Upgrade Oracle Internet Directory/IdM Suite to

As per  Prasad Akkiraju here  Oracle Applications 11i/R12 is now certified with Oracle Identity Management (OID, DAS, DIP, SSO, Identity Federation)

This post summarizes key points in upgrading Oracle Identity Management (OID, DAS, DIP, SSO, Federation) from version (IdM 10g R3 patchset 1)

Things to note while upgarding OID/IdM to

1. Patch to upgrade Oracle Identity Management (including OID) to 10g Rel 3 patchset 1 (AKA is 5983637
2. IdM 10g Rel 3 patchset 1 ( can be applied only on IdM version (For Previous release , first ugrade to
3. This patch is currently (as of 31Mar08) certified for windows & linux only
4. While upgrading OID Node include $ORACLE_HOME/bin as first entry in PATH (This is to ensure installer takes ldapsearch or ldap* from $ORACLE_HOME/bin and not from /usr/bin )
5. Upgrade to IdM (SSO, OID, DIP, DAS, Federation) includes software upgrade only.

How to patch/upgrade IdM (Oracle Identity Management) to

1. Download patch 5983637
2. Unzip patch
3. Shutdown Identity Management Services (OID, SSO, Identity Federation) and take backup
4. Go to Disk1 in directory where you unzipped patch
5. Ensure oraInventory (oraInst.loc) is pointing to right location
6. start upgrade by running ./runInstaller
7. Start Services

Main changes in Patchset

Improvement in DIP

1. Profile Group & Configset
Configset– before configset used to contain
a) configuration information for DIP (Directory Integration and Provisioning Server) like refresh interval, debug level, max number of profile to refresh …
b) List of profile that are schedule for execution

Profile Group– introduced in, consist of all profiles that are to be scheduled by specific instance of DIP.

Configset in contains only configuration information like refresh interval, debug level, max number of profile to be executed …  Point b) from previous release of DIP/OID is taken out of configset and moved to Profile Group

Improvement in OID
2. Server Chaining – New options are provided with OID server chaining (introduced in OID 10.1.4). To know more about OID Server chaining click here
2.1 SSL Support to connect to external directory
For more on this feature check metalink note # 452381.1 & 452385.1

3. Account with status locked, expired, etc. (custom control) were able to login via EUS (Enterprise User Security) where EUS was integrated with OID. With you can stop account with status lock, expire to login from EUS

(More details visit metalink note # 459772.1)

Note* EUS (Enterprise User Security) is a feature in Oracle Database for centrally managing authentication and authorization of database users. – Updated later (Check comment below)
Improvement in DAS

4. Users without appropriate privileges could perform configuration operation in release previous to (This is now fixed)

Improvement in SSO
5. Improvement in integration of SSO with Windows native authentication

Fixes around Identity Federation
6. Oracle Identity Federation can now consume PKCS#12 wallets created by OWM (Oracle Wallet Manager) Read More about OWM here

For full list of these bug fixes in IdM check readme of Patch 5983637

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

anonymous says July 7, 2008

“Note* EUS (Enterprise User Security) is new feature in Oracle 11g Database Enterprise Edition for centrally managing authentication and authorization of database users.” — not correct at all.

EUS is there right from 92 db.

Atul says July 7, 2008

Thanks for pointing this, Yes you are right EUS is in database since way back from 8i .

knvramam says December 17, 2008

Hello Atul,

When we are upgrading OID from 10.1.2 to 10.1.4, in one instance it is asking for “Oracle Certificate Authority Administrator” and in one instance it is not asking for the password.

Can you please let me know why it is asking for “OCAA” password in some instances and where to find the password. We tried to give orcladmin password, but it didnt take that password.

Thank you

Atul Kumar says December 17, 2008

It is possible that during isntallation on one of instance you selected OCA (Oracle Certifying Authority)

password is different from orcladmin password, check with person who installed OCA with OID

knvramam says December 18, 2008

Hello Atul,

Thank you very much for your quick response.

I only installed Infra instnace in the machine and I didnt remember whether I have selected OCA by the time of installation, any how can you please let me know how to change OCA Administrator password or where can we find the password.

I tried to change the password with “ocactl setpasswd -type DB”, but it is asking for the existing password also.

Thank you

Atul Kumar says December 18, 2008

Welcome to Oracle’s trap , I am not sure if this is possible to reset password from backend (File System/OID) raise SR with Oracle and ask them to assign to OCA team

Jayaram Yakali says May 20, 2012

Is there any statics on Oracle Internet Directory capabilities, I mean how many users can created, searchable volume length like…

Ranganath Nangineni says January 28, 2014


Can you provide me the steps for installing OID and also to move the users from other OID server ( to the new setup that we installed?

Thanks for your help.

Add Your Reply