Skip Headers
Oracle® Identity Management Integration Guide
10g (10.1.4.2)
Part Number E10528-01
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

3 Oracle Directory Integration Platform Administration Tools

This chapter describes the Oracle Directory Integration Server Administration tool along with various other tools used for administering Oracle Directory Integration Platform. It contains these topics:

Using Oracle Directory Integration Server Administration Tool

The Oracle Directory Integration Server Administration tool is a Java-based utility for graphically administering the Oracle directory integration platform. This section describes some of its basic features.

This section contains these topics:

Starting the Oracle Directory Integration Server Administration Tool

Before you can start the Oracle Directory Integration Server Administration tool, a directory server instance must be running.

See Also:

Chapter 7, "Administration of Directory Synchronization" for information about how to administer the Oracle directory integration platform with the Oracle Directory Integration Server Administration tool

To start the Oracle Directory Integration Server Administration tool, follow the instructions for your operating system, as described in Table 3-1.

Table 3-1 Operating System-Specific Instructions for Starting Oracle Directory Integration Server Administration Tool

Operating System Instructions

Windows

From the Start menu, select Programs, then ORACLE_HOME, then Integrated Management, then Oracle Directory Integration Server Administration.

UNIX/Linux

If you did not set the path, then navigate to $ORACLE_HOME/bin.

At the system prompt, enter:

dipassistant -gui

The first time you start the Oracle Directory Integration Server Administration tool, an alert tells you that you must connect to a server. Click OK. The Directory Server Connection Window dialog box appears.

Connecting to a Directory Server by Using the Oracle Directory Integration Server Administration Tool

Note:

To use this tool, you must be a member of the following group: cn=dipadmingrp,cn=dipadmin,cn=directory integration platform,cn=products,cn=oraclecontext. If you do not have the correct privileges, then access to the tool is denied.

To connect to a directory server:

  1. In the Directory Server Connection Window dialog box, enter the name and port number of an available server.

    The default port is 389. You can change the port number. However, if you have an Oracle directory server running on a port that is not the default, then be sure that any clients that use that server are informed of the correct port.

    Click OK. The Oracle Directory Integration Server Administration Connect dialog box appears.

    If the directory server to which you want to connect does not appear in the initial login window—that is, it is not the default directory server—then you can select another directory server by clicking the button to the right of the Server field.

    The dialog box then displays a list of all directory servers to which you have connected at any time in the past. You can select a directory server from the list, connect to it, delete it, edit it, or use it as a template for another management connection.

    To connect to a server from the list, select it and click Select at the bottom of the dialog box. The server and port appear in the Oracle Internet Directory Connect dialog box, from which you can connect.

    To delete an existing defined connection, select the server, then click Delete. The server entry is removed from your list of defined management connections.

    To define a new management connection:

    • To add a new management connection, click Add. This displays the Directory Server Connection dialog box. After you enter a server name and port in this dialog box and click OK, the new management connection appears in the list in the Select Directory Server dialog box. From here, you can select it to appear in the Oracle Internet Directory Connect dialog box, and thus connect.

    • To use an existing management connection as the template for a new connection, select the server you want to use as a template, then click Add Like. The Directory Server Connection dialog box appears, with the template server information filled in. You must edit these entries to create a new management connection. After you enter a server name and port in this dialog box and click OK, the new management connection appears in the list in the Select Directory Server dialog box. From here you can select it to appear in the Oracle Internet Directory Connect dialog box, and thus connect.

    • To edit an existing connection, select it, then click Edit. The Directory Server Connection dialog box appears, with the server and port information filled in. Edit the entries and save any changes. After you enter a server name and port in this dialog box and click OK, the new management connection appears in the list in the Select Directory Server dialog box. From here, you can select it to appear in the Oracle Internet Directory Connect dialog box, and thus connect.

  2. In each field of the Credentials Tab tab page, enter the information specific to this server instance.

    The fields in the Credentials tab page are described in Table A-1.

    See Also:

  3. If you selected the SSL Enabled check box on the Credentials tab page, then select the SSL tab.

  4. In the SSL Tab tab page, enter the requested data in the fields.

    The fields in the SSL tab page are described in Table A-3.

  5. Select Login. The Oracle Directory Integration Server Administration tool appears.

Understanding the Oracle Directory Integration Server Administration Tool Interface

This section provides an overview of Oracle Directory Integration Server Administration, and explains the items in the menu bar and the buttons on the toolbar.

Overview of Oracle Directory Integration Server Administration

As with the directory itself, the navigator pane (left side of the double window interface) has a tree-like structure. When the tool first opens, the navigator pane shows only one tree item. By clicking the plus sign (+) next to the tree item, subcomponents of that tree item appear.

In the right pane, some windows contain buttons labeled Apply and OK. If you click Apply, then your changes are committed, and the window remains available for more changes. If you click OK, then your changes are committed, and the window closes.

Similarly, some windows have buttons that are labeled Revert and Cancel. If you click Revert, then your changes in that window do not take effect, the original values reappear in the fields, and the window stays open for further work. If you click Cancel, then your changes in that window do not take effect, and the window closes.

The Oracle Directory Integration Server Administration Menu Bar

Table 3-2 lists and describes the menus you can access by using the menu bar. Menu items become enabled or disabled depending on the pane or tab page you are displaying.

Table 3-2 Oracle Directory Integration Server Administration Menu Bar

Menu Menu Items

File

CreateAdds an object.

Create Like—Adds a new object by using the object selected in the navigator pane as a template.

ConnectConnects to a directory server selected in the navigator pane.

Disconnect—Disconnects from a directory server selected in the navigator pane

Exit—Exits the Oracle Directory Integration Server Administration tool.

Edit

EditModifies an object.

Remove—Removes an object.

Find Objects—Searches for either an object class or an attribute, depending on the context.

View

RefreshUpdates data stored in memory to reflect changes in the database.

Tear-Off—Generates a secondary dialog box containing the fields and values displayed in the Oracle Directory Integration Server Administration tool's right pane. This is useful when comparing two pieces of information.

Help

Contents—Displays the Contents tab page of the Help navigator.

Search for Help On...—Displays the Help Search dialog box that you use to search for words in the online Help guide.

About Oracle Internet Directory—Displays Oracle Internet Directory version information.

Disconnecting from a Directory Server by Using the Oracle Directory Integration Server Administration Tool

To disconnect from a directory server by using the Oracle Directory Integration Server Administration tool, from the File menu select Disconnect. Also, when you exit the Oracle Directory Integration Server Administration tool, connections between all directory servers and the directory are automatically disconnected.

All connection information is stored in the user's home directory in the file osdadmin.ini.

When you restart the Oracle Directory Integration Server Administration tool, all previous server connections appear in the Directory Server Login dialog box.

Graphical Tools for Oracle Directory Integration Platform Administration

In addition to the Oracle Directory Integration Server Administration tool, you can use the following graphical tools to administer Oracle Directory Integration Platform:

Oracle Directory Manager

Oracle Directory Manager is a Java-based tool to graphically administer Oracle Internet Directory. You can use Oracle Directory Manager to:

  • Create, modify, and delete directory integration profiles for synchronization

  • Monitor synchronization profiles and synchronization status

  • Monitor the status of all Oracle directory integration server instances

  • Troubleshoot synchronization problems

See Also:

Oracle Internet Directory Self-Service Console

The Oracle Internet Directory Self-Service Console enables you to delegate administrative privileges to various administrators and to users. It is a ready-to-use standalone application created by using Oracle Delegated Administration Services that provides a single graphical interface for delegated administrators and users to manage data in the directory. The Oracle Internet Directory Self-Service Console enables both administrators and users, depending on their privileges, to perform various directory operations. In an integrated deployment, the Oracle Internet Directory Self-Service Console is primarily used for customizing realm parameters.

See Also:

Oracle Identity Management Guide to Delegated Administration

Oracle Internet Directory Provisioning Console

The Oracle Internet Directory Provisioning Console provides a single graphical interface for administrators to provision users in Oracle Internet Directory. The Provisioning Console was created with Oracle Delegated Administration Services, and works alongside the Oracle Internet Directory Self-Service Console.

See Also:

Part IV, "Provisioning with the Oracle Directory Integration Platform"

Command-Line Tools for Oracle Directory Integration Platform Administration

The following command-line tools are available for administering Oracle Directory Integration Platform:

See Also:

Oracle Identity Management User Reference for the required syntax for each of the tools discussed in this section, along with information on other command-line tools that you can use to administer Oracle Internet Directory and Oracle Directory Integration Platform

OID Control and OID Monitor

OID Control and OID Monitor enable you to start, stop, and monitor the Oracle directory integration platform.

In Oracle Internet Directory, you can use OID Control and OID Monitor to control the directory integration server in the ORACLE_HOME where either the Oracle directory server or Oracle directory integration server is installed.

If the Oracle Internet Directory installation is client-only, then the OID Control Utility and OID Monitor are not installed. In this case, start the Oracle directory integration server manually. In this configuration you can still use the Oracle Directory Integration Server Administration tool to learn the status of the Oracle directory integration server.

See Also:

Chapter 4, "Managing the Oracle Directory Integration Platform"

Oracle Directory Integration Platform Registration Tool

The Oracle Directory Integration Platform Registration tool (odisrvreg) registers an Oracle directory integration platform with the directory. It does this by creating an entry in the directory and setting the password for the Oracle directory integration platform. If the registration entry already exists, then you can use the odisrvreg tool to reset the existing password. The odisrvreg tool also creates a local file named odisrvwallet_hostname, at $ORACLE_HOME/ldap/odi/conf. This file acts as a private wallet for the Oracle directory integration platform, which uses it during startup to bind to the directory.

Directory Integration Assistant

The Directory Integration Assistant (dipassistant) is the command-line version of the Oracle Directory Integration Server Administration tool. Some of the tasks you can perform with the Directory Integration Assistant include:

  • Creating, modifying, and deleting synchronization profiles

  • Viewing all synchronization profile names in Oracle Internet Directory

  • Viewing the details of a specific synchronization profile

  • Migrating data (or "bootstrapping") between a connected directory and Oracle Internet Directory

  • Setting the wallet password for Oracle directory integration platform

  • Resetting the password of the Oracle Directory Integration Platform administrator

  • Moving integration profiles to a different Oracle Internet Directory node

Note:

Starting with Oracle Identity Management 10g (10.1.4.2), the Directory Integration Assistant (dipassistant) also supports Secure Sockets Layer (SSL).

Provisioning Subscription Tool

You use the Provisioning Subscription tool (oidprovtool) to administer provisioning profile entries in the directory. More specifically, you can use the Provisioning Subscription tool to:

  • Create new provisioning profiles

  • Enable or disable existing provisioning profiles

  • Modify existing provisioning profiles

  • Delete existing provisioning profiles

  • Get the current status of a provisioning profile

  • Clear all errors in an existing provisioning profile

Entry and Attribute Management Command-Line Tools

Table 3-3 lists the entry and attribute management command-line tools that you can use with Oracle Directory Integration Platform.

Table 3-3 Entry and Attribute Management Command-Line Tools

Tool Description

Catalog Management tool (catalog.sh)

Indexes attributes

ldapadd

Adds entries and their object classes, attributes, and values to the directory

ldapaddmt

Supports multiple threads for concurrently adding entries and their object classes, attributes, and values to the directory

ldapbind

Determines whether you can authenticate a client to a server

ldapcompare

Matches specified attribute values with an entry's attribute values

ldapdelete

Removes entries from the directory

ldapmoddn

Modifies an entry's DN or RDN

ldapmodify

Modifies an entry's attributes

ldapmodifymt

Supports multiple threads to modify entries concurrently

ldapsearch

Searches for entries in the directory

Schema Synchronization Tool

The Schema Synchronization tool (schemasync) tool enables you to synchronize schema elements—namely attributes and object classes—between Oracle Internet Directory and third-party LDAP directories.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us