How to clean up resource history for an account of a user in OIM

Ever came across a trouble some account in the list of accounts provisioned to a user ? Ever felt to mark all the tasks triggered on that particular instance as cancel? 

If the answer is yes, then you have the solution below.


            UPDATE SCH SET SCH_STATUS='X' where SCH_KEY IN (
            SELECT SCH.SCH_KEY FROM OIU, APP_INSTANCE, ORC, OSI, SCH, MIL, USR, OST
            WHERE OIU.USR_KEY = USR.USR_KEY
            AND OIU.APP_INSTANCE_KEY = APP_INSTANCE.APP_INSTANCE_KEY
            AND OIU.ORC_KEY = ORC.ORC_KEY
            AND ORC.ORC_KEY = OSI.ORC_KEY
            AND OSI.SCH_KEY = SCH.SCH_KEY
            AND MIL.MIL_KEY = OSI.MIL_KEY
            and oiu.ost_key = OST.OST_KEY
            and MIL.MIL_NAME ! ='Delete User'
  
            AND OIU.ORC_KEY =GIVE ORC KEY HERE);

Query to find the list of all acccounts associated/provisioned to a user in OIM

    SELECT USR.USR_LOGIN,APP_INSTANCE.APP_INSTANCE_NAME,OST.OST_STATUS,oiu.orc_key FROM OIU
    JOIN USR ON OIU.USR_KEY = USR.USR_KEY
    JOIN APP_INSTANCE ON OIU.APP_INSTANCE_KEY  = APP_INSTANCE.APP_INSTANCE_KEY
    JOIN OST ON OIU.OST_KEY = OST.OST_KEY
    WHERE USR.USR_LOGIN IN ('GIVE LOGIN ID HERE') ORDER BY USR.USR_LOGIN;

Query to find the list of all entitlements of a user for a given application instance in OIM

Query to find the list of all entitlements of a user for a given application instance in OIM

select usr.usr_login,app_instance.app_instance_name,ent_list.ent_display_name,ent_assign.ent_status  from ent_assign
join usr on usr.usr_key = ent_assign.usr_key and usr.usr_login = upper('Given user login here')
join ent_list on ent_list.ent_list_key = ent_assign.ent_list_key
join app_instance on ent_list.obj_key = app_instance.object_key and ent_list.svr_key = app_instance.itresource_key
where app_instance.app_instance_name = 'Give App Instance Name here'

Query to find out the list of all 'Create User' tasks that did not succeed on a given application instance in OIM

Query to find out the list of all 'Create User' tasks that did not succeed on a given application instance in OIM

 

Say, you are asked as below... Hey.... can you give me the list of all 'Create User' tasks that got rejected on a given application instance say... 'ActiveDirectory'... 

How to find that.... no issues, use below query.... :) 

SELECT APP_INSTANCE.APP_INSTANCE_name,mil.mil_name, sch.SCH_STATUS FROM OIU, APP_INSTANCE, ORC, OSI, SCH, MIL, USR, OST
WHERE OIU.USR_KEY = USR.USR_KEY
AND OIU.APP_INSTANCE_KEY = APP_INSTANCE.APP_INSTANCE_KEY
AND OIU.ORC_KEY = ORC.ORC_KEY
AND ORC.ORC_KEY = OSI.ORC_KEY
AND OSI.SCH_KEY = SCH.SCH_KEY
AND MIL.MIL_KEY = OSI.MIL_KEY
and oiu.ost_key = OST.OST_KEY
and MIL.MIL_NAME  ='Create User'
and APP_INSTANCE.APP_INSTANCE_NAME = 'ActiveDirectory'
and SCH_STATUS!='C'

Query to find the list of all process tasks associated with a resource object.

 Query to find the list of all process tasks associated with a resource object in OIM.


select * from mil
join tos on tos.tos_key = mil.tos_key
join pkg on tos.pkg_key = pkg.pkg_key
join obj on  pkg.obj_key = obj.obj_key
where obj.obj_name = [Give the resource object name here in single quotes] 



Well, lets go a step further...

I want to know the adapter that is mapped to each task listed with above query too...

hmm okay... here you go...


select OBJ.OBJ_NAME, MIL.MIL_NAME,ADP.ADP_NAME from mil
join tos on tos.tos_key = mil.tos_key
join pkg on tos.pkg_key = pkg.pkg_key
join obj on  pkg.obj_key = obj.obj_key
LEFT OUTER JOIN ADP ON ADP.EVT_KEY = MIL.EVT_KEY
where obj.obj_name = [Give the resource object name here in single quotes] 


So sweet .... right?

Lets go one step ahead, How nice would it be, if I have a query that will tell me, the process task name, the adapter that the task is mapped to, and all the task adapter mappings, for a given resource object....

In such a case, we can save some time, instead of opening design console... right?

Alright... here is your query...

select OBJ.OBJ_NAME, Mil.mil_key,MIL.MIL_NAME,adp.adp_key,ADP.ADP_NAME,ADV.ADV_NAME, MAV.MAV_MAP_TO,MAV.MAV_MAP_QUALIFIER,MAV.MAV_MAP_VALUE from mil
join tos on tos.tos_key = mil.tos_key
join pkg on tos.pkg_key = pkg.pkg_key
join obj on  pkg.obj_key = obj.obj_key
LEFT OUTER JOIN ADP ON ADP.EVT_KEY = MIL.EVT_KEY
left outer join mav on mav.mil_key = mil.mil_key
left outer JOIN ADV ON MAV.ADV_KEY = ADV.ADV_KEY
where obj.obj_name = [Give the resource object name here in single quotes] order by 3 asc


loved the journey?  :)
  

How to improve Catalog searches?

Catalog searches from OIM identity console may get slower over time. The catalog searches can be improved by rebuilding Oracle indexes on the CATALOG table.

1. Run this query to find all the index on the table select * from user_indexes where table_name='CATALOG';
   
2. The query will produce result like this
   CATALOG_PK
   UK_ENTITY_KEY_TYPE
   IDX_CATALOG_IS_DEL
   IDX_CATALOG_IS_REQ
   IDX_CATALOG_ENTITY_KEY
   CAT_TAGS
   IDX_CATALOG_ENTITY_TYPE
   
3. Run this command to build each indexes  ALTER INDEX <index_name> rebuild;

How does Refresh Role Memberships work

Refresh Role Memberships

As per oracle documentation, This job evaluates the role memberships and assigns users to roles based on rules. This job evaluates all the roles whose membership rules have changed since the last job run and their immediate evaluation have not been opted by the administrator. Any guess as of from which table, does this job consider the records that it needs to process?

The answer is DYN_EVAL_CHANGELOG 

 

Query to find the list of all roles associated with a given application instance.

Query to find the list of all roles associated with a given application instance



SELECT UGP_DISPLAY_NAME
FROM POG , UGP  , POL , pop  , app_instance
WHERE POG.UGP_KEY=UGP.UGP_KEY
AND POL.POL_KEY= POG.POL_KEY
and pop.POL_KEY= POL.POL_KEY
and pop.obj_key= app_instance.object_key
and pop.pop_denial =0
and app_instance_display_name = :AppInstDispName

Dynamic date range in BI Publisher

Dynamic date range in BI Publisher


While you are scheduling any BI report, you might need to give the date range.
If you wanna achieve dynamism to your report, below is the syntax.

Below snippet would fetch the results for the last seven days.


Date Range From: {$SYSDATE()-7$}
Date Range To : {$SYSDATE()$}

To know the current status of any entry[You need to know the orc key of the entry you are interested in ] in UD table

To know the current status of any entry[You need to know the orc key of the entry you are interested in ] in UD table


select OST_STATUS,ost_key from OST where ost_key in (select ost_key from oiu where orc_key =1022507)

Time taken to run a java program

****Time taken to run a program*****

Can be used in scheduled tasks in OIM for performance considerations.

long startTimer = System.nanoTime();
long endTimer = System.nanoTime();
System.out.print("Time to run this  "+(endTimer - startTimer)+"ns");

Tips for viewing oim log file

Tips for viewing oim log file

Generally the oim log files are very huge. Most of the engineers try to download the huge files using WIN SCP and use conventional editors like notepad++ or Textpad to search for the error(s).

And some senior folks who are well versed with VI try to use VI commands.

Here is an alternative to both the approaches.

Use the below command to find out the line numbers which will contain the error string you are searching for.

grep -n "Record is inserted into table!" oim_server1.out

Now use below command to display log snippet below two specified line numbers.

sed -n 114993700,114993750p oim_server1.out  

To get list of all AI forms that are in use at the moment

To get list of all AI forms that are in use at the moment


select app_instance_dataset from app_instance where app_instance_dataset is not null;

Query to find out the series of orchestration events for a given request.

Query to find out the series of orchestration events for a given request

select * from orchevents where processid = (select orchestration_process_id from request where request_key = 19957) order by orchorder

How to fetch the lookup values using db query

How to fetch the lookup values using db query

select LKV_ENCODEd, LKV_DECODED from LKV, LKU WHERE lku.lku_type_string_key='Lookup.ABC.SecondaryGroups' and lkv.lku_key = lku.lku_key

Update Scheduled task input paramter through API

    public static updateSchTask(String scheduleJobName, String parameterName,
                                  String parameterValue)
    {
            try
            {
                SchedulerService schedulerService = Platform.getService(SchedulerService.class);

                JobDetails jobdetails =  schedulerService.getJobDetail(scheduleJobName);
                HashMap<String, JobParameter> params = jobdetails.getParams();

                JobParameter jobParam = params.get(parameterName);
                //Updating the Job Parameter Value in the Object
                jobParam.setValue(parameterValue);
                params.put(parameterName, jobParam);

                //Udating the Schedule Task Parameters in OIM
                schedulerService.updateJob(jobdetails);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

Deleting UDF from USR table in OIM

package  oimimage;
import java.util.Hashtable;

import javax.security.auth.login.LoginException;

import oracle.iam.configservice.api.ConfigManager;
import oracle.iam.configservice.api.Constants;
import oracle.iam.configservice.exception.AccessDeniedException;
import oracle.iam.configservice.exception.ConfigManagerException;
import oracle.iam.configservice.exception.NoSuchEntityException;
import oracle.iam.platform.OIMClient;

public class deleteuserudf
{
    public deleteuserudf()
    {
        super();
    }
   
    public static OIMClient oimClient;
   

    public static void main(String[] args) throws LoginException
                                                   {
       
        oimClient = getOIMConnection();
       
        ConfigManager configMgrOps = oimClient.getService(ConfigManager.class);


        try {
            configMgrOps.deleteAttribute(Constants.Entity.USER, "Sample_Field");
        }
        catch (NoSuchEntityException e)
        {
            System.out.println(e.getErrorMessage());
        }
        catch (AccessDeniedException e)
        {
            System.out.println(e.getErrorMessage());
        }
        catch (ConfigManagerException e)
        {
            System.out.println(e.getErrorMessage());
        }
    }
   
   
    public static OIMClient getOIMConnection() throws LoginException {
    
        String PROVIDER_URL = "t3://server:port";  
       
      
        String USERNAME = "xelsysadm";
        String PASSWORD = "Password";
       
        System.setProperty("java.security.auth.login.config", "D:\\authwl.conf");
        System.setProperty("java.security.policy", "D:\\xl.policy");
        System.setProperty("APPSERVER_TYPE", "wls");
       
        
        
        Hashtable env = new Hashtable();
       
        env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, PROVIDER_URL);
        env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,OIMClient.WLS_CONTEXT_FACTORY);
       
        oimClient = new OIMClient(env);
        oimClient.login(USERNAME, PASSWORD);


        System.out.println("connection established");
        return oimClient;
       
    }
}

Query to fetch the 'Resource History' in OIM

--Resource History
select osi.sch_key, osi.orc_key, osi.mil_key,
to_char(osi.osi_assigned_date,'dd-mon-rrrr hh24:mi:ss') ,to_char(OSI.OSI_UPDATE,'dd-mon-rrrr hh24:mi:ss')
,osi.rsc_key, sch.sch_status, sch.sch_data, mil.mil_name, SCH.sch_update,to_char(sysdate,'dd-mon-rrrr hh24:mi:ss')
from osi, sch, mil
where osi.sch_key = sch.sch_key
and osi.mil_key = mil.mil_key
and osi.orc_key in (ENTER THE ORC KEY HERE)
order by sch.sch_update desc;

ODSEE basic installation steps

ORACLE DIRECTORY SERVER ENTERPRISE EDITION BASIC INSTALL STEPS

Installation procedure of Oracle Directory Server Enterprise Edition 11.1.1.5 aka Sun Directory Server Enterprise Edition 7 The installation procedure can be divided into the following steps:

A) Laying out the software elements in the chosen place on a host filesystem.

B) Pre-configuring installation--running the minimum set of commands to make the software installation operational.

C) Checking the installation--running a few commands to confirm if the software is fully operational

--Note that DSEE 7.0 processes run as 32-bit applications on Windows systems.

A)Laying out the software elements in the chosen place on a host filesystem.

1)Unpack the .zip file 'ofm_odsee_win_11.1.1.5.0_disk1_1of1.zip' This contains two folders 'ODSEE_Identity_Synchronization_for_Windows' and 'ODSEE_ZIP_Distribution'. Open the folder 'ODSEE_ZIP_Distribution' and see it contains the following files

'idsktune.exe'-->utility, 'sun-dsee7.zip'  and 'vcredist_x86.exe'-->Microsoft Visual C++ 2008 Redistributable Package

2)Directory Server Enterprise Edition 11g Release 1 (11.1.1.5.0) depends on the Microsoft Visual C++ 2008 Redistributable Package. Double-click and install vcredist_x86 if the Microsoft Visual C++ 2008 Redistributable Package is not already installed on the system.

3.Run the idsktune utility. This is for system checking.. dont worry if this shows any errors.

4.Unpack sun-dsee7.zip where you want to put the software, such as C:\Sun\dsee7. The .zip contains a dsee7 folder that houses all the files you need to keep

B)Pre-configuring installation--running the minimum set of commands to make the software installation operational.

After installing the Directory Server Enterprise Edition software successfully, you must pre-configure the software to make it functional.

This includes the following steps.

--To Pre-Configure "Directory Service Control Center" and the "DSCC Agent"

The Directory Service Control Center (DSCC) is a web-based interface to manage Directory Server and Directory Proxy Server instances.(a web app housed in an application server such as GlassFish, Tomcat, or WebLogic )

1)Initialize the DSCC registry.

(the Directory Server instance DSCC uses to keep track of managed servers. During this step, set and remember the Directory Service Manager password.Directory Service Manager is the DSCC user who has credentials to handle all managed servers.)

C:\Sun\dsee7\bin>dsccsetup ads-create

Choose password for Directory Service Manager:

Confirm password for Directory Service Manager:

Creating DSCC registry...

DSCC Registry has been created successfully

C:\Sun\dsee7\bin>

2)Create theWAR file for DSCC.

C:\Sun\dsee7\bin>dsccsetup war-file-create

Created C:\Sun\dsee7\var\dscc7.war

C:\Sun\dsee7\bin>

3)Note the port and the path assigned to DSCC registry

C:\Sun\dsee7\bin>dsccsetup status

***

DSCC Agent is not registered in Cacao

***

DSCC Registry has been created

Path of DSCC registry is C:/Sun/dsee7/var/dcc/ads

Port of DSCC registry is 3998

***

C:\Sun\dsee7\bin>

4)To create server instances on the same host where DSCC is deployed, register the DSCC agent in the CommonAgent Container (a local service residing in the Common Agent Container, aka Cacao, that allows you to access servers, in particular to start them when they are stopped, and so forth).

C:\Sun\dsee7\bin>dsccsetup cacao-reg

Configuring Cacao...

Cacao will listen on port 21162

Cacao has been successfully configured.

Registering DSCC Agent in Cacao...

Checking Cacao status...

Starting Cacao...

DSCC agent has been successfully registered in Cacao.

C:\Sun\dsee7\bin>

5)status check:::

C:\Sun\dsee7\bin>dsccsetup status

***

DSCC Agent is registered in Cacao

Cacao uses a custom port number (21162)

***

DSCC Registry has been created

Path of DSCC registry is C:/Sun/dsee7/var/dcc/ads

Port of DSCC registry is 3998

DSCC registry is not running. You may start it using:

         C:/Sun/dsee7/bin/dsadm.exe start C:/Sun/dsee7/var/dcc/ads

***

C:\Sun\dsee7\bin>

6)start the dscc registry

C:\Sun\dsee7\bin>dsadm.exe start C:/Sun/dsee7/var/dcc/ads

Waiting for Directory Server instance 'C:/Sun/dsee7/var/dcc/ads' to start...

Directory Server instance 'C:/Sun/dsee7/var/dcc/ads' started: pid=2064

7)status check:::

C:\Sun\dsee7\bin>dsccsetup status

***

DSCC Agent is registered in Cacao

Cacao uses a custom port number (21162)

***

DSCC Registry has been created

Path of DSCC registry is C:/Sun/dsee7/var/dcc/ads

Port of DSCC registry is 3998

***

C:\Sun\dsee7\bin>

8)Deploy theWAR file in any of the supported application server instance.

We are choosing to deploy this war file on to admin server on weblogic server.

start admin server

Browse theWebLogic console using http://localhost:7001/console

Navigate to basic_domain/Deployments in the Domain Structure panel

Click Lock and Edit

Click Install

Click Upload your file(s).

In Deployment Archive, select install-path/var/dscc7.war and click Next

Select dscc7.war and click Next.

Select Install this deployment as an application and click Next

Provide a Name for the deployment, accept the default Optional Settings and click Finish

Click Activate Changes in the top left corner.

The dscc7 deployment must be in the active state

9)check the dscc web interface

Use http://hostname:port/dscc7 to connect to DSCC.

The default port number for Oracle WebLogic Server is 7001.

The Oracle Directory Service Control Center authentication page is displayed

username:admin

password: As given while creating the registry.

C)Checking the installation--running a few commands to confirm if the software is fully operational

1)Creation of server instances

C:\Sun\dsee7\bin>dsadm create -p 2389 -P 2636 C:\Sun\servers\dsInst2

Choose the Directory Manager password:

Confirm the Directory Manager password:

Use 'dsadm start 'C:\Sun\servers\dsInst2'' to start the instance

C:\Sun\dsee7\bin>dsadm create -p 1389 -P 1636 C:\Sun\servers\dsInst1

Choose the Directory Manager password:

Confirm the Directory Manager password:

Use 'dsadm start 'C:\Sun\servers\dsInst1'' to start the instance

C:\Sun\dsee7\bin>

2)Starting the server instances

C:\Sun\dsee7\bin>dsadm start C:\Sun\servers\dsInst2

Waiting for Directory Server instance 'C:/Sun/servers/dsInst2' to start...

Directory Server instance 'C:/Sun/servers/dsInst2' started: pid=1440

C:\Sun\dsee7\bin>dsadm start C:\Sun\servers\dsInst1

Waiting for Directory Server instance 'C:/Sun/servers/dsInst1' to start...

Directory Server instance 'C:/Sun/servers/dsInst1' started: pid=1836

C:\Sun\dsee7\bin>

3)Create and delete the server instances.

C:\Sun\dsee7\bin>dsadm create -p 3389 -P 3636 C:\Sun\servers\dsInst3

Choose the Directory Manager password:

Confirm the Directory Manager password:

Use 'dsadm start 'C:\Sun\servers\dsInst3'' to start the instance

C:\Sun\dsee7\bin>dsadm delete C:\Sun\servers\dsInst3

Removing 'C:/Sun/servers/dsInst3' directory ...

Directory Server instance 'C:/Sun/servers/dsInst3' deleted

C:\Sun\dsee7\bin>

4)Suffix creation and data population

C:\Sun\dsee7\bin>dsconf create-suffix -p 1389 -e dc=example,dc=com

Enter "cn=Directory Manager" password:

C:\Sun\dsee7\bin>dsconf import -p 1389 -e C:/Sun/dsee7/resources/ldif/Example.ldif dc=example,dc=com

Enter "cn=Directory Manager" password:

New data will override existing data of the suffix "dc=example,dc=com".

Initialization will have to be performed on replicated suffixes.

Do you want to continue [y/n] ?  y

## Index buffering enabled with bucket size 40

## Beginning import job...

## Starting to process and index entries

## Processing file "C:/Sun/dsee7/resources/ldif/Example.ldif"

## Finished scanning file "C:/Sun/dsee7/resources/ldif/Example.ldif" (160 entries)

## Workers finished; cleaning up...

## Workers cleaned up.

## Cleaning up producer thread...

## Indexing complete.

## Starting numsubordinates attribute generation.

## This may take a while, please wait for further activity reports.

## Numsubordinates attribute generation complete. Flushing caches...

## Closing files...

## Import complete.  Processed 160 entries in 4 seconds. (40.00 entries/sec)

Task completed (slapd exit code: 0).

C:\Sun\dsee7\bin>

5)View the entries from a normal ldap broswser

6)execute a sample ldap search command

C:\Sun\dsee7\bin>ldapsearch -h localhost -p 1389 -b dc=example,dc=com "(uid=bjensen)" mail

uid=bjensen, ou=People, dc=example,dc=com

mail=bjensen@example.com

7)Register the above created server instances with DSCC

C:\Sun\dsee7\bin>dsadm.exe start C:/Sun/dsee7/var/dcc/ads

Directory Server instance 'C:/Sun/dsee7/var/dcc/ads' started: pid=3272

C:\Sun\dsee7\bin>dsccreg add-server -h localhost -p 3998  C:\Sun\servers\dsInst1

Enter DSCC administrator's password:

C:\Sun\servers\dsInst1 is an instance of DS

Enter password of "cn=Directory Manager" for C:\Sun\servers\dsInst1:

This operation will restart C:\Sun\servers\dsInst1.

Do you want to continue ? (y/n) y

Connecting to C:/Sun/servers/dsInst1 (using ldap://127.0.0.1:1389)

Enabling DSCC access to C:/Sun/servers/dsInst1

Restarting C:/Sun/servers/dsInst1

Registering C:/Sun/servers/dsInst1 in DSCC on localhost.

C:\Sun\dsee7\bin>

adding another server...

C:\Sun\dsee7\bin>dsccreg add-server -h localhost -p 3998  C:\Sun\servers\dsInst2

Enter DSCC administrator's password:

C:\Sun\servers\dsInst2 is an instance of DS

Enter password of "cn=Directory Manager" for C:\Sun\servers\dsInst2:

This operation will restart C:\Sun\servers\dsInst2.

Do you want to continue ? (y/n) y

Starting C:/Sun/servers/dsInst2

Connecting to C:/Sun/servers/dsInst2 (using ldap://127.0.0.1:2389)

Enabling DSCC access to C:/Sun/servers/dsInst2

Restarting C:/Sun/servers/dsInst2

Registering C:/Sun/servers/dsInst2 in DSCC on localhost.

8)viewing the list of servers registered with dscc

C:\Sun\dsee7\bin>dsccreg list-servers -h localhost -p 3998

Enter DSCC administrator's password:

Hostname        Port  sPort  Type  Owner  Flags  iPath                   Description

--------------  ----  -----  ----  -----  -----  ----------------------  -----------

192.168.64.131  1389  1636   DS                  C:/Sun/servers/dsInst1

192.168.64.131  2389  2636   DS                  C:/Sun/servers/dsInst2

2 server instance(s) found in DSCC on localhost.

C:\Sun\dsee7\bin>

9) unregistering  a server from dscc

C:\Sun\dsee7\bin>dsccreg remove-server -h localhost -p 3998  C:\Sun\servers\dsInst2

Enter DSCC administrator's password:

C:\Sun\servers\dsInst2 is an instance of DS

Enter password of "cn=Directory Manager" for C:\Sun\servers\dsInst2:

This operation will restart C:\Sun\servers\dsInst2.

Do you want to continue ? (y/n) y

Unregistering C:/Sun/servers/dsInst2 from DSCC on localhost.

Connecting to C:/Sun/servers/dsInst2 (using ldap://127.0.0.1:2389)

Disabling DSCC access to C:/Sun/servers/dsInst2

Restarting C:/Sun/servers/dsInst2

C:\Sun\dsee7\bin>dsccreg list-servers -h localhost -p 3998

Enter DSCC administrator's password:

Hostname        Port  sPort  Type  Owner  Flags  iPath                   Description

--------------  ----  -----  ----  -----  -----  ----------------------  -----------

192.168.64.131  1389  1636   DS                  C:/Sun/servers/dsInst1

1 server instance(s) found in DSCC on localhost.

C:\Sun\dsee7\bin>

10)Above basic administration activities can be done by using dscc web interface as well.

Changing OPMN Ports (ONS Local, Request, and Remote)

Changing OPMN Ports (ONS Local, Request, and Remote)

You might need such a scenario if you have two opmn processes in a Middleware home. In my case I had one opmn process taking care of OID and another taking care of Web Tier. So I got to change the ports for one of the opmn process for both processes to start simultaneously.


This section describes how to change any of the following port numbers:
ONS Local port
ONS Request port
ONS Remote port

To change these ports:

A. Stop OPMN, and all OPMN-managed processes:

(UNIX) ORACLE_INSTANCE/bin/opmnctl stopall

(Windows)ORACLE_INSTANCE\bin\opmnctl stopall

B. Open the opmn.xml file:

(UNIX) ORACLE_INSTANCE/config/OPMN/opmn

(Windows) ORACLE_INSTANCE\config\OPMN\opmn

C. Under the <notification-server> element, modify the local, remote, or request parameter, depending on the port you are changing, in the <port> element, and then save the file.

For example:

<port local="6101" remote="6201" request="6004"/>

D.Start OPMN, and all OPMN-managed processes:

(UNIX) ORACLE_INSTANCE/bin/opmnctl startall

(Windows) ORACLE_INSTANCE\bin\opmnctl startall

Now you have to unregister OPMN with FMW and again register, so that you will not lose your ability to manage OPMN components (here OID, OVD, OHS) with the help of EM, as a result of changing the ports.

C:\Oracle\Middleware\asinst_1\bin>opmnctl unregisterinstance -adminHost localhost -adminPort 7001 -adminUsername weblogic

Command requires login to weblogic admin server (localhost):

  Username: weblogic

  Password:

Unregistering instance

Command succeeded.

C:\Oracle\Middleware\asinst_1\bin>opmnctl registerinstance -adminHost localhost -adminPort 7001 -adminUsername weblogic

Command requires login to weblogic admin server (localhost):

  Username: weblogic

  Password:

Registering instance

Command succeeded.

After the successful registration, the instance.properties file and ports.prop file gets updated, with the registration information and latest ports information respectively!

procedure to change the ports for OHS.

Below is the procedure to change the ports for OHS.

NOTE: Changing all OHS ports.

As discussed above OHS comes with three ports.

i)Non SSL http port (default 7777, range 7777-7877)

ii)SSL http port (default 4443, range 4443-4543)

iii)Proxy MBean or Admin port(default 9999)

(used internally by Oracle HTTP Server to communicate with Fusion Middleware Control.)

To change the Oracle HTTP Server Listen ports (non-SSL or SSL), there are often dependencies that must also be set. For example, if you are using Oracle Web Cache to improve the performance of your Oracle Fusion Middleware environment, you must modify the Oracle Web Cache origin server settings whenever you modify the Oracle HTTP Server Listen ports.

::Steps to change the Non SSL http port and SSL http port::

Go to EM

From the navigation pane, expand the farm, then Web Tier, then select the Oracle HTTP Server instance.

From the Oracle HTTP Server menu, choose Administration, then Ports Configuration.

Select the Listen port that uses the HTTP(S) protocol, then click Edit.

Change the port number, then click OK.

Restart Oracle HTTP Server. (From the Oracle HTTP Server menu, choose Control,then Restart.)

As a result of this, the http port gets updated in ORACLE_INSTANCE/config/OHS/<ohs_name>/httpd.conf file

and 

the https port gets updated in ORACLE_INSTANCE/config/OHS/<ohs_name>/ssl.conf file 

(In addition to this, if you are editing the ssl port, make additional changes in the ssl.conf file

edit the SSL Virtual Host Context to the same value as of the changed ssl port number. else

you may find wierd behavior .. the ssl port can turn into a non ssl port.)

If you are using Oracle Web Cache as a reverse proxy, you must update Oracle WebCache. From the Fusion Middleware Control navigation pane, expand the farm, then Web Tier. Select the Oracle Web Cache instance. From the Web Cache menu, choose Administration, then Origin Servers. Select the origin server for which you have changed the port, and click Edit.

The Edit Origin Server page is displayed. In the Port field, change the port number. Click OK. Restart Oracle Web Cache. (From the Web Cache menu, choose Control, then Restart.)

Note: For the OHS that comes along with OID, its not associated with Web Cache, So the above step is not necessary. But if you choose to change the ports of the OHS that was the part of Web Tier, the above step is necessary. The step is just included for sanity purpose.

Restart OPMN and all system components in that Oracle instance:

opmnctl stopall

opmnctl startall

Note: If you change the port or make other changes that affect the URL, such as changing the hostname, enabling or disabling SSL, you need to re-register partner applications with the SSO server using the new URL.

(Here its not required as such application is not configured)

::Steps to change the Proxy MBean or Admin port(default 9999)::

When editing a port number, the Admin port cannot be edited using Fusion Middleware Control. 

Also The Oracle HTTP Server administration (proxy MBean) virtual host and its configuration, defined in the admin.conf file,

must not be edited with the WebLogic Scripting Tool (WLST).

Although this is a port Oracle HTTP Server uses for its

internal communication with Fusion Middleware Control, in most of the cases it

does not need to be changed. If you really want to change it, manually edit the

ORACLE_INSTANCE/config/OHS/<ohs_name>/admin.conf file.

In an Oracle Instance that is registered with a WebLogic domain, if the Oracle HTTP Server administration port (proxy MBean port in the admin.conf file) is changed after creating the component, then you must update the component registration with the WebLogic domain using the opmnctl updatecomponentregistration command, as follows:

opmnctl updatecomponentregistration -componentType OHS -componentName name

-proxyPort port

For example, if the proxy port of an Oracle HTTP Server component named ohs1 has

been changed to 9998, then use the following command:

opmnctl updatecomponentregistration -componentType OHS -componentName ohs1 -proxyPort 9998

sample run:

C:\Oracle\Middleware\asinst_1\bin>opmnctl updatecomponentregistration -componentType OHS -componentName ohs1 -proxyPort 9998

Command requires login to weblogic admin server (localhost):

  Username: weblogic

  Password:

Updating component registration on admin server.

Command succeeded.