Figure 36. Group Properties in LDAP The following table shows how to configure Oracle Service Registry using this scenario. See Config Value Config Property Figure 27 ldap:localhost:389 Java naming provider URL Figure 27 com.sun.jndi.ldap.LdapCtxFactory Initial Naming Factory Figure 27 c n = J o e Patroni,cn=Users,ou=uddi,dc=in,dc=idoox,dc=com Security Principal Figure 27 simple Security Protocol User Properties Figure 29 objectClass=person Search Filter Figure 29 cn=Users,dc=in,dc=idoox,dc=com Search Base Figure 29 Subtree Scope Search Scope Figure 29 100 Result Limit Figure 30 phone telephoneNumber Figure 30 loginName uid Figure 30 fullName cn Figure 30 email mail Group Properties Figure 31 objectClass=groupofuniquenames Search Filter Figure 31 cn=Groups,dc=in,dc=idoox,dc=com Search Base Figure 31 Subtree Scope Search Scope Figure 31 100 Result Limit Figure 32 owner creatorsName Figure 32 description description Figure 32 member uniqueMember Figure 32 name cn Page 115 Oracle Internet Directory with Single Search Base SUN One with Single Search Base In this example, we show how to configure a Sun One Directory Server 5.2 under the LDAP Single Search Base scenario . Section SUN One with Single Search Base shows user properties that are stored in the LDAP server. Figure 37. User Properties in LDAP Section SUN One with Single Search Base shows group properties that are stored in the LDAP server. Figure 38. Group Properties in LDAP The following table shows how to configure Oracle Service Registry using this scenario. See Config Value Config Property Figure 27 ldap:localhost:389 Java naming provider URL Figure 27 com.sun.jndi.ldap.LdapCtxFactory Initial Naming Factory Figure 27 uid=JPatroni,ou=people,dc=in,dc=idoox,dc=com Security Principal Figure 27 simple Security Protocol User Properties Figure 29 objectClass=person Search Filter Figure 29 ou=people,dc=in,dc=idoox,dc=com Search Base Page 116 SUN One with Single Search Base See Config Value Config Property Figure 29 Subtree Scope Search Scope Figure 29 100 Result Limit Figure 30 phone telephoneNumber Figure 30 loginName uid Figure 30 fullName cn Figure 30 email mail Group Properties Figure 31 objectClass=groupofuniquenames Search Filter Figure 31 ou=groups,dc=in,dc=idoox,dc=com Search Base Figure 31 Subtree Scope Search Scope Figure 31 100 Result Limit Figure 32 owner creatorsName Figure 32 description description Figure 32 member uniqueMember Figure 32 name cn Sun One with Multiple Search Bases In this example, we show how to configure Sun One Directory Server 5.2 with multiple search bases. In Figure 40 , you can see users and domains that are stored on the LDAP server. We want to configure the LDAP integration with Oracle Service Registry in this way: • Only users from domain1 and domain10 can log into Oracle Service Registry. LDAP domain2 will be disabled. • LDAP domain10 will be mapped to the domain3 user group in Oracle Service Registry. Figure 40 shows how users from LDAP are mapped to Oracle Service Registry Page 117 Sun One with Multiple Search Bases Figure 39. LDAP Users and Groups Figure 40. Registry Users The following table shows how to configure Oracle Service Registry using this scenario. See Config value Config Property Figure 27 ldap:localhost:1000 Java naming provider URL Figure 27 com.sun.jndi.ldap.LdapCtxFactory Initial Naming Factory Figure 27 uid=JPatroni,ou=people,dc=in,dc=idoox,dc=com Security Principal Page 118 Sun One with Multiple Search Bases See Config value Config Property Figure 27 simple Security Protocol Figure 33 uddi.ldap.domain.delimiter Figure 33 ou= uddi.ldap.domain.prefix Figure 33 leave empty uddi.ldap.domain.postfix Enable domains Figure 34 domain3 domain name Figure 34 ou=domain10,ou=example,dc=in,dc=idoox,dc=com Distinguished name Disable domains Figure 34 ou=domain2,ou=example,dc=in,dc=idoox,dc=com Distinguished name User Properties Figure 29 objectClass=person Search Filter Figure 29 ou=people,dc=in,dc=idoox,dc=com Search Base Figure 29 Subtree Scope Search Scope Figure 29 100 Result Limit Figure 30 phone telephoneNumber Figure 30 loginName uid Figure 30 fullName cn Figure 30 email mail Group Properties Figure 31 objectClass=groupofuniquenames Search Filter Figure 31 ou=groups,dc=in,dc=idoox,dc=com Search Base Figure 31 Subtree Scope Search Scope Figure 31 100 Result Limit Figure 32 owner creatorsName Figure 32 description description Figure 32 member uniqueMember Figure 32 name cn Active Directory with Single Search Base In this example, we show how to configure an Active Directory with a single search base. Figure 41 shows group properties that are stored in the Active Directory. These group properties will be mapped to Oracle Service Registry as shown in Figure 42 . Page 119 Active Directory with Single Search Base Figure 41. LDAP User Group Figure 42. User Group in Oracle Service Registry Figure 43 shows user properties that are stored in the Active Directory. These user properties will be mapped to Oracle Service Registry as shown in Figure 42 . Page 120 Active Directory with Single Search Base Figure 43. LDAP User Properties Page 121 Active Directory with Single Search Base Figure 44. User Properties in Oracle Service Registry The following table shows how to configure Oracle Service Registry using this scenario. See Config value Config Property Figure 27 ldap:localhost:389 Java naming provider URL Figure 27 com.sun.jndi.ldap.LdapCtxFactory Initial Naming Factory Figure 27 CN=userx,OU=root,DC=registry,DC=in,DC=mycompany,DC=com Security Principal Figure 27 DIGEST-MD5 Security Protocol User Properties Figure 29 objectClass=person Search Filter Figure 29 ou=example,dc=registry,dc=in,dc=mycompany,dc=com Search Base Figure 29 Subtree Scope Search Scope Figure 29 100 Result Limit Figure 30 loginName sAMAccountName Figure 30 fullName cn Figure 30 email mail Figure 30 phone telephoneNumber Group Properties Page 122 Active Directory with Single Search Base See Config value Config Property Figure 31 objectClass=group Search Filter Figure 31 ou=example,dc=registry,dc=in,dc=mycompany,dc=com Search Base Figure 31 Subtree Scope Search Scope Figure 31 100 Result Limit Figure 32 member member Figure 32 name cn Figure 32 member uniqueMember Figure 32 name cn

6.2. Custom Non-LDAP

Select External on the Advanced Account Settings panel. External accounts require implementation of the interface org.systinet.uddi.account.ExternalBackendApi . Page 123

6.2. Custom Non-LDAP

7. Cluster Configuration

This chapter contains general notes about the synchronized configuration of an Oracle Service Registry cluster and gives instructions on how to deploy Oracle Service Registry to a WebLogic Cluster Section 7.4, WebLogic specific configuration for use with cluster .

7.1. Cluster operation

Cluster operation is achieved by running multiple registries and joining their functionality with a load balancer proxy. Load balancing is used to distribute requests among registries to get the optimal load distribution. The load balancer should be configured to distribute requests among all physical endpoints of the registry nodes. If using an application server, refer to its documentation for details about configuring load balancing. Figure 45. Oracle Service Registry in WebLogic Cluster Clients to Oracle Service Registry access TCP ports on the balancer which forwards the connection to a running cluster node with an actual Oracle Service Registry. Each Oracle Service Registry has a connection to a common database so that each Oracle Service Registry has access to the latest data. This connection also serves as a distribution point for changed configurations and inter-node events. When an Oracle Service Registry node fails there are various reasons for this such as hardware problems, network connection problems or software failure, other nodes can work without it. The intelligent load balancer will detect this and further requests will not be directed there until the node starts to respond. Every node has a Node ID - a string identifying the node. Each node should have a different ID. Breaking this rule will cause nodes with the same ID to miss some configuration changes and synchronization events. Node ID can be specified by the administrator in the REGISTRY_HOME\app\uddi\conf\nodeid.xml file. If it is not specified before the initial start of Oracle Service Registry, it will be generated as a unique UUID string. It is possible to change it later, but node-local configurations under the old ID will be left in the database. Ensure that EARWAR file generated for deployment has either: 1. Empty Node ID - so that each deployment of the file will generate a unique Node ID on first run and will retain it until deletion or redeployment of the EARWAR file. You can use the EARWAR file to deploy on all nodes. 2. Specified Node ID - when you deploy the EARWAR file to a single node and generate another EARWAR file for others. You can choose meaningful names for Node ID this way. You can set the Node ID in the nodeid.xml file before starting setup to generate EARWAR file. If you use generation of EARWAR file directly from installer the Node ID will be empty. Page 124

7.1. Cluster operation