JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1)
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Starting and Stopping the Server

2.  Configuring the Server Instance

3.  Configuring the Proxy Components

4.  Configuring Security Between Clients and Servers

5.  Configuring Security Between the Proxy and the Data Source

6.  Managing Oracle Unified Directory With Oracle Directory Services Manager

7.  Managing Directory Data

8.  Replicating Directory Data

9.  Controlling Access To Data

10.  Managing Users and Groups With dsconfig

11.  Managing Password Policies

12.  Managing Directory Schema

Directory Schema Overview

Designing and Extending the Schema

Default Schema Files

Configuring Schema Checking

Working With Object Identifiers (OIDs)

Obtaining a Base OID

Extending the Schema

Managing Attribute Types

To View Attribute Types

To Create an Attribute Type

To Delete an Attribute Type

Managing Object Classes

To View Object Classes

To Create an Object Class

To Delete an Object Class

Extending the Schema With a Custom Schema File

Replicating the Schema

Managing the Schema With Oracle Directory Services Manager

Add a New Attribute Type

Add an Attribute Based on an Existing Attribute

Modify an Attribute

Delete an Attribute

View All Directory Attributes

Search for Attributes

View the Indexing Details of an Attribute

Add a New Object Class

Add an Object Class Based on an Existing Object Class

View the Properties of an Object Class

Modify an Object Class

Delete an Object Class

Search for Object Classes

Display a List of LDAP Syntaxes

Search for a Syntax

Display a List of LDAP Matching Rules

Search for a Matching Rule

Display a List of Content Rules

Search for a Content Rule

Create a New Content Rule

Create a Content Rule Based on an Existing Content Rule

Modify a Content Rule

Delete a Content Rule

13.  Monitoring Oracle Unified Directory

14.  Tuning Performance

15.  Advanced Administration

Managing the Schema With Oracle Directory Services Manager

You can manage most elements of the directory schema with ODSM. The following topics indicate the steps to manage the most common aspects of viewing and extending the schema.

Add a New Attribute Type

You can add a new attribute type to the schema by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. The Attributes panel is expanded by default. If it is not expanded, click the arrow to expand it.

  4. Click the Add icon.

  5. Complete the following information on the Create new attribute window:

    • Name. Enter a unique name for the new attribute type.

    • Object ID. Specify the OID that uniquely identifies the attribute type in the directory server. Oracle Unified Directory supports the use of non-numeric OIDs for easy identification as long as the schema is used internally within the organization. However, for this release ODSM supports numeric OIDs only.

    • Description. Enter a human-readable description of the attribute type.

    • Syntax. Enter the attribute syntax for use with the attribute type. If provided, the syntax should be specified as a numeric OID. The core syntaxes are defined in section 3.3. of RFC 4517 and in Appendix A of the same document.

    • Size. Enter a maximum size for the value of the attribute, in bytes. In the case of multi-valued attributes, this refers to the maximum size of a single value, not of the combined values.

    • Usage. Specify how the attribute will be used. Possible values are as follows:

      • userApplications. The attribute will be used to store user data.

      • directoryOperation. The attribute will be used to store data that is required for internal processing within the directory server.

      • distributedOperation. The attribute will be used to store operational data that must be synchronized across directory servers in the topology.

      • dSAOperation. The attribute will be used to store operational data that is specific to a particular directory server and should not be synchronized across the topology.

    • Ordering. Select the ordering index details for this attribute type. For more information see Indexing Directory Data.

    • Equality. Select the equality index details for this attribute type. For more information see Indexing Directory Data.

    • Substring. Select the substring index details for this attribute type. For more information see Indexing Directory Data.

    • Obsolete. Select this box if the attribute type is no longer in use but is retained for compatibility.

    • Single Value. Indicate whether attributes of this type may have only a single value in any entry in which they appear. If this checkbox is not selected, the attributes may have multiple distinct values in the same entry.

    • Collective. Indicate whether the attribute is a collective attribute. For more information, see Using Collective Attributes.

    • Super. If this new attribute extends an existing attribute, enter or select the name of the existing super type.

    • Origin. Enter the source of this new attribute type, for example, RFC 4512.

      To view the source of all the schema elements in the directory, select Show All from the View menu.

    • Schema File Extension. If the attribute type's definition is contained in a file, enter the path to the file.

  6. Click Create to create the new attribute.

Add an Attribute Based on an Existing Attribute

You can add an attribute type that is based on an existing attribute type by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. The Attributes panel is expanded by default. If it is not expanded, click the arrow to expand it.

  4. Select the attribute on which you want to base the new attribute type.

  5. Click the Create like icon.

  6. Certain fields are completed by default, based on the attribute that you selected.

    Complete the remaining fields for the new attribute type.

    For information about the fields and their values, see Add a New Attribute Type.

  7. Click Create to create the new attribute.

Modify an Attribute

You can modify an existing attribute type by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. The Attributes panel is expanded by default. If it is not expanded, click the arrow to expand it.

  4. Select the attribute type that you want to modify.

  5. Modify the required fields, on the right hand pane.

    For information about the fields, see Add a New Attribute Type.

  6. Click Apply to save your changes.

Delete an Attribute

You can delete an existing attribute type by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. The Attributes panel is expanded by default. If it is not expanded, click the arrow to expand it.

  4. Select the attribute type that you want to delete.

  5. Click the Delete icon and click OK to confirm the deletion.

  6. Click Apply to save your changes.

  7. Click the Refresh icon to refresh the list of attributes on the left hand pane and confirm that the attribute has been deleted from the schema.

Note - The server will return an error if you attempt to delete an attribute type that is already referenced by one or more entries in the server.

View All Directory Attributes

You can view all existing attribute types by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. The Attributes panel is expanded by default. If it is not expanded, click the arrow to expand it.

  4. All the attributes that are defined in the schema are listed in the left hand pane.

  5. Select an attribute to display its properties in the right hand pane.

Search for Attributes

You can search for a specific attribute types by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. The Attributes panel is expanded by default. If it is not expanded, click the arrow to expand it.

  4. All the attributes that are defined in the schema are listed in the left hand pane.

  5. Enter part or all of the attribute name in the Search field and click the Go icon.

    The search field supports pattern matching. For example, enter *uid to find all attributes that end with the string uid.

  6. Select an attribute to display its properties in the right hand pane.

View the Indexing Details of an Attribute

Indexes are configured per server and index configuration is not replicated. A local database index is used to find entries that match search criteria. A VLV index is used to process searches efficiently with VLV controls. Unindexed searches are denied by default, unless the user has the unindexed-search privilege.

A local database index can be one of the following types:

You can view the indexes that are defined for an attribute by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. The Attributes panel is expanded by default. If it is not expanded, click the arrow to expand it.

  4. Select an attribute to display its properties in the right hand pane.

  5. Scroll down to the Indexed property to view the indexing details for that attribute.

Add a New Object Class

You can add a new attribute type to the schema by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Click the Object classes panel to expand it.

    All existing object classes are displayed on the left pane.

  4. Click the Add icon.

  5. Complete the following information on the Create new object class window:

    • Name. Enter a unique name for the new object class.

    • Object ID. Specify the OID that uniquely identifies the object class in the directory server. Oracle Unified Directory supports the use of non-numeric OIDs for easy identification as long as the schema is used internally within the organization. However, for this release ODSM supports numeric OIDs only.

    • Description. Enter a human-readable description of the object class.

    • Type. Specify the type of object class. Possible values are as follows:

      • Structural. A structural object class defines the core type for any entry that contains it. An entry must have exactly one structural class (although that structural class can inherit from other structural or abstract classes).

      • Auxiliary. An auxiliary object class does not define the core type of an entry, but defines additional characteristics of that entry. An entry can contain zero or more auxiliary object classes. The set of auxiliary classes that are allowed for use in an entry can be controlled by a DIT content rule that is associated with that entry's structural object class.

      • Abstract. An abstract object class cannot be used directly in an entry but must be subclassed by either a structural object class or an auxiliary object class. The subclasses will inherit any required and/or optional attribute type defined by the abstract class.

    • Superclass. Click the Add icon to specify one or more superior object classes. The new object class will inherit elements from its superior object classes.

    • Mandatory Attributes. Click the Add icon to specify the set of attribute types that are required to be present (that is, have at least one value) in entries with that object class.

    • Optional Attributes. Click the Add icon to specify the set of attribute types that are allowed but not required to be present in entries with that object class.

    • Inherited Attributes. After the object class has been created, this field indicates the attributes that are inherited from the superior object classes of this object class.

    • Origin. Enter the source of this new object class, for example, RFC 4512.

      To view the source of all the schema elements in the directory, select Show All from the View menu.

    • Schema File Extension. If the definition of the new object class is contained in a file, enter the path to the file.

  6. Click Create to create the new object class.

Add an Object Class Based on an Existing Object Class

You can add an object class that is based on an existing object class by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Object classes panel.

  4. Select the object class on which you want to base the new object class.

  5. Click the Create like icon.

  6. Certain fields are completed by default, based on the object class that you selected. The existing object class is used as the superior object class for the new object class

    Complete the remaining fields for the new object class.

    For information about the fields and their values, see Add a New Object Class.

  7. Click Create to create the new object class.

View the Properties of an Object Class

You can view the properties of an existing object class by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Object Classes panel.

  4. All the object classes that are defined in the schema are listed in the left hand pane.

  5. Select an object class to display its properties in the right hand pane.

Modify an Object Class

You can modify an existing object class by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Object Classes panel.

  4. Select the object class that you want to modify.

  5. Modify the required fields, on the right hand pane.

    For information about the fields, see Add a New Object Class.

  6. Click Apply to save your changes.

Delete an Object Class

You can delete an existing object class by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Object Classes panel.

  4. Select the object class that you want to delete.

  5. Click the Delete icon and click OK to confirm the deletion.

  6. Click Apply to save your changes.

  7. Click the Refresh icon to refresh the list of attributes on the left hand pane and confirm that the object class has been deleted from the schema.

Note - The server will return an error if you attempt to delete an object class that is already referenced by one or more entries in the server.

Search for Object Classes

You can search for a specific object class by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Object Classes panel.

  4. All the object classes that are defined in the schema are listed in the left hand pane.

  5. Enter part or all of the object class name in the Search field and click the Go icon.

    The search field supports pattern matching. For example, enter *person to find all object classes that end with the string person.

  6. Select an object class to display its properties in the right hand pane.

Display a List of LDAP Syntaxes

LDAP syntaxes are essentially data type definitions. The syntax for an attribute type indicates the type of data that should be held by the corresponding values. Syntaxes can be used to determine whether a particular value is acceptable for a given attribute, and to provide information about how the directory server should interact with existing values.

Oracle Unified Directory supports the ability to reject values that violate the associated attribute syntax, and this is the default behavior for the purposes of standards compliance. It is possible to disable attribute syntax checking completely if necessary. It is also possible to accept values that violate the associated syntax but log a warning message to the directory server's error log when this occurs. For information about disabling schema checking, see Configuring Schema Checking.

You cannot modify the LDAP syntaxes but you can view all existing LDAP syntaxes by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Syntaxes panel.

  4. All the supported LDAP syntaxes are listed in the left hand pane.

  5. Select a syntax to display its properties in the right hand pane.

    The information that is displayed includes all of the attributes and matching rules that currently refer to that syntax.

Search for a Syntax

You can search for a specific LDAP syntax by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Syntaxes panel.

  4. All the supported LDAP syntaxes are listed in the left hand pane.

  5. Enter part or all of the syntax name in the Search field and click the Go icon.

    The search field supports pattern matching. For example, enter *time to find all syntaxes that end with the string time.

  6. Select a syntax to display its properties in the right hand pane.

Display a List of LDAP Matching Rules

Matching rules are used by the directory server to compare two values for the same attribute, that is, to perform matching operations on them. There are several different types of matching rules, including the following:

You cannot modify the matching rules but you can view all existing matching rules by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Matching Rules panel.

  4. All the configured matching rules are listed in the left hand pane.

  5. Select a matching rule to display its properties in the right hand pane.

    The information that is displayed includes all of the attributes and matching rules that currently refer to that matching rule.

Search for a Matching Rule

You can search for a specific matching rule by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Matching Rules panel.

  4. All the configured matching rules are listed in the left hand pane.

  5. Enter part or all of the matching rule name in the Search field and click the Go icon.

    The search field supports pattern matching. For example, enter *match to find all matching rules that end with the string match.

  6. Select a matching rule to display its properties in the right hand pane.

Display a List of Content Rules

DIT content rules provide a mechanism for defining the content that can appear in an entry. At most one content rule may be associated with an entry, based on its structural object class. If such a rule exists for an entry, it will work in conjunction with the object classes contained in that entry to define which attribute types must, may, and must not be present in the entry, as well as which auxiliary classes the entry may include.

You can view all the content rules that are configure in the server by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Content Rules panel.

  4. All the configured content rules are listed in the left hand pane.

  5. Select a content rule to display its properties in the right hand pane.

Search for a Content Rule

You can search for a specific content rule by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Content Rules panel.

  4. All the configured content rules are listed in the left hand pane.

  5. Enter part or all of the content rule name in the Search field and click the Go icon.

  6. Select a content rule to display its properties in the right hand pane.

Create a New Content Rule

You can add a new content rules to the schema by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Content Rules panel.

  4. Click the Add icon.

  5. Complete the following information on the Create new content rule window:

    • Name. Enter a unique name for the new content rule.

    • Structural Object Class. Specify the name of the structural object class with which this content rule is associated.

    • Description. Enter a human-readable description of the content rule.

    • Auxiliary Object Classes. Click the Add icon to specify the list of auxiliary object classes that may be present in entries with the associated structural class. If no values are provided, such entries will not be allowed to have any auxiliary object classes. You can specify the allowed auxiliary object classes by using their names or OIDs.

    • Mandatory Attributes. Click the Add icon to specify the list of attribute types that are required to be present in entries with the associated structural class. This list is in addition to the attribute types that are required by the object classes included in the entry. These additional attribute types do not need to be allowed by any of those object classes. You can specify the mandatory attributes by using their names or OIDs.

    • Optional Attributes. Click the Add icon to specify the list of attribute types that are allowed, but not required, to be present in entries with the associated structural class. This list is in addition to the attribute types that are allowed by the object classes included in the entry. You can specify the optional attributes by using their names or OIDs.

    • Disallowed Attributes. Click the Add icon to specify the list of attribute types that are prohibited from being present in entries with the associated structural class. This list may not include any attribute types that are required by the structural class or any of the allowed auxiliary classes. The list can be used to prevent the inclusion of attribute types which would otherwise be allowed by one of those object classes. You can specify the disallowed attributes by using their names or OIDs.

    • Origin. Enter the source of this new content rule, for example, RFC 4517.

      To view the source of all the schema elements in the directory, select Show All from the View menu.

    • Schema File Extension. If the content rule's definition is contained in a file, enter the path to the file.

  6. Click Create to create the new content rule.

Create a Content Rule Based on an Existing Content Rule

You can add a content rule that is based on an existing content rule by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Content Rules panel.

  4. Select the content rule on which you want to base the new content rule.

  5. Click the Create like icon.

  6. Certain fields are completed by default, based on the content rule that you selected.

    Complete the remaining fields for the new content rule.

    For information about the fields and their values, see Create a New Content Rule.

  7. Click Create to create the new content rule.

Modify a Content Rule

You can modify an existing content rule by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Content Rules panel.

  4. Select the content rule that you want to modify.

  5. Modify the required fields, on the right hand pane.

    For information about the fields, see Create a New Content Rule.

  6. Click Apply to save your changes.

Delete a Content Rule

You can delete an existing content rule by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Schema tab.

  3. Expand the Content Rules panel.

  4. Select the content rule that you want to delete.

  5. Click the Delete icon and click OK to confirm the deletion.

  6. Click Apply to save your changes.

  7. Click the Refresh icon to refresh the list of content rules on the left hand pane and confirm that the content rule has been deleted from the schema.

Copyright © 2006, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next