Index

attributes to existing entries, A-7

audit log entries, 5-22

audit log event, 5-25

configuration set entries, 2-32, 5-11

by using command line tools, 2-32, 7-23

by using Oracle Directory Manager, 2-32

configuration set entry, 5-2

DSA to replicating system, B-1

entries, 7-11, 7-23

by copying an existing entry, 7-14

concurrently, 4-14, A-9

requires write access to parent, 7-11

requires write access to parents, 7-14

using ldapadd, 4-14, A-7

using ldapaddmt, A-9

using Oracle Directory Manager, 7-11

entry-level ACIs, by using ldapmodify, 9-45

group entries, by using Oracle Directory Manager, 7-18

input files, 5-12

mandatory attributes

to an existing object class, 6-4

to an object class in use, 7-20

multiple entries, using command line tools, 7-23

object classes, 6-2

using Oracle Directory Manager, 6-12

objects

by using a template, 4-11

by using Oracle Directory Manager, 4-10, 4-11

replication nodes, 10-17

user entries, by using Oracle Directory Manager, 7-17

additional directory servers, connecting to, 4-12

add.log, A-9

administering schema objects, using Oracle Directory Manager, 4-13

administration tools, 4-14

Advanced Symmetric Replication (ASR), 2-14

configuring, 10-6

using Oracle8 Replication Manager, 10-3

installed with Oracle 8i, 10-3

installing, 10-3

setting up, 10-3

agreements, replication, 2-14

AlternateServers attribute, in failover, 14-4

ANALYZE, 13-6

ANALYZE function of DBMS_STATS package, 13-3

anonymous

authentication, 4-4

login, 4-4

anonymous authentication, 1-5, 2-21

in access control, 9-24, 9-30

application information, in attributes, 2-4

Apply button, in Oracle Directory Manager, 4-9

architecture

Oracle Internet Directory, 2-1

ASR. See Advanced Symmetric Replication (ASR).

assigning object classes to entries, 6-3

attribute indexes, created by bulkload, 7-27

attribute syntax, 2-6

attribute values, size, F-8

attribute-level conflicts, 10-24

attributes

adding, 6-17

by using ldapadd, A-7

by using ldapmodify, 6-29

by using Oracle Directory Manager, 6-22, 6-25

concurrently, using ldapaddmt, A-9

AlternateServers, for failover, 14-4

to existing entries, A-7

base schema

configuration set entry, F-5

deleting, 6-17, A-13

values, using ldapmodify, A-13

determined by object classes, 6-2

dropping indexes from, 6-29

by using command line tools, 6-31

using Oracle Directory Manager, 6-27

inheritance of, 6-2, 6-11

jpegPhotos, 2-5, 7-24

kinds of information in, 2-4

making available for searches, 6-27

managing

by using Oracle Directory Manager, 6-18

overview, 6-16

using command line tools, 6-29

mandatory, 2-7, 6-2, 7-20

matching rules, 2-6

modifying

rules for, 6-17

converting to single-valued, 6-17

using ldapmodify, 6-29

multi-valued, 2-4, 9-3

null values in, 6-2

objectclass, 5-23

objects associated with an ACI, 9-6

optional, 2-7, 6-2

orclauditlevel, 5-26

orclauditmessage, 5-23

orclsequence, 5-23, 5-24

orcluserdn, 5-23

organization, 2-5

organizationalUnitName, 2-5

redefining mandatory, 6-3

searching for, by using Oracle Directory Manager, 6-18

single-valued, 2-4

converting to multi-valued, 6-17

size of values, F-8

sn, 2-5

specifying as mandatory or optional, 6-2

tab page in Oracle Directory Manager, 6-10

syntaxes

system operational, 5-14

types, 2-3

values, 2-3

rules for changing, 7-20

viewing, 7-10

audit levels, 5-25

audit log, 5-22

cleaning up entries, 5-22

container object, 5-28

default configuration, 5-22

entries

position in DIT, 5-24

searching, 5-22, 5-24

structure of entries, 5-23

using, 5-22

audit log events

access violation, 5-25

ACL modification, 5-25

add, 5-25

bind, 5-25

deleting, 5-25

DSE modification, 5-25

modify, 5-25

modifyDN, 5-25

replication login, 5-25

schema element

super user

user password modification, 5-25

auditable events, 5-25

auditing selected events, 5-26

authenticated access, using SSL, 1-5

authentication, 2-20, 2-21, 2-33

authorization, 2-20, 2-25

authorization ID, 2-21

auxiliary

object class type, 2-9

object classes, 6-4

availability, capabilities in Oracle Internet Directory, 14-7

average latency, 13-2

backup, in Oracle8i, 1-5

base schema

attributes

deleting, 6-17

modifying, 6-17

object classes, 6-4

base schema attributes, 6-17

base search, 7-5

batching line-mode commands, 6-15

Begins With, Oracle Directory Manager filter, 6-8

bind event, 5-25

bind mode

specifying for access control subjects, 9-23, 9-30

buffer cache

bulkdelete, 7-28, A-25

and NLS, 11-9

cleaning up audit log entries, 5-22

bulkload, A-20

and NLS, 11-8

creating indexes, 7-27

.dat files, 7-27

generating input files, 7-27

bulkmodify

LDIF file-based modification, A-23

syntax, A-23

C API, 2-33

Cancel button, in Oracle Directory Manager, 4-9

capacity planning

I/O subsystem, 12-6

network requirements, 12-14

CAs. See certificate authorities.

Catalog Management tool, 4-15, 6-32

catalog management tool, 6-28

cataloged attributes

orcleventtype, 5-23

orcluserdn, 5-23

catalog.sh. See catalog management tool.

certificate authorities, 2-22

definition, 2-22

certificate-based authentication, 1-5, 2-22

certificates, 2-22, F-5

definition, 2-22

requests for, 2-23

trusted, 2-23

X.509 Version 3, 2-23

Chadwick, David, 2-33

change log processing thread, 2-16

change logs, 2-12, 2-14, 2-16

in replication, 1-5, 2-15, 2-17

worker threads in processing, 10-13

change retry count, setting, 10-11

change status log, 2-16

change types, in ldapmodify input files, A-12

changeLog, F-3

change-log flag, 10-16

changeStatusEntry, F-3

changeType, F-3

changetype

add, A-12

delete, A-14

modify, A-12

modrdn, A-14

changing

a configuration set entry, 3-8

attribute values, 7-20

audit level, 5-27

configuration set entry values, 5-2

location of Oracle wallet, 5-9, F-6

passwords

to directory, 5-17

cipher suites, 2-23

in SSL, 8-2

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, 8-2

SSL_RSA_EXPORT_WITH_RC4_40_MD5, 8-2

SSL_RSA_WITH_NULL_MD5, 8-2

SSL_RSA_WITH_NULL_SHA, 8-2

clients, failover options on, 14-4

cn attribute, 2-5

cold backup, B-1

command line tools, 1-4

commonName attribute, 2-5

comparing

attribute values, 7-23

entries, 4-14

two objects, 4-10

components

directory server, 2-29

components, SSL, 2-22

concepts, LDAP, 2-1

concurrent database connections, 13-11, F-5

configNLDAP.ora, B-9

configsets. See configuration set entries.

configuration parameters

configuration set entries, 2-30, 2-32

adding, 2-32, 5-2

attributes, F-5

changing, 3-8, 5-13

database connections, F-5

debug level, F-5

deleting, 5-2

directory server processes, F-5

disabling SSL, F-5

for replication server, 10-10

LDIF file, 5-11

managing, 4-17, 5-2

using command line tools, 5-11

in an active server instance, 5-4

modifying, 3-8, 5-2

using Oracle Directory Manager, 5-4, 5-10

orcldebuglevel, F-5

orclmaxcc, F-5

orclserverprocs, F-5

orclssl authentication, F-5

orclsslenable, F-5

orclsslport, F-5

orclsslwalletpasswd, F-6

orclsslwalleturl, F-6

overriding user-specified, 3-9

replication server, 10-9

SSL parameters in, 8-2

starting directory servers without using, 3-9

using different, 5-2

using multiple, 8-3

configuration set location, 5-15

configuration sets. See configuration set entries.

Configure Entry Management menu item, in Oracle Directory Manager, 4-10

configuring

Advanced Symmetric Replication (ASR), 10-3

using Oracle8 Replication Manager, 10-3

Directory Replication Groups (DRGs), 10-2

replication, 10-9

agreements, 10-9, 10-13

server parameters, 10-10

server parameters

using command line tools, 4-17

using Oracle Directory Manager, 4-17

servers, using input files, 7-23

SSL, 4-4, 8-2

conflict resolution

manual, 10-25

conflicting access control policies, 9-3

precedence rules for resolving, 9-3

conflicts, replication

attribute-level, 10-24

automated resolution of, 10-25

entry-level, 10-24

manual resolution of, 10-25

resolution, 9-11, 10-23

messages, 10-26

typical causes of, 10-24

Connect/Disconnect button in Oracle Directory Manager, 4-11

connecting

to a directory server, 4-3, 4-4, 4-17

using Oracle Directory Manager, 4-11

to additional directory servers, 4-12

to directory, 2-33

to multiple directory servers, 4-12

connection pooling, 1-4

connection redirection, 14-9

hardware-based, 14-6

network-level, 14-6

software-based, 14-7

constraints, object classes, 2-10

consumer servers, 2-12, 2-15, 2-16

content access items, 9-20

access control points, 9-20

modifying, 9-32

control, access, 1-5, 9-1

converting

auxiliary object classes, 6-4

structural object classes, 6-4

CPUs

in capacity planning, 12-2

processing power, 12-15

requirements

estimating, 12-16

in capacity planning, 12-15

tuning, 13-3

tuning for Oracle foreground processes, 13-6

when to tune, 13-3

Create button, in Oracle Directory Manager, 4-11

Create Entry menu item, in Oracle Directory Manager, 4-10

Create Like

adding entries using templates, 7-14

button, in Oracle Directory Manager, 4-11, 7-15

operation

using Oracle Directory Manager, 4-10

createTimestamp, optional object class in top, 2-9

creating

Access Control Policy Points, by using Oracle Directory Manager, 4-10

attributes

using ldapmodify, 4-14

using Oracle Directory Manager, 4-10

LDIF input file, 5-12

new entries

using Oracle Directory Manager, 4-10, 7-11

object classes, using Oracle Directory Manager, 4-10

rollback segments, 10-5

tablespaces, 10-5

wallets, 5-9, F-6

creatorsName, optional object class in top, 2-9

daemons, 3-2

DAP. See Directory Access Protocol (DAP)

.dat files, generated by bulkload, 7-27

data integrity, 2-20, 2-23, 2-25

data privacy, 2-20, 2-26

using SSL, 1-5

data servers

changing password to, 5-28

database block buffers parameter, 13-10

database block size parameter, 13-10

database connections, 2-32

concurrent, 13-11, F-5

pooling, 1-4

database server error, C-2

database, dedicated for directory, 2-30

DB_BLOCK_BUFFERS, 13-8

DBMS_STATS package, 13-3

debug level, F-5

debug logging levels, 5-21

for replication server, 10-12

setting, 5-21

default ACP, modifying, 9-16

default port, 4-3

default port number, 3-5, 3-8

defining object classes, 2-7

deleting

attributes, 6-17

base schema attributes, 6-17

using ldapmodify, A-13

audit log events, 5-25

configuration set entries, 5-2

entries, 4-14

using Oracle Directory Manager, 6-15

using ldapdelete, A-16

using ldapmodify, A-14

object classes

from base schema, 6-4

not in base schema, 6-4

values from attributes, using ldapmodify, A-13

deployment examples, 14-9

DES40 encryption, 2-26

descriptions of object classes, 6-7

directories

conceptual overview, 1-2

distributed, 2-10

location-independent, 1-2

partitioned, 2-18

read-focused, 1-2

directory access control, 1-5, 9-1

Directory Access Protocol (DAP), 1-3

vs. LDAP, 1-3

directory database listener, 10-6

Directory Information Tree (DIT), 2-2

audit log entries in, 5-24

directory instance registry, 2-30

directory naming contexts, 5-15

directory password, changing, 5-17

Directory Replication Groups (DRGs), 2-14, 10-2

establishing, 10-2

installing and configuring, 10-2

directory schema, 2-10

managing, 6-1

directory servers, 1-4

directory tree, browsing, 7-4

directory usage patterns, learning, 12-3

directory vs. relational database, 1-2

DirectoryReplicationGroupDSAs, 10-13

disabling SSL, F-5

Disconnect

button, in Oracle Directory Manager, 4-10

menu item, in Oracle Directory Manager, 4-10

disconnecting from directory servers, 4-12

using Oracle Directory Manager, 4-10

disk space requirements, estimating, 12-7

disk tuning, 13-8

displaying a directory entry, 7-2

displaying a subtree, 7-3

distinguished names, 2-2

of parents, locating, 7-12

using ldapmoddn, 4-14

distributed directories, 2-10, 2-18

naming contexts and, 2-10

partitioned, 2-11

replicated, 2-11

DIT. See Directory Information Tree (DIT)

DNs. See distinguished names.

dropping indexes from attributes, 5-24, 6-29

DSA, environment setting, B-3

DSE modification event, 5-25

duration of a search, specifying, 7-4

Edit button, in Oracle Directory Manager, 4-11

Edit menu item, in Oracle Directory Manager, 4-10

encrypting

levels available in Oracle Internet Directory, 2-26

RC4_40, 2-26

Ends With filter, in Oracle Directory Manager, 6-8

entities, granting access to, 9-24, 9-31

entries

adding

by copying an existing entry, 7-14

concurrently, 4-14

from other applications, A-20

mandatory attributes, 7-13

optional attributes, 7-13

requires write access to parent, 7-11

using bulkload, A-20

using ldapaddmt, 4-14, A-9

using ldapadd, 4-14, A-7

using Oracle Directory Manager, 7-11

assigning object classes to, 6-3

attributes, viewing, 7-10

audit log, 5-22

searching, 5-24

comparing, using ldapcompare, 4-14

conceptual discussion, 2-2

configuration set

deleting

using ldapdelete, 4-14, A-16

using ldapmodify, A-14

displaying, 7-2

distinguished names of, 2-2

filters, 9-21, 9-28

group, 2-4

inheriting attributes, 6-2

loading, 6-2

locating, 2-3

managing

using Oracle Directory Manager, 4-13

modifying

concurrently, using ldapmodifymt, A-14

large numbers, A-23

LDAP conventions, 7-20

rules, 7-20

multiple

adding concurrently, 7-23

modifying, 7-23

naming, 2-2

objects associated with an ACI, 9-6

parent, 6-2

renaming, 7-23

rules for changing, 7-20

searching

base level, 7-5

one-level, 7-5

specifying search depth, 7-4

subtree level, 7-5

using Oracle Directory Manager, 7-2

using ldapsearch, A-4

selecting by DN, 9-45

specific, granting access to, 9-24, 9-31

superclasses, selecting, 7-13

user

adding, by using ldapadd, 7-24

adding, by using Oracle Directory Manager, 7-17

modifying, by using ldapmodify, 7-25

modifying, by using Oracle Directory Manager, 7-22

entry-level conflicts, replication, 10-24

environment variables, NLS_LANG, 11-2

error messages

errors

estimating CPU requirements, 12-16

evaluation, ACL, 9-10

precedence rules, 9-11

events, auditable, 5-25

everyone, granting access to, 9-24, 9-31

Exact Match filter, in Oracle Directory Manager, 6-8, 7-6, 9-22, 9-29

Exit menu, in Oracle Directory Manager, 4-10

extensibility, in LDAP Version 3, 1-3

failover, 1-5, 14-1

AlternateServers attribute, 14-4

capabilities in Oracle Internet Directory, 14-7

options in private network infrastructure, 14-7

options in public network infrastructure, 14-5

options in the public network infrastructure, 14-5

options on clients, 14-4

failure recognition and recovery. See failover.

fault tolerance mechanisms, 14-3

File menu, in Oracle Directory Manager, 4-10

filters

Find Attributes button, in Oracle Directory Manager, 6-19

Find Objects button, in Oracle Directory Manager, 4-11, 6-6

formats

of distinguished names, 2-3

function calls, tracing, 5-21

garbage collection

in replication, 10-10

modifying intervals in replication, 10-12

granting

access, 9-24, 9-31

entry-level access

by using Oracle Directory Manager, 9-43

Greater or Equal filter, in Oracle Directory Manager, 6-8, 7-6, 9-22, 9-29

group entries, 2-4

adding, 7-18

creating

using ldapmodify, A-13

using Oracle Directory Manager, 7-18

groupOfNames object class, 7-18, 7-19

groupOfUniqueNames, 7-18

groups

granting access to by using Oracle Directory Manager, 9-24, 9-31

privilege, 9-4

guest user, managing user name and password, 5-17

guidelines

for adding attributes, 6-17

for deleting attributes, 6-17

for modifying attributes, 6-17

hardware-based connection redirection, 14-6

Help button, in Oracle Directory Manager, 4-11

Help menu item, in Oracle Directory Manager, 4-10

high availability

and multi-master replication, 14-7

of Oracle Internet Directory, 14-1

Hodges, Jeff, 2-34

Howes, Tim and Mark Smith, 2-34

IETF

drafts, enforced by Oracle Internet Directory, F-2

LDAP approval

RFCs enforced by Oracle Internet Directory, F-2

indexed attribute locations, 5-15

indexed attributes, 6-28

displayed in Oracle Directory Manager, 6-11

orcleventtype, 5-23

orcluserdn, 5-23

indexes

created by bulkload, 7-27

dropping from attributes

using Oracle Directory Manager, 6-29

indexing

attributes, 6-28, 6-32

by using command line tools, 6-31

using catalog management tool, 6-28

using Oracle Directory Manager, 6-27

using Catalog Management tool, 6-32

inheritance, 2-8

and access control policies, 9-3

and superclasses, 6-3

from superclasses, 6-11

of attributes, 6-11

initNLDAP.ora, B-9

initsid.ora, modifying, 10-5

input file, creating, 5-12

installation errors, C-2

installing

Advanced Symmetric Replication (ASR), 10-3

Directory Replication Groups (DRGs), 10-2

insufficient memory, 13-8

internationalization, and LDAP, 1-3, 11-1

Internet Engineering Task Force (IETF). See IETF.

Internet, and LDAP, 1-3

I/O subsystem

in capacity planning, 12-2, 12-6

sizing, 12-6

I/O throughput, maximizing, 12-7

iostat utility, 13-2

IP address takeover (IPAT), 14-8

Java clients, NLS and, 2-27

Java Native Interface, 2-33

JPEG images, adding with ldapadd, A-9

jpegPhoto attribute, 2-5, 7-24

Kerberos authentication, A-8, A-10, A-16

knowledge references, 2-19, 2-20

in LDAP Version 3, 1-3

permissions for managing, 2-20

Kosiur, Dave, 2-34

launching Oracle Directory Manager, 4-2

LDAP

LDAP Data Interchange Format (LDIF)

when using bulkload, A-20

LDAP Interchange Format (LDIF), 4-13, A-2

LDAP search performance, 13-12

LDAP server instances

adding JPEG images, A-9

adding entries concurrently, A-9

ldapaddmt, 4-14, A-9

log, A-9

ldap-bind operation, 2-21

ldapcompare, 4-14, 7-23, A-17

syntax, A-17

ldapdelete, 4-14, A-16

adding entry-level ACIs, 9-45

deleting entries, A-16

syntax, A-16

ldapmoddn, 4-14, A-18

and NLS, 11-7

moving entries, 7-23

moving subtrees, 7-23

renaming entries, 7-23

renaming subtrees, 7-23

ldapmodify, 4-14, A-11

adding ACPs, 9-44

adding attributes, 6-29

adding object classes, 6-15

adding values to multiple-valued attributes, A-13

changing audit level, 5-27

change types, A-12

creating group entries, A-13

deleting entries, A-14

LDIF files in, A-7, A-9, A-11, A-14

modifying attributes, 6-29

modifying object classes, 6-15

replacing attribute values, A-13

syntax, A-11

ldapmodifymt, 4-14

multithreaded processing, A-15

querying audit log, 5-22

syntax, A-4

LDIF

file-based modification, not supported by bulkmodify, A-23

files, in ldapmodify commands, A-7, A-9, A-11, A-14

formatting notes, A-3

formatting rules, A-3

using, 4-13, A-2

LDIF file

for adding configuration set entries, 5-11

referencing in commands, 5-13

ldifwrite, A-21

and NLS, 11-8

syntax, A-21

Less or Equal filter, 6-8, 7-6, 9-22, 9-29

line-mode commands, batching, 6-15

listener, for directory database, 2-30, 2-32

restarting, 10-6

stopping, 10-6

listener.ora, 10-6, B-7

load balancing, network level, 14-5

-load option, in bulkload, 7-27

locating

directory entries by using distinguished names, 2-3

DN of parent, 7-12

location

wallet, 4-6

location-independence, of directories, 1-2

logging

debug, 5-21

OID Monitor activities, 2-31

logical disks, 13-9

login

superuser

login

LSNRCTL utility, 10-6

managing

attributes

overview, 6-16

using command line tools, 6-29

using Oracle Directory Manager, 6-18

configuration set entries, 5-2

directory schema, 6-1

entries

using Oracle Directory Manager, 4-13, 7-2

knowledge references, 2-20

object classes

mandatory attributes, 2-7, 6-2

adding to existing object classes, 6-4

adding to object classes in use, 7-20

entering values for, 7-13

in object classes, 6-7

redefining, 6-3

manual resolution of conflicts, 10-25

Master Definition Site (MDS), 10-3

designating, 10-3

matching rules

attribute, 2-6

cannot add to subSchemaSubentry, 2-10

recognized by Oracle Internet Directory, F-9

tab in Oracle Directory Manager, 6-10

maxextents, 10-5

MDS. See Master Definition Site (MDS)

member attribute, 7-18

Member, multiple-valued attribute, 7-18

memory

in capacity planning, 12-2

menu bar, Oracle Directory Manager, 4-10

metadata, stored in schema, 2-10

modify DN

using ldapmoddn, 4-14

modifyDN

audit log event, 5-25

modifying

a user entry, 7-22

ACI directives, by using Oracle Directory Manager, 9-17

ACPs, by using Oracle Directory Manager, 9-17

attribute syntaxes, 6-17

attributes

concurrently, 4-14

base schema attributes, 6-17

using ldapmodify, 4-14

using ldapmodifymt, 4-14

audit level, 5-27

audit log events, 5-25

configuration parameters, 2-32

configuration set entries, 2-32, 3-8, 5-2

using Oracle Directory Manager, 5-4, 5-10

using ldapmodify, 5-13

content access items, 9-32

DNs, using command line tools, 7-23

entries

by using ldapmodify, A-11

by using Oracle Directory Manager, 7-20

concurrently, using ldapmodifymt, A-14

LDAP conventions, 7-20

rules, 7-20

garbage collection intervals in replication, 10-12

initsid.ora, 10-5

large numbers of entries, A-23

multiple entries, using command line tools, 7-23

number of worker threads in change log processing, 10-13

object classes, 6-3

in the base schema, 6-4

using Oracle Directory Manager, 6-14

objects

by using ldapmodify, 4-14

by using Oracle Directory Manager, 4-10

Oracle wallet parameter, 5-9, F-6

parameters for an active instance, 8-3

parameters in an active server instance, 5-4

passwords, to Oracle data servers, 4-16

RDN, using command line tools, 7-23

replication agreement parameters, 10-15

using command line tools, 10-15

SSL configuration parameters, 8-3

structural access items, 9-28

wallet passwords, 5-9, F-6

modifying configuration set entries, 5-2

modifying objects

using Oracle Directory Manager, 4-11

moving

entries, 7-23

subtrees, 7-23

mpstat utility, 13-2

multi-master flag, 10-16

toggling, 10-16

multi-master replication, 1-4, 2-14

and high availability, 14-7

multiple configuration set entries, 8-3

multiple entries

adding concurrently, using command line tools, 7-23

modifying, 7-23

multiple server processes, 2-32

multiple threads, A-15

in ldapaddmt, A-9

increasing the number of, A-9

multiple-valued attributes

adding values to, using ldapmodify, A-13

Member, 7-18

multithreaded command line tools

ldapaddmt, 4-14, A-9

ldapmodifymt, 4-14, A-15

multithreaded LDAP servers, 1-4

multi-valued attributes, 2-4

converting to single-valued, 6-17

orclEntryLevelACI, 9-3

names, of object classes, 6-7

naming contexts

and distributed directories, 2-10

in partitioned directories, 2-18

in replication, 2-13, 10-2

subordinate, 2-19

naming directory entries, 2-2

namingContexts, 5-16

National Language Support (NLS)

bulkdelete, 11-9

bulkload, 11-8

bulkmodify, 11-9

command line tools, 11-5

settings for Oracle Internet Directory, 11-2

navigating Oracle Directory Manager, 4-7

Navigator pane, in Oracle Directory Manager, 4-7

net service name, 3-2, 3-3

Net8, 2-31, 2-33

preparing for replication, 10-4

network

bandwidth, 12-14

capacity planning, 12-14

connectivity, in capacity planning, 12-2

requirements, 12-14

Network Interface Cards (NICs), failures of, 14-8

network-level connection redirection, 14-6

network-level failover, 14-5

new syntaxes, adding, 2-6

newdb.sql, B-10

NLS. See National Language Support (NLS).

NLS_LANG environment variable, 11-2

settings, 11-2

specifying, 11-3

no authentication, in access control, 9-24, 9-30

no SSL authentication option, 4-6

node in Oracle Internet Directory, 2-29

non-default port, running on, 4-3

normal mode, running directory servers in, F-5

not null filter, in Oracle Directory Manager, 6-9

NT Performance Monitor, 13-2

NT Task Manager, 13-2

null values, in attributes, 6-2

object class types

concurrently, using ldapaddmt, A-9

using Oracle Directory Manager, 6-12

assigning to entries, 6-2, 6-3

converting auxiliary, 6-4

creating, using Oracle Directory Manager, 4-10

defining, 2-7

definition of, 2-7

deleting, using Oracle Directory Manager, 6-15

groupOfNames, 7-18, 7-19

in base schema, 6-4

in LDIF files, A-2

in top, 2-9

managing

modifying, 6-3

using Oracle Directory Manager, 6-14

orclauditoc, 5-23

redefining mandatory attributes in, 6-3

removing attributes from, 6-4

removing superclasses from, 6-4

rules, 2-10

searching for, 6-5

structural, converting, 6-4

subclasses, 2-8

defining, 2-7

superclasses, 2-8, 6-11

tab in Oracle Directory Manager, 6-9

top, 2-8

types of, 2-9

unique name of, 6-3

unique object identifier, 6-3

viewing, 6-9, 6-11

object identifiers, of object classes, 6-7

objectclass attribute, 5-23

objects

adding, by using Oracle Directory Manager, 4-11

comparing, 4-10

of ACI directives, 9-6

searching for, using Oracle Directory Manager, 4-11

OCI. See Oracle Call Interface.

OFA. See Optimal Flexible Architecture (OFA).

OID Control Utility, 2-30, 3-2, 4-15

restart command, 5-4

run-server command, 4-15

start and stop server instances, 3-3

start-server command, 5-2

stop-server command, 4-15

OID Monitor, 2-30, 4-15

logging, 2-31

sleep time, 3-2, 3-3

starting, 3-2, 3-3

OID Password Utility, 4-16, 5-28

oidctl. See OID Control Utility

OIDLDAPD, 3-6

oidmon. See OID Monitor.

oidmon.log file, 2-31

OIDREPLD, 3-8

OLTS_ATTR_STORE tablespace, 12-12

OLTS_ATTRSTORE, 13-9

OLTS_CT_CN tablespace, 12-12

OLTS_CT_DN, 13-9

OLTS_CT_DN tablespace, 12-12

OLTS_CT_OBJCL tablespace, 12-12

OLTS_CT_STORE tablespace, 12-12

OLTS_DEFAULT tablespace, 12-12

OLTS_IND_ATTRSTORE, 13-9

OLTS_IND_ATTRSTORE tablespace, 12-12

OLTS_IND_CT_DN, 13-9

OLTS_IND_CT_DN tablespace, 12-12

OLTS_IND_CT_STORE tablespace, 12-12

one-level search, 7-5

one-way authentication, SSL, 2-22, 4-6, F-5

online administration tool. See Oracle Directory Manager

open cursors parameter, 13-10

OPEN_CURSORS, 13-10

operational attributes, 5-14

ACI, 2-25

fields in Oracle Directory Manager, 5-15

Operations menu item, in Oracle Directory Manager, 4-10

Optimal Flexible Architecture (OFA), B-2

optional attributes, 2-7, 6-2

adding to pre-defined object classes, 2-7

entering values for, 7-13

in object classes, 6-7

Oracle background processes, 13-11

Oracle Call Interface, 2-33

Oracle data servers

changing password to, 4-16, 5-28

error, C-2

Oracle Directory Manager, 1-4, 7-4

adding

ACPs, 9-32, 9-34

attributes, 6-22

configuration set entries, 5-4

Apply button vs. OK button, 4-9

attributes, searching for, 6-18

Cancel button, 4-9

Configure Entry Management menu item, 4-10

connecting to a directory server, 4-10, 4-11

create access control policy point menu, 4-10

Create button, 4-11

Create Entry menu item, 4-10

Create Like button, 4-11, 7-15

Create Like operation, 4-10

creating an attribute, 4-10

creating object classes, 4-10

deleting configuration set entries, 5-4

disconnecting from a directory server, 4-10

displaying help navigator, 4-10

Edit button, 4-11

Edit menu, 4-10

Ends With filter, 6-8

entries management, 4-13

Exact Match filter, 6-8, 7-6, 9-22, 9-29

Exit menu, 4-10

File menu, 4-10

Find Attributes button, 6-19

Find Objects button, 4-11, 6-6

granting access, 9-16

Greater or Equal filter, 6-8, 7-6, 9-22, 9-29

Help button, 4-11

Help menu item, 4-10

launching, 4-2

Less or Equal filter, 6-8, 7-6, 9-22, 9-29

listing attribute types, A-3

managing

ACPs, 4-13

configuration set entries, 5-4

entries, 4-13

object classes, 6-5

menu bar, 4-10

modifying

configuration set entries, 2-32

object classes, 6-14

objects, 4-10, 4-11

replication agreements, 10-15

modifying configuration set entries, 5-4

modifying entries, 7-20

navigating, 4-7

not null filter, 6-9

Operations menu, 4-10

overview, 4-2

Present filter, 7-6

purge schedule, setting, 10-11

Refresh button, 4-11

Refresh Entry button, 4-11

Refresh Subentries button, 4-11

Remove button, 4-11

removing objects, 4-10, 4-11

Revert button, 4-9

root of search, 7-3

running, 4-2

schema administration, 4-13

search criteria bar, 7-5

searching

selecting attribute syntax type, 6-30

setting maximum number of subentries, 4-10

setting maximum search time, 4-10

starting, 4-2

starting on Sun Solaris, 4-2

system operational attribute fields, 5-15

tear-off menu item, 4-10

viewing

entry attributes, 7-10

Oracle Directory Replication Server, 1-4

starting, 3-6

stopping, 3-8

Oracle Directory Server, 1-4

Oracle foreground processes

restricting, 13-7

tuning CPU for, 13-6

Oracle instances, 10-6

Oracle NLS, 2-26

Oracle SQL*Loader, used by bulkload, A-20

Oracle Wallet Manager, 2-23

overview, D-2

Oracle wallets, F-6

changing location of, 5-9, F-6

Oracle8 Replication Manager, configuring Advanced Symmetric Replication (ASR), 10-3

Oracle8i

Advanced Symmetric Replication, 2-14

optional object class in top, 2-9

orclAgreementID, 10-14

orclAgreementId, F-3

orclauditattribute, F-4

orclAuditLevel, F-4

orclauditlevel attribute, 5-26

orclauditlevel operational attribute, 5-22

orclauditmessage, F-4

orclauditmessage attribute, 5-23

OrclAuditOC, F-4

orclauditoc attributes, 5-23

orclauditoc object class, 5-23

orclCatalogEntryDN, F-4

orclChangeRetryCount, 10-10, 10-13, F-3

orclConfigSet, F-4

orclconfigsetnumber, F-4

orclConsumerReference, F-3

orclcontainerOC, F-4

orclDBType, F-4

orclDebugLevel, F-4

orcldebuglevel configuration set entry, F-5

orclDirReplGroupAgreement, 10-10, F-3

orclDirReplGroupDSAs, 10-10, 10-13, 10-14, F-3

orclDITRoot, F-4

orclEntryLevelACI, 9-3, F-3

optional object class in top, 2-9

orcleventLog, F-4

orclEvents, F-4

orcleventtime, F-4

orcleventtime attribute, 5-23

orcleventtype, F-4

orcleventtype attribute, 5-23

orclExcludedNamingcontexts, 10-14, F-3

orclGuid, F-3

optional object class in top, 2-9

orclGuName, F-4

orclGuPassword, F-4

orclhostname, F-4

orclIndexedAttribute, F-4

orclIndexOC, F-4

orclLDAPInstance, F-4

orclLDAPSubConfig, F-4

ORCLMAXCC, 13-4

orclMaxCC, F-4

orclmaxcc, 2-32

orclmaxcc configuration set entry, F-5

orclOpResult, F-4

orclopresult attribute, 5-23

orclParentGUID, F-3

orclPrivilegeGroup, 7-18

orclPrName, F-4

orclPrPassword, F-4

orclPurgeSchedule, 10-10, 10-12, F-3

orclReplAgreementEntry, F-3

orclReplBindDN, F-3

orclReplBindPassword, F-3

orclReplicationProtocol, 10-14, F-3

orclREPLInstance, F-4

orclREPLSubConfig, F-4

orclSequence, F-4

orclsequence attribute, 5-23, 5-24

orclServerEvent, F-4

orclServerMode, 5-16, F-4

ORCLSERVERPROCS, 13-4

orclServerProcs, F-4

orclserverprocs, 2-32

orclserverprocs configuration set entry, F-5

orclSizeLimit, 5-16, F-4

orclssl authentication configuration set entry, F-5

orclsslAuthentication, F-4

orclsslEnable, F-4

orclsslenable, F-5

orclsslenable configuration set entry, F-5

orclsslPort, F-4

orclsslport configuration set entry, F-5

orclsslVersion, F-4

orclsslWalletPasswd, F-4

orclsslwalletpasswd configuration set entry, F-6

orclsslWalletURL, F-4

orclsslwalleturl configuration set entry, F-6

orclSuffix, F-4

orclSuName, F-4

orclSuPassword, F-4

orclSupplierReference, F-3

orclThreadsPerSupplier, 10-10

orclTimeLimit, 5-16, F-4

orclUpdateSchedule, 10-14, F-3

orclUseEncrypt, 5-16, F-4

orcluserdn, F-4

orcluserdn attribute, 5-23

organization attribute, 2-5

organizationalUnitName, 2-5

overall throughput, 13-2

overriding user-specified configsets, 3-9

paging, 12-13

partitioned directories, 2-11

partitioning, 2-18

password-based authentication, 1-5, 2-21, 4-4

passwords

encrypting, 5-15

for shell tools, 4-14, 7-26

for SSL wallets, 4-6

modifying, 5-9, F-6

setting, F-6

for using bulk tools, 4-14

to a directory, changing, 5-17

to Oracle data servers, 4-16

changing, 5-28

performance

add/modify, 13-12

metrics, 13-2

replication and, 2-12

search, 13-12

troubleshooting, 13-12

using multiple threads, A-9

using orclEntryLevelACI, 9-3

permissions, 2-20, 2-25

granting

by using command line tools, 9-43

by using Oracle Directory Manager, 9-16

physical memory, 12-13

PKI authentication, 2-21

pooling, connection, 1-4

port, 4-4

default, 3-5, 3-8, 4-3

port 389, 3-5, 3-8, F-5

port 636, 3-5, 3-8, F-5

precedence rules

ACL evaluation, 9-11

in conflicting access policies, 9-3

prescriptive access control, 1-5, 9-3

Present filter, Oracle Directory Manager, 7-6

private key, 2-23

privilege groups, 9-4

privileges, 2-20, 2-22, 2-25

process instance location, 5-15

processes, 2-30

Oracle background, 13-11

Oracle foreground

restricting, 13-7

starting, 5-1

processing power of CPU, 12-15

processor affinity, on SMP systems, 13-6

proxy user, managing user name and password, 5-17

public key, 2-22

public key infrastructure, 2-21

purge schedule, setting using Oracle Directory Manager, 10-11

query entry return limit, 5-15

querying

audit log, 5-22

critical events, 5-22

Radicati, Sara, 2-34

RAID, 13-9

RC4_40 encryption, 2-26

RDNs. See Relative Distinguished Names (RDNs)

read-focused, directories as, 1-2

recovery features, in Oracle8i, 1-5

redefining mandatory attributes, 6-3

Redo Log Buffers parameter, 13-11

redundancy, 14-2

redundant links, 14-8

referrals, 2-19, 2-20

referrals, in LDAP Version 3, 1-3

Refresh button, in Oracle Directory Manager, 4-11

Refresh Entry button, in Oracle Directory Manager, 4-11

Refresh Subentries button, in Oracle Directory Manager, 4-11

relational database vs. directory, 1-2

Relative Distinguished Names (RDNs), 2-3

displaying for each entry, 7-2

modifying

modifying, using ldapmoddn, 4-14

using ldapmodify, A-14

reliability, and replication, 2-12

Remove button, in Oracle Directory Manager, 4-11

removing

attributes from an object class, 6-4

objects

using command line tools, A-11, A-16

using Oracle Directory Manager, 4-10, 4-11

renaming

entries, 7-23

subtrees, 7-23

replacing attribute values, using ldapmodify, A-13

replicas, 2-12

replicated directories, conceptual discussion, 2-11

replication, 2-11

adding a new node for, 10-17, 10-23

Advanced Symmetric Replication (ASR)

agreement parameters, 10-13

modifying, 10-15

modifying, using command line tools, 10-15

viewing, 10-15

agreements, 2-14, 5-15, 10-9, 10-15

adding nodes to, 10-15

configuring, 10-9

change logs, 1-5, 2-17

cold backup, B-1

configuring, 10-9

Advanced Symmetric Replication (ASR), 10-6

sqlnet.ora, 10-4

tnsnames.ora, 10-4

database copy procedure, B-1

debug logging level, 10-12

garbage collection, 10-10

modifying intervals, 10-12

multi-master, 1-4, 2-14

naming contexts, 10-2

nodes, adding, 10-17

performance and, 2-12

preparing Net8 environment, 10-4

reliability and, 2-12

server, 1-4, 2-30, 2-31

configuration set entries, 10-9, 10-10

starting, 3-6, 10-16

stopping, 3-8

sponsor node, B-3

status location, 5-15

transport mechanism, 2-14

restarting

a directory server, 3-8, 5-4

listener for directory database, 10-6

Revert button, in Oracle Directory Manager, 4-9

RFCs enforced by Oracle Internet Directory, F-2

rollback segments, 10-5

root of search

rules

run-server command, using OID Control Utility, 4-15

SASL. See Simple Authentication and Security Layer (SASL).

scalability, of Oracle Internet Directory, 1-4

schema, 2-10

adding and changing object classes (online), 6-2

administration, 6-1

using Oracle Directory Manager, 4-13

definition location, 5-15

definitions in subSchemaSubentry, 2-10

distributed among several tablespaces, 13-9

elements, F-1

add/replace event, 5-25

delete event, 5-25

for specific Oracle products, F-3

Schema Management pane, in Oracle Directory Manager, 6-9

scripts, batched line-mode commands, 6-15

search and compare operations, 2-6

search criteria bar, in Oracle Directory Manager, 7-5

search depth, specifying, 7-4

search filters

IETF-compliant, A-4

ldapsearch, A-6

search results, specifying maximum number of entries, 7-4

searching

audit log entries, 5-24

using ldapsearch, A-4

for attributes

using Oracle Directory Manager, 6-18

for audit log entries, 5-22

for entries

using Oracle Directory Manager, 4-11

for object classes, 6-5

for objects

for objects, using Oracle Directory Manager, 4-11

making attributes available for, 6-27

specifying maximum number of entries, 7-4

using filters, 6-8

secure

mode

running directory servers in, F-5

running server instances in, 8-2

port 636, 8-2

Secure Sockets Layer

configuring, 4-4

enabling Oracle Directory Manager, 4-5

security, 2-20

attribute level, 1-5

entry level, 1-5

for different clients, 8-3

in LDAP Version 3, 1-3

SSL parameters for different clients, 8-3

within Oracle Internet Directory environment, 2-20

selected audit log events, 5-26

selecting

an entry's superclass, 7-13

attribute syntax type, 6-30

selecting root of search, 7-4

server

replication, 1-4

server instances

running, 4-2

running in secure mode, 8-2

server operation time limit, 5-15

server processes

number of, F-5

too many, 13-5

servers

configuring, using input files, 7-23

connecting to, 4-4

directory, 1-4

connecting to, 4-3

parameters, configuring, 4-17

sessions parameter, 13-10

session-specific user identity, 2-21

setting

debug logging levels, 5-21

using the OID Control Utility, 5-21

maximum number of subentries, using Oracle Directory Manager, 4-10

maximum search time, using Oracle Directory Manager, 4-10

system operational attributes, 5-14

setting wallet location, 4-6

SGA. See System Global Area (SGA).

shared pool size, 13-8

parameter, 13-10

simple authentication, 1-5, 2-21

for access control subjects, 9-24, 9-30

Simple Authentication and Security Layer (SASL), in LDAP Version 3, 1-3

single-valued attributes, 2-4

converting to multi-valued, 6-17

size of attribute values, F-8

sizing

I/O subsystem, 12-6

sizing tablespaces, 12-9

sleep time, OID Monitor, 3-2, 3-3

sn attribute, 2-5

software-based connection redirection, 14-7

sort area parameter, 13-11

specifying attributes, as mandatory or optional, 6-2

SPECint_rate95 baseline, 12-15

sponsor node, 10-19

cold backup procedures, B-3

sqlnet.ora, configuring for replication, 10-4

SSL, 4-5

attribute values, F-4

authenticated access, 1-5

authentication, 9-8

client and server, 4-6

for Oracle Directory Manager, 4-6

one-way, 4-6

server only, 4-6

two-way, 4-6

authentication, for Oracle Directory Manager, 4-6

cipher suites, 8-2

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, 8-2

SSL_RSA_EXPORT_WITH_RC4_40_MD5, 8-2

SSL_RSA_WITH_NULL_MD5, 8-2

SSL_RSA_WITH_NULL_SHA, 8-2

supported in Oracle Internet Directory, 8-2

client scenarios, 8-2

components, 2-22

configuration parameters, 8-2

modifying, 8-3

configuration set entry, 5-3

configuring, 4-4

data privacy, 1-5

default port, 2-24, F-5

disabling, F-5

enable, 5-3

enabling, 8-2, A-7, A-8, A-10, A-11, A-15, F-5

handshake, 2-23, 8-2

how it works, 2-23

modifying orclsslwalleturl parameter, 5-9, F-6

no authentication, 2-22, 4-6, F-5

for access control subject, 9-24, 9-30

one-way authentication, 2-22

for access control subjects, 9-24, 9-30

parameters, 8-2

password, 4-6

port 636, 8-2

strong authentication, 2-21

toggling on and off, F-5

two-way authentication, 2-22, F-5

for access control subjects, 9-24, 9-30

Version 2, 8-2

Version 3, 8-2

wallets, 2-23, F-5, F-6

changing location of, 5-9, F-6

changing passwords, 5-9, F-6

SSLenable, configuration set entry, 5-3

stack, technology, 14-3

starting

directory servers, 3-4, 4-17

using default configuration, 3-9

LDAP server instance, 3-4

OID Monitor, 3-2, 3-3

Oracle Directory Manager, 4-2

Oracle Directory Replication Server, 3-6

Oracle Directory Server instances, 10-9

replication server, 10-16

replication server instances, 3-6

start-server commands, 2-30, 3-2, 5-2

stopping

listener for directory database, 10-6

Oracle Directory Replication Server, 3-8

replication server instances, 3-8

stop-server commands, 2-30, 3-2, 4-15

store-and-forward transport, in Oracle8i, 2-14

striping, 13-8, 13-10

strong authentication, 2-21

structural access items, 9-19

access control points, 9-19

modifying, 9-28

structural object class type, 2-8, 2-9

structural object classes, converting, 6-4

structure rules, not enforced by Oracle Internet Directory, 2-10

structure, audit log entries, 5-23

subclasses, 2-8

subconfig, F-4

subentries, 2-10

subordinate naming contexts, 2-19

subregistry, F-4

subSchemaSubentry

adding object classes to, 2-10

holding schema definitions, 2-10

modifying, 2-10

subtree level search, 7-5

subtree, displaying, 7-3

subtrees

granting access to, 9-24, 9-31

renaming, 7-23

Sun Solaris, starting Oracle Directory Manager on, 4-2

super user

logging in as, 4-4

managing user name and password, 5-17

super user login event, 5-25

superclass selector, 7-13

of object classes, 6-7

superior naming contexts

naming contexts

superior, 2-19

suppliers, 2-12, 2-15, 2-16

surname attribute, 2-5

Symmetric Multi-Processor (SMP) systems, 13-6

syntax, attribute, 2-6

syntaxes

bulkload, A-20

bulkmodify, A-23

cannot add to subSchemaSubentry, 2-10

catalog management tool, A-26

LDAP, F-6