Oracle® Secure Enterprise Search Administrator's Guide 10g Release 1 (10.1.8) Part Number B32259-01 |
|
|
View PDF |
This appendix contains topics relating to an upgraded Oracle SES instance. This contains the following topics:
See Also:
Oracle Secure Enterprise Search Installation and Upgrade Guide for your platform for information about upgrading
"Upgrade Issues" in the Oracle Secure Enterprise Search Release Notes
Oracle Calendar sources created in Oracle SES 10.1.6 may not work after upgrade. 10.1.8 uses a newer version of OC4J, and the soap.jar
file included in OC4J is in a different location.
10.1.6 soap.jar
location: $ORACLE_HOME/oc4j/soap/lib/soap.jar
10.1.8 soap.jar
location: $ORACLE_HOME/oc4j/webservices/lib/soap.jar
Create new Oracle Calendar sources in 10.1.8. Otherwise, to use the Oracle Calendar sources created in 10.1.6, create the directory structure identical to the 10.1.6 location (*$ORACLE_HOME/oc4j/soap/lib/ *
) and put a copy of soap.jar
there.
To set up secure federated search with a 10.1.8 instance as the federation broker and a 10.1.6 instance as the federation endpoint, consider the following:
The federation broker and the federation endpoint must be connected to the same Oracle Internet Directory server.
Federation parameters are not immediately updated. To see changes immediately, bounce the middle tier on the federation broker.
If you are setting SSO mode 2 (private content alone protected by SSO) in the federation endpoint instance and you are not seeing private results returned by the federation broker instance, then you are hitting a 10.1.6 bug.
Workaround: Open the web.xml
file in $ORACLE_HOME/oc4j/j2ee/oc4j_applications/applications/search_query/query/WEB-INF/web.xml
. Comment out the filter
and filter-mapping
elements:
<!-- commenting filter and filter-mapping due to bug 5072567 <filter> <filter-name>RequestFilter</filter-name> <filter-class>oracle.search.query.RequestFilter</filter-class> </filter> <filter-mapping> <filter-name>RequestFilter</filter-name> <servlet-name>OracleSearch</servlet-name> </filter-mapping> -->
Then restart the middle tier with searchctl restart
.
Note:
If you must have a 10.1.6 instance as the federation endpoint behind SSO, then you cannot configure the instance in secure mode 3.When using the endpoint application entity as the federation endpoint for creating the federated source, make sure to add this entity to the trusted application's group under the federation endpoint instance's application entity entry in Oracle Internet Directory. See the following section.
Oracle SES 10.1.8 federating to Oracle SES 10.1.6:
If the federation broker is Oracle SES 10.1.8 and the federation endpoint is Oracle SES 10.1.6, then the administrator of the broker instance must perform the following steps:
Get an entity name(DN) and password that is an entity under the trusted application's group of the application entity created for the Oracle SES 10.1.6 instance in Oracle Internet Directory. If there is no entity found in the trusted application's group, then either create a new entity or add the same application entity(DN) to the uniqueMember
attribute of the endpoint's application entity. For example, if the application entity for the endpoint instance is:
orclApplicationCommonName=oesEntity_endpoint,cn=OES,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
add:
orclApplicationCommonName=oesEntity_endpoint,cn=OES,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
to the uniqueMember
attribute of
orclApplicationCommonName=oesEntity_endpoint,cn=OES,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
If you are using the application entity of the 10.1.6 instance as the trusted entity, then the password for this entity is same as the Oracle SES admin password when Oracle SES was connected to the directory.
Create a federated source, and use the trusted entity created in the previous step for the Remote Entity Name and Remote Entity Password. The Search User Attribute should be the name of the attribute (in the directory to which broker is connected) corresponding to the orclguid
attribute (in the Oracle Internet Directory the endpoint instance is connected to). If both broker and endpoint instance are connected to same Oracle Internet Directory, then the name of the attribute is orclguid
.
Oracle SES 10.1.6 federating to Oracle SES 10.1.8:
If the federation broker is Oracle SES 10.1.6 and federation endpoint is Oracle SES 10.1.8, then the administrator of the endpoint instance must perform the following steps:
Get an entity name(DN) and password that is an entity under the trusted application's group of the application entity created for the SES 10.1.6 instance in Oracle Internet Directory. If there is no entity found in the trusted application's group, then either create a new entity or add the same application entity(DN) to the uniqueMember
attribute of the endpoint's application entity. For example, if the application entity for the endpoint instance is:
orclApplicationCommonName=oesEntity_endpoint,cn=OES,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
add:
orclApplicationCommonName=oesEntity_broker,cn=OES,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
to the uniqueMember
attribute of
orclApplicationCommonName=oesEntity_broker,cn=OES,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
If you are using the application entity of the 10.1.6 instance as the trusted entity, then the password for this entity is same as the Oracle SES admin password when Oracle SES was connected to the directory.
Create a federation trusted entity on the broker instance with the entity name and password obtained from the previous step. This should be the name of the attribute (in the directory to which endpoint is connected) corresponding to the orclguid
attribute (in the Oracle Internet Directory the broker instance is connected to). If both broker and endpoint instance are connected to same Oracle Internet Directory, then the name of the attribute is orclguid
.