Creating a new oidldap configset
By default, “Default Coniguration Set” used by the oidldapd process this will not be sufficient for a large deployment on a multiprocessor machine.
Two ways we can create a configset
1. Creating a new oidldap configset using Oracle Directory Manager
2. Creating a new oidldap configset using ldif file.
Creating a new oidldap configset using Oracle Directory Manager
i. Launch the Oracle Directory Manager
ii. On the left side of GUI tool, expand Server Management (click on plus)
iii. Expand Directory Server
iv. Highlight Default Configuration Set
v. Right Click mouse and select CREATE LIKE
vi. Set MAX # of DB Connections a value from 1 – 10.
vii. Set Number of Child processes to 4, or equal to number of CPUs (whichever is greater)
viii. Adjust the LDAP Ports To Values of Your Choice
ix. Exit the Oracle Directory Manager
Creating a new oidldap configset using ldif file.
i. Use the ldapsearch utility to dump the default configset to a file.
$Oracle_home/bin>ldapsearch -p <port> -h <host> -D cn=orcladmin -w <oidpwd> -L -b “cn=configset0,cn=osdldapd,cn=subconfigsubentry” -s base objectclass=* > configset1.ldif
ii. The file: configset1.ldif should look like:
dn: cn=configset0, cn=osdldapd, cn=subconfigsubentry
orclsslenable: 2
orclmaxcc: 2
orclnonsslport: 3060
orclsslport: 3130
orclsaslcipherchoice: RC4-56
orclsaslcipherchoice: DES
orclsaslcipherchoice: 3DES
orclsaslauthenticationmode: 1
orclsaslmechanism: DIGEST-MD5
orclsaslmechanism: EXTERNAL
orclsslversion: 3
orclsslwalleturl: file:
orclserverprocs: 1
orclsslauthentication: 1
orclnormdn: cn=configset0,cn=osdldapd,cn=subconfigsubentry
objectclass: top
objectclass: orclConfigSet
objectclass: orclLDAPSubConfig
cn: configset0
iii. Edit the file making the following changes (removing lines as necessary):
dn: cn=configset1, cn=osdldapd, cn=subconfigsubentry <-configset name
objectclass: top
objectclass: orclConfigSet
objectclass: orclLDAPSubConfig
cn: configset1 <—————————————Configset name
orclsslenable: 2
orclmaxcc: 5 <——————————————Max process size
orclnonsslport: 389 <———————————Ldap port no
orclsslport: 636 <————————————-SSL port no
orclsslwalleturl: file:
orclserverprocs: 4 <———————————–server process
orclsslauthentication: 1
orclsslversion: 3
iv. Load the new configset.
ldapadd -p <PORT> -h <host> -D cn=orcladmin -w <oidpwd> -f ./configset1.ldif
After export the new configset1 we need to follow the below steps:
In our case I have two machines sitting in different machine and both are cluster.
1. Start the oidmon in both node
For Node1:
oidmon connect=idmprod host=hostname start
For Node2:
oidmon connect=idmprod host= hostname start
2. As Node 2 is started, we’ll first want to stop it with this command, i.e.:
oidctl connect=idmprod server=oidldapd instance=1 stop
NOTE: Make sure there are no OIDLDAPD processes running at this point. If there are any running out of this Oracle Home, kill them.
3. Now restart OID on node 2 with the command:
oidctl connect=idmprod host=hostname server=oidldapd instance=1 configset=1 start
4. For Node 1, first make sure there are no OIDLDAPD processes running at this point. If there are any runnings out of this Oracle Home, kill them.
5. Then start with this command:
oidctl connect=idmprod host=hostname server=oidldapd instance=1 configset=1 start
This should give us 2 separate entries in the ods.ods_process table and ensure OIDMON is also working for the correct hosts.
About the Author sarath
An Oracle Identity and Access Management professional, having working on Oracle Access Manager Single Sign-On implementations, Installation/Configuration of Identity Server, Web Pass, Web Gate, Access Gate, Policy Manager, Access Server, Policy Domains, Authentication /Authorization schemes, Single Sign-On (single and multi-domain), OIM, OVD, OID, OAAM, OIF, High Availability/Failover/ SSL deployment.