|
We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future
| We are moving to "On Line Apps DBA" |
| Saturday, September 29, 2007 |
|
I think image and Heading of this post says it all.
Yes we are moving to "On Line Apps DBA . Com" and currently in migration process putting all your posts, comments and categories from blogspot to On Line Apps DBA . COM and building some really nice look and feel and pages
Why are we moving to OnLineAppsDBA.com ?
Main reason for moving to OnLineAppsDBA.com is that
-- BlogSpot is blocked in some countries and few offices in india
-- Lot of my readers complain about slow performance at BecomeAppsDBA which is on free server from blogspot.com where as Apps DBA Online . com is on paid dedicated server and we are expecting better performance
-- Our new site On Line Apps DBA is on wordpress with some really good features and easy to maintain for administrators so we thought its good idea to invest in dedicated servers On LineApps DBA will officially be launched next month (Adding some new pages and tools to make it more user friendly) but you can have a look at site at http://OnLineAppsDBA.com and send us your feedback and features you want to see on this site by writing to me at atul @ onlineappsdba.comLabels: others |
We have moved to kindly check onLineAppsDBA.com in future
|
|
|
 del.icio.us
¦
 Digg This
¦
 My Yahoo
¦
 Reddit
¦
 BlinkList
¦
 Furl It
¦
Email This
¦
Leave Your Comments
|
posted by Atul Kumar @ 5:29 PM
  |
|
|
|
We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future
| Oracle Internet Directory - Basics II |
| Thursday, September 20, 2007 |
|
|
Few years ago, When I started learning Oracle Internet Directory I jumped directly on administration of OID (including start/stop and debugging) without understanding basics of OID. My suggestion is to go through basics first which I am going to cover in this post.
For my first post on OID visit OID from Apps DBA's eye
Need of Oracle Internet Directory ?
Use of Oracle Internet Directory (Oracle's LDAP) is much bigger and can't be explained in this post but here is few bits which you is enough for time being (to get you started on OID).
--OID is repository for enterprise users, groups data.
--Information about various applications (Portal, BI, E-Business Suite, Collaboration Suite) registered to OID (You can register E-Business Suite or Database in OID).
--Password policy for Single Sign-On Partner Applications
What are different Daemon/Server in OID ?
There are three servers/daemon in OID
---OIDLDAPD - This is the main server/daemon waiting for ldap request (ldapsearch, ldapadd, ldapmodify, ldapdelete..). When any application want to do any ldap operation(add, modify, delete, search..) on OID object (user, group, application..), that request is fulfilled by this server/daemon.
---ODISRV - also called as Oracle Directory Integration Server, this is used for integration of Various Application (Portal, BI, E-Business Suite/Apps) with OID for user/group data. If any user/group is added/deleted in Portal/BI synchronization of that user to OID is done by this Daemon (Vice Versa). If you have Integrated Apps(11i/R12) with OID/SSO then users is provisioned/de-provisioned using this daemon of OID.
---OIDREPLD - Also called as OID Replication Daemon is used if you have replicated OID. By default this daemon is disabled.
For OID Replication Overview Click Here and to know more about Multi Master Replication click here
How to Start/Stop OID ?
OID Data including status of OID Servers (OIDLAPD, ODISRV OIDREPLD) is stored in Oracle Database so in order to start OID first start Database and Database Listener. Then
To Start OID - opmnctl startproc ias-component=OID
To Stop OID - opmnctl stopproc ias-component=OID
OPMNCTL will first start OIDMON (OID Monitoring Process) and then instruct OIDCTL (OID Control) to start OIDLDAPD and ODISRV daemons.
Where to find log files related to OID ?
Logs related to OIDMON, OIDCTL, OIDLDAPD should be in $ORACLE_HOME/ldap/log directory , ODISRV related logs should be in $ORACLE_HOME/ldap/ODI/log
More on OID common tasks (including frequently used scripts) and New Features on OID 10.1.4 coming soon ...Labels: oid |
We have moved to kindly check onLineAppsDBA.com in future
|
|
|
|
del.icio.us
¦
Digg This
¦
My Yahoo
¦
Reddit
¦
BlinkList
¦
Furl It
¦
Email This
¦
Leave Your Comments
|
| posted by Atul Kumar @ 7:44 PM
|
|
|
|
We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future
| 25 Things Apps DBA should know for Apps 11i/R12 Integration with OID/SSO |
| Thursday, September 13, 2007 |
|
|
Check below 25 points which Apps DBA should know for Apps(11i/R12) integration with SSO/OID (Single Sign-On/Oracle Internet Directory)
1. If you change APPS password using FNDCPASS utility, update provisioning profile with new password using OIDPROVTOOL. (More on OID Scripts & Tools coming soon). This is required as APPS password is stored in provisioning profile in OID.
2. If you clone E-Business Suite Instance,
------2.1 Deregister old E-Business Suite details from target OID Instance,
------2.2 Deregister Integration details from cloned target E-Business Suite instance
------2.3 Reregister target E-Business Suite Instance to target OID and SSO instance
(More on cloning Oracle Apps instance integrated with OID/SSO coming soon)
3. Session Idle Timeout value in E-Business/Apps is set to 30 minute by default but there is NO Session Idle timeout value set on SSO (There is Global Timeout value set to 8 hours in Oracle SSO which is different from Idle Timeout). If session is Idle for more than 30 minutes in Apps/E-Business suite, users will be redirected to SSO and user can get back to Apps "without" entering username password as user session cookie is still valid on SSO Server .
For global Idle Session time out to work properly set Idle timeout value to required value in Oracle SSO server and match that with E-Business Suite Instance.
4. User with Name USER1 in FND_USERS can be linked to username USER2 in OID , so username need not to be same. Users in E-Business Suite/Apps are linked to Users in OID/SSO via GUID.
5. User mapping between OID & E-Business/Apps -> Login name in OID is identified by attribute "orclcommonnicknameattribute" which by default is "uid". To understand this better, think of user User "Atul Kumar" in OID with various attribute like first name, lastname, phonenumber, cn, sn, uid .... If for "Atul Kumar" value of attribute uid is set to "akumar" then user should use "akumar" to login.
This "akumar" (value of attribute "uid") is mapped to USER_NAME column of table FND_USER and "orclguid" attribute in OID should have same value as USER_GUID column value in FND_USER table. As mentioned in point 4, users in OID & Apps are linked via GUID and this value should be same. (More on user mapping and authentication flow with SSO coming soon )
6. Currently supported nickname attribute to be mapped to FND_USER table are "uid" and "mail"
7. If naming convention of your users in OID is different from users in E-Business/Apps (like atul.kumar in OID but kumaratul in apps/E-Business Suite) then disable profile "Applications SSO Auto Link User"
8. Not all attributes for users can be integrated/synchronized from OID to E-Business Suite or Vice Versa. For list of attributes supported currently (as of build 5) check Appendix C on Page 88 of Integration guide.
9. Updates to email ID in Oracle Internet Directory are not correctly reflected in the E-Business Suite HZ_CONTACT_POINTS in TCA unless the PERSON_PARTY_ID foreign key in the FND_USER table has been defined. Furthermore, if PERSON_PARTY_ID is changed i.e. user is linked to another person in TCA, information stored in OID can overwrite this other person’s information during provisioning.
10. As of build 5, logout from OAM (Oracle Application Manager) results in page not found, though users can logout successfully from professional forms and self service web applications.
11. Users can be provisioned from E-Business/11i/R12 (FND_USER) to OID, OID to E-Business Suite, and two way. (How to find current user provisioning direction coming soon in OID Scripts post)
12. User Provisioning from TCA (Trading Community Architecture) to OID is not yet supported (as of build 5). Provisioning of HR to OID, FND_USER to OID or from OID to FND_USER is supported.
13. If provisioning profile includes password to be provisioned from E-Business Suite/Apps to OID, password policy in E-Business Suite should be atleast as restrictive as OID else when you create user in E-Business Suite/Apps without password not not in line with password policy, you will get non descriptive error message.
14. User can login to E-Business Suite Locally (NO SSO, directly from FND_USER) or to SSO (authentication via SSO) or BOTH. Set profile option "Applications SSO Login Types" to LOCAL or BOTH at userlevel and use
http(s)://(hostname).(domainname):(port)/ OA_HTML/ AppsLocalLogin.jsp
For SSO authentication use URL
http(s)://(hostname).(domainname):(port)/oa_servlets/AppsLogin
15. It is possible to register multiple E-Buisness Suite Instance (Test, Dev, UAT) to single OID/SSO Instance. (How to find list of E-Business Suite instance registered against OID, coming soon in OID Scripts)
16. If you have OID with multiple Realm (How to find default and all available realms in OID, coming soon in OID scripts), E-Business Suite/11i/R12 can be registered against default OID realm only (As of SSO build 5).
17. It is possible to link multiple E-Business Suite accounts to single SSO account but vice versa is not possible/supported. i.e. User1 and User2 in E-Business account can be linked to user3 in OID/SSO (For more
information Check Profile Option "Applications SSO Allow Multiple Accounts" )
18. It is possible to synch User Password from E-Business Suite to OID but vice versa is not allowed. This is because passwords in E-Buisness Suite/Apps/11i/R12 are encrypted but are hashed in OID.
19. If you are palnning to implement SSO Integration with E-Business /11i/R12 in enterprise where E-Business Suite and OID are already implemented and working independently, it is possible to bulkload user from OID to E-Business(Users which are already in OID but not in E-Business Suite) or from E-Busienss to OID (Users which are already in E-Business Suite but not in OID) and map common users.
20. For bulk migrating users from E-Business Suite to OID or from OID to E-Business Suite, check AppsUserExport, LDAPUserImport, ldifmigrator, bulkload.sh utility
21. When users are imported (initial load) from OID to E-Business/Apps 11i/R12 using LDAPUserImport, all user "attributes" can't be imported.
22. If hashing method in OID is not MD5, bulkload of users to OID (initial set of users migrated from Apps/E-Business Suite) . (How to find default hasing method in OID, coming soon in OID Scripts..)
23. During initial load of users from E-Business Suite to OID (using bulkload.sh), password policy in OID is not verified . This is because E-Business Suite passwords are encrypted in dump file and bulk load tool can't check passwords.
24. Oracle Application Server (SSO/OID) & Apps/E-Business Suite database server system clocks should be in synch else users will face issue during login/logoff
25.
Leave your comments on what you think is important for Apps/11i/R12 integration with OID/SSO to fill point no. 25
Related:
Management Questions for Apps Integration with OID/SSO
More on OID/SSO Integration with authentication & user provisioning flow coming soon...
Labels: appsASintegration, integration |
We have moved to kindly check onLineAppsDBA.com in future
|
|
|
|
del.icio.us
¦
Digg This
¦
My Yahoo
¦
Reddit
¦
BlinkList
¦
Furl It
¦
Email This
¦
Leave Your Comments
|
| posted by Atul Kumar @ 6:40 PM
|
|
|
|
We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future
| Questions for Oracle Apps 11i & R12 Integration with 10g AS/SSO |
| Saturday, September 01, 2007 |
|
|
Here are few questions which you should think/ask/discuss for Oracle Applications 11i & R12 Integration with 10g Application Server (Portal, Discoverer, SSO, OID)
Do you need 10g Portal component of 10g AS with Oracle Applications 11i & R12 ?
(*Integration of 10g AS can be without portal and dicoverer as well i.e. OID & SSO only. For 10g portal Integration you must have SSO and OID)
Do you need 10g Discoverer component of 10g AS with Oracle Application 11i ?
(* You can have discoverer with or without SSO access)
Do you need SSO and OID component of 10g AS with Oracle Applications 11i / R12 ?
(*You can configure only SSO/OID for Single Sign-On access with or without Portal and Discoverer)
Do you need 10g Web Cache component of 10g AS with Oracle Applications 11i ?
(*You can configure webcache with or without Portal/OID/SSO. With Portal webcache is default)
Do you have third party access management (Netegrity SiteMinder, Oblix COREid) for Single Sign-On ?
(* You can configure 10g SSO with third party access management via Oracle SSO) Source of Authentication in Oracle Apps 11i / R12?
(* --You can configure authentication at E-Business Suite, Oracle SSO, Third party SSO or combination of above.
--Configuring authentication, local to E-Business for some users and for others SSO is also supported)
--Do you have third party LDAP directory (Microsoft Active Directory, Sun iPlanet) which you want to synch with OID and E-Business Suite ?
(* You can use third party ldap server for user store integrated with OID and then synched to E-Business Suite Users)
----- If third party LDAP Server is in place check following things for OID to third party integration (DIT, Default Realm, nickname attribute)
-----As of Integration build 5 synching users from E-Business to OID is supported with default realm only. Take special care if you have multiple realms in LDAP Server
--One SSO User account can be mapped to Multiple Users in E-Business Suite (other way is not supported), Do you need this ?
--Multiple E-Business Suite can use Single OID/SSO Instance or each E-Business Suite Instance can be registered with its own OID/SSO. For Dev & Test E-Business Suite you may be interested in registering them to single OID/SSO Instance.
--User Creation/Management/Updates : From OID to Apps, Apps to OID or bidirectional
-- Attributes to synch during ongoing Updates
* All user attribute sync can't be updated between OID & E-Business Suite. Check provisioning profile used for synch between Apps & OID
* Check if TCA tables are updated as required with User Updates in OID
-- Decide on how Users will be loaded Initially :
----From OID to E-Business (Users are already in OID but E-Business Suite is new implementation)
---- E-Business Suite to OID (Users are already in E-Business Suite but OID is new implementation)
---- In both E-Business Suite & OID (OID and E-Business both has user base but not in sync) You can reconcile user base in Apps & OID
-- E-Business Suite Home Page (Portal or Framework)
-- Is Password Policy in E-Business Suite different from Password policy in SSO ? Things like
----User should change password on first time login
----Password Strength, minimum number of characters & at least few some number
----Password will expire after n number of days
--Idle Session Time out for SSO
* By default there is no Idle Session timeout in Oracle SSO Server (There is default Global Session Time Out set at SSO with value 8 hours) but E-Business Suite is configured with Idle Session time out of 30 minutes. To set Idle Session time out value to desired value in SSO Server check http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15988/ssoadmin.htm#i1012213
More on 10g Application Server (OID/SSO) integration with E-Business Suite coming soon..
--------User creation/update/synch flow in OID-Apps(E-Business Suite) Integrated instances and troubleshooting user creation/update issues ?
-------User login flow in OID-Apps(E-Business Suite) Integrated Instances and troubleshooting login issues ?
-------Common tasks for which Apps DBA's should take extra care in Apps/OID/SSO integrated instances (Cloning, changing apps password, patching...)Labels: appsASintegration |
We have moved to kindly check onLineAppsDBA.com in future
|
|
|
|
del.icio.us
¦
Digg This
¦
My Yahoo
¦
Reddit
¦
BlinkList
¦
Furl It
¦
Email This
¦
Leave Your Comments
|
| posted by Atul Kumar @ 9:21 PM
|
|
|
|
|
|
