Tag: Oracle Osama ACE

Integrate Weblogic With Active Directory Using LDAPS

Posted on by Osama Mustafa in Fusion Middleware
In this post i will show how to integrate weblogic with active directory under LDAPS Port 636 and now using the 389, This is usually will work on different version of weblogic in my case i am using weblogic 12C.

I tried to make this article as simple as it’s, since i faced different issue during this and couldn’t find any articles or Oracle Support document that related to any of the issue i faced so i am writing this blog to share it and could be useful for people.

Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and role mapping .Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well one of these external provider is Active directory authentication. 

Important note :- Before start any of these steps you should ask your system administrator to create active directory user the purpose of this use only to read active directory information and system administrator should provide you with distinguished name (DN) for this user, and Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User.

Steps:



  • to enable the port you have to do different things before start doing the configuration from weblogic side, since we are using SSL Port and not the unsecured one you have to import the certificate first, the certificate could be provided to you by the system administrator, in my case to avoid any wasting of time i used Jdeveloper to import the certificate because the Jdeveloper having the capability to connect to the LDAP server in both way (636 or 389 ) once you are connected you can import the certificate.
  •  Now after importing the certificate go the weblogic server and run the below command i choose to save my certificate under #WLS_HOME/wlserver/server/lib :

keytool -import -trustcacerts -alias NEWAD -file Certifcate_name  -keystore NEWAD.jks -storepass Oracle123

    •  Alias  : the alternative name for the certificate you can choose yours but make it clear.
    • file : the certificate location where you imported from Jdeveloper or by system admin.
    • keystore : the output file and should be JKS format.
    • storepass : the password for the imported certificate.
  • once you are done from the above steps, shutdown the adminserver and managed server using the console of the weblogic and edit the setDomainEnv.sh or setDomainEnv.cmd depend on your operating system then add the below lines ( the location of the JKS file)

JAVA_OPTIONS=”${JAVA_OPTIONS} -Djavax.net.ssl.trustStore=/u01/Oracle/Middleware/fmw_soa/wlserver/server/lib/NEWAD.jks

  • Now start the AdminServer, the following steps should be done before testing anything.
  • as you see from the below picture choose custom keystore and start fill the information which is the location for the JKS without putting the file, the password for the certificate that you choose it while importing. 
  • After that you should modify the SSL part, this time you have to remember the alias and the password like the below :-
  • Under Security Realms on the left panel choose providers > New providers 
  • Weblogic having different external provider > but we want Active Directory, make sure to choose the right one.
  • Some changes should be done after the provider created which is the order and flag of the  provider , for the order the Active directory provider should come first and flag should be SUFFICIENT.
  • Start fill the information like the below which AD Host, Active directory user ( Should be created first ), Password for the user, User Base DN and in the last Group Base DN ” Don’t change anything else” and check on SSL enabled.
  • For testing and if the provider working or not, under user and groups you should be able to see the AD users and groups now in the weblogic.
Some of the errors that i face during the configuration which is related to certificate in general, i shared these error to allow people to understand what kind of errors they will face and how to solve it:


  • Error [Security:090834]No LDAP connection could be established. ldaps://HOST:636 Cannot connect to the LDAP server 

  • weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection

  • Caused by: java.lang.reflect.InvocationTargetException

  • Caused by: netscape.ldap.LDAPException: General SSLEngine problem (91); Cannot connect to the LDAP server
  • Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
  • Caused by: sun.security.validator.ValidatorException: PKIX path building failed
  • Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thank you
Osama 

Timesten 15022: OraclePwd connection attribute

Posted on by Osama Mustafa in Database

con1: Command> call ttgridcreate (‘samplegrid’);
15022: OraclePwd connection attribute needs to be specified and has to be non-empty for using IMDB Cache features
 5109: Cache Connect general error: BDB connections not open.

As you see from the error,The OraclePWD connection attribute is not specified. which mean caching will not be enabled till you are set OraclePWD parameter , to do this reconnect with the following connection :-

connect “dsn=tt_orcldwh;uid=cacheadm;OraclePWD=cacheadm”;

Run your command again

Thank you
Osama Mustafa 

Flush Linux Buffer Cache

Posted on by Osama Mustafa in Operating system
Cache is used to keep data to use frequently by operating system,  But sometimes memory is getting low linux provide some memory Command line to monitor Memory status Check the below link :-

1- Linux Check Memory Usage Here.
2- 18 Command Line Tools to Monitor Linux Performance here.

There are options available to flush cache of linux memeory :-

Flush everything ( Pagecache, dentries and inodes )  :-

 sync; echo 3 > /proc/sys/vm/drop_caches.

Flash dentries and inodes :-

 sync; echo 2 > /proc/sys/vm/drop_caches

Flash PageCache only

sync; echo 1 > /proc/sys/vm/drop_caches

All the command should be Run As root.

Schudle the above command as job using crontab , choose from the above command what you need :-

0  *  *  *  *  /root/memory.sh

Memorysh –> should be contain one the above script run as root.

Thank you
Osama mustafa

 

Unable to Determine Console Port when Trying to Run emctl start iasconsole

Posted on by Osama Mustafa in Fusion Middleware
The Situation for me like this, Database version 11.2.0.3, Real Application Cluster two nodes, Enterprise manager working and configured without any problem,

emctl start dbcsonole 

Working without any errors, metrics collected, but when trying to run

emctl start iasconsole

Or

emctl istart iasconsole  

The Error ” Unable to determine console port, default-web-site.xml : no such file or directory”

The File is exists, and configured to run oc4j on port 8888, http://hostname:888/em not working with error “iasconsole service should be stopped”. Weird !!!!!

 Operating system Oracle Linux 64bit, After investigation i discovered that binary/files for oc4j in ORACLE_HOME was corrupted and not working correctly however this is what i did to fix this error :-

First Download OC4J_extend.zip from here, this zip file contain same directory files ( xml,config ) in oc4j ($ORACLE_HOME/oc4j) so extract this file inside this path, if oc4j not exist create one and extract the zip file into this directory.

But this is will not make oc4j works, complete the below steps to make sure everything is working fine.

[oracle@PROD bin]$ ./java -jar /u01/app/oraclenew/product/11.2.0/dbhome_1/oc4j/j2ee/home/oc4j.jar

Apr 3, 2014 2:51:51 PM com.evermind.server.XMLApplicationServerConfig randomizeJtaAdminPassword
INFO: Updating JtaAdmin account

14/04/03 14:52:30 Set OC4J administrator’s password (password text will not be displayed as it is entered)
Enter password:            
Confirm password:          
The password for OC4J administrator “oc4jadmin” has been set.
14/04/03 14:52:35 The OC4J administrator “oc4jadmin” account is activated.
14/04/03 14:52:39 Oracle Containers for J2EE 10g (10.1.3.3.0)  initialized

Now Test the Link –> Http://localhost:8888/em and it’s working
Thank you 
Osama Mustafa

Enable SSH On Windows EM12C Purpose

Posted on by Osama Mustafa in Application, Operating system
Uploading Agent to windows/Linux needs ssh Port to be open and enabled, ssh not enabled on windows by default and do it Cygwin should be installed.

Configure Cygwin so simple, follow the below steps :-

Download Cygwin from Here, Upload File to the windows Server and Run the setup.

SSH Package should be chosen while installation.
After Installation Run cygwin terminal as Administration ( Right click on the icon and Choose the option )
Now Enable ssh should be done by run below command :-

/usr/bin/ssh-host-config

Should privilege separation be used? (yes/no) yes
new local account ‘sshd’? (yes/no) yes
Do you want to install sshd as a server? Yes
Enter the value of CYGWIN for the daemon: [] (DON’T ENTER ANYTHING, PRESS ENTER)
Do you want to use a different name? (yes/no) no
Create new privileged user account ‘cyg_server’? (yes/no) yes
Please enter the password: ENTER YOUR PASSWORD HERE
Reenter: RE-ENTER YOUR PASSWORD

Using Command Prompt ( cmd )

Start ssh by –> net start sshd
Stop ssh by –> net stop sshd

Another way posted by my friend Maaz you can check it here.

Thank you 
Osama Mustafa

HTTP3094: 1 listen sockets could not be created / Oracle IPlant

Posted on by Osama Mustafa in Application, Fusion Middleware
When Trying to Startup iplant Instance the below error Appearing every-time :

TEST siebel: :/Siebel/iPlanet/webserver7/https-Osama_TST/bin\>./startserv
Oracle iPlanet Web Server 7.0.15 B04/19/2012 21:52
info: CORE5076: Using [Java HotSpot(TM) 64-Bit Server VM, Version 1.6.0_24] from [Sun Microsystems Inc.]
startup failure: could not bind to port 8080 (Address already in use)
failure: HTTP3127: http-listener-1: http://TEST:8080: Error creating socket (Address already in use)
failure: HTTP3094: 1 listen sockets could not be created
failure: server initialization failed

From the above error you notice that Port 8080 is already in use.

The Solution :

ps -ef |grep webservd

and Use Kill -9

Try Again Now

Thank you
Osama Mustafa