application='OIMMetadata', server='wls_oim1',toLocation='/home/orafmw/temp/allmetadata01192012',docs='/**')
5.       exit()
Posted by at
Labels:

Wednesday, January 4, 2012

OIM 11.1.1.3 password decrypt

It is often useful to decrypt passwords for debugging purposes.. below is the code that does just that. After getting OIMClient instantiated and login run  XLClientSecurityAssociation.setClientHandle(oimClient);

then run the following code:
tcDataProvider dbProvider = new tcDataBaseClient();
        String query = "select USR_LOGIN,USR_PASSWORD from USR where USR_LOGIN='XELSYSADM'";
        tcDataSet dataSet = new tcDataSet();
        dataSet.setQuery(dbProvider, query);
            dataSet.executeQuery();
        System.out.println("Password:: "+dataSet.getString("USR_PASSWORD"));


Posted by at
Labels: ,

Thursday, December 22, 2011

Oracle OSB 11.1.1.5 installation

I was trying to install oracle osb 11.1.1.5 this morning, as usual most of the install is plug and play, with some gotchas (few minute kind..) . So i decided to put some notes out there with the install steps. I am not covering Pre-requisite software such as teh oracle db and rcu in this article. Sure there are plenty of articles on the web for this. For new comers i would recommend that they download and oracle vm with db already for this. Since i spent a lot of time in the past doing this, I reused an existing db.

  1. Software that i used for this:
    • Oracle 11.2.0.1 db
    • rcu 11.1.1.5 
    • jdk ( i used jdk 1.6.0_29 for this exercise)
    • weblogic 10.3.5 for linux 64 bit (wls_1035_generic.jar)
    • oracle service bus (11.1.1.5)
    • Oracle Enterprise pack for eclipse (11.1.1.7.2)
  2.  Install Oracle DB and install rcu SOA schemas. There is only a few tables that OSB uses in this schema.
  3. Install weblogic 10.3.5 for linux 64 bit server.
    • export JAVA_HOME  with the correct path
    • java -jar wls1035_generic.jar
    • More information can be found here 
    • I installed my weblogic middle tier under /Oracle/JDev11115
  4. Download and unzip OEPE under Middletier (/Oracle/JDev11115/oepe_111172). please note that you cannot proceed with installation without this if you selected custom installation type with IDE option selected.
  5. Install Oracle Service Bus
    • execute runInstaller (from /home/oracle/software/Oracle/osb_11115/Disk1)
    • Click Next on the welcome screen
    • Selected Custom Installation 
    • Selected Oracle Service Bus and Oracle Service BUS IDE options and Deselected Oracle Service Bus Example options (got an installer error on 64 bit linux machine when i selected this)
    • click Next
    • Browse for and Select weblogic server location  (/Oracle/JDev11115/wlserver-10.3) and OEPE Location (/Oracle/JDev11115/oepe_111172)
    • click next and Install button 
  6. Create a weblogic domain for OSB
    • cd to /Oracle/JDev11115/wlserver-10.3/common/bin and run config.sh
    • Select create a new weblogic domain option
    • Select everything except Oracle Service Bus for developers
    • Click next and enter OSBDomain for domain name
    • Click next and enter weblogic admin account password
    • Browse for and select SDK location
    • enter JDBC information, I used Dev1_MDS and Dev1_SOAINFRA for the SOA RCU that i created in the past
    • click Create when done
  7. After domain was created, start the services
    • cd to /Oracle/JDev11115/user_projects/domains/OSBDomain/bin and run 
    • nohup sh ./startWeblogic.sh &
    • create boot.properties under  /Oracle/JDev11115/user_projects/domains/OSBDomain/servers/osb_server1/security with weblogic username and password
    • nohup sh ./startManagedWeblogic.sh osb_server1 & 
    • Initially i got errors starting the managed server using weblogic admin console or nodemanager I had to turn on StartScriptEnabled=true in order to get rid of the errors
  8. Start Eclipse and deploy, sample projects or new projects
    • cd to /Oracle/JDev11115/oepe_111172 and run eclipse in an terminal
    • Open OSB perspective
    • Select new in the server panel
    • select Oracle weblogic server 11gr2 patchset 4 (or whatever is the latest)
    • click next to select remote
    • and provide admin node properties (port number, weblogic admin username and password that was used to create domain)
    • create new OSB project (or use samples from http://java.net/projects/oraclesoasuite11g/pages/OSB) to publish and run
    • Importing projects was clumsy at times, I had to cleanup and run fresh imports for running the projects.
    • During the first time use of eclipse i got the following error - "Target runtime oracle weblogic server 11gr1 patchset 4" is not defined"
    • For this i opened project properties and navigate to runtimes subtab and had to remove the existing facet and add "Oracle weblogic server 11gr1 patchset 4" setting.
I will document more practical OSB runtime service for managing large data manipulations at a later time.
Posted by at
Labels:

Tuesday, December 20, 2011

Virtualbox mounting shared folders

Started playing with oracle virtualbox SOAbpm image and wanted to install eclipse pack 11g r1 on linux. First thing we need for this is the ability to copy files using sharedfolders. Had to go through the following steps for this:

  1. Navigate to Shared Folders
  2. Click + icon for adding folders
  3. Added "Downloads" Folder with auto-mount selected
  4. started the vm
  5. logged in as root
  6. sudo mkdir /mnt/Downloads_win
  7. sudo mount.vboxsf Downloads /mnt/Downloads_win
  8. cd /mnt/Downloads_win
Now you should be able to access files

Posted by at

Friday, December 16, 2011

Run as Administrator on Windows 7

When you are running application/services on window it is often painful to find out what's happening when the services don't start correctly. then you may decide to open a cmd shell and run the same commands to get more details. on windows 7 in some workplace environments you need a way to start these services with delegated administrator privileges. The way to do this is:

  1. click on start prompt
  2. in search for programs box enter "cmd"
  3. then hit "ctrl + shift + enter" 
  4. you get a prompt to  "do you want to allow this program to make changes to your computer"
  5. select yes
  6. command shell now opens with admin privileges and you can run the services/application cmd or bat files without any issues.
Posted by at

Wednesday, December 7, 2011

EM 11g Grid Control for monitoring weblogic server and OIM

There are several ways to monitor the health of weblogic, discussed WLDF in a prior post as one way.  Another traditional approach include installation and configuration of Oracle Enterprise Manager Grid Control product. Below are the steps for configuring notification and alerts.
  1. Access https://gridctlem.kpsoft.com:7799/em/console
  2. enter username and password of a super administrator 
  3. Navigate to Deployments and click Install Agent
  4. Click Fresh Install
  5. Select Default for source directory
  6. agent source software version (11.1.0.1.0 is used in this article)
  7. Select host (linux x86-64)
  8. host idm.thekpsoft.com
  9. OS credential (oracle/xxxx)
  10. un select on run root.sh (this requires sudo to root)
  11. installation directory /home/oracle/oracle_em_agent
  12. Click continue, unchecked security updates forms
  13. wait for confirmation on installation agent
  14. login to idm.thekpsoft.com, navigate to /home/oracle/oracle_em_agent/agent11g and run root.sh
  15. Navigate to Targets -> Middleware for adding a host for discovery
  16. Enter admin server hostname (idm.thekpsoft.com)
  17. port number - 7001
  18. username - weblogic
  19. password
  20. Unique Domain Identifier - sandbox_oimdomain
  21. Agent - use the search light and select as needed
  22. Press continue -> EM will find all teh targets (weblogic server, domains etc) -> Click ADd targets 
  23. Now we go about setting notifications rules and schedule
  24. Click Setup -> Notification Methods 
  25. Enter SMTP Server (mail.thekpsoft.com)
  26. Username and password if required
  27. Identify Sendar as - EM Grid Control 11
  28. Sender E-mail address (emcontrol@thekpsoft.com)
  29. click test email servers to test email notifications
  30. click preferences -> add e-mail address (prasad@thekpsoft.com) and choice message format (long format)
  31. click Notification Rules
  32. Click create 
    1. General -
    2. Name - Sandbox sample nitification rule
    3. Selct Make public
    4. Target Type - Oracle Weblogic Server
    5. select apply rule to specified oracle weblogic server targets or groups .............
    6. ADd targets that you prefer to, I added wls_oam1, wls_oim1, wls_ods1, wls_soa1, admin server
  33. Click Availability, I selected up, down, agent unreachable
  34. Add by selecting metrics if needed (you can also templatize this as an SLA for each set of targets) using setup -> monitoring template feature
  35. configure their thresholds (i will cover thresholds in another article)
  36. click poilicies and jobs if you want to (advanced features, will cover at a later time)
  37. click actions and select send me e-mail and repeat notification frequency (i left defaults for this)
  38. Create a blackout configuration for planned maintenance to notifications will not be sent
  39. you are all set....
  40. you should be receiving email notifications whenever the threshold criteria is met
  41.  
Once you are done with the setup, explore playing with targets with type Identity Access Management. These have different set of metrics in comparison to traditional weblogic metrics that are IDM oriented....
Posted by at
Labels:
Subscribe to: Comments (Atom)