RE: Using OID

Hi Rich,

Thanks much for detailed information. I was glad to see an OID implementation out in the field. Couple of more questions:

I know TNSNAMES.ORA can be replaced by OID, but have you taken the next step and migrated Oracle accounts to OID? We are looking at OID to centralize user management tasks that have become very resource intensive, given large number of Oracle databases at our site. I was researching Oracle web sites and other sites, but didn't find any white paper about OID and centralized user management. Sure, our goal is to have single-sign-on, but our applications are not SSO compliant yet, and are not going to be SSO-compliant any time soon. So, we are looking at only migrating accounts to OID if that's possible. Could OID be used as a centralize authentication repository? Does it require applications modifications? Any experience with this task?

Thanks,
Jay

-----Original Message-----
Sent: Monday, April 08, 2002 4:48 PM
To: Multiple recipients of list ORACLE-L

OiD! After several weeks of pain, here's what I've learned:

1. Create your database(s) manually. The GUI creates the traditional "the least we need to get it going without a real DBA" database. Note 159031.1 on Metalink will guide you thru the basic create.
2. If you intend on using replication (a good idea), study up on Oracle ASR, but realize that OiD doesn't use ASR in the traditional way, at least according to Oracle Support. In other words, if OiD has problems replicating, it's an OiD problem and not an ASR problem, as far as Oracle Support is concerned.
3. According to Oracle Support, you cannot use hot backups as a reliable means of backup/recovery for OiD in a replicated environment. While I agree with their reasoning in theory, I believe that a good DBA (and me, too!) can still use it, but with care on the recovery. For more info, see the OiD Admin Guide.
4. Speaking of the OiD Admin Guide: Read it, learn it, study it, know it. All 688 pages of it. The concepts in there are KEY! The one that burned me is the concept of a Remote Definition Site (RDS). You're "primary" server is the MDS (Master Definition Site). We tried to treat our second "backup" OiD server as a read-only. Don't do it. Treat all other replication nodes as RDSs. It will save you tons of headaches.
5. Why isn't "RDS" mentioned specifically in the OiD Admin Guide? Because of a lack of coherent documentation. Lookup all the articles you can on Metalink regarding OiD. Some haven't been updated for v3, but they're still good.
6. Do not use any version below 3.0.1 of OiD, which requires (and comes with) Oracle 9i. We had too many bugs, especially in the OiD Administrator program with v2.x.
7. Use Linux. There are some nasty little gotchas in NT/2000 that I really despise (keep reading).
8. Only use an Oracle Certified platform and version of the OS. Oracle Support will have a cow udderwise.

9+) Use scripts to startup and shutdown OiD. If you try and do it manually and shut the oidmon down before the LDAP and replication daemons, the daemons won't shutdown. On Linux, you can restart the oidmon, and the daemons should shutdown, but on NT/2000 they will hang there forever until you re-freaking-boot. Who writes this crap? There's no rebooting on Linux/Unix! I haven't tried OiD on Unix (I think OiD v3's available on HP/Solaris), so I can't say what'll happen there. As an aside, many OiD tools are Unix/Linux shell script, which are not directly available on Windohs. Just another reason to avoid Windows for OiD.

1. I just started to test moving from ONames to OiD. Apparently there's no way to create the "OracleContext" LDAP tree manually, so you've got to use the Oracle Net Config Assist ("netca"). I'm trying to determine if the "update" it does to the OiD DBs schwanzes up the rest of OiD first before continuing.

I intend to make my creation of a replicated OiD setup on RedHat 7.1 available on my website, but I just haven't had the time yet, and my PC and Alpha/Linux box are sitting on a concrete slab at home while I redo my basement. :(

HTH! GL! I'll let you know when I get that page up. :)

Rich Jesse                           System/Database Administrator
Rich.Jesse_at_qtiworld.com              Quad/Tech International, Sussex, WI USA

> -----Original Message-----
> From: Yechiel Adar [mailto:adaryechiel_at_hotmail.com]
> Sent: Sunday, April 07, 2002 11:18 AM
> To: Multiple recipients of list ORACLE-L
> Subject: Using OID
>
>
> Hello list
>
> We intend to implement OID as replacement for tnsnames (at first).
>
> Pit falls, Real time experience etc...???????
>
> Yechiel Adar, Mehish.
>

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jesse, Rich
  INET: Rich.Jesse_at_qtiworld.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


****************************************************************************
This electronic message contains information from CTIS, Inc., which 
may be company sensitive, proprietary, privileged or otherwise protected 
from disclosure. The information is intended to be used solely by the 
recipients named above. If you are not an intended recipient, be aware 
that any review, disclosure, copying, distribution or use of this 
transmission or its contents is prohibited.  If you have received this 
transmission in error, please notify us immediately at MIS_at_ctisinc.com. 
****************************************************************************



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jay Mehta
  INET: Jmehta_at_ctisinc.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).