Increasing Email Quota in Bulk – Oracle Collabsuite 10g

Introduction:

Some times we get a situation for increasing email quota for users. For example in Oracle Collabsuite 10g we have a default email quota limit of 38M and some times we want to increase or decrease the limit depending on the requirements.

In such situation we can change the global settings for email quota and any new users created will have the email quota that we specified. But what happens to the existing users? Problem is they will have same quota limit which was set at the time of creation.  However we can also change the quota of existing users as well, not just one by one but in bulk.

This post covers changing email quota for new users and existing users.

Changing E-mail quota for New users

Follow below steps for changing quota for new users

  1. Login to Oracle Web Mail client. The user should be domain administrator.
  2. Navigate to Administration tab
  3. Select an installation from the Installation drop-down list.
  4. Select a domain from the Domain drop-down list.
  5. Click Submit.
  6. Modify the following attributes:

*mail Quota (MB)**:  *(We can put 50MB here)

*** Note: 1048576 MB is the maximum quota that can be specified in this field. If you enter 0, a user has unlimited quota.

For more information check – Oracle Collabsuite Documentation

Changing E-mail quota for Existing Users

To change the email quota for existing users we need to make modification to one of the parameters in OID. For that you can get the value of that parameter from OID into an ldif file using ldapsearch and then modify the file and upload again using ldapmodify. Here are the steps

1) Retrieve information from OID using ldapsearch

$ORACLE_HOME/bin/ldapsearch -h <OID_HOST> -p <OID_PORT> -D “cn=orcladmin” -w <PASSWD> -b
“cn=Users,dc=yourdomain,dc=com,cn=um_system,cn=EMailServerContainer,cn=Products,
cn=OracleContext” -s sub “objectclass=*” dn orclmailquota > quota.ldif

Example:

ldapsearch -h ap6019fems -p 389 -D “cn=orcladmin” -w ocs10gadm -b “cn=Users, dc=ap6019fems, dc=us, dc=oracle, dc=com, cn=um_system, cn=EMailServerContainer, cn=Products, cn=OracleContext” -s sub “objectclass=*” dn orclmailquota > quota.ldif

2) Modify quota.ldif created above

In order to update the information about email quota, modify the ldif file created above so that file looks as given below.

dn:
mail=test1@test.yourdomain.com,cn=users,dc=yourdomain,dc=com,cn=um_system,cn=EMailServerContainer,cn=Products,cn=OracleContext
changetype: modify
replace:orclmailquota
orclmailquota: 50000000

dn:
mail=test2@test.us.oracle.com,cn=users,dc=yourdomain,dc=com,cn=um_system,cn=EMailServerContainer,cn=Products,cn=OracleContext
changetype: modify
replace:orclmailquota
orclmailquota: 50000000

dn:
mail=test3@test.us.oracle.com,cn=users,dc=yourdomain,dc=com,cn=um_system,cn=EMailServerContainer,cn=Products,cn=OracleContext
changetype: modify
replace:orclmailquota
orclmailquota: 50000000

where orclmailquota is the value of quota you want to modify. The values is in bytes.

3) load the modified ldif file

$ORACLE_HOME/bin/ldapmodify -h <ldap-host> -p <ldap-port> -D “cn=orcladmin” -w
<orcladmin_password> -f user.ldif

Example:

$ORACLE_HOME/bin/ldapmodify -h ap6019fems -p 389 -D “cn=orcladmin” -w
ocs10gadm -f quota.ldif

Hope this helps !!

References:

Oracle Collabsuite Admin Guide

Metalink Note ID: 374865.1

Changing Various Passwords in Oracle Collabsuite 10g

This simple post is to make you aware of the procedure for changing various passwords in Oracle Collabsuite 10g. I am having a project on Oracle Collabsuite 10g and I faced few issues in password management. So I though of putting the same in an organized way so that one can follow the same process.

There are few super user accounts present in Oracle Collabsuite which is used by administrator. Following is the list of accounts.

  1. ias_admin – used for logging into Oracle Collabsuite Server console (both on infra tier and apps tier)
  2. orcladmin super user for OID (Oracle Internet Directory)
  3. orcladmin super user for SSO (Single Sign On)
  4. Sys, System database users

Out of the above list of users, sys and system users are database users and I am sure you are well aware of the fact about changing passwords for these users. I will explain about changing passwords for other users.

Changing ias_admin password

We can use command line tool or server console for changing ias_admin password.

In user command line tool you can use emctl as given below.

-bash-3.00$ which emctl
~/product/ocs10g/apps/bin/emctl

emctl set password <old ias_admin password> <new ias_admin password>
Example:
[ocs10g@ap6059rt bin]$ emctl set password welcome1 ocs10g
Oracle Enterprise Manager 10g Application Server Control Release 10.1.2.0.2
Copyright (c) 1996, 2005 Oracle Corporation.  All rights reserved.

Changed the password on apps side and was able to login as ias_admin using ocs10g password for link http://ap6059rt.us.oracle.com:1810/emd/console

However password for ias_admin on infra is still welcome1. Confirmed.

Before doing the password change, source the environment which means setting following parameters

ORACLE_HOME
TNS_ADMIN=$ORACLE_HOME/network/admin
ORACLE_SID
PATH=$ORACLE_HOME/bin:$PATH
LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH

If you are setting ORACLE_HOME to apps side then emctl command shown above will change the password only on apps side. For infra tier you have to source the .env file on infra side or set ORACLE_HOME to point to infra tier. Once done you need to run emctl command again to change ias_admin password, but this time on infra side.

You can change the password using collabsuite server console using following steps

1) Go to apps side server console http://ap6059rt.us.oracle.com:1810/emd/console

2) Click on preferences and place old password and new password.

3) Click on OK. Password will get changed

Repeat same thing for infra URL http://ap6059rt.us.oracle.com:1156/emd/console

For more details check : Metalink Note ID: 220622.1

Changing password for orcladmin Super user for OID

  1. Source the env on infra side
  2. Run oidadmin
  3. Connect using orcladmin
  4. click on orcladmin@<hostname>:<port>
  5. Click on System password tab
  6. Enter new password (ocs10g) for orcladmin and click on Apply at the bottom

Changing password for orcladmin super user for SSO

  1. Login to OIDDAS self-service application using orcladmin user
  2. Go to Directory tab
  3. Search for orcladmin
  4. Click on Edit button
  5. Enter password in password field and Confirm Password field
  6. Click submit

You can also change this orcladmin password using oidadmin tool. You can navigate using following

  1. login to oidadmin as orcladmin (super user for OID)
  2. Go to “Entry Management” -> “dc=com” -> “dc=oracle” -> “dc=us” -> “dc=ap6019fems” -> “cn=Users”
  3. (The above navigation is specific to my instance, in you installation the namespace may be different)
  4. Click on “cn=orcladmin”
  5. On right hand side it will show all the attributes for this user. Scroll down to bottom and you will see a field called userpassword
  6. Change the password here and then click on Apply.

Note that this orcladmin password is different then orcladmin super user for OID.

Hope this helps !!

References:

http://www.acs.ilstu.edu/docs/Oracle9iAS/core.902/a92171/tools.htm#1018274
Metalink Note ID: 220622.1
http://www.acs.ilstu.edu/docs/Oracle9iAS/core.902/a92171/security.htm#1012998

Registering External Applicaition in SSO – Oracle Application Server 10g

External applications are those which are not deployed in you application server instance. Example is gmail application. You can access gmail accounts using http://mail.google.com. Such applications can be registered as external application in our Oracle Application Server 10g instance and access to such application can be made through SSO.

I have tried registering gmail as external application and I can access gmail without providing username and password once I login into SSO of my application server.

Here are the steps to do the same.

1) Connect to orasso application using http://(hostname):(infra http port)/pls/orasso

Example: http://ap101fam.us.oracle.com:7777/pls/orasso

login using orcladmin userID

2) Click on “SSO Server Administration”

3) Click on “Administer External Applications

4) Click on “Add External Application

On this page you have to provide following information

Application Name: Google Mail
Login URL: https://www.google.com/accounts/ServiceLoginAuth?service=mail
User Name/ID Field Name: Email
Password Field Name: Passwd
Type of Authentication Used: POST

Here Application Name is any name that you can give.

Login URL you can find by going to mail.google.com in you browser and view -> Page Source. In this you can search for “action=” and you will get the URL. Put this URL in “Login URL” field.

For User Name/ID field, you can again view the source and seach for “Username“. You can put the name for this field in source file into User Name/ID field.

Note that name for Username field on gmail home page is “Email”. Also you have to put all other hidden attributes in “Additional Fields” section as given below.

Similarly, search for “Password” in the source page and put the name of Password field in “Password Field Name” in orasso page.

Once done, you can click on OK. You can see “Google Mail” link will appear in Edit/Delete External Application” section. You can now click on that link and it will ask you for you Gmail username and password, you can provide the same as given below.

If you check “Remember My Login Information For This Application”, then you wont be asked for Gmail username and password from next time. SSO will store these username and password in OID and when even you login to SSO and click on “Google Mail” in external application, you will be taken to your inbox, without logging into google mail.

Hope this help !!

Using LDIFWRITE and BULKLOAD – Oracle Collabsuite 10g

Hi All,

I am having a collabsuite instance in test and production and I was checking the way to take backup of users in OID. I came across the utility LDIFWRITE and BULKLOAD.SH. Using these script we can take a backup of users in OID and restore back the same.

Here is how we use.

Using LDIFWRITE

ldifwrite is a ldap utility present in INFRA ORACLE_HOME/bin directory.

-bash-3.00$ ldifwrite
usage: ldifwrite [-c <Connect String>] -b <Base DN> -f <filename>
[-e <encoding>] [-t <no. of threads>]
-c = Connect String
-b = BaseDN
-f = LDIF filename
-e = Encoding scheme
-t = Number of threads to be created
-bash-3.00$ ldifwrite -c ocsdev -b “cn=Users, dc=ap6019fems, dc=us, dc=oracle, dc=com” -f ocsdev.ldif
This tool can only be executed if you know database user password for OiD
Enter OiD Password ::

————————————————————
Reading entries under BaseDN “cn=users,dc=ap6019fems,dc=us,dc=oracle,dc=com”…
————————————————————-

————————————————————
17 Entries are written to “ocsdev.ldif”.
————————————————————

Here ocsdev is the name of metadata repository I am using and BaseDN is where all your users entries are stored or created. We can take backup of any BaseDN into ldif file. Above command will generate an ldif file called ocsdev.ldif.

Using BULKLOAD

bulkload.sh script is present on INFRA tier in ORALCE_HOME/ldap/bin directory. Using bulkload.sh for loading user entries from ldif file to OID involves 3 steps

1) check schema for any duplicate or bad entries using -check option

[ocs10g@ap6059rt bin]$ bulkload.sh -connect orcl -check /slot03/oracle/product/ocs10g_1/infra/ocsdev.ldif

Verifying node “orcl”
—————————–
This tool can only be executed if you know database user password
for OiD on orcl
Enter OiD password ::

————————————————————-
Checking data for bulk loading for valid structure…
————————————————————-

No Schema Check Errors.

No Bad Entries found.

No Duplicate DN Entries.

————————————————————-
Bulkload data verification complete
————————————————————-
2) Generate an intermediate file for loading using -generate option.

While running with this option you have to have your OID process down, else you have to run the same command in -append mode.

If OID process is not down you might get following error.

[ocs10g@ap6059rt bin]$ bulkload.sh -connect orcl -check -generate /slot03/oracle/product/ocs10g_1/infra/ocsdev.ldif

Verifying node “orcl”
—————————–
This tool can only be executed if you know database user password
for OiD on orcl
Enter OiD password ::
OID Processes running on target node “orcl”
Shutdown OID Process on “orcl” for bulkload

After shutting down OID we can run the command as given below.

[ocs10g@ap6059rt bin]$ bulkload.sh -connect orcl -check -generate /slot03/oracle/product/ocs10g_1/infra/ocsdev.ldif

Verifying node “orcl”
—————————–
This tool can only be executed if you know database user password
for OiD on orcl
Enter OiD password ::

——————————————————————
Checking Internet Directory current schema state
——————————————————————

——————————————————————-
Checking and Generating Internet Directory data for bulk loading
——————————————————————-

Schema Check Errors are logged in : /slot03/oracle/product/ocs10g_1/infra/ldap/log/bulkload.log

Bad Entries are logged in : /slot03/oracle/product/ocs10g_1/infra/ldap/load/badentry.ldif

No Duplicate DN Entries.

——————————————————————-
Data Generated for bulk loading
——————————————————————-

3) Loading the data from intermediate file to OID using -load option.

[ocs10g@ap6059rt bin]$ bulkload.sh -connect orcl -load /slot03/oracle/product/ocs10g_1/infra/ocsdev.ldif

Verifying node “orcl”
—————————–
This tool can only be executed if you know database user password
for OiD on orcl
Enter OiD password ::
It is recommended to use -check option before generating/loading data
Do you want to continue (y/n?) [n]
y
Loading data on : “orcl”
===============================

——————————————————————
Preparing Internet Directory schema for bulk data loading
——————————————————————

——————————————————————
Initiating bulk load…
——————————————————————

Loading Attribute Search Catalogs..
battr_store001..
battr_store002..
battr_store003..
.

.

Log file for the same will get generated in $ORACLE_HOME/ldap/log/bulkload.log location.

While loading if there are any duplicate entries then it will be present in $ORACLE_HOME/ldap/log/duplicateDN.log file.

All bad entries will be present in $ORACLE_HOME/ldap/load/badentry.ldif

References:

Oracle OID Admin Guide

Enabling SSO for Partner Applications – Oracle Application Server 10g

Introduction:

Partner applications are those which are deployed in one of the OC4J instances of Oracle Application Server. Also External applications are those which are external to you oracle application server, example gmail client. Suppose that you have installed an Oracle Application Server and one of your product team hands over you an EAR file for deploying on a newly installed application server. You will quickly create an OC4J instance and deploy the EAR file. This application which you deployed in you application server becomes partner application.

We can register such partner application and make them SSO enabled. Below are the steps for doing so.

Enabling SSO for Partner Applications:

Follow the below steps for enabling SSO for partner applications.

1) Login to SSO administration application using orcladmin/<password>

SSO Administration URL: http://(hostname):(port)/pls/orasso

Example: http://ap101fam.us.oracle.com:7777/pls/orasso/

2) Click on “SSO Server Administration”

3) Click on “Administer Partner Applications”

4) Click on “Add Partner Application”

5) Enter the information in the fields present under “Partner Application Login”. You can leave the other fields as it is default.

If you see here, we are using logout URL as http://www.google.com. This is just to verify that logout is taking us to the desired URL that we enter here. If we put again our application URL then you wont know the difference. However many applications has there own logout URLs, you can put the same here.

Click on Apply.

It will generate following information.

ID:     9EE32214
Token:     5E4DL0R69EE32214
Encryption Key:     73A5A67FE93E03D8
Login URL:     http://ap101fam.us.oracle.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL:     http://ap101fam.us.oracle.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout

Click on OK

You can see that your application got added in list of registered applications in SSO.

oho Wait wait !! we are not done yet.

Once you do this and try to access the application, it won’t ask for SSO login. why?? how does your HTTP server know that this application is been registered in SSO? For this you need tell HTTP server that this applicaiton is now registered in SSO and if a user tries to access this applicaiton he should be diverted to SSO login page. This is done by mod_osso.conf. We put the entry of our application in mod_osso.conf and bounce HTTP_Server component. But be careful to make changes in mod_osso.conf file of tier where your original application (which you registered in SSO) belongs. My application was deployed in one of the OC4J instance of mid tier. So will make changes in mid tier mod_osso.conf file and will bounce mid-tier Apache.

You need to make following changes in mod_osso.conf file

<Location /hrapp>
require valid-user
AuthType Basic
</Location>

Here /hrapp is the application context root of applicaiton we deployed.

Bounce HTTP Server in mid tier

bash-2.05$ ./opmnctl stopproc ias-component=HTTP_Server
opmnctl: stopping opmn managed processes…
bash-2.05$ ./opmnctl startproc ias-component=HTTP_Server
opmnctl: starting opmn managed processes…
bash-2.05$

Now try accessing the application hrapp and this time it will ask for SSO login and password. So even though there was no login required for this application, by registering in SSO we made it SSO enabled.

Hope this helps !!