|Oracle® Fusion Middleware Administrator's Guide for Oracle Unified Directory
11g Release 2 (11.1.2)
Part Number E22648-02
|PDF · Mobi · ePub|
This preface introduces the new and changed features of Oracle Unified Directory and Oracle Directory Services Manager (ODSM) since the previous release, and provides pointers to additional information. The information includes the following sections:
This section provides a concise summary of the new features in this release of Oracle Unified Directory, and covers the following topics:
It is imperative to define the order in which identity mappers are evaluated in the network group to avoid conflicts. You can now define priorities for the conflicting identity mappers.
When a server is unable to handle a client's request, it sends a list of referrals to the client, which point the client to other servers in the topology. The client then performs the operation again on one of the remote servers in the referral list.
You can now configure proxy LDAP workflow elements with two additional parameters, such as the
use-proxy-auth parameter, and the include and exclude lists to tweak the behavior of the server.
Oracle Unified Directory now supports Active Directory range retrieval by providing support for Microsoft Active Directory paging.
Oracle Unified Directory now implements criticality configuration, which permits the Oracle Unified Directory proxy server to return partial data to a client if a search operation fails, due to a host error.
Integrating Oracle Unified Directory with EUS enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.
In this release, support for EUS is limited to password authentication (certificate authentication and integration with Kerberos are not supported at this stage).
Oracle Unified Directory can be configured to function as an identity store for Oracle Fusion Applications, either during setup, or later by using the
dsconfig command or Oracle Directory Services Manager (ODSM).
Social networking applications are now supported with two new controls, the Join control and the Proximity control.
The External Change Log (ECL) functionality allows you to publish all changes that have occurred in a directory server database and is particularly useful for synchronizing the LDAP directory with other subsystems.
You now have a user-friendly CLI to configure external changelog using the
You can now install, configure, customize, and validate Oracle Unified Directory in a test environment. Once the system performs as expected, you can create the production environment by moving a copy of the server and its configuration from the test environment, instead of redoing all the changes that were incorporated into the test environment.
Some commands had an option where the password was provided in a clear text format on the CLI. This resulted in security exposure, because one could retrieve the password using the
ps command on a UNIX machine.
The clear text format is deprecated now and the commands are modified to use the file-based option to store the password by introducing the following option:
Oracle Unified Directory allows you to configure ADS trust store pin to determine whether to trust a certificate that is presented to it.
This section provides a concise summary of the new features in this release of Oracle Directory Services Manager (ODSM), and covers the following topics:
ODSM enables you to create and configure suffixes to work with Oracle Enterprise User Security (EUS).
ODSM enables you to create suffixes that can be configured to work with Fusion Applications.
ODSM now provides a new user interface (UI) to configure root users.
You can now configure key manager providers and trust manager providers by using ODSM.
ODSM now implements an auto-suggest feature in different tabs that helps streamline configuration and operations.
OSDM now enables you to create dynamic groups whose membership is determined by search criteria using an LDAP URL.
ODSM enables you to create virtual static groups, where each entry behaves like a static group entry by using virtual attributes.
The default view of the configuration tree in the Configuration tab has been simplified to provide a user-friendly view of the naming context (or suffix) configuration. In addition, presence of a contextual menu to launch all the relevant operations for a selected node simplifies user interaction.