This is already discussed in Steven Chan's Blog article http://blogs.oracle.com/stevenChan/2006/05/11/ and much of this note is a straight copy from this article. Please review this blog article in it's entirety before proceeding.
These are neither detailed nor comprehensive instructions. The following should be attempted only by system administrators who have a solid understanding of the principles outlined in Metalink Note 261914.1.
If you're going to experiment with these approaches, I strongly recommend that you take all sensible precautions, including backing up your environments at multiple stages, taking careful notes, and doing things in small, incremental steps to control your risk.
There is no single stop, supported or documented method to create a clone of your eBiz instance when integrated with SSO. Please use this note with caution and make sure you thoroughly test any procedure you decide to use to ensure it fits with all aspects of your specific setup.
For 11i, please use:
Note 230672.1 Cloning Oracle Applications Release 11i with Rapid Clone
For R12 ,please use:
Note 406982.1 Cloning Oracle Applications Release 12 with Rapid Clone
2- In the newly-cloned E-Business Suite instance, set the APPS_SSO_LDAP_SYNC profile option to "Disabled" at the site level (since there's no new Oracle Internet Directory instance to synchronize with yet).
3 - In your newly-cloned E-Business Suite instance, unlink all E-Business Suite users that were linked to the original Oracle Internet Directory 10g users (i.e. where FND_USER.USER_GUID is populated), since the those old links are no longer valid. Those E-Business Suite users will need to be linked to their corresponding accounts in the as-yet non-existent new Oracle Internet Directory instance.
To Unlink EBS users, you should execute the following Command for each individual user (For both 11i and R12):
$FND_TOP/patch/115/sql/fndssouu.sql See Note 429375.1 for more information on this utility
4 - In your newly-cloned E-Business Suite instance, remove all reference to the original OID/SSO instance
Use the “removereferences” to cleanup the previous registration information of SSO & OID
For R12 this is described in Note 376811.1 "Section 3: Remove References"
For 11i : Note 233436.1 "Appendix D: Advanced Configuration - Manual SSO/OID Registration" - Option 6
6 - Assuming that you enabled bidirectional provisioning between the E-Business Suite and Oracle Internet Directory, do one of the following (but not all three):
a) Redo your bulkload from the E-Business Suite into Oracle Internet Directory.
On Release 12, please refer to "System Administrator's Guide - Security" on Section 6 (Oracle Single Sign-On Integration )
Then Reregister your E-Business Suite environment using the Bidirectional Provisioning Profile, and enable the APPS_SSO_AUTO_LINK_USER profile option, and set the profile option APPS_SSO_LDAP_SYNC back to Enabled at site level.
b) Export your LDAP namespace from your original Oracle Internet Directory instance into an LDIF file, and then import the LDIF file into the new Oracle Internet Directory instance. Reregister your E-Business Suite environment using the Bidirectional Provisioning Profile, and (assuming that the Oracle Internet Directory accounts are identical to the E-Business Suite accounts) enable the APPS_SSO_AUTO_LINK_USER profile option, and set the profile option APPS_SSO_LDAP_SYNC back to Enabled at site level.
c) Connect the original Oracle Internet Directory instance to your new Oracle Internet Directory instance via a connector, synchronizing the namespaces. Reregister your E-Business Suite environment using the Bidirectional Provisioning Profile, and (assuming that the Oracle Internet Directory accounts are identical to the E-Business Suite accounts) enable the APPS_SSO_AUTO_LINK_USER profile option, and set the profile option APPS_SSO_LDAP_SYNC back to Enabled at site level.
No comments:
Post a Comment