Upgrade Oracle Internet Directory/IdM Suite to 10.1.4.2

As per Prasad Akkiraju here Oracle Applications 11i/R12 is now certified with Oracle Identity Management (OID, DAS, DIP, SSO, Identity Federation) 10.1.4.2

This post summarizes key points in upgrading Oracle Identity Management (OID, DAS, DIP, SSO, Federation) from 10.1.4.0.1 version 10.1.4.2 (IdM 10g R3 patchset 1)

Things to note while upgarding OID/IdM to 10.1.4.2

1. Patch to upgrade Oracle Identity Management (including OID) to 10g Rel 3 patchset 1 (AKA 10.1.4.2) is 5983637
2. IdM 10g Rel 3 patchset 1 (10.1.4.2) can be applied only on IdM version 10.1.4.0.1 (For Previous release , first ugrade to 10.1.4.0.1)
3. This patch is currently (as of 31Mar08) certified for windows & linux only
4. While upgrading OID Node include $ORACLE_HOME/bin as first entry in PATH (This is to ensure installer takes ldapsearch or ldap* from $ORACLE_HOME/bin and not from /usr/bin )
5. Upgrade to 10.1.4.2 IdM (SSO, OID, DIP, DAS, Federation) includes software upgrade only.

How to patch/upgrade IdM (Oracle Identity Management) to 10.1.4.2

1. Download patch 5983637
2. Unzip patch
3. Shutdown Identity Management Services (OID, SSO, Identity Federation) and take backup
4. Go to Disk1 in directory where you unzipped patch
5. Ensure oraInventory (oraInst.loc) is pointing to right location
6. start upgrade by running ./runInstaller
7. Start Services

Main changes in 10.1.4.2 Patchset

Improvement in DIP

1. Profile Group & Configset
Configset– before 10.1.4.2 configset used to contain
a) configuration information for DIP (Directory Integration and Provisioning Server) like refresh interval, debug level, max number of profile to refresh …
b) List of profile that are schedule for execution

Profile Group– introduced in 10.1.4.2, consist of all profiles that are to be scheduled by specific instance of DIP.

Configset in 10.1.4.2 contains only configuration information like refresh interval, debug level, max number of profile to be executed … Point b) from previous release of DIP/OID is taken out of configset and moved to Profile Group

Improvement in OID
2. Server Chaining – New options are provided with OID server chaining (introduced in OID 10.1.4). To know more about OID Server chaining click here
2.1 SSL Support to connect to external directory
For more on this feature check metalink note # 452381.1 & 452385.1

3. Account with status locked, expired, etc. (custom control) were able to login via EUS (Enterprise User Security) where EUS was integrated with OID. With 10.1.4.2 you can stop account with status lock, expire to login from EUS

(More details visit metalink note # 459772.1)

Note* EUS (Enterprise User Security) is a feature in Oracle Database for centrally managing authentication and authorization of database users. – Updated later (Check comment below)
Improvement in DAS

4. Users without appropriate privileges could perform configuration operation in release previous to 10.1.4.2 (This is now fixed)

Improvement in SSO
5. Improvement in integration of SSO with Windows native authentication

Fixes around Identity Federation
6. Oracle Identity Federation can now consume PKCS#12 wallets created by OWM (Oracle Wallet Manager) Read More about OWM here

For full list of these bug fixes in IdM 10.1.4.2 check readme of Patch 5983637

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

10 comments

anonymous says July 7, 2008

“Note* EUS (Enterprise User Security) is new feature in Oracle 11g Database Enterprise Edition for centrally managing authentication and authorization of database users.” — not correct at all.

EUS is there right from 92 db.

Atul says July 7, 2008

Thanks for pointing this, Yes you are right EUS is in database since way back from 8i .

knvramam says December 17, 2008

Hello Atul,

When we are upgrading OID from 10.1.2 to 10.1.4, in one instance it is asking for “Oracle Certificate Authority Administrator” and in one instance it is not asking for the password.

Can you please let me know why it is asking for “OCAA” password in some instances and where to find the password. We tried to give orcladmin password, but it didnt take that password.

Thank you
Ramam

Atul Kumar says December 17, 2008

It is possible that during isntallation on one of instance you selected OCA (Oracle Certifying Authority)

password is different from orcladmin password, check with person who installed OCA with OID

knvramam says December 18, 2008

Hello Atul,

Thank you very much for your quick response.

I only installed Infra instnace in the machine and I didnt remember whether I have selected OCA by the time of installation, any how can you please let me know how to change OCA Administrator password or where can we find the password.

I tried to change the password with “ocactl setpasswd -type DB”, but it is asking for the existing password also.

Thank you
Ramam

Atul Kumar says December 18, 2008

Ramam,
Welcome to Oracle’s trap , I am not sure if this is possible to reset password from backend (File System/OID) raise SR with Oracle and ask them to assign to OCA team

Jayaram Yakali says May 20, 2012

Is there any statics on Oracle Internet Directory capabilities, I mean how many users can created, searchable volume length like…

Atul Kumar says May 21, 2012

Check this link for OID benchmark http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oid-100m-user-benchmark-128527.pdf

Ranganath Nangineni says January 28, 2014

Atul,

Can you provide me the steps for installing 10.1.2.0.2 OID and also to move the users from other OID server (10.1.2.0.2) to the new setup that we installed?

Thanks for your help.

Atul Kumar says January 29, 2014

Follow installation guide at http://docs.oracle.com/cd/B28196_01/getstart.htm

To migrate users/groups from one OID to Other , user ldifwrite and bulkload OID commands to export and import resp. in OID

Add Your Reply