How To Configure LDAP-Based Replication Between 10g OID Supplier and 11g OID Consumer
(Doc ID 1355305.1)
Last updated on MAY 04, 2021
Applies to:Oracle Internet Directory - Version 10.1.2 to 11.1.1 [Release 10gR2 to 11g]
Information in this document applies to any platform.
Because this Note configures replication of all entries, including cn=oraclecontext, it will overwrite ALL 11g OID Password Policies and DIP (odisrv) related entries with only 10g entries, which can cause major problems.
Use this Note with caution and **Only** if No OID password policies nor DIP is, or will ever be, needed.
Keep good backups at each major change/stage.
If DIP or password policies are needed, consider using instead:
How To Setup Partial Replication Between Lower and Higher OID 11g Nodes As Part Of Migration? (Doc ID 2053233.1)
Although this Note does not reference 10g specifically, the same concepts as it is not replicating cn=oraclecontext, just users and groups entries.
In the case 10g cn=oraclecontext entries are indeed needed to be replicated, i.e., due to previous 10g Portal, Forms, RADs or other integration, consider forgoing replication and using the section labeled "Copy OSSO 10g related details from OID 10g to OID 11g" from:
How to Perform a New Installation of Fusion Middleware 126.96.36.199 And Oracle Portal 188.8.131.52 With Oracle Access Management 184.108.40.206+ as Single Sign-On Solution ? (Doc ID 1561436.1)
Which will migrate oraclecontext without overwriting the 11g entries one time. If replication from 10g is needed until a future cutover date, then setup only partial replication as per Note 2053233.1 above.
This document exemplifies how to configure LDAP-Based Replica between 10g Oracle Internet Directory (OID) Supplier and 11g OID Consumer.
The document follows the following link documentation:
Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1)
Chapter 40 Setting Up Replication
Section 220.127.116.11 Setting Up an LDAP-Based Replica by Using the ldifwrite Tool
Section 40.1.7 Rules for Configuring LDAP-Based Replication
Which includes the following rules:
- LDAP Multimaster replication is not backward compatible. It is only supported between replicas that are running 11g Release 1 (11.1.1).
- For either multimaster replication or two-way fan-out replication, all nodes must be running the same release of Oracle Internet Directory. Therefore, you must turn off replication while performing rolling upgrades.
- In general, do not replicate changes generated on a newer version of Oracle Internet Directory to a node that has not yet upgraded to that version. If you do, the changes can contain information that the earlier version cannot properly interpret.
This Note gives a complete step-by-step example for the following scenario:
<OID_HOSTNAME1> 10.1.2.2 Supplier -> <OID_HOSTNAME2> 18.104.22.168 Consumer
Including command samples and command output.
Observation 1: Similar configuration applies to OID versions 10.1.2.x with 11.1.1.x.
Observation 2: Similar configuration applies to OID versions 10.1.4.x with 11.1.1.x, with some differences regarding bulkload and ldifwrite commands that differ between 10.1.2.x and 10.1.4.x versions (reference Document 555620.1).
Considerations for configuring Replication between OID 10.1.2/10.1.4 and OID 11g:
1. The OID 11g remtool command line tool must be used to configure Replication. It is not possible to use the 11g "Replication Wizard". The "Replication Wizard" will only allow an 11g OID instance be configured as a Supplier node.
2. The task to "Back Up the Metadata" of the 11g OID instance is only needed if the Oracle Single-Sign-On Server ( SSO ) or OIDDAS version 10.1.4.3 are installed and integrated with an OID 11g. Identity Management 11g does not include Oracle Single-Sign-On and OIDDAS. The command "remtool -backupmetadata" fails if SSO and OIDDAS are not integrated with the OID 11g.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document