This appendix contains reference information that you will need when developing applications for LDAP directories based on the User and Role APIs.
Note:
The User and Role APIs are deprecated. Applications using the User and Role APIs should migrate to Identity Directory Service API. For details, see Chapter 23.This appendix includes the following sections:
Note:
IBM Tivoli directory parameters are the same as those specified for openLDAP.Microsoft ADAM parameters are the same as those specified for Microsoft Active Directory.
Table D-1 lists each user attribute in UserProfile.property and its corresponding attribute in the different directory servers.
Table D-1 User Attributes in UserProfile.Property
Attribute | Oracle Internet Directory | Oracle WebLogic Server Embedded LDAP | Microsoft Active Directory | Oracle Directory Server Enterprise Edition | Novell eDirectory | OpenLDAP |
---|---|---|---|---|---|---|
GUID |
orclguid |
uid |
objectguid |
nsuniqueid |
guid |
entryuuid |
USER_ID |
username (see Note below) |
uid |
uid |
uid |
uid |
uid |
DISPLAY_NAME |
displayname |
displayname |
displayname |
displayname |
displayname |
displayname |
BUSINESS_EMAIL |
|
|
|
|
|
|
DESCRIPTION |
description |
description |
description |
description |
description |
description |
EMPLOYEE_TYPE |
employeeType |
employeeType |
employeeType |
employeeType |
employeeType |
employeeType |
DEPARTMENT |
departmentnumber |
departmentnumber |
departmentnumber |
departmentnumber |
departmentnumber |
departmentnumber |
DATE_OF_BIRTH |
orcldateofbirth |
- |
- |
- |
- |
- |
BUSINESS_FAX |
facsimiletelephonenumber |
facsimiletelephonenumber |
facsimiletelephonenumber |
facsimiletelephonenumber |
facsimiletelephonenumber |
facsimiletelephonenumber |
BUSINESS_CITY |
l |
l |
l |
l |
l |
l |
BUSINESS_COUNTRY |
c |
c |
c |
c |
c |
c |
DATE_OF_HIRE |
orclhiredate |
- |
- |
- |
- |
- |
NAME |
cn |
uid |
cn |
uid |
cn |
cn |
PREFERRED_LANGUAGE |
Preferredlanguage |
preferredlanguage |
preferredlanguage |
preferredlanguage |
preferredlanguage |
preferredlanguage |
BUSINESS_POSTAL_ADDR |
postaladdress |
postaladdress |
postaladdress |
postaladdress |
postaladdress |
postaladdress |
MIDDLE_NAME |
orclmiddlename |
- |
- |
- |
- |
- |
ORGANIZATIONAL_UNIT |
ou |
ou |
ou |
ou |
ou |
ou |
WIRELESS_ACCT_NUMBER |
orclwirelessaccountnumber |
- |
- |
- |
- |
- |
BUSINESS_PO_BOX |
postofficebox |
postofficebox |
postofficebox |
postofficebox |
postofficebox |
postofficebox |
BUSINESS_STATE |
St |
st |
st |
st |
st |
st |
HOME_ADDRESS |
Homepostaladdress |
homepostaladdress |
homepostaladdress |
homepostaladdress |
homepostaladdress |
homepostaladdress |
NAME_SUFFIX |
Generationqualifier |
generationqualifier |
generationqualifier |
generationqualifier |
generationqualifier |
generationqualifier |
BUSINESS_STREET |
street |
street |
street |
street |
street |
street |
INITIALS |
initials |
initials |
initials |
initials |
initials |
initials |
USER_NAME |
username (see Note below) |
uid |
samaccountname |
uid |
uid |
uid |
BUSINESS_POSTAL_CODE |
postalcode |
postalcode |
postalcode |
postalcode |
postalcode |
postalcode |
BUSINESS_PAGER |
pager |
pager |
pager |
pager |
pager |
pager |
LAST_NAME |
sn |
sn |
sn |
sn |
sn |
sn |
BUSINESS_PHONE |
telephonenumber |
telephonenumber |
telephonenumber |
telephonenumber |
telephonenumber |
telephonenumber |
FIRST_NAME |
givenname |
givenname |
givenname |
givenname |
givenname |
givenname |
TIME_ZONE |
orcltimezone |
- |
- |
- |
- |
- |
MAIDEN_NAME |
orclmaidenname |
- |
- |
- |
- |
- |
PASSWORD |
userpasssword |
userpasssword |
userpasssword |
userpasssword |
userpasssword |
userpasssword |
DEFAULT_GROUP |
orcldefaultprofilegroup |
- |
- |
- |
- |
- |
ORGANIZATION |
o |
o |
o |
o |
o |
o |
HOME_PHONE |
homephone |
homephone |
homephone |
homephone |
homephone |
homephone |
BUSINESS_MOBILE |
mobile |
mobile |
mobile |
mobile |
mobile |
mobile |
UI_ACCESS_MODE |
orcluiaccessibilitymode |
- |
- |
- |
- |
- |
JPEG_PHOTO |
jpegphoto |
jpegphoto |
jpegphoto |
jpegphoto |
jpegphoto |
jpegphoto |
MANAGER |
manager |
manager |
manager |
manager |
manager |
manager |
TITLE |
title |
title |
title |
title |
title |
title |
EMPLOYEE_NUMBER |
employeenumber |
employeenumber |
employeenumber |
employeenumber |
employeenumber |
employeenumber |
LDUser.PASSWORD |
userpassword |
userpassword |
userpassword |
userpassword |
userpassword |
userpassword |
Note:
username* : typically uid, but technically, the attribute designated by the orclCommonNicknameAttribute in the subscriber's oraclecontext products common entry.Table D-2 lists each role attribute in UserProfile.property and its corresponding attribute in different directory servers.
Table D-2 Role Attribute Values in LDAP Directories
Role Attribute | Oracle Internet Directory |
Oracle WebLogic Server Embedded LDAP | Microsoft Active Directory | Oracle Directory Server Enterprise Edition | Novell eDirectory | OpenLDAP |
---|---|---|---|---|---|---|
DISPLAY_NAME |
displayname |
- |
displayname |
displayname |
displayname |
displayname |
MANAGER |
- |
- |
- |
- |
- |
- |
NAME |
cn |
cn |
cn |
cn |
cn |
cn |
OWNER |
owner |
owner |
- |
Owner |
- |
owner |
GUID |
orclguid |
cn |
objectguid |
NSuniqueid |
guid |
entryuuid |
This section lists parameters for which the APIs can use default configuration values, and the source of the value in different directory servers.
Table D-3 lists the source for Oracle Internet Directory and Microsoft Active Directory.
Table D-3 Default Values - Oracle Internet Directory and Microsoft Active Directory
Parameter | Oracle Internet Directory |
Active Directory |
---|---|---|
RT_USER_OBJECT_CLASSES |
#config |
{"user" } |
RT_USER_MANDATORY_ATTRS |
#schema |
#schema |
RT_USER_CREATE_BASES |
#config |
cn=users,<subscriberDN> |
RT_USER_SEARCH_BASES |
#config |
<subscriberDN> |
RT_USER_FILTER_OBJECT_CLASSES |
#config |
{"user"} |
RT_USER_SELECTED_CREATE_BASE |
#config |
cn=users,<subscriberDN> |
RT_GROUP_OBJECT_CLASSES |
#config |
{"group" } |
RT_GROUP_MANDATORY_ATTRS |
#schema |
#schema |
RT_GROUP_CREATE_BASES |
#config |
<subscriberDN> |
RT_GROUP_SEARCH_BASES |
#config |
<subscriberDN> |
RT_GROUP_FILTER_OBJECT_CLASSES |
#config |
{"group"} |
RT_GROUP_MEMBER_ATTRS |
"uniquemember", "member" |
"member" |
RT_GROUP_SELECTED_CREATE_BASE |
#config |
<subscriberDN> |
RT_GROUP_GENERIC_SEARCH_BASE |
<subscriber-DN> |
<subscriberDN> |
RT_SEARCH_TYPE |
#config |
#config |
ST_SUBSCRIBER_NAME |
#config |
NULL |
ST_USER_NAME_ATTR |
#config |
cn |
ST_USER_LOGIN_ATTR |
#config |
samaccountname |
ST_GROUP_NAME_ATTR |
#config |
cn |
ST_MAX_SEARCHFILTER_LENGTH |
500 |
500 |
ST_BINARY_ATTRIBUTES |
Choose a Binary Basic Attribute (BBA) See note below about BBAs. |
Binary Basic See note below about BBAs. |
ST_LOGGER_NAME |
oracle.idm.userrole |
oracle.idm.userrole |
Notes:
The Basic Binary Attributes include: {"photo", "personalsignature", "audio","jpegphoto", "Java SErializeddata", "thumbnailphoto", "thumbnaillogo", "userpassword", "usercertificate", "cacertificate", "authorityrevocationlist", "certificaterevocationlist", "crosscertificatepair", "x500UniqueIdentifier"}
#config is extracted from the meta information present in the directory
#schema is extracted from the schema in the directory
Table D-4 lists the source for Oracle Directory Server Enterprise Edition and Novell eDirectory.
Table D-4 Default Values - Oracle Directory Server Enterprise Edition and Novell eDirectory
Parameter | Oracle Directory Server Enterprise Edition | Novell eDirectory |
---|---|---|
RT_USER_OBJECT_CLASSES |
{"inetorgperson", "person", "organizationalperson" } |
{ "person", "inetorgperson", "organizationalPerson", "ndsloginproperties" } |
RT_USER_MANDATORY_ATTRS |
#schema |
#schema |
RT_USER_CREATE_BASES |
ou=people,<subscriberDN> |
ou=users,<subscriberDN> |
RT_USER_SEARCH_BASES |
<subscriberDN> |
<subscriberDN> |
RT_USER_FILTER_OBJECT_CLASSES |
{"inetorgperson", "person", "organizationalperson" } |
{ "person", "inetorgperson", "organizationalPerson", "ndsloginproperties" } |
RT_USER_SELECTED_CREATE_BASE |
ou=people,<subscriberDN> |
ou=users,<subscriberDN> |
RT_GROUP_OBJECT_CLASSES |
"groupofuniquenames" |
{"group" } |
RT_GROUP_MANDATORY_ATTRS |
#schema |
#schema |
RT_GROUP_CREATE_BASES |
ou=groups,<subscriberDN> |
ou=groups,<subscriberDN> |
RT_GROUP_SEARCH_BASES |
<subscriberDN> |
<subscriberDN> |
RT_GROUP_FILTER_OBJECT_CLASSES |
{"groupofuniquenames"} |
{"group"} |
RT_GROUP_MEMBER_ATTRS |
"uniquemember" |
"member" |
RT_GROUP_SELECTED_CREATE_BASE |
ou=groups,<subscriberDN> |
ou=groups,<subscriberDN> |
RT_GROUP_GENERIC_SEARCH_BASE |
<subscriber-DN> |
<subscriberDN> |
RT_SEARCH_TYPE |
#config |
#config |
ST_SUBSCRIBER_NAME |
NULL |
NULL |
ST_USER_NAME_ATTR |
uid |
cn |
ST_USER_LOGIN_ATTR |
uid |
cn |
ST_GROUP_NAME_ATTR |
cn |
cn |
ST_MAX_SEARCHFILTER_LENGTH |
500 |
500 |
ST_BINARY_ATTRIBUTES |
Choose a Binary Basic Attribute (BBA) See note below about BBAs. |
Binary Basic See note below about BBAs. |
ST_LOGGER_NAME |
oracle.idm.userrole |
oracle.idm.userrole |
Notes:
The Basic Binary Attributes include: {"photo", "personalsignature", "audio","jpegphoto", "Java SErializeddata", "thumbnailphoto", "thumbnaillogo", "userpassword", "usercertificate", "cacertificate", "authorityrevocationlist", "certificaterevocationlist", "crosscertificatepair", "x500UniqueIdentifier"}
#config is extracted from the metainformation present in the directory
#schema is extracted from the schema in the directory
Table Table D-5 lists the parameters for OpenLDAP and Oracle Virtual Directory.
Table D-5 Default Values - OpenLDAP and Oracle Virtual Directory
Parameter | OpenLDAP | Oracle Virtual Directory |
---|---|---|
RT_USER_OBJECT_CLASSES |
{"inetorgperson", "person", "organizationalperson" } |
{"inetorgperson"} |
RT_USER_MANDATORY_ATTRS |
#schema |
#schema |
RT_USER_CREATE_BASES |
ou=people,<subscriberDN> |
<subscriberDN> |
RT_USER_SEARCH_BASES |
<subscriberDN> |
<subscriberDN> |
RT_USER_FILTER_OBJECT_CLASSES |
{"inetorgperson", "person", "organizationalperson" } |
{"inetorgperson"} |
RT_USER_SELECTED_CREATE_BASE |
ou=people,<subscriberDN> |
<subscriberDN> |
RT_GROUP_OBJECT_CLASSES |
"groupofuniquenames" |
{"groupofuniquenames"} |
RT_GROUP_MANDATORY_ATTRS |
#schema |
#schema |
RT_GROUP_CREATE_BASES |
ou=groups,<subscriberDN> |
<subscriberDN> |
RT_GROUP_SEARCH_BASES |
<subscriberDN> |
<subscriberDN> |
RT_GROUP_FILTER_OBJECT_CLASSES |
"groupofuniquenames" |
{"groupofuniquenames"} |
RT_GROUP_MEMBER_ATTRS |
"uniquemember" |
"uniquemember" |
RT_GROUP_SELECTED_CREATE_BASE |
ou=groups,<subscriberDN> |
<subscriberDN> |
RT_GROUP_GENERIC_SEARCH_BASE |
<subscriber-DN> |
<subscriberDN> |
RT_SEARCH_TYPE |
#config |
#config |
ST_SUBSCRIBER_NAME |
NULL |
#config (namingcontexts) |
ST_USER_NAME_ATTR |
uid |
cn |
ST_USER_LOGIN_ATTR |
uid |
cn |
ST_GROUP_NAME_ATTR |
cn |
cn |
ST_MAX_SEARCHFILTER_LENGTH |
500 |
500 |
ST_BINARY_ATTRIBUTES |
Choose a Binary Basic Attribute (BBA) See note below about BBAs. |
Binary Basic See note below about BBAs. |
ST_LOGGER_NAME |
oracle.idm.userrole |
oracle.idm.userrole |
Notes:
The Basic Binary Attributes include: {"photo", "personalsignature", "audio","jpegphoto", "Java SErializeddata", "thumbnailphoto", "thumbnaillogo", "userpassword", "usercertificate", "cacertificate", "authorityrevocationlist", "certificaterevocationlist", "crosscertificatepair", "x500UniqueIdentifier"}
#config is extracted from the meta information present in the directory
#schema is extracted from the schema in the directory
Table D-6 lists the parameters for Oracle WebLogic Server LDAP.
Table D-6 Default Values - Oracle WebLogic Server LDAP
Parameter | Oracle WebLogic Server Embedded LDAP |
---|---|
RT_USER_OBJECT_CLASSES |
{"inetorgperson", "person", "organizationalperson", "wlsUser"} |
RT_USER_MANDATORY_ATTRS |
#schema |
RT_USER_CREATE_BASES |
{"ou=people,<subscriberDN>"} |
RT_USER_SEARCH_BASES |
{"ou=people,<subscriberDN>"} |
RT_USER_FILTER_OBJECT_CLASSES |
{"inetorgperson", "wlsUser"} |
RT_USER_SELECTED_CREATE_BASE |
ou=people,<subscriberDN> |
RT_GROUP_OBJECT_CLASSES |
{"top","groupofuniquenames","groupOfURLs"} |
RT_GROUP_MANDATORY_ATTRS |
#schema |
RT_GROUP_CREATE_BASES |
{"ou=groups,<subscriberDN>"} |
RT_GROUP_SEARCH_BASES |
{"ou=groups,<subscriberDN>"} |
RT_GROUP_FILTER_OBJECT_CLASSES |
{"top","groupofuniquenames","groupOfURLs"} |
RT_GROUP_MEMBER_ATTRS |
"uniquemember" |
RT_GROUP_SELECTED_CREATE_BASE |
ou=groups,<subscriberDN> |
RT_GROUP_GENERIC_SEARCH_BASE |
<subscriberDN> |
RT_SEARCH_TYPE |
#config |
ST_SUBSCRIBER_NAME |
#config (namingcontexts) |
ST_USER_NAME_ATTR |
uid |
ST_USER_LOGIN_ATTR |
uid |
ST_GROUP_NAME_ATTR |
cn |
ST_MAX_SEARCHFILTER_LENGTH |
500 |
ST_BINARY_ATTRIBUTES |
*(BBA) See note below about BBAs. |
ST_LOGGER_NAME |
oracle.idm.userrole |
Active Directory requires connections to be SSL-enabled when setting sensitive information like passwords. Therefore, operations like creating a user (which set the password) will not succeed if the connection is not SSL-enabled.