Tuesday, June 23, 2009

LDAP and ObjectClass

After AS Upgrade to 10.1.2.3.0 adding an a new object class does not get automatically included when the user is updated.
I introduced a new objectclass for self password validation and updating it would result with an error as below



This affected old users in the system but new users were not.

By making a ldapsearch on the user , it is found that the objectclass "passwordvalidation" is not found.
Note: passwordvalidation is an objectclass that is custom created and not available by default.

$ ldapsearch -v -h server01 -p 389 -D "cn=orcladmin" -w "welcome1" -s sub -b "dc=oracle,dc=com"  "uid=testuser" "objectclass=*"
objectclass=top
objectclass=person
objectclass=organizationalPerson
objectclass=inetOrgPerson
objectclass=orcluser
objectclass=orcluserv2
objectclass=customuserclass

So I had to add it manually for all the users.

I did a quick fix what came in my mind , not sure if there are other ways to workaround it.

$ ldapsearch -v -h server01 -p 389 -D "cn=orcladmin" -w "welcome1" -s sub -b "cn=users,dc=oracle,dc=com" "uid=*" dn > 1.txt
$ sed 's/ //g' 1.txt > 11.txt ( to remove space in the DN )

$ for i in `cat 11.txt`
  do
  echo $i
  echo "objectclass=passwordvalidation"
  echo 
  done > 111.txt

$ ldapmodify -c -h server01 -p 389 -D "cn=orcladmin" -w "welcome1" -f 111.txt > 1111.txt


ldapsearch for the same user

$ ldapsearch -v -h server01 -p 389 -D "cn=orcladmin" -w "welcome1" -s sub -b "dc=oracle,dc=com"  "uid=testuser" "objectclass=*"
objectclass=top
objectclass=person
objectclass=organizationalPerson
objectclass=inetOrgPerson
objectclass=orcluser
objectclass=orcluserv2
objectclass=customuserclass
objectclass=passwordvalidation


The error is no more and I was able to modify the user profile without any issues.

Monday, June 22, 2009

Import Dump Utility and Logging

Recently I implemented an automated refresh logic for a warehouse database from production to test.
I used Export/Import Dump utility to achieve it as I need to extract only a subset of data from the production.

The Export was fine but the Import had huge delays.
The reason being archivelogs during the import process which cannot skip the redo. So , for all the objects that were created the system was generating redo which turned out to generate archivelogs.

IMPDP does not have an option to switch off archivelogs.

Study in metalink found that there is an Enhancement Request 4568451 for the same which will be available from release 1 version of the database as a patch.

At present I am switching off archival at the database level to achieve the speed in importing.

Saturday, June 13, 2009

Discoverer and LDAP

Even after Oracle is tightly integrating its components , something is left behind which makes the application completely unusable sometimes.
I had a Discoverer instance which has to be integrated with Single SignOn. This is quite possible and it works perfect.

But after login in to the application with single signon user, there is a possibility for re-using the SSO user in the database by registering the target database with the Oracle Internet Directory.

I am here just making a link to a demo where the integration is quite explained briefly.

Following it a database can be registered , I registered the database where EUL resides with OID.
Now from the database I could login as the oid user.

Now I am accessing discoverer and connecting as the OID user (DISOC1).
I created a workbook and saved it.

Now I am accessing discoverer and connecting as another OID user (DISOC2) and I am able to see the workbook created by the previous user(DISOC1).

At the backend the EUL5_DOCUMENTS has the DOC_CREATED_BY as the GLOBAL SCHEMA USER instead of DISOC1.

What could be the reason ?
I asked the same to Oracle Discoverer Support and got a feedback
"ER 5637910 DISCOVERER (OID SUPPORT) is currently at Status: 23,Scheduled for Future Release, however no timeframe for inclusion in the Disco product has been included in the ER. So not firm date for this functionality has been released. That means it will not be in Disco 11g, possibly 12g."

This issue is not seen in APPS mode EUL which is setup in Oracle E-Business Suite.

Good , now as usual we have to look for work arounds which can make this work which is under Oracle Standards.

Here are some tips to achive it.

I managed to use Oracle Internet Directory plugins to create and maintain the user in the database.
The plugins created the user by mapping to the DN in OID using the option in create user "globally identified as" when a user is created from the OIDDAS page.
Ex: create user test globally identified as 'cn=test,cn=users,dc=testdomain,dc=com';

Here the user in the database does not hold a seperate password but rather share the one from the OID.
Also there are special pluginscreated for user modification and deletion action.

Rest I managed using Roles in Enterprise Security Manager and still have the user management from OIDDAS.

The OID Plugins are quite interesting and once used to it , one can make use of it in different areas.

The purpose of this plugin and user management is to make sure the EUL5_DOCUMENTS records the login username in DOC_CREATED_BY.
Once Oracle Supports delivers a model which can perform this then I have to just switch off my plugins and delete all the users OID users in the database.
I have taken measure to store the scheduled workbooks in a seperate repository so that the user schema does not own any objects.

I hope this can help somebody who is developing a similar logic.

Friday, June 12, 2009

APEX and BI Publisher Integration

pdf_arch.png


I had a requirement to setup BI Publisher as a printing server for APEX. 
Enabling it would make APEX deliver high rich printing with the help of BI Publisher Engine.

RTF templates that are built from BI Publisher Word Template Builder works good in APEX .

You can follow instructions in the link to setup the APEX and BI Publisher integration.
Refer Section 3.3 Configuring Application Express to use BI Publisher

When it comes to hand written or template builder generated XSL-FO layout there are few limitations and bugs.
An XSL-FO which generates data in the format of tables comes up good when APEX process it with the help of BI Publisher Engine.
But if the XSL-FO layout has a Graph then it never gets processed. There will be a zero-byte PDF file generated when done.

For some technical reasons the BI Publisher Engine does not process the Graph that is in the XSL-FO Code that is loaded into APEX.
But the same XSL-FO layout works find with a graph if invoked from a BI Publisher standalone edition.

Oracle Apex Support group is addressing this issue and it has been promised to get a fix in version APEX version 4.0
BUG 8237966 : PDF PRINTING OF CHARTS FROMAPEX TO BI PUBLISHER WITH XSL-FO LAYOUT NOT WORKING

Tuesday, June 9, 2009

BI Publisher Template Builder - Alternative Text

I am developing a complex graph solution with bipublisher.
I have a combined graph created with the bipublisher wizard and copied the code from the alternative text of the graph item.
Later I copied the graph code and modified it to suit my need , basically have added some more series.
Then I tried to copy the code back into the alternative text of the graph component and it stops my work as the content of the alternative text is restricted. I had a requirement of around 25 graphs which is quite not feasable with XSL-FO

This way of editing the graph is working and is supported as per documentation.
The problem is when the graph becomes bigger then there is a probem with the alternative text which has the limitation of 255 characters.

I needed a solution to move this graph. XSLFO translation works but it is mandatory for me to have it in the RTF template format as XSL-FO will introduce too much of efforts.

Later a detailed investigation with Oracle BI Publisher support was made and the final outcome was "Not Possible" because Word is used as the template builder and Oracle BI Publishers uses the Alternate Text area to store its information. Only if Microsoft can increase the size it can help BI Publisher in that case else Oracle has to look for some other reliable editor , may be open office can help them but it needs some improvement.

Monday, June 8, 2009

BI Publisher roles does not reflect immediately

BI Publisher security is setup as LDAP
The roles are created in OIDDAS ( XMLP_ADMIN,XMLP_SCHEDULE,...)

Issue is when a user is added to any of the role above does not immediately reflect in BI Publisher.
A bounce make it to work.

The version affected is 10.1.3.4

This is fixed in version 10.1.3.4.1 where the cache can be refreshed by scheduling.

ldap_cache.gif

The setup is simple after applying 10.1.3.4.1
See this link for details

AS 10.1.2.3 SSLConfigTool does not update the config files

This issue happened on HP UX machine where a 10.1.2.2 Application Server was upgraded to 10.1.2.3.
After the upgrade the SSLConfigTool does not update the necessary configuration files.

The configuration files update part has to be done manually following Note 351365.1 - How To Set up and Configure SSO and OIDDAS to use SSL.

Popular Posts