OUD Model ldif

$ cat > oud_model.ldif



dn: dc=example,dc=com
changetype: add
objectclass: top
objectclass: domain

dn: ou=Groups,dc=example,dc=com
changetype: add 
objectclass: top 
objectclass: groupOfUniqueNames 
cn: Groups

dn: ou=customers,dc=example,dc=com
changetype: add
objectclass: top
objectclass: groupOfUniqueNames
cn: customers

OID – How to perform filesystem backup

# File system backup of IDM Home

cd $MW_HOME
tar -cvf OracleIDM1_bkp.tar Oracle_IDM1

# File system backup of Instance Home

cd /u01/app/mwhome/
tar -cvf oid_asinst_1_bkp.tar asinst_1

#Complete backup / snapshot of database
#LDIF back up all your base domain using LDIFWRITE. You can import back the base domain using bulkload.sh script.

$ ldifwrite -connect connect_string  -b base_domain -f backup.ldif

OAM – Webgate Configuration


# Deploying the WebGate - 7778

cd /scratch/appl/oracle/fmw-webtier7778/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate

./deployWebGateInstance.sh -w /scratch/appl/oracle/fmw-webtier7778/Oracle_WT1/instances/instance1/config/OHS/ohs1/ -oh /scratch/appl/oracle/fmw-webtier7778/Oracle_OAMWebGate1/

# Deploying the WebGate - 7779

cd /scratch/appl/oracle/fmw-webtier7779/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate

./deployWebGateInstance.sh -w /scratch/appl/oracle/fmw-webtier7779/Oracle_WT1/instances/instance1/config/OHS/ohs1/ -oh /scratch/appl/oracle/fmw-webtier7779/Oracle_OAMWebGate1/

# Updating the OHS Configuration File - 7778

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/scratch/appl/oracle/fmw-webtier7778/Oracle_WT1/lib

cd /scratch/appl/oracle/fmw-webtier7778/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools

./EditHttpConf -w /scratch/appl/oracle/fmw-webtier7778/Oracle_WT1/instances/instance1/config/OHS/ohs1

# start the OHS Server

cd  /scratch/appl/oracle/fmw-oiamr2ps2/Oracle_IDM1/oam/server/rreg/input

# Edit OAM11GRequest.xml

oam11gr2hostid3
oam11gr2_webgate_7778
http://:7778
rreg_outofband_app_domain

$ cd ../

$ bin/oamreg.sh outofband input/OAM11GRequest.xml

# Explore the input directory under $ORACLE_HOME/oam/server/rreg to see the response file oam11gr2_webgate_7778_Response.xml created by the utility. The security administrator will email this file to the application administrator.

Now, assume that you are the application administrator (this user need not be member of
OAM Administrator role or an LDAP user). Open a new command-line window and navigate
to 

cd /scratch/appl/oracle/fmw-oiamr2ps2/Oracle_IDM1/oam/server/rreg and run the following command:

bin/oamreg.sh outofband input/oam11gr2_webgate_7778_Response.xml

You should get this message after a successful run:
Outofband registration (Part 2) completed successfully! Output
artifacts are created in the output folder.

# Notice that when you ran oamreg.sh this time, it did not prompt you for the agent username or password. Therefore, this can be run locally by the application administrator with no connection to the WLS admin server. Explore the output/oam11gr2_webgate_7778 directory under $ORACLE_HOME/oam/server/rreg to see the cwallet.sso and ObAccessClient.xml artifact files created by the utility.

$ cd /scratch/appl/oracle/fmw-oiamr2ps2/Oracle_IDM1/oam/server/rreg/output/oam11gr2_webgate_7778

cp * /scratch/appl/oracle/fmw-webtier7778/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config

=-=-=-=- # Updating the OHS Configuration File - 7779  -=-=-=-=-=-=-=-=-=-=

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/scratch/appl/oracle/fmw-webtier7779/Oracle_WT1/lib

cd /scratch/appl/oracle/fmw-webtier7779/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools

./EditHttpConf -w /scratch/appl/oracle/fmw-webtier7779/Oracle_WT1/instances/instance1/config/OHS/ohs1

# Use Console to create the SSO Agent : 

a. Name :  oam11gr2_webgate_7779
b. Base URL :  http://db.example.com:7779
c. Host Identifier : oam11gr2hostid2
d. Public Resource List : /public/index.html


# Copy the artifacts : 

cd /scratch/appl/oracle/fmw-oiamr2ps2/user_projects/domains/base_domain/output/oam11gr2_webgate_7779

cp * /scratch/appl/oracle/fmw-webtier7779/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config/

# Restart the OHS Server.

check the 7779 link.

OIM – clean identity audit data i.e. all policy violations, remediation and scans data while retaining rules, policies and scan definitions

# clean identity audit data i.e. all policy violations, remediation and scans data while retaining rules, policies and scan definitions

# run the following sql on db :


--
-- drop all IDA data except for
--   scan definitions, config and event listener data
--
alter table IDA_SCAN_RUN_POLICIES disable constraint FK_ISRP_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_POLICIES disable constraint FK_ISRP_POLICY_ID;

alter table IDA_SCAN_RUN_USER disable constraint FK_ISRU_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_USER disable constraint FK_ISRU_USR_KEY;

alter table IDA_SCAN_RUN_POLICY_VIOLATION disable constraint FK_ISRPV_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_POLICY_VIOLATION disable constraint FK_ISRPV_POLICY_VIOLATION_ID;

alter table IDA_TASK_POLICY_VIOLATION disable constraint FK_ITPV_PV_ID;

alter table IDA_REMEDIATOR disable constraint FK_IR_POLICY_VIOLATION_ID;
alter table IDA_POLICY_VIOLATION disable constraint FK_IPV_POLICY_ID;
alter table IDA_POLICY_VIOLATION_CAUSE disable constraint FK_IPVC_POLICY_VIOLATION_ID;
alter table IDA_POLICY_VIOLATION_CAUSE disable constraint FK_IPVC_RULE_ID;


truncate table ida_scan_run_user;
truncate table ida_scan_run_policy_violation;
truncate table ida_scan_run;
truncate table ida_scan_run_policies;

truncate table IDA_TASK_POLICY_VIOLATION;

truncate table IDA_REMEDIATOR;
truncate table IDA_POLICY_VIOLATION_CAUSE;
truncate table IDA_POLICY_VIOLATION;

alter table IDA_POLICY_VIOLATION enable constraint FK_IPV_POLICY_ID;
alter table IDA_POLICY_VIOLATION_CAUSE enable constraint FK_IPVC_POLICY_VIOLATION_ID;
alter table IDA_POLICY_VIOLATION_CAUSE enable constraint FK_IPVC_RULE_ID;
alter table IDA_REMEDIATOR enable constraint FK_IR_POLICY_VIOLATION_ID;

alter table IDA_SCAN_RUN_POLICIES enable constraint FK_ISRP_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_POLICIES enable constraint FK_ISRP_POLICY_ID;

alter table IDA_SCAN_RUN_USER enable constraint FK_ISRU_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_USER enable constraint FK_ISRU_USR_KEY;

alter table IDA_SCAN_RUN_POLICY_VIOLATION enable constraint FK_ISRPV_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_POLICY_VIOLATION enable constraint FK_ISRPV_POLICY_VIOLATION_ID;

alter table IDA_TASK_POLICY_VIOLATION enable constraint FK_ITPV_PV_ID;