Hi Rich,
Thanks much for detailed information. I was glad to see an OID
implementation out in the field. Couple of more questions:
I know TNSNAMES.ORA can be replaced by OID, but have you taken the next step
and migrated Oracle accounts to OID? We are looking at OID to centralize
user management tasks that have become very resource intensive, given large
number of Oracle databases at our site. I was researching Oracle web sites
and other sites, but didn't find any white paper about OID and centralized
user management. Sure, our goal is to have single-sign-on, but our
applications are not SSO compliant yet, and are not going to be
SSO-compliant any time soon. So, we are looking at only migrating accounts
to OID if that's possible. Could OID be used as a centralize authentication
repository? Does it require applications modifications? Any experience with
this task?
Thanks,
Jay
-Original Message-
Sent: Monday, April 08, 2002 4:48 PM
To: Multiple recipients of list ORACLE-L
OiD! After several weeks of pain, here's what I've learned:
1) Create your database(s) manually. The GUI creates the traditional
the least we need to get it going without a real DBA database. Note
159031.1 on Metalink will guide you thru the basic create.
2) If you intend on using replication (a good idea), study up on Oracle
ASR, but realize that OiD doesn't use ASR in the traditional way, at least
according to Oracle Support. In other words, if OiD has problems
replicating, it's an OiD problem and not an ASR problem, as far as Oracle
Support is concerned.
3) According to Oracle Support, you cannot use hot backups as a
reliable means of backup/recovery for OiD in a replicated environment.
While I agree with their reasoning in theory, I believe that a good DBA (and
me, too!) can still use it, but with care on the recovery. For more info,
see the OiD Admin Guide.
4) Speaking of the OiD Admin Guide: Read it, learn it, study it, know
it. All 688 pages of it. The concepts in there are KEY! The one that
burned me is the concept of a Remote Definition Site (RDS). You're
primary server is the MDS (Master Definition Site). We tried to treat our
second backup OiD server as a read-only. Don't do it. Treat all other
replication nodes as RDSs. It will save you tons of headaches.
5) Why isn't RDS mentioned specifically in the OiD Admin Guide?
Because of a lack of coherent documentation. Lookup all the articles you
can on Metalink regarding OiD. Some haven't been updated for v3, but
they're still good.
6) Do not use any version below 3.0.1 of OiD, which requires (and comes
with) Oracle 9i. We had too many bugs, especially in the OiD Administrator
program with v2.x.
7) Use Linux. There are some nasty little gotchas in NT/2000 that I
really despise (keep reading).
8) Only use an Oracle Certified platform and version of the OS. Oracle
Support will have a cow udderwise.
9+) Use scripts to startup and shutdown OiD. If you try and do it
manually and shut the oidmon down before the LDAP and replication daemons,
the daemons won't shutdown. On Linux, you can restart the oidmon, and the
daemons should shutdown, but on NT/2000 they will hang there forever until
you re-freaking-boot. Who writes this crap? There's no rebooting on
Linux/Unix! I haven't tried OiD on Unix (I think OiD v3's available on
HP/Solaris), so I can't say what'll happen there. As an aside, many OiD
tools are Unix/Linux shell script, which are not directly available on
Windohs. Just another reason to avoid Windows for OiD.
10) I just started to test moving from ONames to OiD. Apparently
there's no way to create the OracleContext LDAP tree manually, so you've
got to use the Oracle Net Config Assist (netca). I'm trying to determine
if the update it does to the OiD DBs schwanzes up the rest of OiD first
before continuing.
I intend to make my creation of a replicated OiD setup on RedHat 7.1
available on my website, but I just haven't had the time yet, and my PC and
Alpha/Linux box are sitting on a concrete slab at home while I redo my
basement. :(
HTH! GL! I'll let you know when I get that page up.:)
Rich Jesse System/Database Administrator
[EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA
-Original Message-
From: Yechiel Adar [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 07, 2002 11:18 AM
To: Multiple recipients of list ORACLE-L
Subject: Using OID
Hello list
We intend to implement OID as replacement for tnsnames (at first).
Pit falls, Real time experience etc...???
Yechiel Adar, Mehish.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Jesse, Rich
INET: [EMAIL PROTECTED]
Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists
To
