How to configure Oracle Internet Directory with a new configuration set?
This post talks about configuring OID with a new configuration set. First of all, let me tell you the necessity of a configuration set. OID by default uses configuration set 0 with certain pre-defined options. To dump the default config set into an ldif file use the below command:
ldapsearch -p <port> -h <host> -D cn=orcladmin -w <oidpwd> -L \
-b “cn=configset0,cn=osdldapd,cn=subconfigsubentry” \
-s base objectclass=* > newconfigset.ldif
The parameters of a configuration set may look like this:
dn: cn=configset0, cn=osdldapd, cn=subconfigsubentry
orclsslport: 636
orclsslenable: 2
orclnonsslport: 389
orclsaslcipherchoice: rc4-56
orclsaslcipherchoice: des
orclsaslcipherchoice: 3des
orclsaslcipherchoice: rc4
orclsaslcipherchoice: rc4-40
orclsaslauthenticationmode: 1
orclsaslmechanism: DIGEST-MD5
orclsaslmechanism: EXTERNAL
orclsslversion: 3
orclsslwalleturl: file:
orclsslauthentication: 1
orclnormdn: cn=configset0,cn=osdldapd,cn=subconfigsubentry
objectclass: top
objectclass: orclConfigSet
objectclass: orclLDAPSubConfig
cn: configset0
If your requirement demands tuning OID to increase certain paramets, then you may choose to configure OID with new configuration set. However, if the OID version is less than 9.0.2, then it is mandate to have OID with new config set. If the OID version is higher than 9.0.2 then default configuration set can be used for OID tuning.
Let me give you an example of new configuration set content in an ldif format.
dn: cn=configset1, cn=osdldapd, cn=subconfigsubentry
orclmaxcc: 10
orclserverprocs: 4
orclsslversion: 3
orclsaslmechanism: DIGEST-MD5
orclsslauthentication: 1
orclsslwalleturl: file:
objectclass: top
objectclass: orclConfigSet
objectclass: orclLDAPSubConfig
orclsslenable: 0
orclsaslauthenticationmode: 1
orclnonsslport: 389
cn: configset1
orclsslport: 636
orclsaslcipherchoice: RC4-56
orclsaslcipherchoice: DES
orclsaslcipherchoice: 3DES
We must first load the new config set ldif file to the schema using the command given below:
ldapadd -p <PORT> -h <host> -D cn=orcladmin -w <oidpwd> -f ./newconfigset.ldif
Let’s start with the procedure then:
1. Stop opmnctl processes using ./opmnctl stopall
2. Start the oidmon process using the command ./oidmon connect=SERVICE_NAME start
Specify the SERVICE_NAME as per your environment.
3. Check for oid processes using the command ps -ef | grep oid
You will see the results as shown below.
oracle 21360 1 3 16:23 ? 00:00:00 /u01apps/osinfra/bin/oidmon connect=idmprod opmnuid=1 start
oracle 21362 1 4 16:23 ? 00:00:00 /u01apps/osinfra/bin/oidldapd connect=idmprod -p 389 -i 1 -conf 0 -sport 636 -sslenable 2 key=1399907972
oracle 21364 1 12 16:23 ? 00:00:01 oidldapd connect=idmprod control=21362 dispatcher=1 w orker=2 debug=33554432 configset=0 instance=1 key=1399907972 host=nic-pidmif1a-ac trcdimension=511 lo gchange=TRUE port=389 sport=636
4. There is already oidldapd instance running with default config set, we should stop it using the command ./oidctl connect=idmprod server=oidldapd instance=1 stop
The output of it may look like:
NLS_LANG not set in environment
Setting NLS_LANG to AMERICAN_AMERICA.AL32UTF8
oidctl:Waiting for oidmon to stop OIDLDAPD (instance=1) pid=21362
oidctl:Waiting for oidmon to stop OIDLDAPD (instance=1) pid=21362
oidctl:Stopped OIDLDAPD (instance=1) successfully
5. Start the oidldapd process with new config set as shown below:
./oidctl connect=idmprod server=oidldapd instance=1 configset=1 start
NLS_LANG not set in environment
Setting NLS_LANG to AMERICAN_AMERICA.AL32UTF8
oidctl:Waiting for oidmon to start OIDLDAPD (instance=1)
oidctl:Started OIDLDAPD (instance=1) with PID : 21475 successfully
6. Stop the oidmon process as shown below.
./oidmon connect=idmprod stop
7. Check the opmnctl status using ./opmnctl status
8. Start the opmnctl using ./opmnctl start
9. Start the OID process alone using ./opmnctl startproc process-type=OID
10. Check for OID processes using ps -ef | grep oid
The output may look like:
oracle 21642 21614 4 16:26 ? 00:00:00 /u01apps/osinfra/bin/oidmon connect=idmprod -opmnuid 501088260 start
oracle 21644 1 5 16:26 ? 00:00:00 /u01apps/osinfra/bin/oidldapd connect=idmprod -p 389 -i 1 -conf 1 -sport 636 -sslenable 2 key=1418389310
oracle 21646 1 37 16:26 ? 00:00:03 oidldapd connect=idmprod control=21644 dispatcher=1 w orker=10 debug=33554432 configset=1 instance=1 key=1418389310 host=nic-pidmif1a-ac trcdimension=511 l ogchange=TRUE port=389 sport=636
oracle 21648 1 34 16:26 ? 00:00:03 oidldapd connect=idmprod control=21644 dispatcher=1 w orker=10 debug=33554432 configset=1 instance=1 key=1418389310 host=nic-pidmif1a-ac trcdimension=511 l ogchange=TRUE port=389 sport=636
oracle 21650 1 37 16:26 ? 00:00:03 oidldapd connect=idmprod control=21644 dispatcher=1 w orker=10 debug=33554432 configset=1 instance=1 key=1418389310 host=nic-pidmif1a-ac trcdimension=511 l ogchange=TRUE port=389 sport=636
oracle 21652 1 34 16:26 ? 00:00:03 oidldapd connect=idmprod control=21644 dispatcher=1 w orker=10 debug=33554432 configset=1 instance=1 key=1418389310 host=nic-pidmif1a-ac trcdimension=511 l ogchange=TRUE port=389 sport=636
If you notice the oidldapd process would have started with configset 1 (new config set) .
11. Stop all opmnctl using ./opmnctl stopall
12. Start all opmnctl using ./opmnctl startall
That’s it. You are done. The same process applies even if you are modifying the default configuration set.
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com