Skip Headers
Oracle Internet Directory Administrator's Guide
Release 9.2
Part Number A96574-01
Home
Book List
Index
Master Index
Feedback
Contents
Title and Copyright Information
Send Us Your Comments
Preface
What's New in Oracle Internet Directory?
Part I Getting Started
1 Introduction
What Is a Directory?
The Expanding Role of Online Directories
The Problem: Too Many Special Purpose Directories
What Is LDAP?
LDAP and Simplified Directory Management
LDAP Version 3
What Is Oracle Internet Directory?
Architecture of the Oracle Internet Directory
Components of the Oracle Internet Directory
Advantages of Oracle Internet Directory
Scalability
High Availability
Security
Integration with the Oracle Environment
How Oracle Products Use Oracle Internet Directory
Easier and More Cost-Effective Administration
Tighter Security Through Centralized Security Policy Administration
Integration of Distributed Directories
2 Concepts and Architecture
Entries
Attributes
Kinds of Attribute Information
Single-Valued and Multivalued Attributes
Common LDAP Attributes
Attribute Syntax
Attribute Matching Rules
Attribute Options
Object Classes
Subclasses, Superclasses, and Inheritance
Object Class Types
Abstract Object Classes
Structural Object Classes
Auxiliary Object Classes
Naming Contexts
The Directory Schema
Security
Globalization Support
Oracle Internet Directory Architecture
An Oracle Internet Directory Node
An Oracle Directory Server Instance
Configuration Set Entries
Example: How Oracle Internet Directory Works
Distributed Directories
Replication
Partitioning
About Knowledge References and Referrals
Kinds of Referrals
The Oracle Directory Integration Platform
About Metadirectories
About the Oracle Directory Integration Platform Environment
Oracle Components and Oracle Internet Directory
3 Preliminary Tasks and Information
Task 1: Start the OID Monitor
Starting the OID Monitor
Stopping the OID Monitor
Task 2: Start a Server Instance
Starting an Oracle Directory Server Instance
Stopping an Oracle Directory Server Instance
Starting an Oracle Directory Replication Server Instance
Stopping an Oracle Directory Replication Server Instance
Restarting Directory Server Instances
Troubleshooting Directory Server Instance Startup
Task 3: Reset the Default Security Configuration
Default Access Policies
Default Access Policy At the Root DSE
Default Access Policy At the Users Container in the Default Subscriber Naming
Context
Default Access Policy At the Groups Container in the Default Subscriber Naming Context
Default Access Policy for the Oracle Context Administrators
Default Access Policy for Oracle9
i
Application Server Administrators
Task 4: Reset the Default Password for the Database
Task 5: Run the OID Database Statistics Collection Tool
Log File Locations
4 Directory Administration Tools
Using Oracle Directory Manager
Starting Oracle Directory Manager
Connecting to a Directory Server
Navigating Oracle Directory Manager
Overview of Oracle Directory Manager
The Oracle Directory Manager Menu Bar
The Oracle Directory Manager Toolbar
Connecting to Additional Directory Servers by Using Oracle Directory Manager
Disconnecting from a Directory Server by Using Oracle Directory Manager
Performing Administration Tasks by Using Oracle Directory Manager
Using Command-Line Tools
Routine Administration at a Glance
Part II Basic Directory Administration
5 Oracle Directory Server Administration
Managing Server Configuration Set Entries
Preliminary Considerations for Managing Configuration Set Entries
Managing Server Configuration Set Entries by Using Oracle Directory Manager
Viewing Configuration Set Entries by Using Oracle Directory Manager
Adding Configuration Set Entries by Using Oracle Directory Manager
Modifying Configuration Set Entries by Using Oracle Directory Manager
Deleting Configuration Set Entries by Using Oracle Directory Manager
Managing Server Configuration Set Entries by Using Command-Line Tools
Adding Configuration Set Entries by Using ldapadd
Modifying and Deleting Configuration Set Entries by Using ldapmodify
Setting System Operational Attributes
Setting System Operational Attributes by Using Oracle Directory Manager
Setting System Operational Attributes by Using ldapmodify
Managing Naming Contexts
Publishing Naming Contexts by Using Oracle Directory Manager
Publishing Naming Contexts by Using ldapmodify
Managing Super Users, Guest Users, and Proxy Users
Managing Super, Guest, and Proxy Users by Using Oracle Directory Manager
Managing Super, Guest, and Proxy Users by Using ldapmodify
Configuring Searches
Configuring Searches by Using Oracle Directory Manager
Setting the Maximum Number of Entries Returned in Searches by Using Oracle Directory Manager
Setting the Maximum Amount of Time For Searches by Using Oracle Directory Manager
Configuring Searches by Using ldapmodify
Setting the Maximum Number of Entries Returned in Searches by Using
ldapmodify
Setting the Maximum Amount of Time For Searches by Using ldapmodify
Monitoring, Debugging, and Auditing the Directory Server
Setting Debug Logging Levels
Setting Debug Logging Levels by Using Oracle Directory Manager
Setting Debug Logging Levels by Using the OID Control Utility
Using the Audit Log
Structure of Audit Log Entries
Position of Audit Log Entries in the DIT
Auditable Events
Setting the Audit Level
Searching for Audit Log Entries
Purging the Audit Log
Viewing Active Server Instance Information
Changing the Password to an Oracle Database Server
Dereferencing Alias Entries
Concepts for Dereferencing Alias Entries
Alias Objectclass Definition
Aliased Objectname Definition
Using Alias Entry Dereferencing
Adding an Alias Entry
Searching the Base
Searching One-Level
Searching a Subtree
Modifying Alias Entries
Success and Error Messages
6 Directory Schema Administration
About the Directory Schema
About Object Class Management
Guidelines for Adding Object Classes
Guidelines for Modifying Object Classes
Guidelines for Deleting Object Classes
Managing Object Classes by Using Oracle Directory Manager
Searching for Object Classes by Using Oracle Directory Manager
Viewing Properties of Object Classes by Using Oracle Directory Manager
Adding Object Classes by Using Oracle Directory Manager
Modifying Object Classes by Using Oracle Directory Manager
Deleting Object Classes by Using Oracle Directory Manager
Managing Object Classes by Using Command-Line Tools
Example: Adding a New Object Class
Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class
About Attribute Management
Rules for Adding Attributes
Rules for Modifying Attributes
Rules for Deleting Attributes
Managing Attributes by Using Oracle Directory Manager
Viewing All Directory Attributes by Using Oracle Directory Manager
Searching for Attributes by Using Oracle Directory Manager
Adding an Attribute by Using Oracle Directory Manager
Adding a New Attribute by Using Oracle Directory Manager
Creating a New Attribute from an Existing One by Using Oracle Directory
Manager
Modifying an Attribute by Using Oracle Directory Manager
Deleting an Attribute by Using Oracle Directory Manager
Indexing an Attribute by Using Oracle Directory Manager
Viewing Indexed Attributes by Using Oracle Directory Manager
Adding an Index to an Attribute by Using Oracle Directory Manager
Dropping an Index from an Attribute by Using Oracle Directory Manager
Managing Attributes by Using Command-Line Tools
Adding and Modifying Attributes by Using ldapmodify
Deleting Attributes by Using ldapmodify
Indexing an Attribute by Using Command-Line Tools
Indexing an Attribute for Which
No
Data Exists by Using ldapmodify
Dropping an Index from an Attribute by Using ldapmodify
Indexing an Attribute for Which Data Exists by Using the Catalog Management
Tool
Viewing Matching Rules
Viewing Matching Rules by Using Oracle Directory Manager
Viewing Matching Rules by Using ldapsearch
Viewing Syntaxes
Viewing Syntaxes by Using Oracle Directory Manager
Viewing Syntaxes by Using by Using ldapsearch
7 Managing Directory Entries
Managing Entries by Using Oracle Directory Manager
Searching for Entries by Using Oracle Directory Manager
Viewing Attributes for a Specific Entry by Using Oracle Directory Manager
Adding Entries by Using Oracle Directory Manager
Adding a New Entry by Using Oracle Directory Manager
Adding an Entry by Copying an Existing Entry in Oracle Directory Manager
Example: Adding a User Entry by Using Oracle Directory Manager
Adding Group Entries by Using Oracle Directory Manager
Modifying Entries by Using Oracle Directory Manager
Example: Modifying a User Entry by Using Oracle Directory Manager
Managing Entries with Attribute Options by Using Oracle Directory Manager
Adding an Attribute Option to an Existing Entry by Using Oracle Directory
Manager
Modifying an Attribute Option by Using Oracle Directory Manager
Deleting an Attribute Option by Using Oracle Directory Manager
Managing Entries by Using Command-Line Tools
Command-Line Tools for Managing Entries
Example: Adding a User Entry by Using ldapadd
Example: Modifying a User Entry by Using ldapmodify
Managing Entries with Attribute Options by Using Command-Line Tools
Example: Adding an Attribute Option by Using ldapmodify
Example: Deleting an Attribute Option by Using ldapmodify
Example: Searching for Entries with Attribute Options by Using ldapsearch
Managing Entries by Using Bulk Tools
Importing an LDIF File by Using bulkload
Task 1: Back Up the Oracle Server
Task 2: Find Out the Oracle Internet Directory Password
Task 3: Check Input for Schema and Data Consistency Violations
Task 4: Generate the Input Files for SQL*Loader
Task 5: Load the Input Files
If Bulk Loading Fails
Converting Directory Data to LDIF
Modifying a Large Number of Entries
Deleting a Large Number of Entries
Managing Knowledge References and Referrals
Configuring Smart Referrals
Configuring Default Referrals
8 Globalization Support in the Directory
The NLS_LANG Environment Variable
Using Non-UTF-8 Databases
Using Globalization Support with LDIF Files
An LDIF file Containing Only ASCII Strings
An LDIF file Containing UTF-8 Encoded Strings
CASE 1: Native Strings (Non-UTF-8)
CASE 2: UTF-8 Strings
CASE 3: BASE64 Encoded UTF-8 Strings
CASE 4: BASE64 Encoded Native Strings
Using Globalization Support with Command-Line Tools
Specifying the -E Argument When Using Each Tool
Examples: Using the -E Argument with Command-Line Tools
Setting NLS_LANG in the Client Environment
Using Globalization Support with Bulk Tools
Using Globalization Support with bulkload
Using Globalization Support with ldifwrite
Using Globalization Support with bulkdelete
Using Globalization Support with bulkmodify
9 Attribute Uniqueness
Introduction
Concepts
Requirements
Creating Attribute Uniqueness
Creating Attribute Uniqueness Across an Entire Directory
Creating Attribute Uniqueness Across One Subtree
Creating Attribute Uniqueness Across One Object Class
Enabling and Disabling Attribute Uniqueness
Specifying the Subtree
Deleting an Attribute Uniqueness Policy
Configuration Interface
Defined Policy Location and Model
Policy Scoping Rules
Applying the Attribute Uniqueness Feature
Known Limitations
Simple Replication Scenario
Multimaster Replication Scenario
Part III Directory Security
10 Directory Security Concepts
Data Integrity
Data Privacy
Authorization
Authentication
Direct Authentication
Indirect Authentication
Protection of User Passwords for Directory Authentication
Password Policies
11 Secure Sockets Layer (SSL) and the Directory
Supported Cipher Suites
SSL Client Scenarios
Configuring SSL Parameters
Configuring SSL Parameters by Using Oracle Directory Manager
Configuring SSL Parameters by Using Command-Line Tools
Issues Specific to This Release of Oracle Internet Directory
12 Directory Access Control
Overview of Access Control Policy Administration
Access Control Management Constructs
Access Control Policy Points (ACPs)
The orclACI Attribute for Prescriptive Access Control
The orclEntryLevelACI Attribute for Entry-Level Access Control
Access Control Groups
Access Control Information Components
Object: To What Are You Granting Access?
Subject: To Whom Are You Granting Access?
Operations: What Access Are You Granting?
Access Level Requirements for LDAP Operations
Managing Access Control by Using Oracle Directory Manager
Configuring Oracle Directory Manager for Access Control Management
Configuring the Display of ACPs in Oracle Directory Manager
Configuring Searches for ACPs When Using Oracle Directory Manager
Viewing an ACP by Using Oracle Directory Manager
Adding an ACP by Using Oracle Directory Manager
Task 1: Specify the Entry That Will Be the ACP
Task 2: Configure Structural Access Items
Task 3: Configure Content Access Items
Adding an ACP by Using the ACP Creation Wizard of Oracle Directory Manager
Task 1: Specify the Entry That Will Be the ACP
Task 2: Configure Structural Access Items by Using the ACP Creation Wizard
Task 3: Configure Content Access Items by Using the ACP Creation Wizard
Modifying an ACP by Using Oracle Directory Manager
Task 1: Specify the Entry That You Want to Modify
Task 2: Modify Structural Access Items
Task 3: Modify Content Access Items
Granting Entry-Level Access by Using Oracle Directory Manager
Example: Managing ACPs by Using Oracle Directory Manager
Create a New ACP
Create a Third ACI
Create a Fourth ACI
Managing Access Control by Using Command-Line Tools
Example: Restricting the Kind of Entry a User Can Add
Example: Setting Up an Inheritable ACP by Using ldapmodify
Example: Setting Up Entry-Level ACIs by Using ldapmodify
Example: Using Wild Cards
Example: Selecting Entries by DN
Example: Using Attribute and Subject Selectors
Example: Granting Read-Only Access
Example: Granting Selfwrite Access to Group Entries
How ACL Evaluation Works
ACL Evaluation Precedence Rules
Precedence at the Entry Level
Precedence at the Attribute Level
More Than One ACI for the Same Object
Exclusionary Access to Objects
ACL Evaluation For Groups
Part IV Directory Deployment
13 General Deployment Considerations
The Expanding Role of Directories
Logical Organization Of Directory Information
Directory Entry Naming
DIT Hierarchy and Structure
Physical Distribution: Partitions and Replicas
An Ideal Deployment
Partitioning Considerations
Replication Considerations
Failover Considerations
About Capacity Planning, Sizing, and Tuning
Capacity Planning
Sizing Considerations
Tuning Considerations
Running Multiple Installations of Oracle Internet Directory on One Host
14 Oracle Components and Oracle Internet Directory
About Oracle Components and Directory Usage
Ready-to-Use Default Configuration
The Root Oracle Context
The Subscriber Oracle Context
A Default Subscriber Configuration
Security Requirements for Oracle Components
User Security Administrator's Group
Authentication Services Group
15 Directory-Based Application Security
Delegated Directory Administration
Application-Specific Access Control
Directory Domains and Roles
16 Directory Storage of User Authentication Credentials
About Centralized Storage of User Authentication Credentials
Storing Password Verifiers for Authenticating to Oracle Internet Directory
Managing Password Protection by Using Oracle Directory Manager
Managing Password Protection by Using ldapmodify
Storing Passwords for Authenticating to Oracle Components
About Password Verifiers
Attributes for Storing Password Verifiers
Example: How Password Verification Works
Managing Password Verifier Profiles by Using Oracle Directory Manager
Viewing and Modifying a Password Verifier Profile by Using Oracle Directory
Manager
Managing Password Verifier Profiles by Using Command-Line Tools
Viewing a Password Verifier Profile by Using Command-Line Tools
Modifying a Password Verifier Profile by Using Command-Line Tools
17 Password Policies
About Password Policies
Managing Password Policies by Using Oracle Directory Manager
Viewing a Subscriber's Password Policies by Using Oracle Directory Manager
Modifying a Subscriber's Password Policies by Using Oracle Directory Manager
Managing Password Policies by Using Command-Line Tools
Setting Password Policies by Using Command-Line Tools
Managing a Subscriber's Password Policies Using Command-Line Tools
Example: Viewing a Subscriber's Password Policies Using Command-Line Tools
Example: Modifying a Subscriber's Password Policies Using Command-Line
Tools
Error Messages
18 Capacity Planning Considerations
About Capacity Planning
Getting to Know Directory Usage Patterns: A Case Study
I/O Subsystem Requirements
About the I/O Subsystem
Rough Estimates of Disk Space Requirements
Detailed Calculations of Disk Space Requirements
Memory Requirements
Network Requirements
CPU Requirements
CPU Configuration
Rough Estimates of CPU Requirements
Detailed Calculations of CPU Requirements
Summary of Capacity Plan for Acme Corporation
19 Tuning Considerations
About Tuning
Tools for Performance Tuning
CPU Usage Tuning
Tuning CPU for Oracle Internet Directory Processes
Tuning CPU for Oracle Foreground Processes
Taking Advantage of Processor Affinity on SMP Systems
Other Alternatives for a CPU Constrained System
Memory Tuning
Tuning the System Global Area (SGA) for Oracle9
i
Other Alternatives for a Memory-Constrained System
Disk Tuning
Balancing Tablespaces
RAID
Database Tuning
Required Parameter
Parameters Dependent on Oracle Internet Directory Server Configuration
Using Shared Server Process
SGA Parameters Dependent on Hardware Resources
Entry Caching
Performance Troubleshooting
20 High Availability And Failover Considerations
About High Availability and Failover for Oracle Internet Directory
Oracle Internet Directory and Oracle9
i
Technology Stack
Failover Options on Clients
Alternate Server List from User Input
Alternate Server List from the Oracle Internet Directory Server
Failover Options in the Public Network Infrastructure
Hardware-Based Connection Redirection
Software-Based Connection Redirection
Availability and Failover Capabilities in Oracle Internet Directory
Failover Options in the Private Network Infrastructure
IP Address Takeover (IPAT)
Redundant Links
High Availability Deployment Examples
Part V Directory Replication
21 Directory Replication Concepts
Directory Replication Groups and Replication Agreements
Oracle9
i
Replication
Replication Architecture
The Replication Process on the Supplier Side
The Replication Process on the Consumer Side
Change Log Purging
Conflict Resolution in Replication
Levels at Which Replication Conflicts Occur
Entry-Level Conflicts
Attribute-Level Conflicts
Typical Causes of Conflicts
Automated Resolution of Conflicts
The Replication Process
How the Replication Process Adds a New Entry to a Consumer
How the Replication Process Deletes an Entry
How the Replication Process Modifies an Entry
How the Replication Process Modifies a Relative Distinguished Name
How the Replication Process Modifies a Distinguished Name
22 Oracle Directory Replication Server Administration
Installing and Configuring Replication
Task 1: Install Oracle Internet Directory on All Nodes in the DRG
Task 2: Decide Which Node Will Serve as the Oracle9
i
Replication Master Definition Site (MDS)
Task 3: Set Up Oracle9
i
Replication for a Directory Replication Group
On All Nodes, Prepare the Oracle Net Services Environment for Replication
From the MDS, Configure Oracle9
i
Replication For Directory Replication
Task 4: Load Data into the Directory
Task 5: Start Oracle Directory Server Instances on All the Nodes
Task 6: Start the Replication Servers on All Nodes in the DRG
Task 7: Test Directory Replication
Managing Replication
Modifying Directory Replication Server Configuration Parameters
Viewing and Modifying Replication Configuration Parameters by Using Oracle Directory Manager
Modifying Replication Configuration Parameters by Using Command-Line
Tools
Modifying Replication Agreement Parameters
Viewing and Modifying Replication Agreement Parameters by Using Oracle Directory Manager
Modifying Replication Agreement Parameters by Using ldapmodify
Changing the Replication Administrator's Password on All Nodes
Adding a Replication Node
Task 1: Stop the Directory Replication Server on All Nodes
Task 2: Identify a Sponsor Node and Switch the Sponsor Node to Read-Only Mode
Task 3: Backup the Sponsor Node by Using ldifwrite
Task 4: Perform Oracle9
i
Replication Add Node Setup
Task 5: Switch the Sponsor Node to Updatable Mode
Task 6: Start the Directory Replication Server on All Nodes Except the New Node
Task 7: Load Data into the New Node by Using bulkload
Task 8: Start LDAP Server on the New Node
Task 9: Start the Directory Replication Server on the New Node
Deleting a Replication Node
Task 1: Stop the Directory Replication Server on All Nodes
Task 2: Stop All Processes in the Node to be Deleted
Task 3: Delete the Node from the Master Definition Site
Task 4: Start the Directory Replication Server on All Nodes
Resolving Conflicts Manually
Monitoring Replication Change Conflicts
Examples of Conflict Resolution Messages
Example 1: An Attempt to Modify a Non-Existent Entry
Example 2: An Attempt to Add an Existing Entry
Example 3: An Attempt to Delete a Non-Existent Entry
Using the Human Intervention Queue Manipulation Tool
Using the OID Reconciliation Tool
Identifying a Node as Independent of Its Host
Troubleshooting Replication Setup
23 Addition of a Node by Using the Database Copy Procedure
Assumptions
Sponsor Directory Site Environment
New Directory Site Environment
Tasks To Be Performed on the Sponsor Node
Tasks To Be Performed on the New Node
Verification Process
Part VI The Directory and Clusters
24 Failover in Cluster Configurations
Introduction
Configuring Failover in a Clustered Environment
Step 1: Start OID Monitor
Step 2: Start a Directory Server or Directory Replication Server by Using the OID Control Utility
Step 3: Stop, then Restart, the Directory Server and OID Monitor
How Failover Works in a Clustered Environment
25 Directory Failover in an Oracle9
i
Real Application Clusters Environment
Terminology
The Oracle Directory Server in an Oracle9
i
Real Application Clusters Environment
Oracle Internet Directory with Basic High Availability Configuration
Oracle Internet Directory with Default N-Node Configuration
The Oracle Directory Replication Server in an Oracle9
i
Real Application Clusters Environment
Part VII Directory Plug-ins
26 Oracle Internet Directory Plug-in Framework
About Directory Server Plug-ins
Operation-Based Plug-ins
Registering Plug-ins
The orclPluginConfig Object Class
Adding a Plug-in Configuration Entry by Using Command-Line Tools
Example 1: Creating an Operation-Based Plug-in Entry
Example 2: Creating an Operation-Based Plug-in Entry
Part VIII The Oracle Directory Integration Platform
27 Oracle Directory Integration Platform Concepts and Components
What Is the Oracle Directory Integration Platform?
Why is the Oracle Directory Integration Platform Needed?
Synchronization, Provisioning, and the Difference Between Them
Synchronization
Provisioning
How Synchronization and Provisioning Differ
Oracle Directory Synchronization Service
Oracle Directory Provisioning Integration Service
Oracle Directory Integration Server
Directory Integration Toolkit
Administration and Monitoring Tools
Oracle Directory Manager
OID Control and OID Monitor
Oracle Enterprise Manager
Example: A Deployment of the Oracle Directory Integration Platform
Components in the MyCompany Enterprise
Requirements of the MyCompany Enterprise
Overall Deployment in the MyCompany Enterprise
User Creation and Provisioning in the MyCompany Enterprise
Modification of User Properties in the MyCompany Enterprise
Deletion of Users in the MyCompany Enterprise
28 The Oracle Directory Synchronization Service
About Connectors and Directory Integration Profiles
Connectors
Using Connectors with Supported Interfaces
Using Connectors Without Supported Interfaces
Synchronization Scenarios
Synchronizing from Oracle Internet Directory to a Connected Directory
Synchronizing from a Connected Directory to Oracle Internet Directory
Directories with Unique Formats
Directory Synchronization Profiles
Registration of Connectors into Oracle Directory Integration Platform
Additional Connector Configuration Information
Mapping Rules and Formats
Format of the Mapping Rules Attribute
Example: A Mapping File
Updating Mapping Rules
Location and Naming of Files
Managing Synchronization Profiles
Managing Profiles by Using Oracle Directory Manager
Registering a Profile by Using Oracle Directory Manager
Deregistering a Profile by Using Oracle Directory Manager
Managing Synchronization Profiles by Using Command-Line Tools
Creating a Synchronization Profile by Using oidmcrep.sh
Deregistering a Synchronization Profile Using oidmdelp.sh
29 The Oracle Directory Provisioning Integration Service
About the Oracle Directory Provisioning Integration Service
About Provisioning
Provisioning Procedures
User Enrollment in Applications
Provisioning Information
How the Oracle Directory Provisioning Integration Service Retrieves Changes from Oracle Internet Directory
How an Application Obtains Provisioning Information by Using the Oracle Directory Provisioning Integration Service
Managing the Oracle Directory Provisioning Integration Service Environment
Overview: Deploying the Oracle Directory Provisioning Integration Service
Managing the Oracle Directory Provisioning Integration Service
Managing the Oracle Directory Integration Server
Managing Provisioning Profiles
Security and the Oracle Directory Provisioning Integration Service
The Need to Control Access to Provisioning Profiles
Entities Needing Access
Entry-Level Privileges Granted to Entities
Attribute Level Privileges Granted to Entities
Troubleshooting the Oracle Directory Provisioning Integration Service
30 Oracle Directory Integration Server Administration
About the Oracle Directory Integration Server
Registering the Oracle Directory Integration Server
Operational Information about the Oracle Directory Integration Server
The Oracle Directory Integration Server and Configuration Set Entries
Standard Sequences of Directory Integration Server Events
Main Thread Process Sequence
Scheduler Thread Process Sequence
Connector Thread Process Sequence
Managing Configuration Set Entries
Managing the Oracle Directory Integration Server
Starting the Oracle Directory Integration Server
Using the OID Monitor and Control Utilities to Start the Oracle Directory Integration Server
Starting the Oracle Directory Integration Server Without Using OID Monitor and the OID Control Utility
Stopping the Oracle Directory Integration Server
Using OID Monitor and the OID Control Utility to Stop the Oracle Directory Integration Server
Stopping the Directory Integration Server Without Using OID Monitor and the OID Control Utility
Using the Restart Command
Setting the Debug Level
Finding the Log Files
Changing the Synchronization Status Attribute
Viewing Oracle Directory Integration Server Information
Viewing Oracle Directory Integration Server Runtime Information by Using Oracle Directory Manager
Viewing Oracle Directory Integration Server Runtime Information by Using
ldapsearch
Managing the Oracle Directory Integration Platform in a Replicated Environment
31 Security in the Oracle Directory Integration Platform
Authentication
Secure Sockets Layer (SSL) and the Oracle Directory Integration Platform
Oracle Directory Integration Server Authentication
Non-SSL Authentication
Authentication in SSL Mode
Profile Authentication
Access Control and Authorization
Access Controls for the Oracle Directory Integration Server
Access Controls for Agents
Data Integrity
Data Privacy
Tools Security
32 Bootstrapping of a Directory in the Oracle Directory Integration Platform
Bootstrapping Oracle Internet Directory from a Connected Directory
Using External Tools to Import Data into Oracle Internet Directory
Setting up a Connector to Import Data in Oracle Internet Directory
Bootstrapping a Connected Directory from Oracle Internet Directory
Using External Tools to Export Data from Oracle Internet Directory
Setting up a Connector to Export Data from Oracle Internet Directory
33 Synchronization with Oracle Human Resources
Introduction
Data that You Can Import from Oracle Human Resources
Managing Synchronization with Oracle Human Resources
Configuring a Directory Integration Profile for the Oracle Human Resources
Connector
Customizing the List of Attributes to Be Synchronized with Oracle Internet Directory
Including Additional Oracle Human Resources Attributes for Synchronization
Excluding Oracle Human Resources Attributes from Synchronization
Configuring a SQL SELECT Statement in the Configuration File to Support Complex Selection Criteria
Customizing Mapping Rules for the Oracle Human Resources Connector
Default Oracle Human Resources Connector Mapping Rules
Creating Oracle Human Resources Attribute Mapping Rules
Modifying Oracle Human Resources Attribute Mapping Rules
Deleting Oracle Human Resources Attribute Mapping Rules
Running Synchronization from Oracle Human Resources to Oracle Internet
Directory
Preparing for Synchronization
The Synchronization Process
Boostrapping Oracle Internet Directory from Oracle Human Resources
34 Synchronization with iPlanet Directory Server
About the iPlanet Connector
Configuring the iPlanet Connector
Task 1: Prepare Both Directories for Synchronization
Task 2: Configure the Integration Profile for the iPlanet Connector
Task 3: Configure Mapping Rules
Task 4: Configure Access Control
Task 5: Configure the Password Protection
Synchronizing Between Oracle Internet Directory and iPlanet Directory Server
Preparing for Synchronization
The Synchronization Process
Troubleshooting
Limitations in This Release
35 Synchronization with Third-Party Metadirectory Solutions
About Change Logs
Enabling Third-Party Metadirectory Solutions to Synchronize with Oracle Internet
Directory
Task 1: Perform Initial Bootstrapping
Task 2: Create a Change Subscription Object in Oracle Internet Directory for the Third-Party Metadirectory Solution
About the Change Subscription Object
Creating a Change Subscription Object
The Synchronization Process
How a Connected Directory Retrieves Changes the First Time from Oracle Internet Directory
How a Connected Directory Updates the orclLastAppliedChangeNumber Attribute in Oracle Internet Directory
Disabling and Deleting Change Subscription Objects
Disabling a Change Subscription Object
Deleting a Change Subscription Object
Part IX Appendixes
A Syntax for LDIF and Command-Line Tools
LDAP Data Interchange Format (LDIF) Syntax
Starting, Stopping, Restarting, and Monitoring Oracle Internet Directory Servers
The OID Monitor
Starting the OID Monitor
Stopping the OID Monitor
The OID Control Utility
Starting and Stopping an Oracle Directory Server Instance
Starting and Stopping an Oracle Directory Replication Server Instance
Restarting Directory Server Instances
Troubleshooting Directory Server Instance Startup
Entry-Management Command-Line Tools
ldapadd Syntax
ldapaddmt Syntax
ldapbind Syntax
ldapdelete Syntax
ldapmoddn Syntax
ldapsearch Syntax
Examples of ldapsearch Filters
Atttribute-Management Command-Line Tools
The Catalog Management Tool
ldapcompare Syntax
ldapmodify Syntax
ldapmodifymt Syntax
Bulk Operations Command-Line Tools
bulkdelete Syntax
bulkload Syntax
bulkmodify Syntax
ldifwrite Syntax
Replication-Management Command-Line Tools
The Human Intervention Queue Manipulation Tool
Moving a Change from the Human Intervention Queue into the Retry Queue
Moving a Change from the Human Intervention Queue into the Purge Queue
Examples: Using the
Human Intervention Queue Manipulation Tool
The OID Reconciliation Tool
Reconciling Inconsistent Data by Using the OID Reconciliation Tool
How the OID Reconciliation Tool Works
Directory Synchronization and Provisioning Command-Line Tools
The oidmuplf.sh Tool
The oidmcrep.sh Tool
The oidmdelp.sh Tool
The stopodis.sh Tool
The schemasync Tool
The Provisioning Subscription Tool
The OID Database Password Utility
The OID Database Statistics Collection Tool
The OID Migration Tool
Examples: Using the OID Migration Tool
Using the Migration Tool in the Lookup Mode
Using the OID Migration Tool Without the Lookup Option
Overriding Substitution Values Obtained from the Lookup Mode
OID Migration Tool Error Messages
B The Access Control Directive Format
Schema for orclACI
Schema for orclEntryLevelACI
C Schema Elements
IETF Requests for Comments (RFCs) Enforced by Oracle Internet Directory
IETF Drafts Enforced by Oracle Internet Directory
Proprietary Oracle Internet Directory Schema Elements
LDAP Syntax
LDAP Syntax Enforced by Oracle Internet Directory
Commonly Used LDAP Syntax Recognized by Oracle Internet Directory
Additional LDAP Syntax Recognized by Oracle Internet Directory
Size of Attribute Values
Matching Rules
Schema to Represent a User
D Upgrading Oracle Internet Directory
Recommended Upgrade Procedure
Alternate Procedure: Upgrading a Standalone Oracle Internet Directory Node
Task 1: Stop Oracle Directory Server on the Old Version Node
Task 2: Backup the Sponsor Node by Using Export Utility
Task 3: Load Data into the New Node by Using the Import Utility
Task 4: Perform Oracle Internet Directory Schema Upgrade
Post-Upgrade Task: Migrate User Data
E Migrating Data from Other Directories
Migrating Data from LDAP-Compliant Directories
About the Data Migration Process
Tasks For Migrating Data from LDAP-Compliant Directories
Task 1: Export Data from the Non-Oracle Internet Directory Server into LDIF File Format
Task 2: Analyze the LDIF User Data for Any Required Schema Additions Referenced in the LDIF Data
Task 3: Extend the Schema in Oracle Internet Directory
Task 4: Remove Any Proprietary Directory Data from the LDIF File
Task 5: Remove Operational Attributes from the LDIF File
Task 6: Remove Incompatible userPassword Attribute Values from the LDIF File
Task 7: Run the bulkload.sh -check Mode and Determine Any Remaining Schema Violations or Duplication Errors
Migrating User Data from Application-Specific Repositories
Tasks For Migrating Data from Application-Specific Repositories
Task 1: Create an Intermediate Template File
Task 2: Run the OID Migration Tool
F The LDAP Filter Definition
G Troubleshooting
Installation Errors
Administration Error Messages and Causes
Oracle Database Server Error Due to Schema Modifications
Standard Error Messages Returned from Oracle Directory Server
Additional Error Messages
Password Policy Violation Error Messages
Glossary
Index
Copyright © 1999, 2002 Oracle Corporation.
All Rights Reserved.
Home
Book List
Index
Master Index
Feedback