Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1) |
1. Starting and Stopping the Server
2. Configuring the Server Instance
Managing the Server Configuration With dsconfig
Overview of the dsconfig Command
dsconfig and Certificate Checking
Using dsconfig in Interactive Mode
Finding the Correct Subcommand
Getting Help for an Individual Subcommand
Displaying a Summary of a Component's Properties
Displaying Detailed Help on a Property
Configuring a Server Instance With dsconfig
To Display the Properties of a Component
To Modify the Properties of a Component
To Modify the Values of a Multi-Valued Property
Configuring the Connection Handlers With dsconfig
To Display All Connection Handlers
Configuring the LDAP Connection Handler
Configuring the LDIF Connection Handler
Configuring the JMX Connection Handler
Configuring Network Groups With dsconfig
Modifying Network Group Properties
Setting an Allowed or Denied Client List
Creating a Network Group Quality of Service Policy
Creating a Request Filtering Policy
Creating a Network Group Resource Limit
Creating an Affinity Quality of Service Policy
Creating a Referral Quality of Service Policy
To Modify a Network Group Quality of Service Policy
Configuring Workflows With dsconfig
Configuring Workflow Elements With dsconfig
Configuring Plug-Ins With dsconfig
Modifying the Plug-In Configuration
Managing the Server Configuration With Oracle Directory Services Manager
Managing Administration Traffic to the Server
Accessing Administrative Suffixes
To Configure the Administration Connector
Commands That Can Schedule Tasks
Controlling Which Tasks Can Be Run
Scheduling and Configuring Tasks
To Configure Task Notification
To Configure Task Dependencies
Managing and Monitoring Scheduled Tasks
To Obtain Information About Scheduled Tasks
Deploying and Configuring the DSML Gateway
Deploying the DSML Gateway in Oracle WebLogic Server
Configuring WebLogic Server for the DSML Gateway
Deploying the DSML Gateway WAR File
Confirming the DSML Gateway Deployment
To Confirm the DSML Gateway Deployment with JXplorer
Confirming the DSML Gateway Deployment with the Directory Server Resource Kit
3. Configuring the Proxy Components
4. Configuring Security Between Clients and Servers
5. Configuring Security Between the Proxy and the Data Source
6. Managing Oracle Unified Directory With Oracle Directory Services Manager
10. Managing Users and Groups With dsconfig
11. Managing Password Policies
The Configuration tab of each server instance in ODSM enables you to modify elements of the server configuration. For additional information about managing the configuration that is specific to a proxy server instance, see Managing the Proxy Configuration With ODSM.
The Configuration tab presents two separate views of the server configuration. To select a configuration view, click the Select type of view icon and select one of the following:
Configuration Tree. This is the default view that is displayed and shows all of the server configuration objects for that particular server instance.
All Configuration Objects. This view shows all possible configuration objects for any kind of server instance.
In the Configuration Tree view, the Configuration tab displays all of the suffixes that have been configured on the server. You cannot edit a suffix in this view but you can see the list of network groups and workflows that expose that suffix.
You can display suffix properties as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the Core Configuration element.
Click on the suffix whose properties you want to display.
The suffix properties are displayed in the right hand pane.
For more information about network groups and workflows, and how they relate to the configured suffixes, see Chapter 1, Overview of Oracle Unified Directory, in Oracle Fusion Middleware Deployment Planning Guide for Oracle Unified Directory.
Network groups are the entry point of all client requests that are handled by the Oracle Unified Directory. The properties of a network group indicate how client requests are directed.
You can modify the properties of a network group, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the Core Configuration element.
Expand the suffix whose network group you want to modify.
Click on the network group.
The properties of the network group are displayed in the right hand pane
You can modify the following properties of the network group:
Enabled. Select or deselect this check box to enable or disable the network group. If you disable a network group, no client requests can be handled by that network group. If you disable the only configured network group, you effectively stop client applications from accessing the backend.
Security Mandatory. Select this option if you require clients to use a secure connection to access this network group. By default, a secure connection is not required.
Priority. In the event of multiple network groups, set priority for this network group. Client requests are handled by the network group with the highest priority, for which the criteria are met. The highest priority a network group can have is 0.
Allowed auth method. Specify the authentication method/s that are allowed between the client and the network group.
Allowed protocol. Specify the protocol/s that are allowed for client connections. If you do not specify a protocol, all protocols are allowed.
Allowed BindDN. Click the Add icon to add one or more bind DNs that are allowed to connect to this network group. Click the Delete icon to remove the bind DNs that should not be accepted by the network group.
Allowed Client. Click the Add icon to add one or more clients that are authorized to access this network group. Clients can be expressed by their IP addresses or their names. If no allowed client list is provided, all clients are allowed, unless they are specifically listed on the denied client list.
Denied Client. Click the Add icon to add one or more clients that are prohibited from accessing this network group. Clients can be expressed by their IP addresses or their names. If no denied client list is provided, all clients are allowed, unless a limitation is set by using the allowed client list.
Workflow. Click the Add icon to add one or more workflows that can be accessed through this network group.
QoS Policy. Select a quality of service policy for this network group. For more information, see Creating a Network Group Quality of Service Policy.
For more information about network groups and workflows, and how they relate to the configured suffixes, see Chapter 1, Overview of Oracle Unified Directory, in Oracle Fusion Middleware Deployment Planning Guide for Oracle Unified Directory.
A workflow element is the key building block of a workflow process. Workflow elements define how client requests that are sent to the server are treated. In a deployment that includes a proxy server, workflow elements are configured for load balancing or distribution. In a deployment that does not include a proxy server, workflow elements are configured directly for each backend.
You can modify the properties of an existing workflow element, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the Core Configuration element.
Expand the suffix whose workflow element you want to modify.
Expand the network group whose workflow element you want to modify.
Click on the workflow element, for example userRoot, distrib-we, or load-bal-we1.
The properties of the workflow element are displayed in the right hand pane
The properties that you can edit depend on the type of workflow element that is configured.
For a backend workflow element, you can modify the following basic properties:
Enabled. Select or deselect this check box to enable or disable the workflow element. If you disable a workflow element, you effectively stop client applications from accessing that backend.
Writability Mode. Select Enabled if you want clients to be able to write to the backend. Select Disabled if you do not want clients to be able to write to the backend. Select Internal Only if you want replication changes and internal operations to be written to the backend, but you do not want client applications to write to the backend directly.
Base DN. Specify the base DN(s) for the data that the backend handles. A single backend can be responsible for more than one base DN.
You can also modify the properties of the database and its associated indexes. For a comprehensive list of all configurable properties, and their allowed values, see the Oracle Fusion Middleware Configuration Reference for Oracle Unified Directory.
For a distribution workflow element, you can modify the following properties:
Enabled. Select or deselect this check box to enable or disable the workflow element. If you disable a workflow element, you effectively stop client applications from accessing all partitions that are handled by that distribution element.
Distribution Attribute. Enter the name of the attribute by which you want client requests to be distributed.
Force DN Modify. Specifies whether a modify DN operation is always accepted by the server. If this option is selected, you must configure distribution with a global index catalog because when entries are "moved" the distribution algorithm might not be able to locate them properly.
Global Index Catalog. Select the global index catalog that you want to use with this distribution element. The referenced global index catalog must be enabled before it appears for selection.
For a load balancing workflow element, you can modify the following properties:
Enabled. Select or deselect this check box to enable or disable the workflow element. If you disable a workflow element, you effectively stop client applications from accessing all partitions that are handled by that load balancing element.
Routes. Click the Add icon to add a new load balancing route. For information about configuring the specific route properties, see the Oracle Fusion Middleware Configuration Reference for Oracle Unified Directory.
Certain elements of the general server configuration can be modified by using ODSM. In the Configuration Tree view, the Configuration tab displays all of the suffixes that have been configured on the server. You cannot edit a suffix in this view but you can see the list of network groups and workflows that expose that suffix.
You can modify the server configuration by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the General Configuration element.
Click on the Server whose properties you want to modify.
The properties are displayed in the right hand pane.
You can modify the following properties:
Default Password Policy
Etime Resolution
Idle Time Limit
Max Allowed Client Connections
Reject Unauthenticated Requests
Size Limit
Writability Mode
Work Queue Properties
Number of Worker Threads
Maximum Work Queue Capacity
For a comprehensive list of all configurable properties, and their allowed values, see the Oracle Fusion Middleware Configuration Reference for Oracle Unified Directory.
Connection handlers are responsible for accepting connections from clients, reading and parsing requests submitted by the clients, ensuring that they are processed by the server, and sending the corresponding responses back to the client. The connection handler manages all communication with the client and therefore needs to implement support for the associated protocol.
You can configure all of the connection handler properties by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the General Configuration element.
Expand the Connection Handlers element.
Click on the connection handler whose properties you want to modify.
The properties are displayed in the right hand pane.
For a comprehensive list of all configurable properties, and their allowed values, see the Oracle Fusion Middleware Configuration Reference for Oracle Unified Directory.
Oracle Unified Directory provides several log publishers, or loggers, by default. Any number of loggers of any type can be defined and active at any time. This means that you can log to different locations or different types of repositories and that you can specify various sets of criteria for what to include in the logs.
You cannot create a new log publisher with ODSM, but you can modify the properties of an existing log publisher.
To configure logger properties by using ODSM, complete the following steps:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the General Configuration element.
Expand the Logging element.
Expand the Loggers element and click on the logger whose properties you want to modify.
The properties of the logger are displayed in the right hand pane. The configurable properties will depend on the type of logger that you have selected. For a comprehensive list of all configurable properties and their allowed values, see the Oracle Fusion Middleware Configuration Reference for Oracle Unified Directory.
Log rotation policies dictate how often log files are rotated, that is to say, how long log files are kept based on various criteria.
Oracle Unified Directory provides the following four log rotation policies:
24 Hours time limit rotation policy. By default, this policy sets the rotation interval to one day. Time of day can be configured.
7 Days time limit rotation policy. By default, this policy sets the rotation interval to one week. Time of day can be configured.
Fixed time limit rotation policy. By default, this policy sets the time of day that log files are to be rotated, to one minute before midnight.
Size time limit rotation policy. By default, this policy sets a maximum size that log files can reach to 100 Mb, before the log file is rotated.
The type of log rotation policy that is enabled by default depends on the logger type.
You can configure log rotation policies by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the General Configuration element.
Expand the Logging element.
Select the Rotation Policies element and modify the required properties.
You can also add a new rotation policy or delete an existing rotation policy by clicking the Add or Delete icons on this page, and completing the required information.
Log retention policies dictate size and space limits for log files. Oracle Unified Directory provides the following three log retention policies by default:
File count retention (file-count). By default, this policy sets the maximum number of log files to 10, for a specified type of log file.
Free disk space retention (free-disk-space). By default, this policy sets a minimum remaining free disk space limit to 500 Mb, for a specified type of log file.
Size limit retention (size-limit). By default, this policy sets the disk spaced used to a maximum of 500 Mb, for a specified type of log file. By default, the log retention policy enabled is File count retention.
You can configure log retention policies by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the General Configuration element.
Expand the Logging element.
Select the Retention Policies element and modify the required properties.
You can also add a new retention policy or delete an existing retention policy by clicking the Add or Delete icons on this page, and completing the required information.
Oracle Unified Directory provides mechanisms for transmitting alert and account status notifications by means of JMX extensions or SMTP extensions. You can configure the directory server to send alert notifications when an event occurs during processing. Typical server events include server starts and shut downs, or problems that are detected by the server, such as an attempt to write to the configuration file. You can also receive account status notifications when an event occurs during password policy processing, such as when accounts are locked out, accounts expire, passwords expire, and so on.
You can use ODSM to configure the JMX alert handler, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Configuration tab.
Expand the General Configuration element.
Expand the Alert Handlers element.
Select the JMX Alert Handler element and modify the required properties.