| Oracle® Identity Management Integration Guide 10g (10.1.4.2) Part Number E10528-01 |
|
|
View PDF |
| Oracle® Identity Management Integration Guide 10g (10.1.4.2) Part Number E10528-01 |
|
|
View PDF |
This appendix describes the windows and corresponding fields in the Oracle Directory Integration Server Administration tool. It contains these sections:
Windows and Tabs in the Oracle Directory Integration Server Administration Tool
Tabs and Fields for Registering and Editing a Connector Profile
This section lists and describes the windows and tabs you use to connect to a directory server. It contains these topics:
Table A-1 describes the fields on the Credentials tab of the Login window.
Table A-1 Fields in the Credentials Window
| Field Name | Description |
|---|---|
|
The default value for the user name is If you have already set up the user's entry by using LDAP command-line tools, then you can enter that user's entry in one of two ways:
If you do not have the correct privileges, then access to the tool is denied. To use this tool, you must be a member of the following group: |
|
|
If you are logging in as the super user and you specified a password for the super user during installation, in the Password field, enter the password you specified. Otherwise, enter the default password, namely, If you are logging in anonymously, leave the Password field empty. If you want to log in as a specific directory user, enter the corresponding password. See Also: The chapter about directory server administration in Oracle Internet Directory Administrator's Guide, for instructions about how to change the password |
|
|
The first time you log in, the Oracle Directory Integration Server Administration tool displays the name of default Oracle directory server you specified during the Oracle Application Server installation. It obtains the information for the directory server by checking first the value for the If you are want to connect to a server on a different host:
To add a directory server to the list:
To modify a directory server on the list:
|
|
|
Port |
The first time you log in, the Oracle Directory Integration Server Administration tool displays the name of default Oracle directory server port you specified during the Oracle Application Server installation. It obtains this information by checking the value of the To change this port number:
|
Use this window to add a directory server to the list in the Select Directory Server Window window.
This window displays a list of all directory servers to which you have connected at any time in the past. You can select a directory server from the list, either to connect to it, delete it, edit it, or to use it as a template for another management connection. To add a server to this list, click Add. The Directory Server Connection Window window appears.
Use this window to display the hierarchy of all containers in the directory information tree (DIT).
Click the plus sign (+) next to the top-level entry to expand the tree. Expand the tree by clicking plus signs to see the subordinate entries. When you click a plus sign to expand an entry, that plus sign becomes a minus sign (-).
Note:
Although an entry that does not have subordinate entries may appear with a plus sign, when you click that plus sign, it disappears. Entries that have no plus or minus sign next to them are leaf nodes on the tree.Select the entry you want and click OK. That entry appears in the Server field on the Login dialog box.
This window displays configuration settings for the selected process. Table A-2 describes the fields in the Server Process.
Table A-2 Fields in the Server Process Window
| Field Name | Description |
|---|---|
|
Instance |
The current directory integration serverinstance. |
|
Configuration Set |
The configuration set entry that was used to start the directory integration server. |
|
Host Name |
The host name from which the directory integration server started. |
|
Agent Refresh Flag |
The number of minutes between server refreshes for any changes in Oracle Directory Integration Platform profiles. |
|
Oracle DIP Instance Status |
Indicates whether an instance of the Oracle directory integration platform server should continue running or shut down. |
|
Oracle DIP Profile Execution Group Identifier |
The profile group that was used to start the directory integration server. |
Table A-3 describes the fields on the SSL tab of the Login window.
Table A-3 Fields in the SSL Window
This section describes the windows and tabs in the Oracle Directory Integration Server Administration tool. It contains these topics:
Use this window to enter the name of a new connector profile group. Note that connector names cannot include spaces.
Use this tab to determine whether the navigator pane displays all ACPs automatically or only as the result of a search. If you have a large number of ACPs, then you may want to display them only as the result of a search.
Use this tab to specify:
The number of entries the Oracle Directory Integration Server Administration tool displays in a search result
The duration of searches
You can make these configurations in this tool, directory server, or both.
If you make the configuration in both this tool and the directory server, and the two configurations do not match, then Oracle Internet Directory resolves the conflict as follows:
If the value you set in this tool is greater than that in the directory server, then the configuration of the server prevails. For example, if you set this tool to search for 2 minutes, and the directory server for 3 minutes, then the actual search duration will be 3 minutes.
If the value you set in this tool is less than that in the directory server, then the configuration of this tool prevails. For example, if you set this tool to search for 2 minutes, and the server for 3 minutes, then the actual search duration is 2 minutes.
Table A-4 describes the fields in the Configuration Set window.
Table A-4 Fields in the Configuration Set Window
This window displays a list of configuration sets. To display a configuration set's parameters, select the configuration set entry in the navigator pane. The parameters appear in the Configuration Set Window window. You can create a new configuration set by clicking the Add Configuration Set button. This displays the New Configuration Set window, which contains the same fields that are listed in the Configuration Set Window window.
This window displays information about the connector profiles associated with a connector profile group. If this window is empty, then no connector profiles are associated with this connector profile group. The columns of the Connector Group window are:
Connector Name: The RDN component of the DN for this connector profile.
Synchronization Mode: Specifies whether the profile is used for importing or exporting. An import operation brings changes from a connected directory into Oracle Internet Directory. An export operation brings changes from Oracle Internet Directory into a connected directory.
Connector Status: Specifies whether the profile is enabled or disabled.
You an also use the Connector Group window to:
Associate a connector profile with a connector profile group by clicking Associate Profile. This displays the Profile Selector Window window. If a connector profile is already associated with a connector profile group, you must first disassociate the profile before you can associate it with a different connector profile group.
Disassociate a profile from a connector profile group by selecting it and clicking Disassociate Profile. This displays a window that prompts you to confirm disassociation of the connector profile from the group.
Use this window to create or modify connector profile groups can:
Create a new connector profile group by clicking Add Connector Group. This displays the Connector Group Window page.
Edit a connector profile group by selecting it, and then clicking Edit. This displays the Connector Group Window page.
This window displays all of the Oracle Directory Integration Platform integration profiles in Oracle Internet Directory. Use this window to create or modify a connector profile. You can:
Create a connector profile by copying an existing one. To do this, select the connector profile you want to copy, then click Create Like. The Integration Profile window displays the General Tab window.
Create a connector profile without copying an existing one. To do this, click Create New. The Integration Profile window displays the General Tab window.
Edit a connector profile by selecting it, and then click Edit. This displays the General Tab window.
Delete a connector profile by selecting it, and then click Delete. This displays a window that prompts you to confirm deletion of the connector profile.
Table A-5 describes the fields in the Connected Directory Failover setup for External Authentication Plug-ins window.
Table A-5 Fields in the Connected Directory Failover setup for External Authentication Plug-ins Window
| Field Name | Description |
|---|---|
|
Failover Host |
The failover host name where the directory server is running. |
|
Failover Port |
The failover port where the directory server is running. |
|
SSL Mode |
Determines whether the connection to the failover host is in SSL mode; can be set to Non-SSL or SSL-Only. |
|
Wallet Location |
Location of the SSL wallet. Required if communication to the failover host is in SSL mode. |
|
Wallet Password |
Password of the SSL wallet. Required if communication to the failover host is in SSL Mode. |
Table A-6 describes the fields in the LDAP Connector Express Setup window.
Table A-6 Fields in the LDAP Connector Express Setup Window
| Field Name | Description |
|---|---|
|
Connected Directory Type |
The type of connected directory. You can select one of the following options:
|
|
Create Like |
Create a connector profile by copying an existing one. |
|
Connector Name |
The connector name. |
|
Connected Directory Host |
The host where the connected directory is running. |
|
Connected Directory Port |
The port where the connected directory is running. |
|
Connected Directory SSL Enabled |
Specify whether the connection to the target directory is in SSL mode. |
|
Connected DirectoryUser |
The user name of the connected directory user. |
|
Connected Directory User Password |
The password of the connected directory user. |
|
Synchronization Mode |
The direction of the synchronization. You can select Target -> OID to synchronize from the target directory to Oracle Internet Directory or you can select OID -> Target to synchronize from Oracle Internet Directory to the target directory. |
|
Connector Group |
The connector profile group with which to associate the connector profile. |
|
Synchronization Domains |
The domains with which the profile will synchronize. Click the Browse button to select a domain with the Select Distinguished Name (DN) Path: All Entries Window window. You can select multiple domains in this window. |
|
Enable Connector Profile |
Enable or disable the connector profile. |
|
Configure External Authentication plug-ins |
Use an external plug-in to handle authentication. |
Note:
When using Connector Express to create an export or import profile, the default synchronization mode is Target->OID. This can cause you to inadvertently configure an import profile when you intended to configure an export profile. Even though Export Profile field is the first field on this page, and the Synchronization Mode field is a later selection on this page, you must select the synchronization mode before selecting an export profile.If you select the export profile before the synchronization mode, mapping rules are created for importing.
This window allows you to select a connector profile to associate with a connector profile group. Only profiles that are not already associated with any connector groups are displayed. The columns of the Profile Selector window are:
Connector Name: The RDN component of the DN for this connector profile.
Synchronization Mode: Specifies whether the profile is used for importing or exporting. An import operation brings changes from a connected directory into Oracle Internet Directory. An export operation brings changes from Oracle Internet Directory into a connected directory.
Profile Status: Specifies whether the profile is enabled or disabled.
Use this window to rename a connector group. Note that connector names cannot include spaces.
Use this window to display the hierarchy of all containers in the directory information tree (DIT).
Click the plus sign (+) next to the top-level entry to expand the tree. Expand the tree by clicking plus signs to see the subordinate entries. When you click a plus sign to expand an entry, that plus sign becomes a minus sign (-).
Note:
Although an entry that does not have subordinate entries may appear with a plus sign, when you click that plus sign, it disappears. Entries that have no plus or minus sign next to them are leaf nodes on the tree.Select the entry you want and click OK. That entry appears in the Synchronization Domains field in the LDAP Connector Express Setup window.
Use this window to display the hierarchy of all entries in the directory information tree (DIT).
Click the plus sign (+) next to the top-level entry to expand the tree. Expand the tree by clicking plus signs to see the subordinate entries. When you click a plus sign to expand an entry, that plus sign becomes a minus sign (-).
Note:
Although an entry that does not have subordinate entries may appear with a plus sign, when you click that plus sign, it disappears. Entries that have no plus or minus sign next to them are leaf nodes on the tree.Select the entry you want and click OK. That entry appears in the Root of the Search field in the Search window.
This section lists and describes the tabs and fields in the Integration Profile window, which you use when registering and editing a connector profile. It contains these topics:
This window allows you to create mapping rules for attributes of the objects that are being managed. Table A-7 describes the fields in the Attribute Rule window.
Table A-7 Fields in the Attribute Rule Window
| Field Name | Description |
|---|---|
|
Source Object Class |
The object class in the source directory. Do not enter a value into this field when synchronizing with a non-LDAP source. |
|
Source Attributes |
The source directory attributes to which you want to apply the mapping rule. When synchronizing with LDAP sources, the Oracle directory integration server automatically retrieves the source attributes from the source directory's schema. Use the following buttons to manage non-LDAP source attributes:
|
|
Destination Object Class |
The destination object type or class. Use the destination object class for LDAP targets. |
|
Destination Attribute |
The destination attribute name to which you want to apply the mapping rule. |
|
Destination Attribute Type |
The type of the attribute in the destination directory. |
|
Attribute Mapping Rule |
The transformation rule that derives the destination attribute value from the source attribute value. |
This window allows you to create mapping rules for the domain or container from which objects are synchronized into Oracle Internet Directory. Table A-8 describes the fields in the Domain Rule window.
Table A-8 Fields in the Domain Rule Window
| Field Name | Description |
|---|---|
|
Source Domain |
The name of the source container from which the objects are synchronized. Enter a value of NONLDAP if you a synchronizing with a non-LDAP source. |
|
Destination Domain |
The name of the destination container into which the objects are synchronized. Enter a value of NONLDAP if you a synchronizing with a non-LDAP source. |
|
Domain Mapping Rule |
The specific mapping rule that determines how entries from the source container are mapped to the destination container. |
Use this window to edit the name and type of a source attribute. You do not need to enter a value into the Source Attribute field when synchronizing with LDAP sources because the Oracle directory integration server automatically retrieves the source attribute name from the source directory's schema. However, you can enter a value into the Source Attribute field when synchronizing with a non-LDAP source.
Table A-9 describes the fields on the Filtering tab.
Table A-9 Fields on the Filtering Tab
| Field Name | Description |
|---|---|
|
Connected Directory Matching Filter |
Specify the attribute that uniquely identifies an entry in the connected directory or specify an ldap search filter for the connected directory in the format |
|
OID Matching Filter |
Specify the attribute that uniquely identifies records in Oracle Internet Directory. This attribute is used as a key to synchronize Oracle Internet Directory with the connected directory. This field is optional. |
Table A-10 describes the fields on the General tab.
Table A-10 Fields on the General Tab
| Field Name | Description |
|---|---|
|
Connector Name |
Specify the name of the connector. The name you enter is used as the RDN component of the DN for this connector profile. For example, specifying a profile name This field is mandatory. There is no default. |
|
Connected Directory Host |
The host where the connected directory is running. |
|
Connected Directory Port |
The port where the connected directory is running. |
|
Synchronization Mode |
Specify whether this is an import or an export operation. An import operation pulls changes from a connected target directory into Oracle Internet Directory. An export operation pushes changes from Oracle Internet Directory into a connected target directory. This field is mandatory. The default is |
|
Connector Status |
Specify whether the profile is enabled or disabled. This field is mandatory. The default is |
|
Connected Directory Account |
Specify the account to be used by the connector agent for accessing the connected directory. For example, if the connected directory is a database, then the account might be This field is optional. There is no default. |
|
Connected Directory Account Password |
Specify the password the connector/agent is to use when accessing the connected directory. This field is optional. There is no default. |
|
Interface Type |
The format used by the import or export file. Options are |
|
Profile Version |
Version of Oracle Directory Integration Platform with which this profile was created. |
|
Connected Directory Type |
The type of connected directory. You can select one of the following options:
|
Table A-11 describes the sections on the Mapping tab.
Table A-11 Sections on the Mapping Tab
| Field Name | Description |
|---|---|
|
Domain Rules |
This section contains the mapping rules for the domain or container from which objects are synchronized into Oracle Internet Directory. There is no default. Use the following buttons to manage domain rules:
|
|
Attribute Rules |
This section allows you to manage the mapping rules for attributes of the objects that are being managed. Use the following buttons to manage attribute rules:
|
Table A-1 describes the fields on the Others tab.
Table A-12 Fields on the Others Tab
| Field Name | Description |
|---|---|
|
Search Delta Size |
Determines how many incremental changes are processed during each iteration in a synchronization cycle. |
|
Continue after error |
Determine how the Oracle directory integration server handles an error when processing a change during synchronization. |
|
Scheduling Interval |
Specify the number of seconds between synchronization attempts between a connected directory and Oracle Internet Directory. This field is mandatory. The default is |
|
Maximum Number of Retries |
Specify the maximum number of times the directory integration server is to attempt synchronization before it disables synchronization. This field is mandatory. The default is 5. The first retry takes place 1 minute after the first failure. The second retry happens 2 minutes after the second failure, and subsequently the retry takes place n minutes after the n-th failure. |
|
Debug Level |
Specify the logging level for debugging. |
Use this window to select a source attribute. To edit an attribute, select it and click Edit Source Attribute Window.
Table A-13 describes the fields on the Status tab.
Table A-13 Fields on the Status Tab
| Field Name | Description |
|---|---|
|
Last Execution Time |
The most recent absolute time that the agent was executed. The default is the time at which the connector is created. Modifying this field will be misleading. |
|
Last Successful Execution Time |
The most recent absolute time that the agent succeeded. The default is the time at which the connector is created. Modifying this field will be misleading. |
|
Synchronization Status |
Synchronization success or failure. |
|
Synchronization Errors |
The last error message. You cannot modify this field. There is no default. |
|
OID Last Applied Change Number (Import operations only) |
For export operations, specify the identifier of the last change from Oracle Internet Directory that has been applied to the connected directory. The default is |
|
Bootstrap Status |
Determines whether bootstrapping has been performed between Oracle Internet Directory and the connected directory. |
