This preface introduces the new and changed features of Oracle Unified Directory and Oracle Directory Services Manager (ODSM) since the previous release, and provides pointers to additional information. The information includes the following sections:
New Features Introduced with Oracle Unified Directory 11g Release 2 PS2 (11.1.2.2.0)
New Features Introduced with Oracle Unified Directory 11g Release 2 PS1 (11.1.2.1.0)
New Features Introduced with Oracle Unified Directory 11g Release 2 (11.1.2.2)
This section provides a concise summary of the new features in this release, and contains the following topics:
What's New in Oracle Unified Directory 11g Release 2 PS2 (11.1.2.2.0)
What's New in Oracle Directory Services Manager 11g Release 2 PS2 (11.1.2.2.0)
This section provides a concise summary of the new features in this release of Oracle Unified Directory, and covers the following topics:
New Option for dsconfig Security
Subcommand for Attribute Encryption
New Options for dsconfig Security
Subcommand for Virtualization
Support to Configure the Name of Rotated Log Files Using Local Time Stamp
Allows you to encrypt sensitive attributes in Oracle Unified Directory, thereby enhances security.
For more information, see Chapter 15, "Understanding Data Encryption in Oracle Unified Directory."
export-ldif
CommandThe new option -d, --decrypt
allows you to decrypt the LDIF data as it is exported.
For more information, see Section A.3.5, "export-ldif."
dsconfig Security
Subcommand for Attribute EncryptionThe new option Data Encryption allows you to configure attribute encryption.
For more information, see Section 15.7.3, "Configuring Attribute Encryption Using the dsconfig
Interactive Mode."
You can now deploy the proxy functionality and the Directory Server functionality in a single server instance.
For more information, see Chapter 4, "Example Mixed Deployments."
Oracle Unified Directory now allows virtualization through the definition of Join workflow element.
For more information, see Chapter 14, "Understanding Oracle Unified Directory Virtualization."
dsconfig Security
Subcommand for VirtualizationThe new options create-access-control-group, delete-access-control-group,
and list-access-control-groups allow you to configure access control groups.
For more information, see Section A.2.4.13, "Security Subcommands."
Oracle Unified Directory now allows you to determine who can access that data, and what parts of the data can be accessed through the definition of Virtual ACIs.
For more information, see Section 9.7, "Understanding Virtual ACIs."
When a replication gateway is deployed, you can use the OUD dsreplication
command or the ODSEE console to monitor replication status information.
For more information, see Section 32.7.3, "Monitoring OUD and ODSEE Replication Status in Deployments Using Replication Gateways."
dsreplication status
SubcommandThe new options --dataToDisplay
and --listDataToDisplay
enable you to display only the replication status information you specify.
For more information, see Section A.2.6, "dsreplication."
You can now target one or more attributes that occur in the targeted entries to deny or allow access to partial information about an entry.
For more information, see Section 9.2.2.2, "Targeting Attributes."
You can now notify administrator if the Oracle Directory Server Enterprise Edition compatible access control subsystem detected one or more ACI rules have been modified using the new Access Control Modified
alert type.
For more information, see Section 32.4.1.3, "Supported Alert Types."
Oracle Unified Directory allows you to make the server obfuscate the scheme name in curly brackets when it returns the password by configuring the ClearPassowrdScheme
configuration parameter.
For more information, see Oracle® Fusion Middleware Configuration Reference Guide for Oracle Unified Directory.
Unsalted SHA256 and SHA512 password storage schemes are now supported.
Oracle Unified Directory now allows you to redirect the bind request to a remote directory server if the user credentials for authenticating are not stored locally using the pass-through authentication mechanism.
For more information, see Section 12.7, "Understanding Pass-Through Authentication."
You can configure the password policy so that after multiple soft account locks expire, the user account is hard-locked and must be reset by an administrator.
For more information, see Section 27.6.1, "Configuring the Default Password Policy."
Oracle Unified Directory now allows you to configure a server instance to include a local time stamp in the file name of rotated log files.
For more information, see Section 32.3.1.1.6, "Configuring the Name of Rotated Log Files Using Local Time Stamp."
Oracle Unified Directory now allows you to tune the server using the automatic mode or using some other criteria with the dstune
command-line utility to enhance the performance of the server.
For more information, see Section 33.4, "Tuning Java Virtual Machine Settings Using dstune
Utility."
oud-setup
CommandThe new options --serverTuning
and --importTuning
allow you to configure server tuning.
For more information, see Section A.2.14, "oud-setup."
dstune
Command-Line UtilityThe new dstune command allows you to tune the Oracle Unified Directory server.
Fore more information, see Section A.2.7, "dstune."
This section provides a summary of the new features in this release of Oracle Directory Services Manager (ODSM), and covers the following topics:
ODSM allows you to configure data encryption. For more information, see Section 17.2.8, "Modify the General Server Configuration".
ODSM allows you to configure the pass through authentication join rule through the creation of pass-through authentication workflow element. For more information, see Section 17.2.4.1, "Create a Workflow Element".
ODSM allows you to configure the Virtual ACIs through workflow configuration. For more information, see Section 17.2.5.1, "Create a Workflow".
When a replication gateway is deployed, you can use the ODSEE console to monitor replication status information. For more information, see Section 32.7.3.2, "Using the DSCC to Monitor a Replication Gateway."
ODSM allows you to configure data replication. For more information, see Section 29.3, "Configuring Data Replication Using ODSM.".
ODSM uses a new look and feel Skyros skin that incorporates current User Interface visual design trends (flat and not dimensional, reduced gradients, reduced borders, light and or white colors with splashes of color). This skin family uses CSS3 for gradients, drop shadows, rounded corners, and so on.
This section provides a concise summary of the new features in this release, and contains the following topics:
What's New in Oracle Unified Directory 11g Release 2 PS1 (11.1.2.1.0)
What's New in Oracle Directory Services Manager 11g Release 2 PS1 (11.1.2.1.0)
This section provides a concise summary of the new features in this release of Oracle Unified Directory, and covers the following topics:
Oracle Unified Directory now supports macro expressions to represent a DN in the target section of the ACI, in the bind rule section, or in both.
For more information, see Section 9.6, "Using Macro ACIs for Advanced Access Control."
nsuniqueid
Virtual AttributeOracle Unified Directory introduces nsuniqueid
operational virtual attribute that is assigned to each entry in the directory server to resolve naming conflicts while migrating legacy applications using Oracle Directory Server Enterprise Edition as an LDAP database to Oracle Unified Directory.
For more information, see Section 20.10, "Configuring Virtual Attributes."
You can now configure criticality at the workflow level by setting the criticality flag.
For more information, see Section 18.1.5.6, "Configuring Criticality in Workflows."
Oracle Unified Directory enables you to log administration operations into a separate log file that provides logging information associated with administration traffic.
For more information, see Section 32.3.3, "Logging Operations to Access Log Publishers."
Oracle Unified Directory supports transformation through creation of an instance of workflow element.
For more information, see Section 12.6, "Understanding the Transformation Framework."
Oracle Unified Directory provides additional properties, ecl-include-del-only
and ecl-blacklist
to configure attributes for external change log (ECL).
For more information, see Section 29.7.5, "Specifying the Attributes to be Included in the External Change Log" and Section 29.7.6, "Specifying the Attributes to be Excluded in the External Change Log."
Oracle Unified Directory supports the following external directories:
Microsoft Active Directory
Novell eDirectory
Oracle Directory Server Enterprise Edition
For more information, see Section 28.4, "Oracle Unified Directory Used as a Proxy Server for an External LDAP Directory with Enterprise User Security."
Oracle Unified Directory allows you to relocate Root DSE, which is a special entry that provides information about the server's name, version, naming contexts, and supported features.
For more information, see Section 17.1.6.5, "Relocating the Root DSE Entry for a Network Group."
Oracle Unified Directory enables you to rename or replace RDN values from the source directory to Oracle Unified Directory using the RDNChanging
configuration.
For more information, see Section 12.5, "RDN Changing."
This section provides a summary of the new features in this release of Oracle Directory Services Manager (ODSM), and covers the following topics:
ODSM supports a new parameter to log administration operations in the access logs.
For more information, see Section 32.3.3.2, "Configuring Logged Operations in Access Log Publishers Using ODSM."
ODSM supports macro expressions to represent a DN in the target section of the ACI, in the bind rule section, or in both.
For more information, see Section 25.4, "Managing Macro ACIs With Oracle Directory Services Manager."
ODSM supports a new parameter, the criticality flag to configure workflows.
For more information, see Section 18.2.3, "Configuring Criticality in Workflows With ODSM."
ODSM allows you to configure virtual attributes.
For more information, see Section 20.14, "Managing Virtual Attributes With Oracle Directory Services Manager."
ODSM allows you to define transformations through the creation of transformation workflow element.
For more information, see Section 18.2.5, "Configuring Transformations With ODSM."
ODSM now allows you to create the following workflow elements:
Kerberos Authentication Provider Workflow Element
RDN Changing Workflow Element
Transformations Workflow Element
For more information, see Section 17.2.4, "Configuring Workflow Elements With ODSM."
ODSM supports the ability to configure Enterprise User Security.
For more information, see Section 17.2.7, "Configuring Network Groups With ODSM."
ODSM allows you to configure the RDN Changing workflow element.
For more information, see Section 17.2.4, "Configuring Workflow Elements With ODSM."
This section provides a concise summary of the new features in this release, and contains the following topics:
What's New in Oracle Unified Directory 11g Release 2 (11.1.2.2)
What's New in Oracle Directory Services Manager 11g Release 2 (11.1.2.2)
This section provides a concise summary of the new features in this release of Oracle Unified Directory, and covers the following topics:
It is imperative to define the order in which identity mappers are evaluated in the network group to avoid conflicts. You can now define priorities for the conflicting identity mappers.
For more information, see Section 13.6, "Ordering Identity Mappers."
When a server is unable to handle a client's request, it sends a list of referrals to the client, which point the client to other servers in the topology. The client then performs the operation again on one of the remote servers in the referral list.
For more information, see Section 20.13, "Configuring Referrals."
You can now configure proxy LDAP workflow elements with two additional parameters, such as the never-bind
parameter, use-proxy-auth
parameter, and the include and exclude lists to tweak the behavior of the server.
For more information, see Section 18.1.2, "Configuring the Bind Mode."
Oracle Unified Directory now supports Active Directory range retrieval by providing support for Microsoft Active Directory paging.
For more information, see Section 18.1.9, "Configuring Microsoft Active Directory Paging."
Oracle Unified Directory now implements criticality configuration, which permits the Oracle Unified Directory proxy server to return partial data to a client if a search operation fails, due to a host error.
For more information, see Section 18.1.5.7, "Configuring Criticality in Workflow Elements."
Integrating Oracle Unified Directory with EUS enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.
In this release, support for EUS is limited to password authentication (certificate authentication and integration with Kerberos are not supported at this stage).
For more information, see Chapter 28, "Integrating Oracle Unified Directory with Oracle Enterprise User Security."
Social networking applications are now supported with two new controls, the Join control and the Proximity control.
For more information, see Section 20.5.3.2, "Searching Using the Join Search Control" and Section 20.5.3.3, "Searching Using the Proximity Search Control."
The External Change Log (ECL) functionality allows you to publish all changes that have occurred in a directory server database and is particularly useful for synchronizing the LDAP directory with other subsystems.
You now have a user-friendly CLI to configure external changelog using the dsreplication
command.
For more information, see Section 29.7, "Using the External Change Log."
You can now install, configure, customize, and validate Oracle Unified Directory in a test environment. Once the system performs as expected, you can create the production environment by moving a copy of the server and its configuration from the test environment, instead of redoing all the changes that were incorporated into the test environment.
For more information, see Chapter 31, "Moving From a Test to a Production Environment."
Some commands had an option where the password was provided in a clear text format on the CLI. This resulted in security exposure, because one could retrieve the password using the ps
command on a UNIX machine.
The clear text format is deprecated now and the commands are modified to use the file-based option to store the password by introducing the following option:
-j, --bindPasswordFile
For more information, see Appendix A, "Oracle Unified Directory Command-Line Interface."
Oracle Unified Directory allows you to configure ADS trust store pin to determine whether to trust a certificate that is presented to it.
For more information, see Section 23.3, "Configuring Trust Manager Providers."
This section provides a concise summary of the new features in this release of Oracle Directory Services Manager (ODSM), and covers the following topics:
ODSM enables you to create and configure suffixes to work with Oracle Enterprise User Security (EUS).
For more information, see Section 17.2.3, "Configuring Suffixes With ODSM."
ODSM now provides a new user interface (UI) to configure root users.
For more information, see Section 22.2.2, "Configuring Root Users by Using ODSM."
You can now configure key manager providers and trust manager providers by using ODSM.
For more information, see Section 23.2.6, "Configuring Key Managers With ODSM" and Section 23.3.5, "Configuring Trust Managers With ODSM".
ODSM now implements an auto-suggest feature in different tabs that helps streamline configuration and operations.
For more information, see Section 20.15, "Managing Data With Oracle Directory Services Manager."
OSDM now enables you to create dynamic groups whose membership is determined by search criteria using an LDAP URL.
For more information, see Section 22.3.2, "Defining Dynamic Groups."
ODSM enables you to create virtual static groups, where each entry behaves like a static group entry by using virtual attributes.
For more information, see Section 22.3.4, "Defining Nested Groups."
The default view of the configuration tree in the Configuration tab has been simplified to provide a user-friendly view of the naming context (or suffix) configuration. In addition, presence of a contextual menu to launch all the relevant operations for a selected node simplifies user interaction.
For more information, see Section 17.2, "Managing the Server Configuration With Oracle Directory Services Manager."