Install Oracle Enterprise Edition Database Product Set

Before installing the Oracle Internet Directory (OID), the DBA will need to perform an Oracle9i Release 2 (9.2.0.1.0) installation.

The OID product should be installed in the same ORACLE_HOME created in the Oracle9i installation (above).

I typically name the ORACLE_HOME "9.2.0" or "OIDMGR". This will typically be the only product running against the database.

After installing the Oracle9i Release 2 product set and applying any required patches, create the database that will be used by OID. I typically name the database: ORACLE_SID=OIDDB.

NOTE: It is HIGHLY recommended for production instances of OID, that it be contained on a server dedicated to only OID. No other product or application should coexist on this machine.

After installing the Oracle9i Release 2 product set, applying any database patches and creating the database, the DBA should be ready to install the OID product and schema.

NOTE !!!!!!!! : DO NOT change the password for the SYSTEM account before installing the OID product. The password needs to be set to MANAGER in order for the OID Configuration Assistant to install the base schema.

Install Oracle Internet Directory

NOTE: Before installing Oracle Internet Directory, ensure that you have followed the instructions in the above section: Install Oracle Enterprise Edition Database Product Set. Also make sure that the SYSTEM password is set to MANAGER.

Installation Phase

1. For installing OID 9.2.0, ensure that the ORACLE_HOME is set the Oracle9i Release 2 installation performed in the above section.

2. I had problems when using the Oracle 9.2.0.3.0 patchset. I first performed the Oracle9i Release 2 installation, then installed the 9.2.0.3.0 patchset, and finally installed the Oracle Internet Directory. During the OID Configuration process, it failed after the second screen, indicating that it could not connect to the OID LDAP Server. I removed all of the installed products, installed Oracle9i Release 2, did NOT installed the 9.2.0.3.0 patchset, and then successfully installed OID.

3. If you plan on using the default ports for LDAP RFC standards, (LDAP Port = 389, and LDAP SSL Port = 636), you may need to check that no application is using those ports AND that any entries in the /etc/services file defined for those ports (both TCP and UDP) are removed from the file before the OID Configuration process is run.

4. Run the "runInstaller" shell script from the Oracle9i Release 2 Enterprise Edition Product Set.

5. On the "Welcome" screen, hit "Next".

6. On the "File Locations" screen, do not change anything. Hit "Next".

7. On the "Available Products" screen, choose the "Oracle9i Management and Integration 9.2.0.1.0" radio button and hit "Next".

8. On the "Installation Types" screen, select "Oracle Internet Directory" and hit "Next".

9. Since you already created an Oracle 9i database using this ORACLE_HOME, you will be prompted by a screen called "Using an existing instance". Choose "Yes" and hit "Next".

10. In the "Database Identification" screen, type the name of the database instance you created. (i.e. OIDDB).

11. In the "OID Database File Location" screen, make sure that the directory is set to: "/u10/app/oradata/<SID_NAME>/oradata". Hit "Next".

12. On the "Summary" screen, hit "Install" to start the installation and linking phase.

Setting Values

The following values are automatically set during installation:

Setting	Value
Use of an Encrypted Password	Yes
Encryption Schema	MD4
Approximate number of directory entries to be stored inOracle Internet Directory	Under 10,000 entries
Password of the Administrator Distinguished Name	welcome

Running root.sh

The Installer creates the root.sh script in the Oracle home directory and prompts you to run the script when it finishes installing Oracle products. The root.sh script sets the necessary file permissions for Oracle products and performs other root-related configuration activities. Log in as the root user and run the script. To run the root.sh script enter the following commands:

    # cd $ORACLE_HOME
    # ./root.sh

    Entering Oracle Internet Directory Root Installation Section

    OiD Server Installation
    Checking LDAP binary file protections
    Setting oidmon file protections
    Setting oidldapd file protections
    Setting oidrepld file protections
    Setting oidpasswd file protections
    Setting oidstats.sh file protections
    Setting oidpwdr file protections
    Setting odisrv file permissions
    Leaving Oracle Internet Directory Root Installation Section

If you install Oracle9i Real Application Clusters, you must run the root.sh script on every node in the cluster.

When the root.sh script runs successfully, return to the Oracle Universal Installer. Click OK in the Alert window.

Configuration Assistant

The "Configuration Tools" assistant appears at the end of the installation and automatically starts the OID Configuration Assistant. The OID Configuration Assistant is a series of screens that significantly reduces the complexity of configuring the OID.

Screen 1

The first screen simply provides the login credentials. The values are already included and in many cases, you can simply hit the Next button. After hitting the Next button, another dialog box is presented that states "Please wait...". This process takes several minutes to complete.

Screen 2

The second screen allows you to enter the OID Server Details. By default, the OID Port defaults to 389, while the default OID SSL Port is set to 636. If the OID Configuration process fails to display the default ports, this means that the ports were not available for use. If this is the case, the OID Configuration Assistant will get a free port in the range - 4031 to 4039. (The installer will typicall choose 4032 for the non-SSL port and 4031 for the SSL port. In most cases, there were entries in the /etc/services file for ports 389 and 636 (both TCP and UDP.)

FONT: If you want to use the LDAP RFC standard ports (389 / 636), you will need to exit from the OID Configuration Assistant and Oracle Installer. I was able to exit from the Oracle Universal Installer, remove the entries in the /etc/services file, and make modifications to the script: $ORACLE_HOME/ldap/postcfg/postcfg. After you removed the entries in the /etc/services file for the 389 and 636 ports, you can safely modify the last line of the script to use the default ports from 4032(non-SSL) and 4031(SSL) to 389(non-SSL) and 636(SSL). You would then re-run the script:

% $ORACLE_HOME/ldap/postcfg/postcfg

After clicking on the Next button, you will once again, be presented with the "Please wait..." dialog box. This process will also take several minutes to complete.

Screen 3

If everything goes well, you will be presented with a third and final screen indicating that the OID installation was successfully completed. Simply click the "Finish" button and exit from the Oracle Universal Installer.

---

NOTE: Linux Users, after the installation of the Oracle Internet Directory, run the postcfg script from the command line to run the OID post-installation configuration steps:

export JAVA_HOME=/u01/app/oracle/jre/1.1.8
cd $ORACLE_HOME/ldap/postcfg
postcfg

Start the oidmon process at the command prompt.

Start an oidldapd process using the oidctl utility at the command prompt.

Now import the data. The following imports the data into a machine named cartman:

ldapmodify -c -a -v -h cartman -D "cn=orcladmin" -w "welcome" -f oidbaseacl.ldif
ldapmodify -c -a -v -h cartman -D "cn=orcladmin" -w "welcome" -f oidbase.ldif
ldapmodify -c -a -v -h cartman -D "cn=orcladmin" -w "welcome" -f oidnet.ldif
ldapmodify -c -a -v -h cartman -D "cn=orcladmin" -w "welcome" -f oidrdbms.ldif

NOTE: The LDAP schema loading is done automatically at the end of the installation. If this step does not go through, then the following ldif files should be loaded into the directory IN THE ORDER LISTED, using ldapmodify at the command line:

File Name	Description
$ORACLE_HOME/ldap/admin/oidbaseacl.ldif	This implements the default security policy.
$ORACLE_HOME/ldap/admin/oidbase.ldif	This loads the common schema required by all Oracle LDAP enabled products.
$ORACLE_HOME/ldap/admin/oidnet.ldif	This loads the schema required for LDAP support in Net8.
$ORACLE_HOME/ldap/admin/oidrdbms.ldif	This loads the schema required for Oracle8i RDBMS to use Oracle Internet Directory.

OID Configuration Assistant - How to create a new OID schema manually

The purpose of this section is to describe how to create the database components required by Oracle Internet Directory, and how to create the Oracle directory schema and its' extensions in the directory database without installing the product again.

NOTE: This operation can only be performed against a properly created database. One might need to use this procedure in order to test OID using a new database, or after a failed install. However, it's important to remember, that this procedure can be used ONLY if oracle binaries/executables are properly installed. This procedure must be performed completely without leaving any steps out. To avoid problems with install, it is suggested that the Oracle Internet Directory Installation Guide and the notes referenced at the end of this article are reviewed.

OID Configuration Assistant

At the time of installation, something called OID Configuration Assistant is executed. This is not a real utility, so there's no binary/executable to be started to run this tool again. It's possible that in some future release, this utility will be included.

The following describes how to do this manually. It is assumed that the database has been created either during the install or by using the Oracle Database Configuration Assistant.

1. Stop your LDAP server(s), replication server and oidmon if they are running.

2. In case the purpose of this exercise is to restore the OID database to a clean state, as it was after install, all the tablespaces created by the script newldapcre.sql must be dropped. See newldapcre.sql for a complete list of tablespaces, and use the following command to drop them, one at the time.

   SQL> DROP TABLESPACE <TABLESPACE_NAME> INCLUDING CONTENTS;

   If this is not done, all statements in newldapcre.sql will fail. Then drop OID database users with following commands:

   SQL> DROP USER ODS CASCADE;
   SQL> DROP USER ODSCOMMON CASCADE;

3. With sqlplus, run the following sql script when logged in as system.

   On Unix:

   SQL> $ORACLE_HOME/ldap/admin/newldap.sql

   On Windows:

   SQL> %ORACLE_HOME%\ldap\admin\newldap.sql

   This script will call other scripts which will then create all the tablespaces needed by OID, all the users, and all the database objects for them. If you want to store datafiles in a directory other than

   $ORACLE_HOME/dbs/oradata/<SID> (Unix) or 
   %ORACLE_HOME%\dbs\oradata\<SID> (Windows)

   modify newldapcre.sql accordingly before running newldap.sql.

4. If the any of the following patchsets 2.1.1.1, 2.1.1.2 or 2.1.1.3 have been applied do the following steps as well (Solaris only).
   1. If using 2.1.1.1 binaries:

      Run The Patch Configuration Assistant.

      $ORACLE_HOME/ldap/install/schema2111.sh

      Before you run the script make sure that the ORACLE environment is set and that the Oracle Internet Directory server is not running.

      Database and Listener must be up and running. The usage for this script is as follows:

      schema2111.sh -odspwd <ODS userpassword> 
                    -sudn <Oracle Internet Directory superuser DN> 
                    -supwd <Oracle Internet Directory superuser password>

   2. If using 2.1.1.2 binaries

      Do everything listed in step 4.1, as 2.1.1.2 can only be applied on top of 2.1.1.1.

      Login as ODS with sqlplus, and execute thw following sql script:

      SQL> $ORACLE_HOME/ldap/admin/ldapu2112.sql

   3. If using 2.1.1.3 binaries

      Do everything listed in step 4.1. 2.1.1.3 can be applied on top of 2.1.1.1 or 2.1.1.2, so there's no need to do step 4.2.

5. Start oidmon and LDAP server.

6. Use ldapmodify to load the Oracle schema in the directory.

   The following ldif files need to be loaded, in the same order they are listed below. All files can be found in directory:

   $ORACLE_HOME/ldap/admin (Unix) or
   %ORACLE_HOME%\ldap\admin (Windows).
   
      oidbaseacl.ldif   -> this implements the default security policy.
      oidbase.ldif      -> this loads the common schema required by all 
                           Oracle LDAP enabled products.
      oidnet.ldif       -> this loads the schema required for LDAP support 
                           in Net8.
      oidrdbms.ldif     -> this loads the schema required for Oracle8i 
                           RDBMS to use Oracle Internet Directory.

   e.g.

      ldapmodify -h <host> -p 389 -D "cn=username" -w "password" -c -v -f oidbaseacl.ldif
      ldapmodify -h <host> -p 389 -D "cn=username" -w "password" -c -v -a -f oidbase.ldif
      ldapmodify -h <host> -p 389 -D "cn=username" -w "password" -c -v -a -f oidnet.ldif
      ldapmodify -h <host> -p 389 -D "cn=username" -w "password" -c -v -a -f oidrdbms.ldif

   If using OID 9.2.0 or 3.0.1, last three ldif files can be loaded with Net Configuration Assistant by doing the following:

   - start Net Configuration Assistant (NetCA)
   - select "Directory Usage Configuration"
   - select "Create or upgrade the Oracle Schema (Advanced)"
   - select "Oracle Internet Directory" as a directory type
   - provide hostname, port number, and SSL port number
   - provide user credentials to login to the directory. User DN should be 
     cn=orcladmin and password welcome. Note that using user DN without 
     "cn=" will cause Authentication Error.

Overview

Oracle Directory Manager is a Java-based tool for administering Oracle Internet Directory. This section describes some of its basic features. More specific instructions are found in sections throughout this book that explain how to perform various tasks.

Starting Oracle Internet Directory Manager

Before you can launch Oracle Directory Manager, you must have a directory "directory server instance" running.

To start Oracle Directory Manager, follow the instructions for your operating system:

Windows NT or Windows 95

From the Start menu, click:

  Programs > ORACLE_HOME > Oracle Internet Directory > Oracle Directory Manager

Sun Solaris

If you have not set the path, then navigate to ORACLE_HOME/bin.

Type at the system prompt:

% oidadmin

NOTE: DO NOT try to launch Oracle Internet Directory Manager from the OEM console. This is a completely different version of the OID Manager and is not functional. Oracle expects to the this fixed in version 10g.

Using Oracle Directory Manager

The first time you start Oracle Directory Manager, an alert tells you that you must connect to a server. Click OK. The Directory Server Connection dialog box appears.

Connecting to a directory server

To connect to a directory server:

1. In the Directory Server Connection dialog box, type the name and port number of an available server.

   The default port is 389. You can change the port if you wish. However, if you have an Oracle directory server running on a port that is not the default, then be sure that any clients that use that server are informed of the correct port.

   Click OK. The Oracle Directory Manager Connect dialog box appears.

2. In each field of the Credentials tab page, type the information specific to this server instance as described in the next table.
   • User:

     The first time you log in, do so either as the super user or anonymously. If you intend to configure SSL features during this session, login as the super user.

     If you are logging in as the super user, in the User box, type:

     cn=orcladmin

     If you are logging in anonymously, leave the User box empty.

     If you have already set up the user's entry by using LDAP command-line tools, you can enter that user's entry in one of two ways:

     • Browse and select that entry by using the button to the right of the User field
     • Type the distinguished name (DN) for that user's entry by using the correct format, for example:

       cn=Jeff Hunter,ou=ENG,dc=idevelopment,dc=info

   • Password:

     If you are logging in as the super user and you specified a password for the super user during installation, in the Password box, type the password you specified.

     Otherwise, type the default password, namely:
     "welcome".

     After you are logged into Oracle Directory Manager and have connected to a directory server, you should change this password to protect the directory.

     If you are logging in anonymously, leave the Password box empty. If you want to login as a specific directory user, enter the corresponding password.

   • Server:

     From the Server list, select the host containing the directory server to which you want to connect.

     If you are already connected to a directory server, and you want to connect to one on a different host:

     1. Click the button to the right of the Server field. The Select Directory Servers dialog box displays a list of available servers.
     2. Select a server.
     3. Click OK.

     To add a directory server to the list:

     1. In the Select Directory Servers dialog box, click Add. The Directory Server Connection dialog box appears.
     2. In the Server field, type the name of the directory server you want to add.
     3. In the Port field, type the port number for the server you want to add.
     4. Click OK. The added directory appears in the list in the Select Directory Server dialog box.

     To modify a directory server on the list:

     1. Select the directory server you want to modify.
     2. Click Edit. The Directory Server Connection dialog box appears.
     3. Modify the Server and Port fields, then click OK. The modifications for that server appear in the list in the Select Directory Server dialog box.

   • Port:

     The default port (389) appears in this field. If there is more than one directory server instance on the same host, each directory server instance has a different port, and that port number appears in this field when you select the directory server instance.

     To change this port number:

     1. Click the button to the right of the Server field.
     2. In the Select Directory Server dialog box, select the directory server.
     3. Click Edit. The Directory Server Connection dialog box appears.
     4. In the Directory Server Connection dialog box, in the Port field, enter the new port number, then click Ok.

   • SSL Enabled:

     Selecting this check box causes all commands you issue by using Oracle Directory Manager to be sent over Secure Sockets Layer (SSL). You can connect to a directory server either with or without SSL. If you connect by using SSL, then Oracle Directory Manager becomes an SSL client.

     You can connect in this way if both of the following two conditions are met:

     1.) The server to which you are connecting uses SSL. If that server does not use SSL, and you select this check box, then authentication will fail.

     2.) You have already created a wallet containing a certificate and a list of trusted certificates.

1. In order to properly De-install OiD properly (versions 2.x.x, 3.x.x, or 9.2.0), it must be done using the following steps:

2. Stop your oidldapd processes with the oidctl command line interface

3. Stop your oidmon processes with the oidmon command line interface

4. Drop the OiD database Schema in the database. See the following example Oracle SQL script that removes the OID schema. (Note: Make sure you have a good cold backup in case you want to reinstall.)

5. Use the Oracle Universal Installer to completely remove OiD.

*************** SCRIPT TO DROP OiD SCHEMA OBJECTS: ****************

rem Drop Tablespaces for ODS Schema
drop user ODSCOMMON cascade; 
drop user ODS cascade; 
drop tablespace olts_attrstore including contents and datafiles; 
drop tablespace olts_ct_dn including contents and datafiles; 
drop tablespace olts_ct_cn including contents and datafiles; 
drop tablespace olts_ct_objcl including contents and datafiles; 
drop tablespace olts_ct_store including contents and datafiles; 
drop tablespace OLTS_TEMP including contents and datafiles; 
drop tablespace olts_default including contents and datafiles; 
drop tablespace olts_ind_attrstore including contents and datafiles; 
drop tablespace olts_ind_ct_dn including contents and datafiles; 
drop tablespace olts_ind_ct_cn including contents and datafiles; 
drop tablespace olts_ind_ct_objcl including contents and datafiles; 
drop tablespace olts_ind_ct_store including contents and datafiles;

Troubleshooting Start / Stop of Oracle Internet Directory

Overview

The purpose of this article is to describe how the Oracle Internet Directory start / stop mechanism works, and with that information, help to troubleshoot possible problems with start and stop of the OID server.

This article is for everyone who needs to start / stop Oracle Internet Directory servers, oidldapd and oidrepld and concentrates mainly on oidldapd, but the same theory applies to oidrepld as well.

Tools and Process Architecture

Before we can successfully solve problems related to start / stop of Oracle Internet Directory servers, we need to know what is the purpose of every tool involved, and how those tools work together. Also, in order to troubleshoot possible problems, it's necessary to be familiar with the process architecture of Oracle Internet Directory.

Almost all documents say that tool called "oidctl" is used to start and stop OID servers, oidldapd (LDAP server) and oidrepld (replication server). This statement is slightly misleading, as oidctl doesn't directly control any of those.

When oidctl is executed, it connects to the database as user ODSCOMMON and simply inserts/updates rows into a table ODS.ODS_PROCESS depending on the options used in the command. A row is inserted if the START option is used, and updated if the STOP or RESTART option is used. So there are no processes started at this point, and LDAP server is not started.

In table ODS.ODS_PROCESS, we have the following information (list not complete):

- instance - the number of instance in question, must be unique
- pid      - process id, will be updated by oidmon when process is 
             started
- state    - type of the operation requested
             possible values for state:
         0=stop
         1=start
         2=running
         3=restart

To control the processes (servers) we need to have OID Monitor (oidmon) running. This monitor is often called daemon or guardian process as well. When oidmon is running, it periodically connects to the database and reads the ODS.ODS_PROCESS table in order to start/stop/restart related processes.

When oidmon finds a row with state=0, it reads the pid and stops the process.

With state=1: oidmon starts a new process and updates pid with a new 
              process id.

With state=2: oidmon reads the pid, and checks that the process with 
              the same pid is running. If it's not, oidmon starts a new 
              process and updates pid accordingly.
With state=3: oidmon reads the pid, stops the process, starts a new one 
              and updates the pid accordingly. If oidmon can't start 
              the server for some reason, it retries 10 times, and if
              still unsuccessful, it deletes the row from the
              ODS.ODS_PROCESS table.

So oidctl only inserts/updates state information, and oidmon reads rows from ODS.ODS_PROCESS, and performs specified tasks based on the value of the state column.

In order to successfully troubleshoot possible problems related to start / stop of servers, we also need to know what processes are involved, and who controls them. So far, we have only discussed about a "process". In fact, the LDAP server contains at least two processes, based on the configuration used to start the server.

Oidmon itself is a process (called oidmon on unix, oidmon.exe on windows). When oidctl is used to start the server, we have to specify an instance number, which is any number between 0 and 1000. When oidmon starts this instance, it actually starts one process, which is the dispatcher/listener process. Note that this listener process is not the same as the net8 listener process. The id of this process is stored in the ODS.ODS_PROCESS table. Then that new process starts a number of server processes. This number is defined in the configuration set.

NOTE: These processes are started and controlled by the listener/dispatcher process, not by oidmon. If one of these processes dies for some reason, it's automatically restarted by the listener/dispatcher. Both the listener/dispatcher process and server process are called oidldapd on unix, and oidldapd on NT.

Similarly, when oidctl is used to stop the server, oidmon actually stops the listener/dispatcher process, which first stops all related server processes.

Troubleshooting

As we can notice, the architecture is fairly complicated, and therefore it's extremely important to understand how the product works before we can troubleshoot possible problems.

Problems with oidctl

First of all, syntax obviously has to be correct. Note:125301.1 provides a good set of examples for oidctl and oidmon. For detailed information, see the Oracle Internet Directory Administrator's Guide.

Because the only task oidctl has is to insert / update table ODS.ODS_PROCESS in the database, it's obvious that the database and listener have to be fully accessible when oidctl is used. On the other hand, error messages received are very clear if the DB/listener are not accessible.

One common cause of problem is user ODSCOMMON, which is used to connect to the database. If error ORA-1017 is signalled, it's worth checking that ODSCOMMON user has been created. This normally means an incomplete install. This can be fixed by reinstalling the product, or following steps listed in note:159031.1.

Also, the default password for ODSCOMMON is ODSCOMMON, and that cannot be changed. It's hardcoded in oidctl, and changing that on the database level will cause ORA-1017. Note that there's no security risk not being able to change ODSCOMMON password, as it has only connect privilege by default. Other privileges come via a role ODS_SERVER, which is password protected, and that password can be changed. Another common mistake is the "connect" option in the oidctl syntax. The value of that option is the tns alias (connect string) to the database, not the hostname or anything else.

The easiest way to test that the database and net8 configuration are fine, and that all database components are like they should be, is to connect to the database with sqlplus installed in the same oracle home directory as oidctl, and login as odscommon/odscommon@<tns alias>, where <tns alias> is the same as used with the "connect" option in oidctl. Also, ensure that the database is the right one, not another one with OID installed.

When all this is working fine, then selecting from ODS.ODS_PROCESS should give rows with states described above.

Processes don't start

When confirmed that information in ODS.ODS_PROCESS is what it should be, and the problem still exists, we need to investigate why processes are not started.

First, like mentioned above, when everything is working fine, we should see at least three processes. One called oidmon, and at least two called oidldapd.

If oidmon is not running, there's no one to start/stop servers, and even if info in the table is correct, processes don't start. Also note that oidmon reads the ODS.ODS_PROCESS table using an interval, which is controlled by the "sleep" option when starting oidmon (default 10 secs). Always give some time for oidmon to complete the requested operation before stopping it. Also note that when oidmon is started, it doesn't connect to the database directly. Database connections are done periodically when oidmon is running. Therefore a problem with Net8 or the database itself will not cause ANY errors to be signalled at the time of oidmon startup. Everything seems to be ok, but oidmon process disappears. See oidmon.log for details about the problem.

Although documentation says that oidmon must be started before oidctl is used, this is not mandatory because oidmon and oidctl don't directly communicate with each other. This can cause scenarios, where everything is stopped (=no processes running) after a machine reboot, but using oidctl to start an instance gives an error saying that the specified instance number is already in use.

If oidmon is running fine, and information is correct in the ODS.ODS_PROCESS table, and still processes don't start or connect to the LDAP server fails, we need to take a look to traces generated.

All traces are created in the directory $ORACLE_HOME/ldap/log (Unix) or %ORACLE_HOME%\ldap\log (Windows), and use the following naming format:

    - oidmon.log
    - oidldapd<xx>.log       where <xx> is the instance number
    - oidldapd<xx>s<yy>.log  where <xx> is the instance number and <yy>
                             is the pid.

oidldapd<xx>.log is created by thelistener/dispatcher process (one per instance) and oidldapd<xx>s<yy>.log by the server process(at least one per instance).

oidmon.log doesn't normally give useful information, as oidmon doesn't know why a process is not started, or why it's dying. You will probably only see information which tells that the process is not running,restarting process.

But for troubleshooting, traces created by listener/dispatcher and server processes are relevant.

If the error listed in the trace doesn't give any hits in metalink, the following should be done:

- shutdown LDAP the servers and oidmon, if running (on Windows, stop 
  the directory service as well)
- remove/rename old trace files
- start oidmon and the LDAP server with maximum debug level 65535. 
  Note that you need to stop/start the server in order to get the
  trace,restarting is not enough (see bug:1702226)
- investigate new traces, and if needed, log an iTAR with Oracle   
  Support Services and upload all traces to the iTAR.

Known problems on this area

Bug:1816256  OIDLDAPD PROCESSES ARE NOT KILLED WHEN DB IS SHUTDOWN/CRASHES
Bug:1608778  LDAP SERVER FAILOVER DOES NOT WORK
Bug:1940996  LDAP SERVER DOESN'T START IF FLAGS ARE USED

Related Documents

Oracle Internet Directory Administrator's Guide
Note:121997.1     Unable to connect to OID Server - Bind Failed
Note:91435.1      Cannot Start LDAP instance
Note:1015431.102  ORA-1000 WHILE ADDING ENTRY CN=INSTANCE1,CN=OSDLDAPD, 
                  CN=SUBREGISTRYSUBENTRY