Creating the Required Schemas for Oracle Fusion Middleware Using RCU

To create required schema for Oracle Fusion Middleware^[1], you can use Repository Creation Utility (RCU)^[2]. You can also use RCU to drop component schemas.  In this article, we will show you how to create schema for the component named OID and discuss the significance of schema prefix.

Repository Creation Utility

Repository Creation Utility (RCU) is a Java tool to create database schema for component schemas that are part of Oracle Fusion Middleware.  RCU is available only on 32-bit x86 Linux and 32-bit Microsoft Windows Operating System platforms. You can run RCU from these machines to connect to any certifed versions of Oracle, or Microsoft SQL Server database, in order to create the schemas required by Fusion Middleware components.

Preparations and Prerequisites

If you are creating schemas on an Oracle database, you must use a user with SYSDBA privileges such as SYS^[3].

Here is the outline of instructions of creating new schemas:

1. Start up your database instance (i.e., ATGOID)
2. Start tns listener
3. Download the RCU and unzip it
4. Open the RCU by invoking rcu in the bin folder
5. Create component schemas as shown in the next section

Steps

The following sequence takes place when a schema is created with RCU (note that highlighted portion is the option that we have chosen for our installation):

1. Welcome
2. Create Repository
• Create
• Create and load component schemas into a database
• Drop
• Remove component schemas from a database
3. Database Connection Detail
• See Figure 1
• Make sure prerequisite step 1 &2 were executed first.  Otherwise, you will see the following messages:
• Unable to connect to the database using the provided details.
  Please enter a valid hostname and port or check if the listener is up and running.
• When you click on Next, Checking Prerequisites window will be displayed (see Figure 1)
• Prior to the schema being created, RCU performs global and component level prerequisite checks to ensure that certain minimum requirements are met.
• You may see warning such as:
• The database you are connecting is with non-AL32UTF8 character set. Oracle strongly recommends using AL32UTF8 as the database character set.
4. Select Components
• See Figure 2
• Select an existing Prefix
• Create a new Prefix: (Leave it empty; see why in next section)
• When you click on NExt, Checking Component Prerequisites window will be popped up
5. Schema Password
• Enter the passwords for the main and auxiliary schema users.
• Use same passwords for all schemas
• Use main schema pssswords for auxiliary schemas
• Specify different passwords for all schemas
• Component
• Oracle Internet Directory (Owner: ODS)
• Auxiliary Schema (Owner: ODSSM)
6. Map Tablespaces
• Choose tablespaces for selected components (Default)
7. Summary
• Database details
• Host Name: myserver
• Port: 1521
• Service Name: ATGOID
• Connected As: sys
• Operation: Create
• Prefix for (non-prefixable) Schema Owners : DEFAULT_PREFIX
• Component
• Name: Oracle Internet Directory
• Schema Owner: ODS
• Tablespace Name:
• Default: OLTS_DEFAULT
• Temp: IAS_TEMP
• Additional:
• OLTS_ATTRSTORE
• OLTS_BATTRSTORE
• OLTS_CT_STORE
• OLTS_SVRMGSTORE
8. Completion Summary
• RCU Logfile: $ORACLE_BASE/logdir.2013-01-15_11-03/rcu.log
• Component Log Directory: $ORACLE_BASE/logdir.2013-01-15_11-03
• Status: Success

Schema Prefix

You can use RCU to create multiple schemas of each component using custom prefixes. The prefix is prepended to and separated from the schema name with an underscore (_) character, as shown below:

• prefix_schemaname

However, the Oracle Internet Directory (ODS) component cannot be prepended with a custom prefix because there can only be one repository for this component per database.  That's why we said that leave the new prefix empty at step 4 above.

The default prefix used by RCU is DEV.  If DEV has already been used, then RCU will default to DEV1, then DEV2, and so on. Prefixes are used to create and organize logical groups of schemas. For example, you may want to create a test version of the Metadata Services (schema name MDS) called TEST_MDS.  Then, when are ready for your production version, you can create a second version of the schema called PROD_MDS. Both TEST_MDS and PROD_MDS may reside on the same or separate databases.

You are only allowed to use a prefix once per schema within a single database. For example, if you had a version of the Metadata Services schema called DEV_MDS, then you can not use the DEV prefix again to create another version of the Metadata Services schema (for example, DEV_MDS2).  If you want to create another version of the schema using the same prefix, you must first drop the existing schema and then create the schema again.

Finally, the mapping between the prefixes and schemas is maintained in schema_version_registry.


SQL> select comp_id,mrc_name from SCHEMA_VERSION_REGISTRY;
COMP_ID                        MRC_NAME                       
------------------------------ ------------------------------ 
OID                            DEFAULT_PREFIX                 
ORASDPM                        DEV                            
SOAINFRA                       DEV                            

3 rows selected

References

1. Oracle Fusion Middleware Articles
2. Repository Creation Utility Overview
3. What’s the Difference between the SYS and SYSTEM Schemas?
4. Using Custom Prefixes
5. Oracle Identity and Access manager 11g for Administrators

Using JXplorer to Learn Oracle Internet Directory

JXplorer^[1] is an open source ldap browser originally developed by Computer Associates' eTrust Directory development lab. It is a standards compliant general purpose ldap browser that can be used to read and search any ldap directory, or any X500 directory^[4] with an ldap interface.

Oracle Internet Directory (OID) is an LDAP V3-compliant directory service.  LDAP (Lightweight Directory Access Protocol) was conceived as an Internet-ready, lightweight implementation of the X.500 standard for directory services.  In this article, we will use JXplorer to explore the structure of OID.

OID Component and Instance

When you install Oracle Internet Directory^[2] on a host computer, Oracle Identity Management 11g Installer creates a system component of type OID in a new or existing Oracle instance.

The Oracle Internet Directory component contains an OIDMON process (i.e. Oracle Internet Directory Monitor process) and an Oracle Internet Directory instance. The Oracle Internet Directory instance consists of a dispatcher process and one or more OIDLDAPD processes.

The component name for the first Oracle Internet Directory component is usually oid1 and the Oracle instance name is chosen during the installation, usually asinst_1.

Oracle Identity Management 11g Installer also creates the following instance-specific configuration entry for this component during installation:

• cn=oid1,cn=osdldapd,cn=subconfigsubentry

In summary, OID components and instances are created as below:

• oid1
  • The first Oracle Internet Directory component
    • Successive installations in the cluster will have the component names oid2, oid3, and so forth.
    • This new Oracle Internet Directory component consists of 
      • An OIDMON process
      • An OIDLDAPD dispatcher process
      • One or more OIDLDAPD server processes
  • File system directories created by installer
    • ORACLE_INSTANCE/config/OID/oid1
    • ORACLE_INSTANCE/diagnostics/logs/OID/oid1
• asinst_1
  • Oracle instance name is chosen during the installation, usually is asinst_1

JXplorer

You explore OID by making a connection to it first.  An LDAP server is called a Directory System Agent (DSA).

OID uses the following default ports:

• SSL port: 3131
• Non SSL port: 3060

 In the User DN, you specify:

• cn=orcldadmin

On the left panel, you can find oid1 in the hierarchical tree-like structure (i.e., Directory Information Tree).  If you right click on it and select Copy DN,

the DN (i.e., distinguished name) of oid1 configuration entry is returned:

• cn=oid1,cn=osdldapd,cn=subconfigsubentry

The action in LDAP takes place around entries such as oid1.  An entry is defined as a set of attributes, and an attribute is a set (i.e., unordered) of values.  For example, oid1 has the following attributes:

• orcloidinstancename: asinst_1
• orclmaxcc: 10
• etc.

OID component oid1 has one instance named asinst_1.   It also has other attributes such as orclmaxcc which specifies maximum number of DB connections or orclserverprocs which specifies number of server processes.  You can modify them to tune OID's performance.

Configuring the Oraccle Internet Directory Authentication Provider

You can follow the instructions here to set up OID as one of the authentication providers in WebLogic Server.  Some of the information required for the setup can also be found from JXplorer.  For example, to find user base DN and group base DN, you can right click on the Users or Groups and select "Copy DN":

 

• User base DN : cn=Users, dc=us, dc=oracle, dc=com 
• Group base DN : cn=Groups, dc=us, dc=oracle, dc=com

Entry's name is specified by LDAP's naming model.  Entry's name (i.e., a DN) is composed of RDNs (i.e., Relative Distinguished Name) which are separated by commas.   DNs are more like postal addresses because they have a “most specific component first” ordering.  In our example, entry Users has a distinguished name:

• cn=Users, dc=us, dc=oracle, dc=com

where cn is the shorthand for common name and dc is the shorthand for domain component.  User base DN and group base DN are used by WebLogic Server to search users and groups within OID.

References

1. JXplorer
2.  Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1)
3. Lightweight Directory Access Protocol
4. International Standardization Organization (ISO) X.500 
5. Configure the Oracle Internet Directory Authentication provider
6. Oracle Fusion Middleware Security Blog