Sunday, September 25, 2005

Finally: Enterprise Security

It's about time, so here we go:
Stop the 9i instance on my test server (limited memory...) and the listener, kick 10g Release 1 into live, and a listener, and start all iAS processes:
[oracle10@csdb01 oracle10]$ lsnrctl start
LSNRCTL for Linux: Version 10.1.0.4.0 - Production on 25-SEP-2005 14:42:31
Copyright (c) 1991, 2004, Oracle. All rights reserved.
Starting /o/oracle10/10gR1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 10.1.0.4.0 - Production
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "o10gR1" has 1 instance(s).
Instance "o10gR1", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully

[oracle10@csdb01 oracle10]$ sqlplus "/ as sysdba"
SQL*Plus: Release 10.1.0.4.0 - Production on Sun Sep 25 14:42:40 2005
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 285212672 bytes
Fixed Size 778856 bytes
Variable Size 120593816 bytes
Database Buffers 163577856 bytes
Redo Buffers 262144 bytes
Database mounted.
Database opened.
SQL>
[oracle10@csdb01 oracle10]$ /o/ias10/opmn/bin/opmnctl startall
opmnctl: starting opmn and all managed processes...
[oracle10@csdb01 oracle10]$ /o/ias10/bin/emctl start iasconsole
TZ set to Europe/Amsterdam
Oracle Enterprise Manager 10g Application Server Control Release 10.1.2.0.0
Copyright (c) 1996, 2004 Oracle Corporation. All rights reserved.
http://csdb01.cs.nl:1810/emd/console/aboutApplication
Starting Oracle Enterprise Manager 10g Application Server Control ....... started successfully.
[oracle10@csdb01 oracle10]$ /o/ias10/oca/bin/ocactl start

OracleAS Certificate Authority 10g (10.1.2)

Copyright (c) 2003, 2004, Oracle Corporation. All rights reserved.

OracleAS Certificate Authority administrator password:
OCA service started.

[oracle10@csdb01 oracle10]$
OK - ready for test 1: Verify the Database Server can Bind to OID; actually, I already did that, but here is the code once more:
ldapbind -h csdb01 -p 3160 -U 3 -W file:/etc/wallets/oracle10 -P welcome1
That results in a successful bind, and concludes test1.
Second in test (if you are wondering where these tests come from: it's the March 2005 revision of Metalink note 185275.1): Verify the database is registered:
SQL> show parameter RDBMS_SER NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ rdbms_server_dn string
Hmm.. Need to change that:
SQL> alter system set 2 rdbms_server_dn='CN=o10gR1,CN=OracleContext,DC=nl, DC=cs' scope=spfile; System altered.
OK Done. Need to bounce the database; and verify:
NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ rdbms_server_dn string CN=o10gR1,CN=OracleContext,DC= nl, DC=cs
Make sure you have the server in the correct context in the Enterprise Security Manager!

Steps 3 through 6 have been completed successfully, here are some snapshots:

Navigating...


Continued Jan, 25th, 2006: and this is where it ended... Why this post was in draft status for so long, I don't remember; I do remember however, I got really fed up with the horrible errors I received when testing the lot.
The listener core dumped, as well as under Windows, as under Linux. For all of these versions: 9.2.0.4, 9.2.0.6, 10.1.0.4 and 10.2! By the time I'd figured all that out, I failed to see the (probable) cause of all this: dn has domain suffix in the wrong sequence. Just reread the 'Enterprise Security' threads... ;).

In the mean time, I discussed the setup and possibilities with a collegue, and he got it to work. Seen it, helped him out, just (...) need to document it properly. Will be done, rest assured.
Edit: Well, I got it working, finally - just take a look here.

Tuesday, September 13, 2005

Oracle announces plan to buy Siebel

What's going on here?!? Somebody is executing "if you can't beat 'em, buy 'em" on a massive scale, or what?
We'll see - hopefully it isn't going to be a Peoplesoft replay.