Creating OVD 11g adapters without using ODSM console

The only supported method to create OVD 11g adapters is to create it using ODSM console. However if you want to create the adapters without using GUI, you can do so by updating adapters.os_xml. This is the file where all adapter details gets stored.

Let me talk about my exploration right from the beginning. I have read a metalink note 1336191.1 and thought that adapters can be created through command line as well. This is the Oracle documentation link that it points.

I suspected looking at the documentation as it talks about libOVD adapter used in OIM LDAP sync process. Anyhow, I gave a try using wlst.sh

    • Goto ORACLE_HOME/common/bin
    • Run ./wlst.sh
    • connect(‘weblogic’,’abcd1234′,’t3://mahendra.oracle.com:7001′)
    • help()
    • I can see this , help(‘OracleLibOVDConfig’)List commands for managing OVD configuration
    • help(‘OracleLibOVDConfig’)
    • I can see the functions: help(‘createLDAPAdapter’), help(‘deleteAdapter’), help(‘getAdapterDetails’), help(‘listAdapters’), ….
    • So I ran listAdapters() to see the existing adapters in OVD server and results are empty. In fact the OVD server has 2 adapters which is not listed in the results.
    • So I have ran createAdapter by referring help(‘createLDAPAdapter’) and when I run listAdapters() it showed the newly created adapter but this is not visible in OVD 11g ODSM console.

So I understood that OracleLibOVDConfig commands are used for OIM LDAP sync operations and this does not work for actual OVD server. Therefore I concluded that adapters can’t be created using command line.

So the only approach left is to directly update adapters.os_xml file as mentioned below.

  • Stop the OVD server using opmnctl
  • Take the backup of adapters.os_xml.
  • Edit the adapters.os_xml file located at AS_INSTANCE/config/OVD/ovd_instance.
  • Goto the end of the file and create a new block as shown below.

<ldap id=”Test_OID_Adapter” version=”12″>
<root>dc=oracle,dc=com</root>
<active>true</active>
<routing>
<critical>true</critical>
<priority>50</priority>
<inclusionFilter/>
<exclusionFilter/>
<plugin/>
<retrieve/>
<store/>
<visible>Yes</visible>
<levels>-1</levels>
<bind>true</bind>
<bind-adapters/>
<views/>
<dnpattern/>
</routing>
<pluginChains xmlns=”http://xmlns.oracle.com/iam/management/ovd/config/plugins”>
<plugins>
<plugin>
<name>Performance Monitor</name>
<class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
<initParams/>
</plugin>
</plugins>
<default>
<plugin name=”Performance Monitor”/>
</default>
<add/>
<bind/>
<delete/>
<get/>
<modify/>
<rename/>
</pluginChains>
<hosts>
<host port=”3060″ percentage=”100″ readonly=”false”>test1.oracle.com</host>
</hosts>
<remoteBase>dc=oracle,dc=com</remoteBase>
<secure>false</secure>
<failover>false</failover>
<passCredentials>Always</passCredentials>
<binddn>cn=orcladmin,cn=Users,dc=oracle,dc=com</binddn>
<bindpass>abcd1234</bindpass>
<dnAttributeList>
<attribute>uniquemember</attribute>
<attribute>manager</attribute>
<attribute>secretary</attribute>
<attribute>owner</attribute>
</dnAttributeList>
<pageSize>0</pageSize>
<referals>false</referals>
<heartBeatInterval>60</heartBeatInterval>
<timeout>15000</timeout>
<maxPoolSize>10</maxPoolSize>
<maxPoolWait>1000</maxPoolWait>
<maxPoolChecks>10</maxPoolChecks>
<quickFail>false</quickFail>
<escapeSlashes>true</escapeSlashes>
<kerberos>false</kerberos>
<useDNS>No</useDNS>
<initialPoolSize>5</initialPoolSize>
<ssl>
<protocols>SSLv3,TLSv1</protocols>
<cipherSuites>
<cipher>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</cipher>
<cipher>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</cipher>
<cipher>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</cipher>
<cipher>SSL_DH_anon_WITH_DES_CBC_SHA</cipher>
<cipher>SSL_DH_anon_WITH_RC4_128_MD5</cipher>
</cipherSuites>
</ssl>
<pingprotocol>tcp</pingprotocol>
<kerberosRetry>false</kerberosRetry>
</ldap>

  • In my case, I have provided the values Test_OID_Adapter as Adapter Name, root context, remote base, Admin user id and password. Provide the password in plain text format. Once the OVD server starts, this value will be encrypted.
  • Ensure that syntax is correct otherwise OVD server won’t start. You can copy the file to any XML editor to check the validity.
  • Start the OVD server.
  • Login to the ODSM console and see the newly created adapter.

If the syntax is wrong in adapters.os_xml file, it would result with error shown below in console~ovd1~1.log.

Exception in thread “main” java.lang.RuntimeException: Error parsing XML file.
at com.octetstring.vde.config.ConfigHandler.getInstance(ConfigHandler.java:172)
at com.octetstring.vde.VDEServer.main(VDEServer.java:340)
Caused by: oracle.xml.parser.v2.XMLParseException: Element ‘ldap’ not expected.
at oracle.xml.parser.v2.XMLError.flushErrors(XMLError.java:271)
at com.octetstring.vde.config.parsers.ConfigParser.parseConfiguration(ConfigParser.java:444)
at com.octetstring.vde.config.parsers.ConfigParser.parseConfiguration(ConfigParser.java:404)
at com.octetstring.vde.config.parsers.ConfigParser.parseConfiguration(ConfigParser.java:389)
at com.octetstring.vde.config.ConfigHandler.getProvisionedAdapters(ConfigHandler.java:371)
at com.octetstring.vde.config.ConfigHandler.<init>(ConfigHandler.java:196)
at com.octetstring.vde.config.ConfigHandler.getInstance(ConfigHandler.java:167)
Contact me at mahi.babu@gmail.com if you want java piece of code to create the adapter in adapters.os_xml file directly.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment: