Thursday, December 19, 2013

Use Java Code Signing Certificate in Oracle E-Business Suite



Create and Import Java Code Signing Certificate to use in Oracle E-Business Suite

Ref: Oracle Note
Enhanced Jar Signing for Oracle E-Business Suite (Doc ID 1591073.1)

Oracle note is important document and covered most of the errors/resolutions. But there are short comings in the document .I did not use ADJAVA command and substituted with KEYTOOL command.

1)     Generate KeyPair

keytool -genkey -keyalg RSA -keysize 4096 -alias EbsJarCert -keypass EbsJarkp1 -storepass EbsJarsp1 -keystore /ebs/home/test/keystore.dat –v

What is your first and last name?
  [Unknown]:  EbsJarServ.com
What is the name of your organizational unit?
  [Unknown]:  Ebs
What is the name of your organization?
  [Unknown]:  Ebs Company
What is the name of your City or Locality?
  [Unknown]:  Washington
What is the name of your State or Province?
  [Unknown]:  District of Columbia
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=EbsJarServ.com, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US correct?
  [no]:  yes

Generating 4,096 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 90 days
        for: CN=EbsJarServ.com, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US
[Storing /ebs/app/keystore.dat]

2)      Verify KeyPair

$ keytool -list –v -storepass EbsJarsp1 -keystore /ebs/home/test/keystore.dat -alias EbsJarCert
 ( You can also execute the same command with adjkey
adjkey -list -v -storepass EbsJarsp1 -keystore /ebs/home/test/keystore.dat -alias EbsJarCert)

Alias name: EbsJarCert
Creation date: Dec 17, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=EbsJarServ.com, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US
Issuer: CN=EbsJarServ.com, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US
Serial number: 52b06a4a
Valid from: Tue Dec 17 09:05:46 EST 2013 until: Mon Mar 17 10:05:46 EDT 2014
Certificate fingerprints:
         MD5:  10:37:62:7D:60:EA:89:AF:15:77:19:62:59:49:28:DD
         SHA1: 02:93:CC:96:BD:EF:CE:28:B9:38:51:8E:4B:F8:94:05:ED:C8:68:0A
         Signature algorithm name: SHA1withRSA
         Version: 3

3)      Request Certificate (CSR)

keytool -certreq -alias EbsJarCert \
                -storepass EbsJarsp1 -keypass EbsJarkp1 \
                -file /ebs/home/test/EbsJarCert.csr \
                -keystore /ebs/home/test/keystore.dat

4)      Submit your CSR to Signing  Authority for certificate (Verisign)

Note: Be sure to request a Java Code Signing Certificate. This certificate can be used to sign your jar content across one or mutliple Oracle E-Business Suite environmments. After you get the certificate, export in X509 format and ftp in ascii to web server.

5)      Verify the Certificate (CRT) after you receive from Verisign

keytool -printcert -v -file /ebs/home/test/EbsJarCert.crt

6)      Import Intermediate and Root Certificate to the cacerts Keystore File

Create myca.crt ( by exporting Intermediate and Root Certificate in X509 format)
Go to = $OA_JRE_TOP/jre/lib/security/
chmod +w cacerts
cat inter.crt root.crt >myca.crt
keytool -import -alias myca -file myca.crt -trustcacerts -v -keystore cacerts
chmod a-w cacerts
Note: The default Java for the cacerts keystore certificates file is usually changeit.

7)      Import the Java Code Signing Certificate into the Keystore

= $APPL_TOP/admin
Create EbsJarCert.crt ( by exporting .crt in X509 format)
cp EbsJarCert.crt $APPL_TOP/admin/adkeystore.crt 
cp /ebs/home/test/keystore.dat $APPL_TOP/admin/adkeystore.dat

Import the certificate
keytool -import \
                -file /ebs/app/test/ appl/admin/adkeystore.crt \
                -trustcacerts -storepass EbsJarsp1
                -alias EbsJarCert \
                -keystore /ebs/app/test / appl/admin/adkeystore.dat
               
8)      Verify and Update jripasswords in the database

Login as APPS
SQL>
set serveroutput on
declare
spass varchar2(30);
kpass varchar2(30);
begin
ad_jar.get_jripasswords(spass, kpass);
dbms_output.put_line('--------');
dbms_output.put_line('STOREPASS = '||spass);
dbms_output.put_line('KEYPASS = '||kpass);
dbms_output.put_line('--------');
end;
/

If STOREPASS and KEYPASS does not match to adkeystore.dat then update with correct passwords
SQL> exec ad_jar.DEL_JRIPASSWORDS;
SQL> exec ad_jar.PUT_JRIPASSWORDS('EbsJarsp1',' EbsJarkp1');

9)      Generate JAR files with ADADMIN

vi $APPL_TOP/admin/adsign.txt
EbsJarCert 1 CUST

adadmin
Choose Generate Applications Files menu
From this menu choose Generate product JAR files

Enter yes when prompted with: Do you wish to force regeneration of all jar files? [No] ? yes

10)   Verify the Digital Signature of a Signed Jar File
jarsigner -verify -verbose -certs /ebs/app/test /comn/java/oracle/apps/fnd/jar/fndlist.jar

X.509, CN=EbsJarServ.com, OU=Digital ID Class 3 - Java Object Signing, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US
      [certificate is valid from 12/17/13 7:00 PM to 12/16/15 6:59 PM]
jar verified.

11)   Test the Applications

Java Control Panel -> Security -> Security Level: Very High
Java Control Panel -> Advanced  -> Show Console (Check)
Java Control Panel -> Advanced  -> Enable logging (Check)
Java Control Panel -> Advanced  -> Enable Trace (Check)

Login to Applications and test

Verify output In Java Console for any issues/errors/warning.

Some of them are
Missing Permissions manifest attribute for:
https://11iurl/OA_JAVA/oracle/apps/fnd/jar/fndutil.jar
Missing Codebase manifest attribute for:
https:// https://11iurl /OA_JAVA/oracle/apps/fnd/jar/fndutil.jar

Fix
All the JAR files are not signed properly , run the following commands
adjava -mx512m -nojit oracle.apps.ad.jri.adjcopy -masterArchive $JAVA_TOP -sync -reportfile javatopfiles.lst
adjava -mx512m -nojit oracle.apps.ad.jri.adjcopy -masterArchive $JAVA_TOP -sync -mode APPLY
Run ADADMIN again and force generate JAR files

For error in java console
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
network: Connecting http://ocsp.verisign.com:80/ with proxy=DIRECT
security: Failing over to CRLs: java.net.SocketTimeoutException: connect timed out
network: Cache entry not found [url: http://crl.verisign.com/pca3-g5.crl, version: null]
network: Connecting http://crl.verisign.com/pca3-g5.crl with proxy=DIRECT
network: Connecting http://crl.verisign.com:80/ with proxy=DIRECT

Fix
Control Panel->Java->Advanced' Tab->'Perform certificate revocation checks on' section - Select “DO NOT CHECK”


Wednesday, December 05, 2012

Cisco VPN on Windows 8

Got new personal Windows 8 laptop. Looks like we need to learn a lot to get familiar using Windows o/s.  

Googling helped a lot - Credit goes to the following link

I have Cisco VPN 5.0.07.0440 for x64 running without any issues on Windows 7 

I used the Followed steps to install and use it on Windows 8.

1) During Installation -> Right Click and check Compatibility to Windows 7
2) After installation imported the PCF file
3) Backup registry
4) Browse to the Registry Key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CVirtA
     Select the DisplayName to modify, and remove the leading characters from the value data upto "%;" i.e.
     "@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to "Cisco Systems VPN Adapter for 64-bit Windows
5) Test Connectivity
  

If you have 32 bit use the following
o    For x86, change the value data from something like "@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter” to "Cisco Systems VPN Adapter


One more Note - to get start menu on Windows 8  then use Power 8  

Wednesday, February 03, 2010

Apps Patching error; FGA enabled ORA-28110

In this post I am not specifying any details about FGA (Fine Grained Auditing) - but some quick steps to resolve the issue

During one of my recent apps patching I ran into the following issue.

SELECT ROWNUM FROM PO.PO_ACCRUAL_RECONCILE_TEMP_ALL WHERE ROWNUM=1
Due to error:
ORA-28110: policy function or package APPS.CST_POLICY_SECURITY has error


As usual searched metalink and googled - except saying that disable FGA and continue patching but no detailed steps.

Detailed Steps

1) SQL to find details
select OBJECT_OWNER, OBJECT_NAME, POLICY_GROUP, POLICY_NAME
from dba_policies where object_name='PO_ACCRUAL_
RECONCILE_TEMP_ALL'

2) Disable FGA for that object
SQL> exec dbms_rls.disable_grouped_policy('OBJECT_OWNER', 'OBJECT_NAME', 'POLICY_GROUP', 'POLICY_NAME');

SQL> exec dbms_rls.disable_grouped_policy('PO', 'PO_ACCRUAL_RECONCILE_TEMP_ALL', 'SYS_DEFAULT', 'CST_POLICY_SECURITY');
or login as PO user and execute statement
SQL> exec dbms_rls.disable_grouped_
policy(NULL, 'PO_ACCRUAL_RECONCILE_TEMP_ALL', 'SYS_DEFAULT', 'CST_POLICY_SECURITY');

then restart the worker and after patching is done

3) Enable FGA for the above object
SQL> exec dbms_rls.enable_grouped_policy('OBJECT_OWNER', 'OBJECT_NAME', 'POLICY_GROUP', 'POLICY_NAME');

SQL> exec dbms_rls.enable_grouped_policy('PO', 'PO_ACCRUAL_RECONCILE_TEMP_ALL', 'SYS_DEFAULT', 'CST_POLICY_SECURITY');
or login as PO user and execute
SQL> exec dbms_rls.enable_grouped_
policy(NULL, 'PO_ACCRUAL_RECONCILE_TEMP_ALL', 'SYS_DEFAULT', 'CST_POLICY_SECURITY');



Hope this helps someone for quick steps

Good Luck

Thursday, January 28, 2010

From 10g Clone DB Home - Never Copy and relink Oracle Binaries.

Prior to 10g - we always used to just copy oracle binaries from source to target (PROD to DEV) and relink. But with 10g, there are lot of files and places where the information is hard-coded.

So use the following way to Clone Oracle Home - And never do copy and relink, its not supported/recommended. The same applied even to 11g.

You can get more information in Oracele Installation Document - under Installer.
This method is also useful if the Oracle home that you are cloning patches applied to it. When you clone this Oracle home, the new Oracle home will have the patch updates as well.


1) Copy Oracle Home from Source to Target
(cd /u01/app/oracle/10.2//db_1 ;tar -cf - .) | ( cd /u01/app/oracle/10.2//db_1; tar -xvfp - ) >> /tmp/prod_dev_dbcopy1.log 2>&1 &


2) Get soft link list on Source

cd /u01/app/oracle/10.2//db_1
find . -type l -exec ls -la {} \; | grep eb_rda0_p| awk '{print " ln -s " $11 " " $9 }' > /tmp/createlink.sh
find . -type l -exec ls -la {} \; | grep eb_rda0_p| awk '{print " rm " $9 }'> /tmp/removelink.sh

3) Remove Softlink on Target
sh /tmp/removelink.sh

4) Recreate Softlinks on Target
edit the temp file with correct path for new oracle home
sh /tmp/createlink.sh

5) Backup oraInventory on Target Server
to get Inventory location do "cat /var/opt/oracle/oraInst.loc"

6) Detach/Remove Existing Oracle Home in OraInventory.
cd $ORACLE_HOME/oui/bin
runInstaller -silent -detachHome ORACLE_HOME="/u01/app/oracle/10.2//db_1" ORACLE_HOME_NAME="OraDb10g"

7) Edit $ORACLE_HOME/clone/config/cs.properties
add "-ignoreSysPrereqs" at the end

8) Set the following Environment variables.
export PATH=$ORACLE_HOME/perl/bin:$PATH:.
export PERL5LIB=$ORACLE_HOME/perl/lib/5.8.3:$ORACLE_HOME/appsutil/perl

9) run Perl clone script
cd $ORACLE_HOME/clone/bin
perl clone.pl ORACLE_HOME="/u01/app/oracle/10.2//db_1" ORACLE_HOME_NAME="OraDb10g"

if for any case you have issues with perl - then you can run the following also
$ORACLE_HOME/oui/bin/runInstaller -silent -clone ORACLE_HOME="/u01/app/oracle/10.2//db_1" ORACLE_HOME_NAME="OraDb10g"


Log File

$perl clone.pl ORACLE_HOME="/u01/app/oracle/
10.2//db_1" ORACLE_HOME_NAME="OraDb10g"
./runInstaller -silent -clone -waitForCompletion "ORACLE_HOME=/u01/app/oracle/
10.2//db_1" "ORACLE_HOME_NAME=OraDb10g" -noConfig -nowait -ignoreSysPrereqs

Starting Oracle Universal Installer...

No pre-requisite checks found in oraparam.ini, no system pre-requisite checks will be executed.

>>> Ignoring required pre-requisite failures. Continuing...

Preparing to launch Oracle Universal Installer from /tmp/OraInstall2009-01-23_11-
47-03PM. Please wait ...Oracle Universal Installer, Version 10.2.0.3.0 Production
Copyright (C) 1999, 2006, Oracle. All rights reserved.

You can find a log of this install session at:
/u01/app/oracle/10.2/
oraInventory/logs/cloneActions2009-01-23_11-47-03PM.log
..............................
...................................................................... 100% Done.

Installation in progress (Fri Jan 23 23:48:22 EST 2009)
..............................
.................................................. 80% Done.
Install successful

Linking in progress (Fri Jan 23 23:48:58 EST 2009)
Link successful

Setup in progress (Sat Jan 24 00:12:00 EST 2009)
Setup successful

End of install phases.(Sat Jan 24 00:12:26 EST 2009)
WARNING:
The following configuration scripts need to be executed as the "root" user.
#!/bin/sh
#Root script to run
/u01/app/oracle/10.2//db_
1/root.sh
To execute the configuration scripts:
1. Open a terminal window
2. Log in as "root"
3. Run the scripts

The cloning of OraDb10g_q592 was successful.
Please check '/u01/app/oracle/10.2/
oraInventory/logs/cloneActions2009-01-23_11-47-03PM.log' for more details.

Any Comments, let me know

Thanks

Tuesday, June 24, 2008

OLAP Added to 10gR2 but XOQ component INVALID

Did not post new blogs for last couple of months, busy working on database upgrade, its a 10.2.0.3, size 5TB and 3 node RAC.

Recently I visited my favorite BLOG like every day/week, and at the same time we got a request to apply OLAP Patch 5746153 - which I applied successfully and done post-patch steps.
Component XOQ was INVALID, no matter what I do, its still Invalid. Did the usual steps - googled, searched metalink and then created tar. Finally I was able to get hold of good analyst who reffered me to note Note:466363.1, after following the steps I got below error.

SQL> select status from dba_registry where comp_id = 'XOQ';
STATUS
------------------------
INVALID

SQL> set serveroutput on size 10000
SQL> exec xoq_validate
compat -> 10.2.0
BEFORE BOOTSTRAPORA-37111: Unable to load the OLAP API sharable library: (Cannot map text forlibrary: mmap(0x0,0x13e6914, 0x5, 0x41, 58, 0x0) returns Permission denied.)
AFTER BOOTSTRAP: REGISTRY.INVALID
comp_name: Oracle OLAP API
version: 10.2.0.3.0
status: INVALID
PL/SQL procedure successfully completed.

$ls -l /home/oracle/10.2/lib//libolapapi10.sl
-rw-r--r-- 1 oracle dba 36056968 Apr 23 2007 /home/oracle/10.2/lib//libolapapi10.sl

Did the usual searching and finally did a CHMOD and ran xoa_validate to my surprise it got validated.

chmod 744 /home/oracle/10.2/lib//libolapapi10.sl

SQL> select status from dba_registry where comp_id = 'XOQ';
STATUS
------------------------
VALID

Then later I found its a know bug 6979371 and oracle ended-up publishing note 603179.1 for the same

Reference Metalink Notes
Note#: <466363.1>Titled: Oracle Olap API Invalid After Adding OLAP
Note#: <603179.1>Titled: Oracle Olap Api Invalid After Upgrade To 10.2.0.3



Good Luck

Monday, March 24, 2008

DST Change - OEM start agent failed, agentTZRegion settings

Because of DST change, I saw the agents which were shutdown are not starting, tried manually but no luck.

$ emctl start agent
Oracle Enterprise Manager 10g Release 10.2.0.2.0.
Copyright (c) 1996, 2006 Oracle Corporation. All rights reserved.
Starting agent ...... failed.
The agentTZRegion value in /home/oracle/product/10.2.0/em10g/agent10g/sysman/config/emd.properties is not in agreement with what agent thinks it should be.Please verify your environment to make sure that TZ setting has not changed since the last start of the agent.
If you modified the timezone setting in the environment, please stop the agent and exectute 'emctl resetTZ agent' and also execute the script mgmt_target.set_agent_tzrgn(
, ) to get the value propagated to repository.
Consult the log files in: /home/oracle/product/10.2.0/em10g/agent10g/sysman/log


Resolution
In emd.properties you need to correctly set the agentTZRegion value
agentTZRegion=-04:00

And login to OEM repository and run the following SQL to get the present values, so you can reset the value in repdb - login as SYS

select TARGET_NAME, timezone_region FROM mgmt_targets WHERE target_type = 'oracle_emd' AND target_name like '%hostname%';

TARGET_NAME TIMEZONE_REGION
-------------------------- --------------------------
hostname.domainname:2872 -05:00


Now reset the value to correct TZ settings

SQL> exec mgmt_target.set_agent_tzrgn('hostname.domainname:2872','-04:00');
SQL> commit;

Restart the agent, its successful

$emctl start agent
Oracle Enterprise Manager 10g Release 10.2.0.2.0.
Copyright (c) 1996, 2006 Oracle Corporation. All rights reserved.
Starting agent .............................. started.



Good Luck, Cheers

Friday, July 13, 2007

Burn multiple ISO into DVD

Non Oracle Post

If you have downloaded software and if it comes in multiple cd ISO images and want to burn into one single image for creating dvd then do the following.

In my case some of the linux s/w which i downloaded has multiple cd's so I used the below method to create the dvd image. I used the single iso image to install linux on vmware.

cat image1.iso image2.iso image3.iso >imagedvd.iso
or
cat image1.iso > imagedvd.iso
cat image2.iso >> imagedvd.iso
cat image3.iso >> imagedvd.iso


All the contents if 3 iso images are clubbed into one image.


Hope this helps someone

Thursday, May 17, 2007

How to setup more than one AD Domains for OID External Authentication (10.1.2 vs 10.1.4)

You might be wondering why I am comparing 2 versions, when we started our integration, 10.1.4 was released and I read technet documentation but could not find any information on metalink (all the info is for 10.1.2 and 9.0.4) and at my earlier project I worked on integrating SiteMinder against 10.1.2, thats how I got some insight into differences which I am sharing with you.

The above combinations are integrated with 11.5.10.2 instances, To login to 11i Users are externally authenticated by AD or Siteminder and 10gAS is used as a intermediary to accomplish it.

We have multiple domains, so I worked on seting up multiple plug-in for external authentication. But at the end we ended up using AD Global Catalog.

10.1.2 - Source:

1) Go to $ORACLE_HOME/ldap/admin
2) Make a copy of oidspada.pls file, and save it as oidspada2.pls
3) Modify oidspada2.pls
* Replace OIDADPSWD with OIDADPSWD2 (Global replace)
4) Make a copy of oidspadi.sh file and save it as oidspadi2.sh (Global Replace)
* replace "oidspada.pls" with "oidspada2.pls"
* replace "adwhencompare" with "adwhencompare2"
* replace "adwhenbind" with "adwhenbind2"
* replace "OIDADPSWD" with "OIDADPSW2"
5) Run oidspad2.sh
It will register new profiles for new domain.

10.1.4 - Source:

1) Configure external authentication for one domain
2) Dump the configuration information into LDIF file
ldapsearch -p 3060 -D cn=orcladmin -w welcome -s sub -L -b "cn=plugin,cn=subconfigsubentry" cn="oidexplg_*_ad" >> output.ldif
3) Modify the output.ldif
cn=oidexplg_compare_ad with cn=oidexplg_compare_ad2
cn=oidexplg_bind_ad with cn=oidexplg_bind_ad2
Change the values for orclpluginflexfield;host and orclpluginflexfield;port for the external directory host name and port number
Modify orclpluginsubscriberdnlist for the plug-in invocation naming context.
4) Upload the new plug-in information
$ORACLE_HOME/ldap/bin/ldapadd -h host -p port -D cn=orcladmin -w orcladminPwd -v -f input.ldif

Test using ldapbind and ldapcompare against both the domains
a) ldapbind -h oidHost -p port -D "cn=ADUser,cn=Users,dc=uk,dc=acme,dc=com" -w adpassword
b) ldapcompare -h oidHost -p port -D "cn=orcladmin" -w iasadminpswd -b "cn=ADUser,cn=Users,dc=uk,dc=acme,dc=com" -a userPassword -v adpassword

a) ldapbind -h oidHost -p port -D "cn=ADUser,cn=Users,dc=us,dc=acme,dc=com" -w adpassword
b) ldapcompare -h oidHost -p port -D "cn=orcladmin" -w iasadminpswd -b "cn=ADUser,cn=Users,dc=us,dc=acme,dc=com" -a userPassword -v adpassword



Good Luck

Configure OID External Authentication Plug-In (10.1.2 vs 10.1.4) against Microsoft AD

We recently integrated our 11.5.10.2 instance with 10gAS (10.1.4 Identity management) using external Authentication from Microsoft Active Directory. Automatic USER provisioning from AD to OID to 11i.

The way external authentication happens in 10.1.2 and 10.1.4 is quite different.In 10.1.2 it uses pl/sql plug-in and 10.1.4 it uses java plug-in.

In 10.1.2 you have to run "$ORACLE_HOME/ldap/admin/oidspadi.sh" to register adwhencompare & adwhenbind profiles.

In 10.1.4 you need to run "$ORACLE_HOME/ldap/jlib/oidexcfg.jar oidexcfg -h oidhost -p port -D cn=orcladmin -w password -t AD" to modify the oidexcfg_compare_ad and oidexcfg_bind_ad plug-in's, the same can also be modified by login to ODM and going to Plug-in Management.

After registering run the following commands to check if AD can authenticate you
1) ldapbind -h oidHost -p port -D "cn=ADUser,cn=Users,dc=acme,dc=com" -w adpassword
2) ldapcompare -h oidHost -p port -D "cn=orcladmin" -w iasadminpswd -b "cn=ADUser,cn=Users,dc=acme,dc=com" -a userPassword -v adpassword

In 10.1.4 you can still use pl/sql plug-in for external authentication but make sure you are not hitting bug#5912665

Another important thing is - In 10.1.2 "orclUserPrincipalName" objectclass contains the external identity used for validating to Active Directory and in 10.1.4 "orclSourceObjectDN" is used instead.

Good Luck






Thursday, April 19, 2007

Timeout Setting when you have 10gAS integrated with 11i along with External Authentication

We are using 11i (11.5.10.2) with 10gAS (10.1.4.0.1) with AD external Authentication. The timeout behavior was not consistent across the board.

The following places needs to be modified to set timeout across the board

11i
System Profile option ICX:Session Timeout 30 (Minutes)
zone.properties file session.timeout=180000 (Milliseconds=30 Minutes)


SSO
a) Navigate to http://:port/pls/orasso
b) Login with an administration account
c) Press 'SSO Server Administration'
d) Press 'Edit SSO Server Configuration'
e) In the section 'Single Sign-On Session Policy', change the Single Sign-on Session Duration from 8Hrs to .5 Hr (30 Min) ---This must match 11i Timeout


Other Timeouts

SSO
Set Global Inactivity Timeout – Login as ORASSO and run $ORACLE_HOME/sso/admin/plsql/sso/ssogito.sq set the “inactivity_period” in Minutes (Default 15 min, To disable timeout set inactivity period to 0)

Set connectionIdleTimeout = 30 (default 120 min) in $ORACLE_HOME/sso/conf/policy.properties

Set OssoIdleTimeout on (Default off) in $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf



OID
To set the interval in ODM select the server, then the Query Optimization tab, LDAP Connection Timeout. The set to 30 (default is 0, no timeout). The value is in minutes. The value should be set to less than any firewall or load balancer timeout.

In ODM select the server, then the System Operational Attributes tab, Statistics Collection Interval is set to 15. The default is 60 minutes. This value should be set to about half the connection timeout.


Bounce the services on 10gAS and 11i
opmnctl stopproc process-type=HTTP_Server
opmnctl startproc process-type=HTTP_Server

opmnctl stopproc process-type=OC4J_SECURITY
opmnctl startproc process-type=OC4J_SECURITY

adapcctl.sh stop
adapcctl.sh start


Good Luck...

Tuesday, January 30, 2007

Oracle Applications Benchmarks

Just saw this article on Oracle site, benchmarks for medium and small configurations.

http://www.oracle.com/apps_benchmark/html/results.html

Hope this helps

Wednesday, January 10, 2007

Wanna know version of RedHat installed?

Wanna know exactly what version of redhat/centos/enterprise linux you are running?

Normally on any unix flavors if you do "uname -a" you get all the details along with servername, o/s build details.

If yo do the same on redhat, it will not tell you what version you are running.
$uname -a
Linux servername 2.4.21-47.ELhugemem #1 SMP Wed Jul 5 20:30:35 EDT 2006 i686 i686 i386 GNU/Linux

To know the version on Redhat/Centos/Oracle Enterprise Linux you need to ...
$cat /etc/redhat-release
Red Hat Enterprise Linux AS release 3 (Taroon Update 8)

$cat /etc/enterprise-release
Enterprise Linux Enterprise Linux AS release 4 (October Update 4)

Good Luck and Cheers!

Monday, November 06, 2006

Search FND_PROFILES for Hard-Coded Path

As part of Windows to Linux Upgrade/Migrate project. I wrote the following query to pull all the profiles that has a hard-coded Windows Path

-- Start Script

SELECT fpo.profile_option_name PROFILE, fpov.profile_option_value VALUE,
DECODE (fpov.level_id,10001, 'SITE', 10002, 'APPLICATION',10003, 'RESPONSIBILITY',10004, 'USER') "LEVEL",
fa.application_short_name app, fr.responsibility_name responsibility,
fu.user_name "USER"
FROM apps.fnd_profile_option_values fpov,
apps.fnd_profile_options fpo,
apps.fnd_application fa,
apps.fnd_responsibility_vl fr,
apps.fnd_user fu,
apps.fnd_logins fl
WHERE fpo.profile_option_id = fpov.profile_option_id
AND fa.application_id(+) = fpov.level_value
AND fr.application_id(+) = fpov.level_value_application_id
AND fr.responsibility_id(+) = fpov.level_value
AND fu.user_id(+) = fpov.level_value
AND fl.login_id(+) = fpov.last_update_login
AND ( LOWER (fpov.profile_option_value) LIKE 'f:%'
OR LOWER (fpov.profile_option_value) LIKE 'd:%'
OR LOWER (fpov.profile_option_value) LIKE 'c:%'
)
ORDER BY 2


-- End Script

Search LONG Column for a string

I am working on Windows to Linux upgrade project. As part of it I was looking for Hard-Coded Paths in Profiles, Packages, Procedures, Functions, Views and Triggers.

Searching for the hard-coded path in DBA_VIEWS and DBA_TRIGGERS posed some challenges. So described is the SQL which I used created to search DBA_VIEWS, same thing can be modified for DBA_TRIGGERS.

(Gave up with formating the code)

-- START Script
SELECT 'Views containing WINDOWS path' WINPATH FROM DUAL;

SET SERVEROUTPUT ON

DECLARE
/* This program will retrive the Hard-coded WINDOWS path used in dba_views; The same program can be used to search in dba_triggers by changing SELECT clause. This script can also be used to search a LONG datatype column by changing required clauses.
*/
v_path varchar2(10);
p_path varchar2(10) := ' ';
v_view dba_views.view_name%TYPE;
v_own dba_views.owner%TYPE;

-- For search in long datatype
cursor1 INTEGER;
ignore INTEGER;
STATEMENT VARCHAR2 (1000);
out_val VARCHAR2 (1000);
out_length INTEGER;
num_bytes INTEGER := 1000;
offset INTEGER;
num_fetches INTEGER;
row_count INTEGER;
out_view VARCHAR2 (30);
out_own VARCHAR2 (30);

CURSOR c1
IS
SELECT 'F:' winpath FROM dual Union
SELECT 'C:' winpath FROM dual Union
SELECT 'D:' winpath FROM dual;

BEGIN
BEGIN
FOR c1_rec IN c1
LOOP
v_path := c1_rec.winpath;

--Search in TRIGGER Body
BEGIN
STATEMENT := 'select text ,view_name,owner from dba_views where owner not in (''SYS'',''SYSTEM'')';
cursor1 := DBMS_SQL.open_cursor;
DBMS_SQL.parse (cursor1, STATEMENT, DBMS_SQL.native);
DBMS_SQL.define_column_long (cursor1, 1);
DBMS_SQL.define_column (cursor1, 2, v_view, 30);
DBMS_SQL.define_column (cursor1, 3, v_own, 30);
ignore := DBMS_SQL.EXECUTE (cursor1);

LOOP
IF DBMS_SQL.fetch_rows (cursor1) > 0
THEN
row_count := row_count + 1;
offset := 0; num_fetches := 1;
DBMS_SQL.COLUMN_VALUE (cursor1, 2, out_view);
DBMS_SQL.COLUMN_VALUE (cursor1, 3, out_own);

LOOP
DBMS_SQL.column_value_long (cursor1, 1, num_bytes, offset, out_val,out_length );

IF (INSTR (UPPER (out_val), v_path) > 0)
THEN
IF (p_path = v_path)
THEN
NULL;
ELSE
DBMS_OUTPUT.put_line ( 'Windows path '
|| v_path
|| ' found in view '
|| out_own
|| '.'
|| out_view
);
p_path := v_path;
END IF;

offset := offset + num_bytes;
num_fetches := num_fetches + 1;
ELSE
EXIT;
END IF;

IF out_length < num_bytes
THEN
EXIT;
END IF;
END LOOP;
ELSE
EXIT;
END IF;
END LOOP;

DBMS_SQL.close_cursor (cursor1);
EXCEPTION
WHEN OTHERS
THEN
DBMS_OUTPUT.put_line (SQLERRM);

IF DBMS_SQL.is_open (cursor1)
THEN
DBMS_SQL.close_cursor (cursor1);
END IF;
END;
END LOOP; -- End of c1_rec loop
END;
END;
/


--END Script