Increasing Email Quota in Bulk – Oracle Collabsuite 10g


Some times we get a situation for increasing email quota for users. For example in Oracle Collabsuite 10g we have a default email quota limit of 38M and some times we want to increase or decrease the limit depending on the requirements.

In such situation we can change the global settings for email quota and any new users created will have the email quota that we specified. But what happens to the existing users? Problem is they will have same quota limit which was set at the time of creation.  However we can also change the quota of existing users as well, not just one by one but in bulk.

This post covers changing email quota for new users and existing users.

Changing E-mail quota for New users

Follow below steps for changing quota for new users

  1. Login to Oracle Web Mail client. The user should be domain administrator.
  2. Navigate to Administration tab
  3. Select an installation from the Installation drop-down list.
  4. Select a domain from the Domain drop-down list.
  5. Click Submit.
  6. Modify the following attributes:

*mail Quota (MB)**:  *(We can put 50MB here)

*** Note: 1048576 MB is the maximum quota that can be specified in this field. If you enter 0, a user has unlimited quota.

For more information check – Oracle Collabsuite Documentation

Changing E-mail quota for Existing Users

To change the email quota for existing users we need to make modification to one of the parameters in OID. For that you can get the value of that parameter from OID into an ldif file using ldapsearch and then modify the file and upload again using ldapmodify. Here are the steps

1) Retrieve information from OID using ldapsearch

$ORACLE_HOME/bin/ldapsearch -h <OID_HOST> -p <OID_PORT> -D “cn=orcladmin” -w <PASSWD> -b
cn=OracleContext” -s sub “objectclass=*” dn orclmailquota > quota.ldif


ldapsearch -h ap6019fems -p 389 -D “cn=orcladmin” -w ocs10gadm -b “cn=Users, dc=ap6019fems, dc=us, dc=oracle, dc=com, cn=um_system, cn=EMailServerContainer, cn=Products, cn=OracleContext” -s sub “objectclass=*” dn orclmailquota > quota.ldif

2) Modify quota.ldif created above

In order to update the information about email quota, modify the ldif file created above so that file looks as given below.

changetype: modify
orclmailquota: 50000000

changetype: modify
orclmailquota: 50000000

changetype: modify
orclmailquota: 50000000

where orclmailquota is the value of quota you want to modify. The values is in bytes.

3) load the modified ldif file

$ORACLE_HOME/bin/ldapmodify -h <ldap-host> -p <ldap-port> -D “cn=orcladmin” -w
<orcladmin_password> -f user.ldif


$ORACLE_HOME/bin/ldapmodify -h ap6019fems -p 389 -D “cn=orcladmin” -w
ocs10gadm -f quota.ldif

Hope this helps !!


Oracle Collabsuite Admin Guide

Metalink Note ID: 374865.1


Changing Various Passwords in Oracle Collabsuite 10g

This simple post is to make you aware of the procedure for changing various passwords in Oracle Collabsuite 10g. I am having a project on Oracle Collabsuite 10g and I faced few issues in password management. So I though of putting the same in an organized way so that one can follow the same process.

There are few super user accounts present in Oracle Collabsuite which is used by administrator. Following is the list of accounts.

  1. ias_admin – used for logging into Oracle Collabsuite Server console (both on infra tier and apps tier)
  2. orcladmin super user for OID (Oracle Internet Directory)
  3. orcladmin super user for SSO (Single Sign On)
  4. Sys, System database users

Out of the above list of users, sys and system users are database users and I am sure you are well aware of the fact about changing passwords for these users. I will explain about changing passwords for other users.

Changing ias_admin password

We can use command line tool or server console for changing ias_admin password.

In user command line tool you can use emctl as given below.

-bash-3.00$ which emctl

emctl set password <old ias_admin password> <new ias_admin password>
[ocs10g@ap6059rt bin]$ emctl set password welcome1 ocs10g
Oracle Enterprise Manager 10g Application Server Control Release
Copyright (c) 1996, 2005 Oracle Corporation.  All rights reserved.

Changed the password on apps side and was able to login as ias_admin using ocs10g password for link

However password for ias_admin on infra is still welcome1. Confirmed.

Before doing the password change, source the environment which means setting following parameters


If you are setting ORACLE_HOME to apps side then emctl command shown above will change the password only on apps side. For infra tier you have to source the .env file on infra side or set ORACLE_HOME to point to infra tier. Once done you need to run emctl command again to change ias_admin password, but this time on infra side.

You can change the password using collabsuite server console using following steps

1) Go to apps side server console

2) Click on preferences and place old password and new password.

3) Click on OK. Password will get changed

Repeat same thing for infra URL

For more details check : Metalink Note ID: 220622.1

Changing password for orcladmin Super user for OID

  1. Source the env on infra side
  2. Run oidadmin
  3. Connect using orcladmin
  4. click on orcladmin@<hostname>:<port>
  5. Click on System password tab
  6. Enter new password (ocs10g) for orcladmin and click on Apply at the bottom

Changing password for orcladmin super user for SSO

  1. Login to OIDDAS self-service application using orcladmin user
  2. Go to Directory tab
  3. Search for orcladmin
  4. Click on Edit button
  5. Enter password in password field and Confirm Password field
  6. Click submit

You can also change this orcladmin password using oidadmin tool. You can navigate using following

  1. login to oidadmin as orcladmin (super user for OID)
  2. Go to “Entry Management” -> “dc=com” -> “dc=oracle” -> “dc=us” -> “dc=ap6019fems” -> “cn=Users”
  3. (The above navigation is specific to my instance, in you installation the namespace may be different)
  4. Click on “cn=orcladmin”
  5. On right hand side it will show all the attributes for this user. Scroll down to bottom and you will see a field called userpassword
  6. Change the password here and then click on Apply.

Note that this orcladmin password is different then orcladmin super user for OID.

Hope this helps !!

Metalink Note ID: 220622.1

Registering External Applicaition in SSO – Oracle Application Server 10g

External applications are those which are not deployed in you application server instance. Example is gmail application. You can access gmail accounts using Such applications can be registered as external application in our Oracle Application Server 10g instance and access to such application can be made through SSO.

I have tried registering gmail as external application and I can access gmail without providing username and password once I login into SSO of my application server.

Here are the steps to do the same.

1) Connect to orasso application using http://(hostname):(infra http port)/pls/orasso


login using orcladmin userID

2) Click on “SSO Server Administration”

3) Click on “Administer External Applications

4) Click on “Add External Application

On this page you have to provide following information

Application Name: Google Mail
Login URL:
User Name/ID Field Name: Email
Password Field Name: Passwd
Type of Authentication Used: POST

Here Application Name is any name that you can give.

Login URL you can find by going to in you browser and view -> Page Source. In this you can search for “action=” and you will get the URL. Put this URL in “Login URL” field.

For User Name/ID field, you can again view the source and seach for “Username“. You can put the name for this field in source file into User Name/ID field.

Note that name for Username field on gmail home page is “Email”. Also you have to put all other hidden attributes in “Additional Fields” section as given below.

Similarly, search for “Password” in the source page and put the name of Password field in “Password Field Name” in orasso page.

Once done, you can click on OK. You can see “Google Mail” link will appear in Edit/Delete External Application” section. You can now click on that link and it will ask you for you Gmail username and password, you can provide the same as given below.

If you check “Remember My Login Information For This Application”, then you wont be asked for Gmail username and password from next time. SSO will store these username and password in OID and when even you login to SSO and click on “Google Mail” in external application, you will be taken to your inbox, without logging into google mail.

Hope this help !!

Using LDIFWRITE and BULKLOAD – Oracle Collabsuite 10g

Hi All,

I am having a collabsuite instance in test and production and I was checking the way to take backup of users in OID. I came across the utility LDIFWRITE and BULKLOAD.SH. Using these script we can take a backup of users in OID and restore back the same.

Here is how we use.


ldifwrite is a ldap utility present in INFRA ORACLE_HOME/bin directory.

-bash-3.00$ ldifwrite
usage: ldifwrite [-c <Connect String>] -b <Base DN> -f <filename>
[-e <encoding>] [-t <no. of threads>]
-c = Connect String
-b = BaseDN
-f = LDIF filename
-e = Encoding scheme
-t = Number of threads to be created
-bash-3.00$ ldifwrite -c ocsdev -b “cn=Users, dc=ap6019fems, dc=us, dc=oracle, dc=com” -f ocsdev.ldif
This tool can only be executed if you know database user password for OiD
Enter OiD Password ::

Reading entries under BaseDN “cn=users,dc=ap6019fems,dc=us,dc=oracle,dc=com”…

17 Entries are written to “ocsdev.ldif”.

Here ocsdev is the name of metadata repository I am using and BaseDN is where all your users entries are stored or created. We can take backup of any BaseDN into ldif file. Above command will generate an ldif file called ocsdev.ldif.

Using BULKLOAD script is present on INFRA tier in ORALCE_HOME/ldap/bin directory. Using for loading user entries from ldif file to OID involves 3 steps

1) check schema for any duplicate or bad entries using -check option

[ocs10g@ap6059rt bin]$ -connect orcl -check /slot03/oracle/product/ocs10g_1/infra/ocsdev.ldif

Verifying node “orcl”
This tool can only be executed if you know database user password
for OiD on orcl
Enter OiD password ::

Checking data for bulk loading for valid structure…

No Schema Check Errors.

No Bad Entries found.

No Duplicate DN Entries.

Bulkload data verification complete
2) Generate an intermediate file for loading using -generate option.

While running with this option you have to have your OID process down, else you have to run the same command in -append mode.

If OID process is not down you might get following error.

[ocs10g@ap6059rt bin]$ -connect orcl -check -generate /slot03/oracle/product/ocs10g_1/infra/ocsdev.ldif

Verifying node “orcl”
This tool can only be executed if you know database user password
for OiD on orcl
Enter OiD password ::
OID Processes running on target node “orcl”
Shutdown OID Process on “orcl” for bulkload

After shutting down OID we can run the command as given below.

[ocs10g@ap6059rt bin]$ -connect orcl -check -generate /slot03/oracle/product/ocs10g_1/infra/ocsdev.ldif

Verifying node “orcl”
This tool can only be executed if you know database user password
for OiD on orcl
Enter OiD password ::

Checking Internet Directory current schema state

Checking and Generating Internet Directory data for bulk loading

Schema Check Errors are logged in : /slot03/oracle/product/ocs10g_1/infra/ldap/log/bulkload.log

Bad Entries are logged in : /slot03/oracle/product/ocs10g_1/infra/ldap/load/badentry.ldif

No Duplicate DN Entries.

Data Generated for bulk loading

3) Loading the data from intermediate file to OID using -load option.

[ocs10g@ap6059rt bin]$ -connect orcl -load /slot03/oracle/product/ocs10g_1/infra/ocsdev.ldif

Verifying node “orcl”
This tool can only be executed if you know database user password
for OiD on orcl
Enter OiD password ::
It is recommended to use -check option before generating/loading data
Do you want to continue (y/n?) [n]
Loading data on : “orcl”

Preparing Internet Directory schema for bulk data loading

Initiating bulk load…

Loading Attribute Search Catalogs..


Log file for the same will get generated in $ORACLE_HOME/ldap/log/bulkload.log location.

While loading if there are any duplicate entries then it will be present in $ORACLE_HOME/ldap/log/duplicateDN.log file.

All bad entries will be present in $ORACLE_HOME/ldap/load/badentry.ldif


Oracle OID Admin Guide

Enabling SSO for Partner Applications – Oracle Application Server 10g


Partner applications are those which are deployed in one of the OC4J instances of Oracle Application Server. Also External applications are those which are external to you oracle application server, example gmail client. Suppose that you have installed an Oracle Application Server and one of your product team hands over you an EAR file for deploying on a newly installed application server. You will quickly create an OC4J instance and deploy the EAR file. This application which you deployed in you application server becomes partner application.

We can register such partner application and make them SSO enabled. Below are the steps for doing so.

Enabling SSO for Partner Applications:

Follow the below steps for enabling SSO for partner applications.

1) Login to SSO administration application using orcladmin/<password>

SSO Administration URL: http://(hostname):(port)/pls/orasso


2) Click on “SSO Server Administration”

3) Click on “Administer Partner Applications”

4) Click on “Add Partner Application”

5) Enter the information in the fields present under “Partner Application Login”. You can leave the other fields as it is default.

If you see here, we are using logout URL as This is just to verify that logout is taking us to the desired URL that we enter here. If we put again our application URL then you wont know the difference. However many applications has there own logout URLs, you can put the same here.

Click on Apply.

It will generate following information.

ID:     9EE32214
Token:     5E4DL0R69EE32214
Encryption Key:     73A5A67FE93E03D8
Login URL:
Single Sign-Off URL:

Click on OK

You can see that your application got added in list of registered applications in SSO.

oho Wait wait !! we are not done yet.

Once you do this and try to access the application, it won’t ask for SSO login. why?? how does your HTTP server know that this application is been registered in SSO? For this you need tell HTTP server that this applicaiton is now registered in SSO and if a user tries to access this applicaiton he should be diverted to SSO login page. This is done by mod_osso.conf. We put the entry of our application in mod_osso.conf and bounce HTTP_Server component. But be careful to make changes in mod_osso.conf file of tier where your original application (which you registered in SSO) belongs. My application was deployed in one of the OC4J instance of mid tier. So will make changes in mid tier mod_osso.conf file and will bounce mid-tier Apache.

You need to make following changes in mod_osso.conf file

<Location /hrapp>
require valid-user
AuthType Basic

Here /hrapp is the application context root of applicaiton we deployed.

Bounce HTTP Server in mid tier

bash-2.05$ ./opmnctl stopproc ias-component=HTTP_Server
opmnctl: stopping opmn managed processes…
bash-2.05$ ./opmnctl startproc ias-component=HTTP_Server
opmnctl: starting opmn managed processes…

Now try accessing the application hrapp and this time it will ask for SSO login and password. So even though there was no login required for this application, by registering in SSO we made it SSO enabled.

Hope this helps !!

Deploying an application in OC4J Instance – Oracle AS10g


This post gives a brief idea about deploying a J2EE application in an OC4J instance of application server 10g. I am using a sample .ear file for deployment. This is a demo HR application available.

We can carry out the deployment using 2 methodes

  1. Using Application server enterprise manager (UI)
  2. Using dcmctl (Command line utility)

We will see both the options here.

Comparing JAR, WAR, and EAR Files

To deploy EJBs and other components in the J2EE application, you must package all the components together. This also includes JSP files, images, utility classes, and other files that are part of this package.

JAR Files

Java provides a utility for creating archives, called Java Application Archives (JAR). In addition to using JAR files for archiving and distribution, you can also use them for deployment and encapsulation of libraries, components, plug-ins, and other files (such as image files). The JAR file maintains the file subdirectories, and special files in the JAR, such as manifests and deployment descriptors, instruct how the JAR is to be treated. You can package standard JavaBeans and Enterprise JavaBeans or an entire application into JAR files that can be executed by the JVM.

WAR Files

You add Web components to a J2EE application in a package called a Web Archive (WAR) file. WAR files are similar to JAR files but contain a .war extension. You can include HTML documents, servlets, JSPs, and applet class files into WAR files. A WAR file has a specific hierarchical directory structure. The top-level directory of a WAR is the document-root directory of the application. JSP pages, client-side classes and archives, and static Web resources are stored in the document-root directory.

The document-root directory contains a subdirectory called WEB-INF, which contains the following files and directories:

  • Tag library descriptor files
  • classes: Directory that contains server-side classes: servlet, utility classes, and JavaBeans components
  • Web.xml: The Web application deployment descriptor
  • lib: Directory that contains JAR archives of libraries

EAR Files

An Enterprise Archive file or EAR is a JAR file that contains Web modules of a J2EE application. A Web module is an entity consisting of one or more resources such as HTML files, Java class files, and XML files. In other words, an EAR file is a JAR file that can contain JAR and WAR files in addition to other files, and ends with the .ear extension. An EAR file also contains an application descriptor called application.xml that describes its contents.
Deploying the application

You can deploy the application either in an exiting OC4J instance or you can cerate a new OC4J instance and deploy the application in that. This totally depends on the situation and business requirement. Creating an OC4J instance is for just organizing your application server and different application. Even we can create our application in OC4J_Portal instance. But in this case your application will get mixed up with portal application and things wont be organized.

In our case we will be creating a new OC4J instance and deploy a sample application in that.

Creating OC4J instance – Using Enterprise Manager

1) Login to your enterprise manager on the mid tier node and you can see a button “Create OC4J Instance” as shown below.

2) Next step, it will ask you for the name of OC4J instance. You can provide any name which you can identify later. Click on “Create

3) Once OC4J instance gets created, you should be able to see the same in components home page as shown below. By default the instance will be down and you have to start the instance. You can do so using OPMN or form EM only. Just select the instance using checkbox and click on start.

The above steps are for creating an OC4J instance using Enterprise Manager. You can also create OC4J instance through command line using DCMCTL utility as shown below.

Creating OC4J instance – Using DCMCTL

Same OC4J instance can also be created using following command.

bash-2.05$ cd mid/dcm/bin
bash-2.05$ ls dcmctl
bash-2.05$ ./dcmctl CreateComponent -ct OC4J -co OC4J_AVDEO

Component Name: OC4J_AVDEO
Component Type: OC4J

Deploying Application in Oc4J instance – Using Enterprise Manager

1) Go to Enterprise Manager mid tier home page.

2) Click on OC4J instance that you created (OC4J_AVDEO in my case)

3) Click on Applications tab

4) Here you can see the “Deploy EAR” file button. Click on the button and provide the EAR file using Browse button. Also you need to provide application name.

Click on “Continue

5) It will ask for URL mapping for Web Modules. This will be entry it will put in mod_oc4j.conf file of apache. You can keep the default setting.

6) Keep all other setting as default. It will show the confirmation screen. Click on deploy.

Deploying Application in Oc4J instance – Using DCMCTL

For deploying application using DCMCTL utility you can use the following command

./dcmctl deployApplication -f /dy/oracle/product/AS10g/hrapp.ear -a hrapp -co OC4J_AVDEO

Application: hrapp
Component Name: OC4J_AVDEO
Component Type: OC4J

Here -f /dy/oracle/product/AS10g/hrapp.ear is the EAR file name, -a hrapp is the application name and -co OC4J_AVDEO is the instance name where we are deploying the application.

Once the application is deployed. You can try to access the application using the URL

http://(mid tier hostname):(mid tier HTTP port)/(URL mapping)

In my case the URL becomes

However if you try to access the application, it might now work. This is because you need to set Data Source for this application.

Data Source is for connection to database. An application has to connect to database for saving application data of retrieving the application specific data from production database. Each OC4J instance has its set of data sources. These data sources belongs to some JNDI tree (Java Namespace directory interface). So connection between the application and database is through JNDI lookup tree.

When a developer does coding for an application he uses local database name in the form of database source. A deployer of the application has to map the local data source with physical database. This can be down using following steps.

Setting up Data Source

1) You can either create a Data Source or you can edit the existing default data source. The default data source will be OracleDS. You can also create/see data source specific to your application by going to Application tab and then click on your application. Then on application home page, you can see “Data Source” link at the bottom.

But this data source would be empty as we did not create any data source for the application.

5) We can use default data source in our case. For this we need to make changes in default data source (OracleDS) regarding the database connection details and the username/password it should use to connect to database.

For this you can go to

2) From the mid tier home page, go to the OC4J instance that you have created (OC4J_AVDEO in my case).

3) Click on Administration Tab

4) You will see a “Data Source” link. The default data source is seen here as OracleDS. Click on “Edit

Here you need to change JDBC URL and provide the correct hostname, port and database name. Also you need to change Username and password. Other values you can keep default.

Once this is done, you can save and restart OC4J instance. Once that is done you should be able to access the application using your URL as given above ( in my case).

You must be having 1 doubt in your mind, regarding the whole process. At least I had when I learned this process. The question is how the application knows that it needs to use this data source (OracleDS) for making connection to database. Nothing must be defined in application level. Neither we planned to go with this name for data source. We can even create our own data source. Then how application knows that it should use this data source to access the application.

The answer to this is JNDI. For each OC4J instance as I explained there is a JNDI lookup tree. And we configure our application to use a particular data source in this JNDI.

If you go to your application home page (Mid tier home -> your OC4J Instance -> Applications Tab -> Click on your application) and then click on “General” link in the bottom, you can see “Default Data Source (JNDI Name)” field. This field is having a value of jdbc/OracleDS. This is where your application knows that it needs to use OracleDS data source. So if we create a new data source, we need to edit this entry as well.

Hope this help !!

Configuring Virtual Host – Oracle AS10g


Some times we need to configure a virtual host setting for our server. This is required in case when we have 2 server, where one is main server and other is standby server. If the main server goes down then standby server can take over the control and user does not have to change the URL. That means we can have same host name but different IPs (or different physical machines).

Other situation is when we want to host multiple web sites on a single host. In this case IP address remains same (means physical server is only one) where as we can have multiple hostname configured for the same.

The first example (same hostname and different IP address) is called IP based virtual host and the second example (same IP address but multiple hostname is called name based virtual host).

So we have 2 types of virtual hosts

  1. IP based (Same hostname – multiple IPs. Used in backup or standby situation).
  2. Name based (Same IP address or physical server – multiple hostname. Used for hosting multiple web sites)

Configuring Virtual Hosts:

We will see here how to configure name based virtual host. That means we will be able to refer to our server with 2 URLs or 2 hostnames.

Configuration of virtual hosts needs simple change in httpd.conf file. We can do it using Enterprise Manager or through backend by directly editing http.conf file. We will see both the options here.

*** The below virtual host configuration is for middle tier

1) Configuration using Enterprise Manager

Before starting the virtual host configuration, we need the hostname recognized by server. For this we need to make entry in our /etc/hosts file as shown below.    advait

Here is the actual IP address of the host, followed by, which is the hostname and domain name and finally the hostname. These changes needs to be made as root user.
Step 1) Create a new port

You can create a new port on which you HTTP server can listen. Actually this steps can be skipped and you can use existing port for new virtual host. But just to avoid confusion we will create a new port for virtual host.

You can add “Listen 9988” (ignore double quotes) to your http.conf file of middle tier and bounce the http server for middle tier. Here port number I have selected is 9988, but you can select any port that is free.

From Enterprise manager you can go to Mid Tier home page -> HTTP_Server component -> Administration tab -> Server Properties. Here you can see “Listening Addresses and Ports” section. You can just add a row and put the new port number as shown in below figure.

Scroll down to the bottom and click on Apply button. It will ask to restart HTTP server. Click on yes. In case if you are doing manual changes, do remember to bounce the HTTP server using OPMN.

Step 2) Got to Virtual Host section using Mid Tier Home -> HTTP Server component -> Virtual Host tab.

Click on “Create” button. It will take you to next screen. Here you have to enter “DocumentRoot”. Enter some different path (Other then htdocs). This way we can keep the content of virtual host with our main server. This is useful in hosting 2 different website on same server.

Step 3) Next it will ask you to enter the name of new virtual host that you want to create. You enter the name that you entered in /etc/hosts file above. Below fig shows the same.

Also it will ask for which IP address to listen to. You can just enable it for all IP address. Else you can provide specific IP address and it will listen for that IP address and port number only.

Step 4) In this step it will ask for the port number to listen to. If you remember in step 1) we created a port number to be used for virtual host. You can select the same port from option 2 as show below.

Step 5) This is the last step in virtual host creation, where it will ask for log file location and log level. It will be better if you give some identified name for log file so that you will come to know later. Else better to create a new directory inside logs directory for virtual hosts log files.

Finally it will show the summary of the inputs and you can submit the same. This will add entry in http.conf file and then bounce HTTP server so that changes takes effect.

This will put the entry in httpd.conf file as given below.

Listen 9988

DocumentRoot /dy/oracle/product/AS10g/mid/Apache/Apache/advait
ErrorLog “|/dy/oracle/product/AS10g/mid/Apache/Apache/bin/rotatelogs /dy/oracle
/product/AS10g/mid/Apache/Apache/logs/error_log_advait 43200” common

Listen 9988 was added when you created a new port for virtual host setup.

After bouncing the virtual setting will take effect and you will be able to access the URL http://(Virtual_host_name):(port for virtual host)/

In my case the URL becomes

This will display index.html if present in you DocumentRoot for virtual host.

2) Manual configuration

In case of manual configuration we just put the Virtual host configuration directive in httpd.conf file of mid tier Apache and bounce the apache. This will enable virtual host setup. The step to add hostname entry in /etc/hosts holds true in manual configuration as well.

Hope this helps !!

Enabling SSL for Oracle Application Server 10g


This short post is to show you how we can enable SSL for application server console.


Application server console uses the management agents to get the real time information about the various components installed on the server. The agents run on the host and continuously monitor the usage. Agents passes on the required matrix information to Application server console. For there there should be a connection between the management agents running on the host and the application server console (Which is a J2EE application deployed on stand alone OC4J instance). This connection is a insecure HTTP connection as shown in the below figure.

As you can see Management agents talks to application server instance / components using insecure HTTP protocol to get the current status and performance matrix values and these values are returned to Application Server console. Also application server console uses DCM to configure various components and hence connection exists between the two as well.

Clients or the users, uses web browsers to connection AS console. This again is done using insecure HTTP protocol.

We can secure the protocol between web browsers – AS console and also between AS console – Management Agents. The above figure gets modified as shown below.

Here you can see that there is a secured protocol HTTPS exists between web browsers and AS console and also between AS console and management agents. This can be done using the simple command as shown below.

1) You can login to the infra tier of AS 10g and go to ORACLE_HOME/bin

2) Run command

./emctl stop iasconsole
Oracle Enterprise Manager 10g Application Server Control Release
Copyright (c) 1996, 2005 Oracle Corporation.  All rights reserved.
Stopping Oracle Enterprise Manager 10g Application Server Control …  …

./emctl secure iasconsole
Oracle Enterprise Manager 10g Application Server Control Release
Copyright (c) 1996, 2005 Oracle Corporation.  All rights reserved.
Generating Standalone Console Root Key (this takes a minute)…   Done.
Fetching Standalone Console Root Certificate…   Done.
Generating Standalone Console Agent Key…   Done.
Storing Standalone Console Agent Key…   Done.
Generating Oracle Wallet for the Standalone Console Agent…   Done.
Configuring Agent for HTTPS…   Done.
EMD_URL set in /dsk02/oracle/appserv1/sysman/config/
Generating Standalone Console Java Keystore…   Done.
Configuring the website …   Done.
Updating targets.xml …    Done.

./emctl start iasconsole

3) Execute the above steps to mid tier as well.

Once above steps are completed you can access the same AS console page using HTTPS prototype. The hostname and port remains same.

Hope this helps !!


Oracle Online Docs

Oracle Application Server 10g R2 – Installation


Oracle Application server 10g is a middle ware software by Oracle. Purpose of Application server is to handle the business intelligent and logic. Below is the difference between a two-tier architecture and multi-tier architecture.

In case of a two-tier architecture we business logic and presentation is both handled by client. Hence we call it thick client. Where as in case of multi tier architecture we have only presentation layer in client side and business logic is handled by Application server. Hence such clients are called as think client. Below is the three tier architecture show.

Advantages of 3-tier architecure

1) In case of change in business logic the change needs to be done only in Application server (mid tier) as its centralized. Where as in case of two tier architecture ever client needs to be changed. So management is easy.

2) It reduces the network traffic, because in case of 2 tier architecture the protocol used is TCP/IP which is a stateful connection (continuous). So even if data is been send or not connection will always be there. This increases network traffic and reduces bandwidth. Where as in 3 tier architecture we have TCP/IP connection only between mid tier and database and is set when client request for some data. As soon as data is provided the connection is closed. The connection between client and mid tier is http which is a stateless connection.

3) Performance is another factor which make 3 tier architecture a better solution over 2 tier architecture. Since all business logic gets executed at client side, performance on client reduces. This is in addition to database performance issue. In case of 3 tier architecture performance is not an issue and is handled well in Application server.

Lets start with Application server 10g

Application Server 10g Components

Below is a very simple line sketch of application server 10g component architecture. This shows what are the components that are present in AS (Application Server) and why those are required.

All the above components shown above comes with AS 10g R2 installation. All these components are categorized as given below.

All the components shown in green color + OHS for mid tier (on left) + Web cache is installed as mid tier components. So mid tier includes

  1. Web Cache
  2. OHS (Oracle HTTP Server)
  3. OC4J
  4. FORMS

While installing this middle tier, the installation of these components are divided into 3 main components.

  1. J2EE and Web Cache (This will install Web Cache, OHS and OC4J)
  2. Portal and Wireless (This will install all components of J2EE and Web Cache + Portal and Wireless components)
  3. Business Intelligence and Forms (This will install all components)

If we are installing just option 1 (J2EE and Web Cache) then infrastructure tier is not required. However we can still install infrastructure tier but in this case it wont be used by these 3 components of mid tier.

If we are installing either option 2 or 3, we have to install infrastructure tier before installing these mid tier components. This is because these middle tier component such as portal and wireless will create there own repository in infrastructure’s meta data repository. So its important that we first install infrastructure tier before installing mid tier, in case we want to go for option 2 or 3 for mid tier.

The other components shown in blue + OHS on right side are installed as infrastructure tier. So infrastructure tier includes following components

  1. OHS (Oracle HTTP Server)
  2. Meta Data Repository
  3. SSO (Single Sign on)
  4. OID (Oracle Internet Directory)
  5. DAS (Delegate Administrative Services)
  6. OCA (Oracle Certification Authority)

Out of the above components of infrastructure tier SSO, OID, DAS and OCA are together called as IDM (Identity Management). So infrastructure tier contains mainly meta data repository and identity management.

Having this brief knowledge above AS 10g R2 components, lets start with installation.

Installing Oracle Application server 10g R2

Before starting the installation, we should complete the pre-installation checks. This includes following steps.

Pre-Installation Task

1) Check the required packages are installed in OS or not.


you can check the status of package using rpm -q command. as a root user.

2) Add following in /etc/sysctl.conf

kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 256 32000 100 142
fs.file-max = 131072
net.ipv4.ip_local_port_range = 10000 65000
kernel.msgmni = 2878
kernel.msgmax = 8192
kernel.msgmnb = 65535

3) Make entry of hostname and domain name in /etc/sysctl.conf

4) Make following changes in /etc/security/limits.conf
*        soft   nproc         2047
*        hard   nproc         16384
*        soft   nofile        2048
*        hard   nofile        65536

5) Add the following line to the /etc/pam.d/login file
session    required     /lib/security/

6)  Make the following entry in /etc/profile
if [ $USER = “oracle” ]; then
if [ $SHELL = “/bin/ksh” ]; then
ulimit -p 16384
ulimit -n 65536
ulimit -u 16384 -n 65536

7)  Create a group and user.
Primary Group – oinstall
/usr/sbin/groupadd oinstall
Secondary Group
/usr/sbin/groupadd dba
/usr/sbin/useradd -g oinstall -G dba -md /home/oracle oracle
Give the password
[root@dhcp-hydcampusp1-10-176-107-101 home]# passwd oracle
Changing password for user oracle.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

8) Make changes in /etc/hosts as root user and make following entry.

(IP Address)       (       (hostname)

Example       advait

Installing Infrastructure Tier

The installation of AS10g should be done in specific order only as explained before. This is because of the dependencies between the components. Here we are going to install Portal and Wireless option of mid tier, this needs database repository for storing the information of these components. So we will first install infrastructure tier and then install Mid tier. Please follow the below screen shots.

run the runInstaller executable present in your Disk1 directory of software dump.

Screen 1 : Welcome – This is the welcome screen. Click on Next.

Screen 2: Specify Inventory location – In this case you can take the default inventory location and then it will ask to run script as root user. Once you run this script as root user on that host, click on continue.

Click on Next

Screen 3: Specify File Locations – Specify the location of Oracle Home for Infra tier and click next.

Screen 4: Select the product to Install – In this case select “Oracle Infrastructure 10g”. If you choose “Oracle Application Server 10g”, then it will install infra tier first and then automatically start installing mid tier.

Screen 5: Select Installation type – As I said before infra tier consists of mainly IDM (Identity Management) and metadata repository. IDM consists of OID, SSO, DAS and OCA. Meta data repository is a 10g oracle database. We will choose both to install here.

Screen 6: runInstaller will perform the basic check on operating system. If for any of the check it generates warning, you can verify the same using the check box and then click on next.

Screen 7: Pre-Installation Requirement – You should have root privileges as you need to run after installation. Select the checkbox and click on next.

Screen 8: Select Configuration Option – You can select individual components which we are going to install.

Screen 9: Port Configuration Option – For Port Configuration, select Automatic port selection to keep installation simple. Else you can specify the ports in staticports.ini file and upload the same.

Screen 10: Namespace in Internet Directory – Select the default name space only. If your /etc/hosts name file is correct then the default port will be populated correctly. Else it may get populated as localhosts also. In that case check the entry in /etc/hosts.

Screen 11: OCA Distinguish Name – You can specify only the mandatory fields. This is required for creating digital certificate for SSL configuration.

Screen 12: OCA Key length – This is the key length to be used for encryption. You can select the default 2048 and click on next.

Screen 13: OCA Administrator Password – This is the password for Oracle Certificate Authority admin. Select any password, confirm the same and click on next.

Screen 14: Database Configuration Options – Here we provide the name of the database. You can accept the default orcl or give any new name.

Screen 15: Database Schema Password – Select any password for database schema, confirm the same and click on next.

Screen 16: Instance Name and ias_admin Password – Here we are creating a new instance. Note that this is different then database instance. So for infrastructure tier you can give any name (example infra) and also password you want to use for enterprise manager.

Screen 17: Installation Summary – At the end it will show installation summary. Click on Install.

It will show the installation progress. Remember that it is just copying the files and will do some setup. The actual component configuration will come next.

Installer has now started with component configuration. It will configure each component one by one.

When it comes to Meta Data Repository, it will create a new database using DBCA.

At the end of installation it will show the URLs and ports. The above URL is the URL for EM of Infra. Remember we will have 2 EM (Enterprise Manager), one for infra and one for mid-tier.

With the completion of infra tier, we can now start with installation of mid tier. But note that during installation of mid tier your infrastructure tier should be up and running.

Installing Mid Tier components

run the same runInstaller executable present in your Disk1 directory of software dump which you used during infra tier installation.

Screen 1 : Welcome – This is the welcome screen. Click on Next.

Screen 2: Specify File Locations – Specify the location of Oracle Home for mid tier and click next.

Screen 3: Select Product to install – If you remember for infra tier installation we selected second option, i.e. “Oracle Application Server Infrastructure 10g”. Here we have to install mid-tier, which will be present inside “Oracle Application Server 10g” option. So select “Oracle Application Server 10g” option.

Screen 4: Select Installation Type – Here you can select the required installation type depending on the components you want to install. For this installation we will go for Portal and Wireless.

Screen 5: runInstaller will perform the basic check on operating system. If for any of the check it generates warning, you can verify the same using the check box and then click on next.

Screen 6: Pre-Installation Requirement – You should have root privileges as you need to run after installation. Select the checkbox and click on next.

Screen 7: Select Configuration Option – You can select individual components which we are going to install.

Screen 8: Port Configuration Option – For Port Configuration, select Automatic port selection to keep installation simple. Else you can specify the ports in staticports.ini file and upload the same.

Screen 9: Register with OID – Here you need to provide the hostname and port number of OID which you have already installed as a part of infra tier. By default the port number is 389. You can also check the port numbers of infra tier by going to ORACLE_HOME/install directory and checking file portlist.ini. Here ORACLE_HOME refers to infra ORACLE_HOME.

Screen 10: OID Login – Here OID superuser login should be given. by default its always orcladmin. You have to give the password for this user. This password will be set for orcladmin. You can give any password.

Screen 11: Select AS10g Meta Data Repository – This will show the name of database that we created as meta data repository as a part of infra installation.

Screen 12: Specify Instance Name – Here you will specify the name of the instance that needs to be created for mid tier and also the admin password for logging into EM (Enterprise Manager).

Screen 13: Summary – At the end it will show summary. Click on install.

You can see the progress of installation. After this initial copy and setup, it will start configuring each components one by one as shown below.

Progress of each component.

At the end it will give the URL for enterprise manager and port details. You can access enterprise manager to manage Application server.

I don’t want to extend this post more now. This completes the installation. More details will be provided in next posts. Thanks.

Hope this helps !!


Oracle Application Server 10g R2 Installation guide

[ESDS error code – 10004] Invalid Email Id – OCS10g

While working on OCS10g when we create a new user, we cannot login to webmail client using the created user ID and password. If we check the user in OID, it says that user has been created successfully.

But if we “View” the user in OID using the view button, you can see at the bottom of the page in E-Mail provisioning following error.

Status – Failed

[ESDS error code – 10004] Invalid Email Id

This is a known issue with OCS. This happens when you try to register a user, which was deleted previously. When you delete a user previously, it removes the information about the user, but it doesn’t delete the user mail store information from the database that is where the problem occurs.

So we need to delete the user mail store information from database manually. Below steps should be executed for removing the mail store information from database and registering the user successfully.

1) Delete the user from OID.

2) Run the following command to remove the mail store information from database.

oesucr filename -clean_user_mailstore_data

Here filename contains the mail ID of the user to be delete. The format of (filename) file is

When you run the command you can see following output

-bash-3.00$ oesucr test.txt -clean_user_mailstore_data
users delete from mailstore list size=1
user to delete mailstore

3) Register the user again in OID. This time you can see E-Mail provisioning status as successful.

Hope this help !!


Oracle Forum

Metalink Nore ID : 333235.1

Enhancement request has been filled for the same by (5240052 - MORE ADMINISTRATOR FRIENDLY DEPROVISIONING)