8 Replies Latest reply: Aug 16, 2006 11:48 PM by 365794 RSS

    Tutorials for creating Sites and Users

    513038
      Hi Are there any online turotials for creating users and sites?

      Please provide any links.. I would really appreciate it.
        • 1. Re: Tutorials for creating Sites and Users
          mshannon
          Hi,

          Once your users are created in OID, they are automatically provisioned in to Content Services through an OID provisioning profile.

          There are many ways to create users in OID, the standard bulk approach is to utilize an ldif document and supply it as input using one of the following approaches :-

          1)
          $ORACLE_HOME/bin/ldapadd -h <hostname> -p <port#> -D "cn=orcladmin" -w <password> -f <LDIF>
          For example:
          $ORACLE_HOME/bin/ldapadd -h content2.us.oracle.com -p 389 -D "cn=orcladmin" -w welcome1 -f example.ldif

          2)
          Connect to OIDDAS (http://server:port/oiddas)
          Click on the "Directory" tab
          Authenticate as the orcladmin user
          Ensure the "Users" sub-tab is active under the main "Directory" tab.
          Click the "Bulk" button.
          Browse to location of LDIF document.


          An entry in the ldif file will look something along the lines of :-

          dn: cn=matt,cn=Users,dc=us,dc=oracle,dc=com
          cn: matt
          uid: matt
          userpassword: welcome1
          mail: matt@content1.us.oracle.com
          givenname: Matt
          sn: Shannon
          orcltimezone: America/Los_Angeles
          objectclass: top
          objectclass: person
          objectclass: inetorgperson
          objectclass: organizationalperson
          objectclass: orcluser
          objectclass: orcluserv2

          You could extract an existing user in LDIF format using the "-L" option to ldapsearch.

          e.g.

          $ORACLE_HOME/bin/ldapsearch -D cn=orcladmin -w welcome1 -h content2 -p 389 -L cn=orcladmin
          dn: cn=orcladmin, cn=Users, dc=us,dc=oracle,dc=com
          objectclass: top
          objectclass: person
          objectclass: organizationalPerson
          objectclass: inetorgperson
          objectclass: orcluser
          objectclass: orcluserV2
          objectclass: orclUserProvStatus
          orcluserapplnprovstatus;email_email: PROVISIONING_NOT_REQUIRED
          orcluserapplnprovstatus;content_content: PROVISIONING_SUCCESSFUL
          orcluserapplnprovstatusdesc;content_content: 1151124268157_
          orcluserapplnprovstatusdesc;email_email: orcladmin Email domain does not exist
          .
          orclpasswordverifier;16f1115bf2dddf8be0402382ad450baf: {X- ORCLLMV}C23413A8A1E
          7665FC2265B23734E0DAC
          orclpasswordverifier;16f1115bf2dddf8be0402382ad450baf: {X- ORCLNTV}A3A685F8936
          4D4A5182B028FBE79AC38
          orclpasswordverifier;16f1115bf2dddf8be0402382ad450baf: {X- ORCLIFSMD5}8M92wEDj
          3QaGghnnyZ7KWQ==
          orclpasswordverifier;16f1115bf2dddf8be0402382ad450baf: {X- ORCLWEBDAV}8jbiqWdN
          7dONVpzV7NAmIQ==
          orcluserprovfailurecount;content_content: 0
          orclpassword: {x- orcldbpwd}1.0:1772AD7C11B4F110
          authpassword;oid: {SASL/MD5}KLnwGowwsOLf3oPyYOECzA==
          authpassword;oid: {SASL/MD5-DN}f/mghTIeTgedQw+QdGbcEw==
          authpassword;oid: {SASL/MD5-U}aI1qiww3jT/p8O+v3/V8+g==
          authpassword;orclcommonpwd: {MD5}IB8AtcpdZaHBGOXjJDFRTA==
          authpassword;orclcommonpwd: {X- ORCLLMV}C23413A8A1E7665FC2265B23734E0DAC
          authpassword;orclcommonpwd: {X- ORCLNTV}A3A685F89364D4A5182B028FBE79AC38
          authpassword;orclcommonpwd: {X- ORCLIFSMD5}8M92wEDj3QaGghnnyZ7KWQ==
          authpassword;orclcommonpwd: {X- ORCLWEBDAV}8jbiqWdN7dONVpzV7NAmIQ==
          userpassword: {SHA}41vs5sXm4OhspR0EQOkigqnWrIo=
          mail: orcladmin
          givenname: orcladmin
          uid: orcladmin
          description: Seed administrative user for subscriber.
          orclsamaccountname: orcladmin
          sn: orcladmin
          cn: orcladmin

          Matt.
          • 2. Re: Tutorials for creating Sites and Users
            513038
            Hi Matt,

            Thank you for your valuable input. I have created a user using oiddas.

            1.created user and added oracle Collaboration suite Users (role) ( step 2)
            3. Provisioned to Content ( step 2) and done

            But Provisioning staus is still PENDING. New user is not able to login to content services. Its been pending since yesterday. Do I have to do anything? I thought OID users will be provisioned into Content Services automatically after 15 mins.
            • 3. Re: Tutorials for creating Sites and Users
              mshannon
              Ensure the Content Services node process is started (which runs the OidCredentialManagerAgent).

              The agent is responsible for processing OID provisioning events, and creating/updating/deleting the corresponding User in Content Services.

              opmnctl status
              ...
              Content | Node | 2762 | Alive
              Content | OC4J_Content | 2764 | Alive
              Content | OC4J_RM | 2763 | Alive
              ...

              If the node is not started,
              opmnctl startproc process-type=Node


              Once/If the node is started, check the log file for errors :-

              cd $ORACLE_HOME/content/log/Content/
              vi *Node.log

              Check the Server Configuration for the agent to check its activation interval (this can be done through Enterprise Manager).

              cheers.

              Matt.
              • 4. Re: Tutorials for creating Sites and Users
                365794
                Hi Matt

                I am facing the same problem of new Content users' status stuck in PENDING for more than 1 day. The funny thing is, this scenario occurred only recently. First batch of users created 2 weeks ago, had Contents provisioned for them immediately.

                Verified as suggested that Content Services Node is up and running on EM and the OidCredentialManagerAgent is alive & running. There are no errors in <apps>_Node.log. Have also tried to restart Content domain to no avail.

                Would appreciate if there are any suggestions/ solutions. The partner is really eager to get it figured out.

                Thanks in advance!

                S L
                • 5. Re: Tutorials for creating Sites and Users
                  mshannon
                  Hi,

                  Check to see if there are any outstanding events in the table
                  odmz_oidcredentialmanagerevnt
                  in the CONTENT schema.

                  If there are outstanding events in this table, then ensure the Node is running, and that the Oidcredentialmanageragent is running.

                  I also saw an email recently whereby users were not getting provisioned immediately (delayed in fact) due to a Date/time differences between the servers.

                  cheers.

                  matt.
                  • 6. Re: Tutorials for creating Sites and Users
                    365794
                    Hi Matt

                    Thanks for the very prompt reply!

                    I have checked odmz_oidcredentialmanagerevnt (using "select count(*) from odmz_odicredentialmanagerevnt;" ). There are no outstanding events on the table. Date/time on both application and infrastructure servers are also in sync. For good measure, I have restarted domain for Content using EM.

                    On the side, I have also set IFS.SERVER.TIMER.ActivationPeriod to 5m and IFS.SERVER.TIMER.InitialDelay to 0m.

                    Oddly, provisioning status for the group of users are still PENDING. At my wits to get the users up on Contents.

                    Thanks again!

                    Regards
                    S L
                    • 7. Re: Tutorials for creating Sites and Users
                      mshannon
                      Checkout the event information in the OID directory integration platform log at the following location :-

                      $ORACLE_HOME/ldap/odi/log

                      I would check on the server running your OID instance that odisrv is running.

                      ps -ef | grep odisrv
                      oracle 2792 2779 0 18:50 ? 00:00:00 /bin/ksh /u01/app/oracle/product/10.1.2/as_1/bin/odisrv instance=1 configset=0 port=636 sslauth=1 host=content2.au.oracle.com

                      The next thing I would do is check that the provisioning profile for Content is enabled, and that the db url works!
                      $ORACLE_HOME/bin/ldapsearch -D cn=orcladmin -w welcome1 -h content2.au.oracle.com -p 389 objectclass=orclODIPProvisioningIntegrationProfileV2

                      orclODIPProfileName=1B1BEBC2DAC7C432E040BB0A4B6C28D0_1B20957BD2016F4DE040BB0A4B6C0AE5, cn=Profiles,cn=Provisioning,cn=Directory Integration Platform,cn=Products,cn=OracleContext
                      orclapplicationtype=CONTENT
                      orclodipencryptedattrkey=ABCDEFGH
                      orclprovisioningfailuremaxlimit=1
                      orclapplicationuserdataloc=DEFAULT
                      orclodipprofilemaxeventsperinvocation=1
                      orclodipprovisioningorgguid=1B1BEBC2DAC7C432E040BB0A4B6C28D0
                      orclversion=3.0
                      orclstatus=ENABLED
                      orclodipprofileinterfacename=LDAP_NTFY
                      orclmanageapplicationdefaults=TRUE
                      orclodipprofilename=1b1bebc2dac7c432e040bb0a4b6c28d0_1b20957bd2016f4de040bb0a4b6c0ae5
                      orclodipprovisioningappguid=1B20957BD2016F4DE040BB0A4B6C0AE5
                      orclapplicationisdasviewable=TRUE
                      orclodipprovisioningorgname=oracle
                      orclodipprofileinterfacetype=PLSQL
                      orclapplicationdefaultpolicy=PROVISIONING_REQUIRED
                      orclodipprofilemaxeventsperschedule=100
                      orclodipprofileschedule=300
                      orclodipprofiledebuglevel=0
                      orclodipprofilemaxretries=5
                      orclodipprovisioningappname=Content
                      orclodipprofileexecgroupid=default
                      orclodipprofileinterfaceversion=3.0
                      orclodipprofilemaxerrors=50
                      orclapplicationdisplayname=Content
                      orclodipprovisioningappdn=orclApplicationCommonName=Content,cn=IFS,cn=Products,cn=OracleContext
                      objectclass=top
                      objectclass=orclODIPProvisioningIntegrationProfileV2
                      objectclass=orclODIPProvisioningIntegrationProfileV3
                      objectclass=orclODIPIntegrationProfile
                      orclodipprofileinterfaceconnectinformation=dburl=ldap://content2.au.oracle.com:389/orcl,cn=oraclecontext:CONTENT$Id:DEOQQLCBNSGPNBUQRHGI
                      The orclodipprofileinterfaceconnectinformation attribute contains the connect details OID will use to connect to Content DB to notify it of events.

                      For example:

                      orclodipprofileinterfaceconnectinformation=dburl=ldap://content2.au.oracle.com:389/orcl,cn=oraclecontext:CONTENT$Id:DEOQQLCBNSGPNBUQRHGI


                      The value is of the format: ldap://[database dburl=xxx]:schema user:schema password

                      You should be able to make a connection using the values returned by that query

                      SQL> conn CONTENT$Id/DEOQQLCBNSGPNBUQRHGI

                      Connected.

                      The orclodipprofileinterfacename attribute specifies the interface that will be caled by OID - in the case above LDAP_NTFY.

                      Are you able to connect from the OID Oracle Home with the <content schema>$ID account using the password from the orclodipprofileinterfaceconnectinformation attribute?

                      SQL> column object_name format a30
                      SQL> column object_type format a15
                      SQL> set pagesize 20
                      SQL> l
                      1 select object_name, object_type from user_objects
                      2* order by object_type, object_name
                      SQL> /

                      OBJECT_NAME OBJECT_TYPE
                      ------------------------------ ---------------
                      LDAP_NTFY PACKAGE
                      LDAP_NTFY PACKAGE BODY
                      LDAP_SEQ SEQUENCE
                      ODMZV_OIDCREDENTIALMANAGERDN SYNONYM
                      ODMZ_OIDCREDENTIALMANAGEREVNT SYNONYM
                      LDAP_ATTR_LIST_V3 TYPE
                      LDAP_ATTR_V3 TYPE
                      LDAP_ATTR_VALUE_LIST_V3 TYPE
                      LDAP_ATTR_VALUE_V3 TYPE
                      LDAP_EVENT_LIST_V3 TYPE
                      LDAP_EVENT_STATUS_LIST_V3 TYPE
                      LDAP_EVENT_STATUS_V3 TYPE
                      LDAP_EVENT_V3 TYPE

                      13 rows selected.

                      OID should contact Content DB using the <SCHEMA>$ID account and call the ldap_ntfy package which should inturn insert rows in to the ODMZ_OIDCREDENTIALMANAGEREVNT table.


                      cheers

                      Matt.
                      • 8. Re: Tutorials for creating Sites and Users
                        365794
                        Hi Matt

                        Thanks a mil!
                        The troublemaker is odisrv process. Grep for odisrv process did not return anything though i was able to start it up using oidctl & odisrv. Could also see LDAP_NTFY package after connecting to Content$Id.

                        I'll try to fix odisrv and see if provisioning comes through.