In the document: http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF is mentioned how the integration between BPEL and OID can be configured. But when this is done with OID version 10.1.4 some problems occur:
Migration of LDIF data failed. Not all the entries are successfully.If the script configure_oid.sh is executed like this:
(Pay attention on a production system choose the option seedRequiredUsers instead of SeedAllUsers, otherwise all test users are in the OID)
cd $ORACLE_HOME/bpel/system/services/install/ant-tasks
./configure_oid.sh orcladmin <PASSWORD> 389 false us seedRequiredUsers oc4jadmin <PASSWORD> oc4j_soa
Buildfile: oid-config.xml
config-oid:
[echo] Configuring OID...
[mkdir] Created dir: $ORACLE_HOME/ldap/install
[java] Install Configuration
[java] Install Type: ConfigureOID
[java] Oracle Home: $ORACLE_HOME
[java] JDK Home: $ORACLE_HOME/jdk
[java] Proxy Required: false
[java] Database Vendor: oracle
[java] OID Host: ${oid.host}
[java] OID Port: 389
[java] OID Realm: us
[java] OID Seed: seedRequiredUsers
[java] Admin User: orcladmin
[java] ***************************************************************
[java] Trying to obtain OID specific details from configuration files.
[java] Warning: You would encounter problems if you have not associated your instance with an OID.
[java] ***************************************************************
[java] OID Host is: ldap.test.nl
[java] OID Port is: 389
[java] Seeding users/roles in OID realm : us...
[java] Buildfile: bpminstall.xml
[java] seed-oid:
[java] init:
[java] seed-oid:
[java] Seeding system users/roles into OID ...
[java] Migration of LDIF data failed. Not all the entries are successfully migrated
[java] Seeding demo users/roles into OID ...
[java] Migration of LDIF data failed. Not all the entries are successfully migrated
[java] BUILD SUCCESSFUL
[java] Total time: 5 seconds
[java] Exit: 0
[java] Configuring BPEL identity service configuration file ...
[java] Adding jaas-mode attribute to hw_services orion-application.xml
[java] Adding jaas-mode attribute to orabpel orion-application.xml
bpel-grant-privileges:
[echo] Granting Server privileges to BPMSystemAdmin role...
[echo] Granting Domain privileges to BPMDefaultDomainAdmin role...
all:
BUILD SUCCESSFUL
Total time: 11 seconds
Done
After some investigation I noticed that the ldif script that is inserted in the OID is in the directory: $ORACLE_HOME/bpel/system/services/config/ldap.
Then I tried to insert the users with the ldapadd commando an error occured:
ldapadd -h ldap.test.nl -p 389 -D cn=orcladmin -w <PASSWORD> -f system-oid_xxx.ldif
adding new entry cn=bpeladmin,cn=users, dc=us,dc=test,dc=nl
ldap_add: Constraint violation
ldap_add: additional info: Password Policy Error :9004: GSL_PWDNUMERIC_EXCP :Your Password must contain at least 1 numeric characters.
The conclusion is that there is een password policy in the OID, when this policy is changed the ldapadd works like a charm.
Change the policy in the OID:
start oidadmin > login with orcladmin > Password Policy Management > cn=pwdPolicies, cn=Common, cn=Product, cn=OracleContext > Password Policy for Realm dc=us,dc=test,dc=nl > tab Password Syntax
Change Number of Numeric Characters: 0
or you can change all passwords in the *.ldif file. But then the ant script is not working only because the ldif file is generated during the ant script.
The ldapadd command is working after the change in de oid and also when the passwords are changed:
ldapadd -h ldap.test.nl -p 389 -D cn=orcladmin -w <PASSWORD> -f system-oid_xxxx.ldif
adding new entry cn=bpeladmin,cn=users, dc=us,dc=test,dc=nl
adding new entry cn=default,cn=users, dc=us,dc=test,dc=nl
adding new entry cn=guest,cn=users, dc=us,dc=test,dc=nl
modifying entry cn=BPMSystemAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMDefaultDomainAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowReassign,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowSuspend,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowViewHistory,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=rule-administrators,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMAnalyst,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMPublic,cn=Groups, dc=us,dc=test,dc=nl
Now also the configure_oid.sh works like it supposed to. But when you use this script you must change all passwords because default the passwords are CHANGE_ME. The passwords are defined in the file: $ORACLE_HOME/bpel/system/services/config/ldap/system-oid.sbs.
You can verifiy everything is working fine by invoking the BPEL identity service:
http://<hostname>:<port>/integration/services/IdentityService/identity?operation=lookupUser
If the execution of this request results in this error:
Identity Service cannot find user. Error occurs while getting user "[USER]" in realm "jazn.com" Verify that user "[USER]" exits in realm "jazn.com". Contact oracle support if error is not fixable.
Adjust the file $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml.
Line : provider="XML" location="./system-jazn-data.xml" default-realm="jazn.com"
Line :
provider="LDAP" location="ldap://test.nl:389" default-realm="us"
Change the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml the same as $ORACLE_HOME/j2ee/home/config/jazn.xml
There is another problem in the integration of BPEL and OID. Hint : LOGON TO THE BPEL ADMIN CONSOLE FAILS - INSUFFICIENT PRIVILEGES / NO DOMAIN
There are two OC4J homes in the environment ($ORACLE_HOME/j2ee/home and $ORACLE_HOME/j2ee/oc4j_soa).
OC4J instance is associated with OID through EM.
This modifies the $ORACLE_HOME/j2ee/home/config/jazn.xml. However, it does not modify the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml file correctly.
$ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml
Line : provider="XML" location="./system-jazn-data.xml" default-realm="jazn.com"
Line :
provider="LDAP" location="ldap://test.nl:389" default-realm="us"
Change the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml the same as $ORACLE_HOME/j2ee/home/config/jazn.xml
Refers:
http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF