5 Directory Administration and Monitoring Tools

This chapter introduces the various administration tools of Oracle Internet Directory. It discusses the online administration tool, called Oracle Directory Manager, and tells you how to launch it, navigate through it, and connect to directory servers with it. It also introduces the command-line tools for ldap, bulk, and catalog operations.

This chapter contains these topics:

Using Oracle Identity Management Grid Control Plug-in
Using Oracle Directory Manager
Using Oracle Internet Directory Server Manageability
Using Command-Line Tools

Directory administration is also aided by the Oracle Delegated Administration Services, a set of pre-defined, Web-based units for performing directory operations on behalf of a user. It frees directory administrators from the more routine directory management tasks by enabling them to delegate specific functions to other administrators and to end users. You can use it, for example, to enable end users to modify their personal profile information (including Oracle Application Server Single Sign-On passwords) without requiring the intervention of an administrator.

One tool, created by using Oracle Delegated Administration Services, is the Oracle Internet Directory Self-Service Console. This ready-to-use application provides a single graphical interface for delegated administrators and end users to manage data in the directory.

5.1 Using Oracle Identity Management Grid Control Plug-in

The Oracle Identity Management Grid Control Plug-in is described in the Oracle Identity Management Infrastructure Administrator's Guide.

5.2 Using Oracle Directory Manager

Oracle Directory Manager is a Java-based tool for administering Oracle Internet Directory. This section describes some of its basic features. More specific instructions are found in sections throughout this book that explain how to perform various tasks.

This section contains these topics:

Starting Oracle Directory Manager
Connecting to a Directory Server by Using Oracle Directory Manager
Navigating Oracle Directory Manager
Connecting to Additional Directory Servers by Using Oracle Directory Manager
Disconnecting from a Directory Server by Using Oracle Directory Manager
Configuring the Display and Duration of Searches in Oracle Directory Manager
Performing Administrative Tasks by Using Oracle Directory Manager

Note:
You cannot use Oracle Directory Manager to administer LDAP directories other than Oracle Internet Directory.

5.2.1 Starting Oracle Directory Manager

Before you can launch Oracle Directory Manager, you must have a directory server instance running. If no server instance is running, start one as described in "Semantics of OPMN Starting Oracle Internet Directory".

See Also:

"Oracle Internet Directory Architecture" for a conceptual explanation of directory server instances

To start Oracle Directory Manager, follow the instructions for your operating system as described in Table 5-1:

Table 5-1 Operating System-Specific Instructions for Starting Oracle Directory Manager

Operating System Instructions

Operating System	Instructions
Microsoft Windows	From the Start menu, choose Programs, then `ORACLE_HOME`, then Integrated Management, then Oracle Directory Manager
UNIX	If you have added `$ORACLE_HOME/bin` to `$PATH`, simply type the following at the system prompt: `oidadmin` If you have not added `$ORACLE_HOME/bin` to `$PATH`, navigate to `$ORACLE_HOME/bin` and enter: `./oidadmin` at the system prompt.

Microsoft Windows

From the Start menu, choose Programs, then ORACLE_HOME, then Integrated Management, then Oracle Directory Manager

UNIX

If you have added $ORACLE_HOME/bin to $PATH, simply type the following at the system prompt:

oidadmin

If you have not added $ORACLE_HOME/bin to $PATH, navigate to $ORACLE_HOME/bin and enter:

./oidadmin at the system prompt.

The first time you start Oracle Directory Manager, an alert tells you that you must connect to a server. Choose OK. The Directory Server Connection dialog box appears.

5.2.2 Connecting to a Directory Server by Using Oracle Directory Manager

To connect to a directory server:

In the Directory Server Connection dialog box, type the name and port number of an available server.

The default port is 389. You can change the port if you wish. However, if you have an Oracle directory server running on a port that is not the default, then be sure that any clients that use that server are informed of the correct port.

Choose OK. The Oracle Directory Manager Connect dialog box appears.
In each field of the Credentials tab page, type the information specific to this server instance. These fields are described in Table A-1.

See Also:

Chapter 17, "Secure Sockets Layer (SSL) and the Directory" for instructions on enabling SSL
"Entries" for instructions on formatting distinguished names
"Configuring SSL Parameters" for information about changing ports and their impact on security
Oracle Advanced Security Administrator's Guide for instructions on creating a wallet by using Oracle Wallet Manager when using SSL

If you selected the SSL Enabled check box on the Credentials tab page, then select the SSL tab.
In the SSL tab page, enter the requested data in the fields. These fields are described in Table A-2.

Choose Login. Oracle Directory Manager appears.

5.2.3 Navigating Oracle Directory Manager

This section provides an overview of Oracle Directory Manager, and explains the items in the menu bar and the buttons on the toolbar.

5.2.3.1 Overview of Oracle Directory Manager

Like the directory itself, the navigator pane (left side of the double window interface) has a tree-like structure. When Oracle Directory Manager first opens, the navigator pane shows only one tree item, Oracle Internet Directory Servers. By clicking the plus sign (+) next to the tree item, subcomponents of that tree item appear.

In the right pane, some windows contain buttons labeled Apply and OK. If you choose Apply, the changes you have made are committed, and the window remains available for more changes. If you press OK, the changes you have made are committed, and the window closes.

Similarly, some windows have buttons that are labeled Revert and Cancel. If you press Revert, then the changes you have made in that window do not take effect, the original values reappear in the fields, and the window stays open for further work. If you press Cancel, the changes you have made in that window do not take effect, and the window closes.

5.2.3.2 The Oracle Directory Manager Menu Bar

Table 5-2 lists and describes the menus you can access by using the menu bar. Menu items become enabled or disabled depending on the pane or tab page you are displaying.

Table 5-2 Oracle Directory Manager Menu Bar

Menu	Menu Items
File	Create: Adds an object Create Like: Adds a new object by using the object selected in the navigator pane as a template. Connect: Connects to a directory server selected in the navigator pane. Disconnect: Disconnects from a directory server selected in the navigator pane. Exit: Exits Oracle Directory Manager.
Edit	Edit: Modifies an object. Remove: Removes a selected object. Find Object Classes or Find Attributes: Searches for either an object class or an attribute, depending on the context. If, in the navigator pane, you select Oracle Internet Directory, then directory server instance, then Server Management, then Object Classes, then this menu item searches for an object class. If you navigate to Oracle Internet Directory, then directory server instance, then Server Management, then Attributes, then it searches for attributes.
View	Refresh: Updates data stored in memory to reflect changes in the database. Tear-Off: Generates a secondary dialog containing the fields and values displayed in Oracle Directory Manager's right pane. This is useful when comparing two pieces of information.
Operation	Create Object Class: Displays the New Object Class dialog box that you use to add a new object class. Create Attribute: Displays the New Attribute Type dialog box that you use to add a new attribute to an entry. Create Access Cutler Point: Displays the New Access Control Point dialog box that you use to add a new access control policy point (ACP). Create Entry: Displays the New Entry dialog box that you use to add a new directory entry. Refresh Entry: Updates data for entries stored in memory to reflect changes in the database. Refresh Subtree Entries: Updates the children of entries stored in memory to reflect changes in the database. Configure Search Filter: Narrows the range of entries the navigator pane displays according to whatever filter you specify. Drop Index: Removes an index from an attribute. When you select this item, an alert asks you to confirm that you want to drop the index. Search: Enables you to configure ACP searches User Preferences: Displays a dialog box that enables you to: Configure the display of entry search results Establish whether ACPs are displayed whenever Oracle Directory Manager runs, or only as the result of a search.
Help	Contents: Displays the Contents tab page of the Help navigator Search for Help On...: Displays the Help Search dialog box that you use to search for words in the online help guide. About Oracle Internet Directory: Displays Oracle Internet Directory version information.

5.2.3.3 The Oracle Directory Manager Toolbar

Table 5-3 illustrates and describes the buttons in the Oracle Internet Directory toolbar. Buttons become enabled or disabled depending on the pane or tab page you are displaying in Oracle Directory Manager.

Table 5-3 Oracle Directory Manager Toolbar

Button	Purpose
	Connect/Disconnect: Connects to or disconnect from a directory server selected in the navigator pane.
	Refresh: Updates data for objects other than entries that are stored in memory to reflect changes in the database.
	Create: Adds a new object.
	Create Like: Adds a new object by using another object as a template.
	Edit: Modifies an object.
	Find Object Classes or Attributes: Searches for either an object class or an attribute, depending on the context. If, in the navigator pane, you navigate to Oracle Internet Directory > directory server instance > Server Management > Object Classes, then this button searches for an object class. If you navigate to Oracle Internet Directory > directory server instance > Server Management > Attributes, then it searches for attributes.
	Delete: Removes an object.
	Add Object Classes: Adds an object class to an existing entry.
	Refresh Entry: Updates data for entries stored in memory to reflect changes in the database.
	Refresh Subtree Entries: Updates the children of entries stored in memory to reflect changes in the database
	Configure Search Filter: Narrows the range of entries the navigator pane displays according to whatever filter you specify.
	Drop Index: Removes an index from an attribute. When you click this button, an alert asks you to confirm that you want to drop the index.
	Search: Enables you to configure ACP searches.
	User Preferences: Enables you to configure the display of ACPs in the navigator pane, as well as entries in a search operation.
	Help: Displays the Help system.

5.2.4 Connecting to Additional Directory Servers by Using Oracle Directory Manager

You can connect to more than one directory server at a time, and then view and modify the data, schema, and security for each directory server. If you do this, then each server is listed in the navigator pane under Oracle Internet Directory Servers.

To connect to an additional directory server:

In the navigator pane, select Oracle Internet Directory Servers.
In the right pane, choose New.
Follow the login procedures described earlier in this chapter, in "Connecting to a Directory Server by Using Oracle Directory Manager".

5.2.5 Disconnecting from a Directory Server by Using Oracle Directory Manager

To disconnect from a directory server by using Oracle Directory Manager, from the File menu choose Disconnect. Also, when you exit Oracle Directory Manager, connections between all directory servers and the directory are automatically disconnected.

All connection information is stored in the user's home directory in the file osdadmin.ini.

When you restart Oracle Directory Manager, all previously connected server connections appear in the Directory Server Login dialog box.

5.2.6 Configuring the Display and Duration of Searches in Oracle Directory Manager

You can specify the maximum number of entries to be displayed in Oracle Directory Manager as the result of searches and the duration of searches. You can make these configurations in either Oracle Directory Manager or the directory server or both.

If you make the configuration in both Oracle Directory Manager and the directory server, and the configuration in Oracle Directory Manager does not match the one in the directory server, then Oracle Internet Directory resolves the conflict as follows:

If the value you set in Oracle Directory Manager is greater than that in the directory server, then the configuration of the server prevails. For example, if you set Oracle Directory Manager to search for 2 minutes, and the directory server for 3 minutes, then the actual search duration will be 3 minutes.
If the value you set in Oracle Directory Manager is less than that in the directory server, then the configuration of Oracle Directory Manager prevails. For example, if you set Oracle Directory Manager to search for 2 minutes, and the server for 3 minutes, then the actual search duration is 2 minutes.

To configure the display and duration of searches in Oracle Directory Manager:

In the navigator pane, expand Oracle Internet Directory Servers, and select the server you want to configure.
From the toolbar, select User Preferences. The User Preferences dialog box appears.
In the Configure Entry Management tab page, in the Maximum number of one-level subtree entries field, enter the maximum number of entries to be returned by a search.
In the Search Time Limit field, enter the maximum number of seconds for a search to be completed. The default is 3600.
Choose OK.

To configure the display and duration of searches in an Oracle directory server:

In the navigator pane, expand Oracle Internet Directory Servers and select a directory server instance. The group of tab pages for that server appear in the right pane.
In the System Operational Attributes tab page, in the Query Entry Return Limit field, enter the maximum number of entries to be returned by a search. The default is 1000.
In the Server Operation Time Limit field, enter the maximum number of seconds for a search to be completed. The default is 3600.
Choose Apply.

5.2.7 Performing Administrative Tasks by Using Oracle Directory Manager

You can perform most of the Oracle Internet Directory administrative tasks through Oracle Directory Manager. Those that you cannot perform through Oracle Directory Manager involve running processes, such as starting and stopping the OID Monitor (oidmon) and starting and stopping server instances. To perform tasks that you cannot perform with Oracle Directory Manager, use the appropriate LDAP command-line tool.

See Also:

"Using Command-Line Tools"
"Oracle Identity Management Command-line Tool Reference" in Oracle Identity Management User Reference

Table 5-4 lists the task areas you can manage by using Oracle Directory Manager and where to find instructions for each area.

Table 5-4 Task Areas in Oracle Directory Manager

Task Area	Instructions
Access Control Management	"Managing Access Control by Using Oracle Directory Manager" Managing Access Control by Using Command-Line Tools
Attribute Uniqueness Management	Chapter 10, "Attribute Uniqueness in the Directory"
Audit Log Management	Chapter 14, "Logging, Auditing, and Monitoring the Directory"
Change Log Management	"Change Logs in Directory Replication" Chapter 30, "Oracle Internet Directory Replication Installation and Configuration" The chapter on the Oracle Directory Synchronization Service in Oracle Identity Management Integration Guide The chapter on the Oracle directory integration and provisioning server in Oracle Identity Management Integration Guide
Entry Management	"Managing Entries by Using Oracle Directory Manager"
Garbage Collection Management	Chapter 26, "Garbage Collection in Oracle Internet Directory"
Password Policy Management	Chapter 19, "Password Policies in Oracle Internet Directory"
Password Verifier Management	Chapter 20, " Directory Storage of Password Verifiers"
Plug-in Management	Part VIII, "Directory Plug-ins"
Replication Management	Chapter 30, "Oracle Internet Directory Replication Installation and Configuration"
Schema Management	"Object Classes in the Directory" "Attributes in the Directory"
Server Management	Chapter 7, " Oracle Directory Server Administration"

5.3 Using Oracle Internet Directory Server Manageability

Oracle Internet Directory Server Manageability enables you to monitor various types of information about Oracle Internet Directory servers. You can also use Oracle Internet Directory Server Manageability to start, stop, or restart a directory server instance. To exploit the features of Oracle Internet Directory Server Manageability, you use Oracle Enterprise Manager 10g Application Server Control Console.

5.4 Using Command-Line Tools

Oracle Internet Directory provides several types of command-line tools for manipulating directory entries and attributes—for example:

LDAP tools, for altering objects in text files written in the LDAP Data Interchange Format (LDIF)
A catalog management tool, for indexing existing attributes
Various tools to help you synchronize multiple directories in your enterprise

Many of the command-line tools act on objects that are in text files written in the LDAP Data Interchange Format (LDIF).

Note:

To use the command-line tools, set the following environment variables:

ORACLE_HOME.
ORACLE_SID or a proper TNS CONNECT string.
NLS_LANG (APPROPRIATE_LANGUAGE.AL32UTF8). The default language set at installation is AMERICAN_AMERICA.
PATH and CLASSPATH. In the PATH and CLASSPATH environment variables, specify the Oracle LDAP binary—that is, ORACLE_HOME/bin—before the UNIX binary directory.

Note:

Command-line examples in Oracle Identity Management documentation are based on the UNIX ksh. Arguments that must be escaped from the shell are shown in double quotes ("). Use the appropriate quote characters for your shell environment.

See Also:

"LDIF File Formatting Rules" in Oracle Identity Management User Referencefor information on formatting an LDIF file

This section contains these topics:

Command-Line Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers
Command-Line Tools for Managing Entries and Attributes
Command-Line Tools for Performing Bulk Operations
Command-Line Tools for Managing Replication
OID Migration Tool (ldifmigrator)
OID Database Statistics Tool (oidstats.sql)
OID Database Password Utility (oidpasswd)

5.4.1 Command-Line Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers

Table 5-5 lists and describes the various command-line tools for starting, stopping, and monitoring Oracle Internet Directory servers and points you to more information about each one.

Table 5-5 Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers

Tool Description More Information

Tool	Description	More Information
Oracle Process Manager and Notification Server (OPMN)	Use OPMNCTL to stop or start Oracle Internet Directory as a component of Oracle Application Server.	The `opmnctl` command-line tool reference in Oracle Identity Management User Reference The chapter entitled "Configuring Oracle Internet Directory" in Oracle Process Manager and Notification Server Administrator's Guide
OID Control Utility (OIDCTL)	Use this tool to start and stop an individual instance of the server. The commands are interpreted and executed by the OID Monitor process.	"Oracle Internet Directory Architecture" for a conceptual description The `oidctl` command-line tool reference in Oracle Identity Management User Reference
OID Monitor (OIDMON)	You do not need to invoke OIDMON directly. You start and stop it using OPMN. When you issue commands through OID Control Utility (OIDCTL) to start or stop directory server instances, your commands are interpreted by OIDMON.	"Oracle Internet Directory Architecture" for a conceptual description The `oidmon` command-line tool reference in Oracle Identity Management User Reference for syntax and usage notes

Oracle Process Manager and Notification Server (OPMN)

Use OPMNCTL to stop or start Oracle Internet Directory as a component of Oracle Application Server.

The opmnctl command-line tool reference in Oracle Identity Management User Reference

The chapter entitled "Configuring Oracle Internet Directory" in Oracle Process Manager and Notification Server Administrator's Guide

OID Control Utility (OIDCTL)

Use this tool to start and stop an individual instance of the server. The commands are interpreted and executed by the OID Monitor process.

"Oracle Internet Directory Architecture" for a conceptual description

The oidctl command-line tool reference in Oracle Identity Management User Reference

OID Monitor (OIDMON)

You do not need to invoke OIDMON directly. You start and stop it using OPMN. When you issue commands through OID Control Utility (OIDCTL) to start or stop directory server instances, your commands are interpreted by OIDMON.

"Oracle Internet Directory Architecture" for a conceptual description

The oidmon command-line tool reference in Oracle Identity Management User Reference for syntax and usage notes

5.4.2 Command-Line Tools for Managing Entries and Attributes

Table 5-6 lists and describes the command-line tools for managing entries and attributes, and points you to further information.

Table 5-6 Tools for Managing Entries

Tool	Description	More Information
Catalog Management Tool (catalog)	Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, the entry cn=catalogs lists available attributes that can be used in a search. Only those attributes that have an equality matching rule can be indexed. If you want to use additional attributes in search filters, you must add them to the catalog entry. You can do this at the time you create the attribute by using Oracle Directory Manager. However, if the attribute already exists, then you can index it only by using the Catalog Management tool. Useful in creating and dropping the indexes.	The `catalog` command-line tool reference in Oracle Identity Management User Reference for syntax and usage notes "Indexing an Attribute by Using Oracle Directory Manager" "Indexing an Attribute by Using Command-Line Tools".
ldapadd	Use this tool to add entries one at a time.	The ldapadd command-line tool reference in Oracle Identity Management User Reference
ldapaddmt	Use this tool to add several entries concurrently by using this shared-server tool.	The `ldapaddmt` command-line tool reference in Oracle Identity Management User Reference
ldapbind	Use this tool to authenticate user/client to a directory server.	The `ldapbind` command-line tool reference in Oracle Identity Management User Reference
ldapcompare	Use this tool to see whether an entry contains a specified attribute value.	The `ldapcompare` command-line tool reference in Oracle Identity Management User Reference
ldapdelete	Use this tool to delete entries.	The `ldapdelete` command-line tool reference in Oracle Identity Management User Reference
ldapmoddn	Use this tool to modify the DN or RDN of an entry, rename an entry or a subtree, or move an entry or a subtree under a new parent.	The `ldapmoddn` command-line tool reference in Oracle Identity Management User Reference
ldapmodify	Use this tool to create, update, and delete attribute data for an entry.	The `ldapmodify` command-line tool reference in Oracle Identity Management User Reference
ldapmodifymt	Use this tool to modify several entries concurrently by using this shared-server tool.	The `ldapmodifymt` command-line tool reference in Oracle Identity Management User Reference
ldapsearch	Use this tool to search for directory entries.	The `ldapsearch` command-line tool reference in Oracle Identity Management User Reference

5.4.3 Command-Line Tools for Performing Bulk Operations

Table 5-7 lists and describes the command-line tools for performing bulk operations, and points you to further information.

Table 5-7 Command-Line Tools for Performing Bulk Operations

Tool	Description	More Information
bulkdelete	Use this tool to delete a subtree efficiently	The `bulkdelete` command-line tool reference in Oracle Identity Management User Reference
bulkload	Use this tool to load and append large numbers of entries to Oracle Internet Directory through LDIF files	The `bulkload` command-line tool reference in Oracle Identity Management User Reference
bulkmodify	Use this tool to modify a large number of existing entries efficiently	The `bulkmodify` command-line tool reference in Oracle Identity Management User Reference
ldifwrite	Use this tool to copy data from the directory information base into an LDIF file that can be read by any LDAP-compliant directory server. You can use ldifwrite in conjunction with bulkload. You can also use ldifwrite to back up information from all or part of a directory.	The `ldifwrite` command-line tool reference in Oracle Identity Management User Reference

5.4.4 Command-Line Tools for Managing Replication

Table 5-8 lists and describes the command-line tools for managing replication, and points you to further information.

Table 5-8 Command-Line Tools for Managing Replication

Tool Description More Information

Tool	Description	More Information
Replication Environment Management Tool	This tool ensures that Advanced Replication is properly configured for directory replication. In the event of a directory replication failure, this tool looks for the problems and seeks to rectify them. If it cannot solve the problem, then it gives you a report of the nature of the problem and points you to a possible solution.	The `remtool` command-line tool reference in Oracle Identity Management User Reference for syntax and examples
Oracle Internet Directory Comparison and Reconciliation Tool	When a replication conflict arises, Oracle directory replication server places the change in the retry queue and tries to apply it from there for a specified number of times. If it fails after that specified number, then the replication server puts the change in the human intervention queue. From there, the replication server repeats the change application process at less frequent intervals while awaiting your action. At this point, you need to: Examine the change in the human intervention queues Reconcile the conflicting changes on the consumer with those on the supplier by using the Oracle Internet Directory Comparison and Reconciliation Tool Place the change either back into the retry queue or into the purge queue	""About the Oracle Internet Directory Comparison and Reconciliation Tool" The `oidcmprec` command-line tool reference in Oracle Identity Management User Reference
Human Intervention Queue Manipulation Tool	Once you have reconciled conflicting changes by using the Oracle Internet Directory Comparison and Reconciliation Tool, the Human Intervention Queue Manipulation Tool enables you to move them from the human intervention queue to either the retry queue or the purge queue. Moving the change to the purge queue means that there are no further attempts to re-apply the change log entry.	"About the Human Intervention Queue Manipulation Tool" The `hiqretry` command-line tool reference in Oracle Identity Management User Reference for syntax and an explanation of how Comparison and Reconciliation Tool works

Replication Environment Management Tool

This tool ensures that Advanced Replication is properly configured for directory replication. In the event of a directory replication failure, this tool looks for the problems and seeks to rectify them. If it cannot solve the problem, then it gives you a report of the nature of the problem and points you to a possible solution.

The remtool command-line tool reference in Oracle Identity Management User Reference for syntax and examples

Oracle Internet Directory Comparison and Reconciliation Tool

When a replication conflict arises, Oracle directory replication server places the change in the retry queue and tries to apply it from there for a specified number of times. If it fails after that specified number, then the replication server puts the change in the human intervention queue. From there, the replication server repeats the change application process at less frequent intervals while awaiting your action.

At this point, you need to:

Examine the change in the human intervention queues
Reconcile the conflicting changes on the consumer with those on the supplier by using the Oracle Internet Directory Comparison and Reconciliation Tool
Place the change either back into the retry queue or into the purge queue

""About the Oracle Internet Directory Comparison and Reconciliation Tool"

The oidcmprec command-line tool reference in Oracle Identity Management User Reference

Human Intervention Queue Manipulation Tool

Once you have reconciled conflicting changes by using the Oracle Internet Directory Comparison and Reconciliation Tool, the Human Intervention Queue Manipulation Tool enables you to move them from the human intervention queue to either the retry queue or the purge queue. Moving the change to the purge queue means that there are no further attempts to re-apply the change log entry.

"About the Human Intervention Queue Manipulation Tool"

The hiqretry command-line tool reference in Oracle Identity Management User Reference for syntax and an explanation of how Comparison and Reconciliation Tool works

5.4.5 OID Migration Tool (ldifmigrator)

Use this tool to migrate data from application-specific repositories into Oracle Internet Directory.

See Also:

The ldifmigrator command-line tool reference in Oracle Identity Management User Reference for instructions on using this tool

5.4.6 OID Database Statistics Tool (oidstats.sql)

Use this tool to analyze the various database ods schema objects to estimate the statistics. You must run this utility whenever there are significant changes in directory data—including the initial load of data into the directory.

If you load data into the directory by any means other than the bulkload tool (bulkload), then you must run the OID Database Statistics Collection tool after loading. Statistics collection is essential for the Oracle Optimizer to choose an optimal plan in executing the queries corresponding to the LDAP operations. You can run OID Database Statistics Collection tool at any time, without shutting down any of the OID daemons.

See Also:

The oidstats.sql command-line tool reference in Oracle Identity Management User Reference

5.4.7 OID Database Password Utility (oidpasswd)

The OID Database Password Utility is used to:

Change the password to the Oracle Internet Directory database.

Oracle Internet Directory uses a password when connecting to an Oracle database. The default for this password matches the value you specified during installation for the Oracle Application Server administrator's password. You can change this password by using the OID Database Password Utility.
Create a wallet, named oidpwdlldap1, for the Oracle Internet Directory database password, and a wallet, named oidpwdrsid, for the Oracle directory replication server password.

The sid is obtained not from the environment variable SID but from the connected database.

With the create_wallet=true option, you need to provide the ODS password to authenticate yourself to the ODS database before the ODS wallet can be generated. Note that the default ODS password is the same as that for the Oracle Application Server administrator.

Unlock a locked directory super user account, namely, cn=orcladmin.

Note:

To change the ODS database user password, you must use the oidpasswd tool. If you change the ODS database user password by any other means, then Oracle Internet Directory instances fail to start.

Reset the super user password.
Manage super user restricted ACPs.

See Also:

The oidpasswd command-line tool reference in Oracle Identity Management User Reference