Random Thoughts on OOW; so far

In no particular order, here are some observations and thoughts on my OOW experiences so far.

  • Everything is about people, who you know, and knowing what those people do. With people and connections, you can learn a lot more than doing it on your own.
  • Identity Management is sort of important, but not important enough to get a session room in Moscone–you have to go to Marriott’s basement to catch an IdM session.
  • It’s pretty cool to be mentioned in the opening keynote address, but it’d be cooler if you knew you were going to be mentioned ahead of time :).
  • Lots of people are taking pictures of slides in sessions even if they know that slides will be posted later. Not sure why.
  • I see about 75% of people taking notes on paper with legacy devices like pens. Why not type them in to a text file instead?
  • It seems that news about “X” is leaking out and if the rumors I’ve heard are true, it’ll be a very big deal. All eyes will be on Larry’s keynote today–hopefully he’ll provide enough technical information to make everyone understand what’s up.
  • Oracle Beehive looks really cool, but personally, I don’t think anyone is taking it seriously since Oracle Collab Suite just died on the vine after a similar launch a few years ago.
  • The OTN Lounge is a great thing and keeps getting better every year. Justin and the OTN gang do a great job making a place for people to do Good Things for the community and magic does happen occasionally.
  • Unconference sessions are absolutely excellent ways to get information and engage in good discussions instead of death by powerpoint.
  • Staying hydrated is, as mentioned by Judy Sim, a great idea.
  • Time zones in SF suck for many people–especially those from Oz.
  • There is a growing community around Oracle and it’s full of great individuals.

Tonight is the “appreciation event” and while the acts aren’t as interesting to me as past years, it still sounds like a fun night and a chance to see more people and have a little fun, too. See you there!

Concatenating lines in ldapsearch results

Many of us have had reasons to migrate Oracle Application Server (specifically, Portal) environments from one server or group of servers to another. This is often the case when hardware upgrades are needed and the whole environment must be moved to another set of hosts.

Recently, I was helping move an Oracle Portal ( environment from one host to another. This was due to a company spin off, so the “sticky” part of this move was that the domain name and resulting realm changed (more on that in a minute).

First, if you’ve had to perform this task, you should have already identified Metalink Note 251776.1 which describes the process necessary for moving users and groups from one OracleAS Infrastructure to another. The note’s step 3 mentions that the LDIF file must be edited to replace all references to the old realm with the new realm in the target system. However, this can prove difficult if you do actually have to change the realm name because of the way that ldapsearch produces output. The LDIF standard specifies that lines can be continued on the following line if a space is the first character on the line. The corresponding ldapadd command can properly import lines that are broken into multiple lines, but the standard search and replace tools (in notepad, vi or any other standard text editor) can’t find the occurrences properly to replace them. So, some entries are able to be replaced easily like this one (assume we need to replace “dc=dannorris,dc=local” with “dc=newcorp,dc=com“): Continue reading “Concatenating lines in ldapsearch results”

Cool thing happened on Twitter today…

A neat thing happened today on Twitter. While I admit that I don’t necessarily “get it” as fast as some of my “web 2.0” friends do, I haven’t seen this happen too much on Twitter since I’ve been following it in the past several months. I’m sure it probably happens all the time to cool people, but I was lucky enough to cross over for a few minutes and that’s notable.

Basically, the “thing” was that someone needed help understanding how to get started with an OID installation for managing TNS connect descriptors. He wanted (and needed) to use an existing database since he was resource-constrained and wasn’t sure what the installation process looks like for such an installation.

Here’s the combined thread between @fuadar, @topperge and me (@dannorris) just a few minutes ago:

fuadar: looking for someone or some document to install oid in an existing 10.2 database need only names service resolution
dannorris: @fudar It’s much easier to just have it install its own DB. If you use existing DB, you must run metadata repos creation asst first.
fuadar: @dnanorris out of space already have a database out there for other functions. trying to setup oid to solve our tnsnames issues
dannorris: @fudar Issues? Honestly, OID usually introduces more issues than it solves when it comes to TNS. It’s a lot more complex than a text file.
fuadar: @dannorris true but i’m trying to come up with some way to manage acouple of hundred servers and a couple of thousand clients
dannorris: @fudar It’s definitely the right direction to head–just need realistic expectations about complexity and manageability–not easier!
fuadar: @dannorris agree just looking for better documentation
topperge: @fuadar fudar, all you need is RepCA and install the identity repos, http://tinyurl.com/yweyr8
dannorris: @fuadar Better free up some space first–you’ll need a gig or two I’d expect. (ps sorry for misspelling your handle)
fuadar: @topperge so what you are saying is just go thru the oid software install process and then so the repca manually
fuadar: @topperge i am using the Oracle Identity management dvd’s
dannorris: @fuadar Install RepCA first, run it, then install OID from IdM and tell it to use the repos you created.
dannorris: @fuadar be sure to check DB prereqs (version, pkgs, options, etc.). Follow section here http://snurl.com/1xzda
fuadar: @dannorris thanks reinstalling the software now
topperge: @fuadar There is a 10.1.4 MRCA with the DVDs, install from that first , then install from the OIM Infrastructure CD second
topperge: @fuadar then make sure you patch to which is patch 5983637 on metalink (doing the same install right now)

Even patch numbers! Posting that same question to a forum would likely have taken several hours to get responses–and precise responses as well. Now, I don’t want everyone to believe that @topperge (Matt Topper) and I sit around all day looking for questions we can answer on Twitter. However, I am on Twitter most of the time (even though I don’t tweet that often) and occasionally will throw a response or post in when I think of it. Matt is usually there and seems to behave similarly most of the time.

The bottom line: today, Twitter helped someone solve a real technical problem much faster than they were likely to solve it via other means (web 2 dot oh or otherwise). I don’t know that it happens every day, but we can only save one life at a time :).

You can follow me (@dannorris) on twitter, but as I don’t say much, you won’t likely be impressed. After all, I’m no Jake Kuramoto.

Oracle (Thor) stays near the front of User Provisioning Magic Quadrant

For those that pay attention to the Gartner Magic Quadrant reports, you might be interested to see that Oracle made a good choice with their acquisition of Thor. The acquired product, now known as Oracle Identity Manager, has placed Oracle in the leaders area of the latest User Provisioning report from Gartner. Nishant’s Talking Identity blog summarized the report last week. Read the full report.

Bharosa software now available for download

Oracle finally closed the deal with Bharosa that I wrote about several weeks ago. They haven’t posted it yet on OTN, but it’s on edelivery.oracle.com under the name “Oracle Adaptive Access Manager”. The documentation isn’t quite up to normal Oracle documentation standards, but it’s enough to get the install up and running. I’m getting my own VM installed with this stuff configured and tested, I’ll post some results here.

To find this new stuff, go to http://edelivery.oracle.com/, fill out the form, search for “Oracle Application Server Products” and choose your platform (I chose Linux x86). The first search result returned will likely be “Oracle Adaptive Access Manager 10g (”. That’s Oracle’s name for the Bharosa software. The downloads are tiny–only about 45Mb total. Happy downloading!

Oracle Identity Manager Advanced Workshop

I spent the past three days at Oracle’s office in downtown Chicago working on the Oracle Identity Manager Advanced Workshop. Ananth Kini and Sid Choudhury from Oracle did a fine job explaining the product and it’s various use cases to us. Most of the time was allocated to working though extensive and applicable lab exercises where we were guided through tasks like putting new logos on the login page, customizing look and feel, configure prepopulate adapters, configuring and customizing notifications, extending an existing connector (provisioning), and developing, implementing, and testing a complete connector from scratch.

The class was offered to Oracle Partners for free and is the second workshop in the series. The basic workshop happened several months before (I wasn’t able to attend). Unfortunately, I won’t be able to post the contents of the workshop (you have to be a partner to get access to the content). If you’re an Oracle employee, you can download the lab exercises and virtual machines from an internal Oracle website (you’ll have to contact the IdM PM team to find out the site if you don’t already know it).

Overall, what I took away from the class are these thoughts:

  • Almost no one really uses OIM in the “standard” or “out-of-the-box” configuration. Every implementation will require extensive configuration and very likely, some customizations for look and feel.
  • A background in Java development or at least a strong understanding of programming and OO principles will be very helpful when navigating and using the OIM Design Console.
  • The hot deploy feature in OC4J is completely underrated. Our test environment used JBoss (which doesn’t have a hot deployment option), so we frequently had to restart it. Restarting took anywhere from 30-60 seconds to handle initialization.
  • There are plenty of people interested in OIM. Our class was about 13 people. This workshop is being held 3 times in the US (based on the last schedule I saw) and many people came from near and far to attend this session.
  • The OIM product has impressive capabilities, but it takes more work than expected to take advantage of those capabilities. For a non-programmer-type like me, understanding why 3 properties files all contain the same or similar information still doesn’t make sense, but apparently that’s the way many Java deployments are handled when deployed with i18n.
  • Connectors include not just provisioning parts (add, modify,  delete), but also reconciliation parts.

If you’re a partner and have a chance to attend this event, I’d recommend it. There’s another one happening in November in Reston, VA. Ask your friendly sales rep about it and they should be able to get you the invitation information. Make sure you and your system meet the prerequisites. The workshop uses VMWare images, so having 2Gb of RAM available will be important.

Oracle buys Bharosa

I’m completely impressed just by the descriptions of the new tools that Oracle is getting with its Bharosa acquisition. If this stuff does even half of what it is advertising it can do, I’ll be very impressed. If you’re wondering what this is all about, please check out the post on the Talking Identity blog at http://blogs.oracle.com/talkingidentity/2007/07/25#a135. What a great an exciting addition this tool will make to the Suite!

As I learn more, I’ll be continuing to post more information here. For now, it’s on to a vacation day tomorrow!