Skip Headers
Oracle Internet Directory Administrator's Guide
Release 9.0.2
Part Number A95192-01
Home
Solution Area
Index
Contents
Title and Copyright Information
Send Us Your Comments
Preface
What's New in Oracle Internet Directory?
Part I Getting Started
1 Introduction
What Is a Directory?
The Expanding Role of Online Directories
The Problem: Too Many Special Purpose Directories
What Is LDAP?
LDAP and Simplified Directory Management
LDAP Version 3
What Is Oracle Internet Directory?
Architecture of the Oracle Internet Directory
Components of the Oracle Internet Directory
Advantages of Oracle Internet Directory
Scalability
High Availability
Security
Integration with the Oracle Environment
How Oracle Products Use Oracle Internet Directory
Easier and More Cost-Effective Administration
Tighter Security Through Centralized Security Policy Administration
Integration of Distributed Directories
2 Concepts and Architecture
Entries
Attributes
Kinds of Attribute Information
Single-Valued and Multivalued Attributes
Common LDAP Attributes
Attribute Syntax
Attribute Matching Rules
Attribute Options
Object Classes
Subclasses, Superclasses, and Inheritance
Object Class Types
Abstract Object Classes
Structural Object Classes
Auxiliary Object Classes
Naming Contexts
The Directory Schema
Security
Globalization Support
Oracle Internet Directory Architecture
An Oracle Internet Directory Node
An Oracle Directory Server Instance
Configuration Set Entries
Example: How Oracle Internet Directory Works
Distributed Directories
Replication
Partitioning
About Knowledge References and Referrals
Kinds of Referrals
The Delegated Administration Service
The Oracle Directory Integration Platform
About Metadirectories
About the Oracle Directory Integration Platform Environment
3 Preliminary Tasks and Information
Task 1: Start the OID Monitor
Starting the OID Monitor
Stopping the OID Monitor
Task 2: Start a Server Instance
Starting an Oracle Directory Server Instance
Stopping an Oracle Directory Server Instance
Starting an Oracle Directory Replication Server Instance
Stopping an Oracle Directory Replication Server Instance
Restarting Directory Server Instances
Troubleshooting Directory Server Instance Startup
Task 3: Reset the Default Security Configuration
Default Access Policies
Default Access Policy At the Root DSE
Default Access Policy At the Users Container in the Default Subscriber Naming Context
Default Access Policy At the Groups Container in the Default Subscriber Naming Context
Default Access Policy for the Oracle Context Administrators
Default Access Policy for Oracle9
i
Application Server Administrators
Task 4: Reset the Default Password for the Database
Task 5: Run the OID Database Statistics Collection Tool
Log File Locations
4 Directory Administration Tools
Using Oracle Directory Manager
Starting Oracle Directory Manager
Connecting to a Directory Server
Navigating Oracle Directory Manager
Overview of Oracle Directory Manager
The Oracle Directory Manager Menu Bar
The Oracle Directory Manager Toolbar
Connecting to Additional Directory Servers
Disconnecting from a Directory Server
Performing Administration Tasks by Using Oracle Directory Manager
Using Command-Line Tools
Tools Affecting LDAP Entries Directly
Using Bulk Tools
Using the Catalog Management Tool
Using OID Control Utility
Using the OID Database Password Utility
Using the Replication Tools
Using the OID Database Statistics Collection Tool
Administration Tasks at a Glance
Part II Basic Directory Administration
5 Oracle Directory Server Administration
Managing Server Configuration Set Entries
Preliminary Considerations for Managing Configuration Set Entries
Managing Server Configuration Set Entries by Using Oracle Directory Manager
Viewing Configuration Set Entries by Using Oracle Directory Manager
Adding Configuration Set Entries by Using Oracle Directory Manager
Modifying Configuration Set Entries by Using Oracle Directory Manager
Deleting Configuration Set Entries by Using Oracle Directory Manager
Managing Server Configuration Set Entries by Using Command-Line Tools
Adding Configuration Set Entries by Using ldapadd
Modifying and Deleting Configuration Set Entries by Using ldapmodify
Setting System Operational Attributes
Setting System Operational Attributes by Using Oracle Directory Manager
Setting System Operational Attributes by Using ldapmodify
Managing Naming Contexts
Publishing Naming Contexts by Using Oracle Directory Manager
Publishing Naming Contexts by Using ldapmodify
Managing Super Users, Guest Users, and Proxy Users
Managing Super, Guest, and Proxy Users by Using Oracle Directory Manager
Managing Super, Guest, and Proxy Users by Using ldapmodify
Configuring Searches
Configuring Searches by Using Oracle Directory Manager
Setting the Maximum Number of Entries Returned in Searches by Using Oracle Directory Manager
Setting the Maximum Amount of Time For Searches by Using Oracle Directory Manager
Configuring Searches by Using ldapmodify
Monitoring, Debugging, and Auditing the Directory Server
Monitoring Oracle Internet Directory Servers by Using Oracle Internet Directory Server Manageability Framework
Oracle Internet Directory Server Manageability Architecture and Components
Location of Configuration Information for Oracle Internet Directory Server Manageability
Configuring Server Manageability
Setting Debug Logging Levels
Setting Debug Logging Levels by Using Oracle Directory Manager
Setting Debug Logging Levels by Using the OID Control Utility
Using the Audit Log
Structure of Audit Log Entries
Position of Audit Log Entries in the DIT
Auditable Events
Setting the Audit Level
Searching for Audit Log Entries
Purging the Audit Log
Viewing Active Server Instance Information
Changing the Password to an Oracle Database Server
Dereferencing Alias Entries
Concepts for Dereferencing Alias Entries
Alias Objectclass Definition
Aliased Objectname Definition
Using Alias Entry Dereferencing
Adding an Alias Entry
Searching the Base
Searching One-Level
Searching a Subtree
Modifying Alias Entries
Success and Error Messages
6 Directory Schema Administration
About the Directory Schema
About Object Class Management
Guidelines for Adding Object Classes
Guidelines for Modifying Object Classes
Guidelines for Deleting Object Classes
Managing Object Classes by Using Oracle Directory Manager
Searching for Object Classes by Using Oracle Directory Manager
Viewing Properties of Object Classes by Using Oracle Directory Manager
Adding Object Classes by Using Oracle Directory Manager
Modifying Object Classes by Using Oracle Directory Manager
Deleting Object Classes by Using Oracle Directory Manager
Managing Object Classes by Using Command-Line Tools
Example: Adding a New Object Class
Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class
About Attribute Management
Rules for Adding Attributes
Rules for Modifying Attributes
Rules for Deleting Attributes
Managing Attributes by Using Oracle Directory Manager
Viewing All Directory Attributes by Using Oracle Directory Manager
Searching for Attributes by Using Oracle Directory Manager
Adding an Attribute by Using Oracle Directory Manager
Adding a New Attribute by Using Oracle Directory Manager
Creating a New Attribute from an Existing One by Using Oracle Directory
Manager
Modifying an Attribute by Using Oracle Directory Manager
Deleting an Attribute by Using Oracle Directory Manager
Indexing an Attribute by Using Oracle Directory Manager
Viewing Indexed Attributes by Using Oracle Directory Manager
Adding an Index to an Attribute by Using Oracle Directory Manager
Dropping an Index from an Attribute by Using Oracle Directory Manager
Managing Attributes by Using Command-Line Tools
Adding and Modifying Attributes by Using ldapmodify
Deleting Attributes by Using ldapmodify
Indexing an Attribute by Using Command-Line Tools
Indexing an Attribute for Which
No
Data Exists by Using ldapmodify
Dropping an Index from an Attribute by Using ldapmodify
Indexing an Attribute for Which Data Exists by Using the Catalog Management
Tool
Viewing Matching Rules
Viewing Matching Rules by Using Oracle Directory Manager
Viewing Matching Rules by Using ldapsearch
Viewing Syntaxes
Viewing Syntaxes by Using Oracle Directory Manager
Viewing Syntaxes by Using by Using ldapsearch
7 Managing Directory Entries
Managing Entries by Using Oracle Directory Manager
Searching for Entries by Using Oracle Directory Manager
Viewing Attributes for a Specific Entry by Using Oracle Directory Manager
Adding Entries by Using Oracle Directory Manager
Adding a New Entry by Using Oracle Directory Manager
Adding an Entry by Copying an Existing Entry in Oracle Directory Manager
Example: Adding a User Entry by Using Oracle Directory Manager
Adding Group Entries by Using Oracle Directory Manager
Modifying Entries by Using Oracle Directory Manager
Example: Modifying a User Entry by Using Oracle Directory Manager
Managing Entries with Attribute Options by Using Oracle Directory Manager
Adding an Attribute Option to an Existing Entry by Using Oracle Directory
Manager
Modifying an Attribute Option by Using Oracle Directory Manager
Deleting an Attribute Option by Using Oracle Directory Manager
Managing Entries by Using Command-Line Tools
Command-Line Tools for Managing Entries
Example: Adding a User Entry by Using ldapadd
Example: Modifying a User Entry by Using ldapmodify
Managing Entries with Attribute Options by Using Command-Line Tools
Example: Adding an Attribute Option by Using ldapmodify
Example: Deleting an Attribute Option by Using ldapmodify
Example: Searching for Entries with Attribute Options by Using ldapsearch
Managing Entries by Using Bulk Tools
Importing an LDIF File by Using bulkload
Task 1: Back Up the Oracle Server
Task 2: Find Out the Oracle Internet Directory Password
Task 3: Check Input for Schema and Data Consistency Violations
Task 4: Generate the Input Files for SQL*Loader
Task 5: Load the Input Files
If Bulk Loading Fails
Converting Directory Data to LDIF
Modifying a Large Number of Entries
Deleting a Large Number of Entries
Managing Knowledge References and Referrals
Configuring Smart Referrals
Configuring Default Referrals
8 Globalization Support in the Directory
The NLS_LANG Environment Variable
Using Non-UTF-8 Databases
Using Globalization Support with LDIF Files
An LDIF file Containing Only ASCII Strings
An LDIF file Containing UTF-8 Encoded Strings
CASE 1: Native Strings (Non-UTF-8)
CASE 2: UTF-8 Strings
CASE 3: BASE64 Encoded UTF-8 Strings
CASE 4: BASE64 Encoded Native Strings
Using Globalization Support with Command-Line Tools
Specifying the -E Argument When Using Each Tool
Examples: Using the -E Argument with Command-Line Tools
Setting NLS_LANG in the Client Environment
Using Globalization Support with Bulk Tools
Using Globalization Support with bulkload
Using Globalization Support with ldifwrite
Using Globalization Support with bulkdelete
Using Globalization Support with bulkmodify
9 The Delegated Administration Service
About the Delegated Administration Service
Delegated Administration Service Units
The Oracle Internet Directory Self-Service Console
Benefits of the Delegated Administration Service and the Oracle Internet Directory Self-Service Console
Concepts and Architecture of the Delegated Administration Service
How the Delegated Administration Service Works
The Delegated Administration Service and Oracle9
i
AS Single Sign-On
Starting and Stopping the Delegated Administration Service
Installing and Configuring the Delegated Administration Service
Log Files for Components in the Delegated Administration Service Environment
Task 1: Install the Delegated Administration Service
Task 2: Verify that the Delegated Administration Service Is Running
Step 1: Verify that the Oracle HTTP Server Is Running
Step 2: Verify that Java (OC4J JVM) Is Running
Step 3: Verify that the Delegated Administration Service Is Running
Task 3: Configure the Default Subscriber Context
Task 4: Configure User Entries
Searching for User and Group Entries by Using the Delegated Administration Service
Searching for User Entries by Using the Delegated Administration Service
Searching for Group Entries by Using the Delegated Administration Service
Managing Users, Groups, and Subscribers by Using the Delegated Administration
Service
Creating User Entries by Using the Delegated Administration Service
Modifying User Entries by Using the Delegated Administration Service
Deleting User Entries by Using the Delegated Administration Service
Assigning Privileges to Users by Using the Delegated Administration Service
Creating Group Entries by Using the Delegated Administration Service
Modifying Group Entries by Using the Delegated Administration Service
Deleting Group Entries by Using the Delegated Administration Service
Assigning Privileges to Groups by Using the Delegated Administration Service
Changing Passwords by Using the Delegated Administration Service
Changing Your Own Password
Changing Another User's Password
10 Attribute Uniqueness
Introduction
Concepts
Requirements
Creating Attribute Uniqueness
Creating Attribute Uniqueness Across an Entire Directory
Creating Attribute Uniqueness Across One Subtree
Creating Attribute Uniqueness Across One Object Class
Enabling and Disabling Attribute Uniqueness
Enabling Attribute Uniqueness
Disabling Attribute Uniqueness
Specifying the Subtree
Deleting an Attribute Uniqueness Policy
Configuration Interface
Defined Policy Location and Model
Policy Scoping Rules
Applying the Attribute Uniqueness Feature
Known Limitations
Simple Replication Scenario
Multimaster Replication Scenario
Part III Directory Security
11 Directory Security Concepts
Data Integrity
Data Privacy
Authorization
Authentication
Direct Authentication
Indirect Authentication
Protection of User Passwords for Directory Authentication
Password Policies
12 Secure Sockets Layer (SSL) and the Directory
Supported Cipher Suites
SSL Client Scenarios
Configuring SSL Parameters
Configuring SSL Parameters by Using Oracle Directory Manager
Configuring SSL Parameters by Using Command-Line Tools
Issues Specific to This Release of Oracle Internet Directory
13 Directory Access Control
Overview of Access Control Policy Administration
Access Control Management Constructs
Access Control Policy Points (ACPs)
The orclACI Attribute for Prescriptive Access Control
The orclEntryLevelACI Attribute for Entry-Level Access Control
Access Control Groups
Access Control Information Components
Object: To What Are You Granting Access?
Subject: To Whom Are You Granting Access?
Operations: What Access Are You Granting?
Managing Access Control by Using Oracle Directory Manager
Configuring Oracle Directory Manager for Access Control Management
Configuring the Display of ACPs in Oracle Directory Manager
Configuring Searches for ACPs When Using Oracle Directory Manager
Viewing an ACP by Using Oracle Directory Manager
Adding an ACP by Using Oracle Directory Manager
Task 1: Specify the Entry That Will Be the ACP
Task 2: Configure Structural Access Items
Task 3: Configure Content Access Items
Adding an ACP by Using the ACP Creation Wizard of Oracle Directory Manager
Task 1: Specify the Entry That Will Be the ACP
Task 2: Configure Structural Access Items by Using the ACP Creation Wizard
Task 3: Configure Content Access Items by Using the ACP Creation Wizard
Modifying an ACP by Using Oracle Directory Manager
Task 1: Specify the Entry That You Want to Modify
Task 2: Modify Structural Access Items
Task 3: Modify Content Access Items
Granting Entry-Level Access by Using Oracle Directory Manager
Example: Managing ACPs by Using Oracle Directory Manager
Create a New ACP
Create a Third ACI
Create a Fourth ACI
Managing Access Control by Using Command-Line Tools
Example: Restricting the Kind of Entry a User Can Add
Example: Setting Up an Inheritable ACP by Using ldapmodify
Example: Setting Up Entry-Level ACIs by Using ldapmodify
Example: Using Wild Cards
Example: Selecting Entries by DN
Example: Using Attribute and Subject Selectors
Example: Granting Read-Only Access
Example: Granting Selfwrite Access to Group Entries
How ACL Evaluation Works
ACL Evaluation Precedence Rules
More Than One ACI for the Same Object
Granting Exclusionary Access to Objects
ACL Evaluation For Groups
Access Level Requirements for LDAP Operations
Part IV Directory Deployment
14 General Deployment Considerations
The Expanding Role of Directories
Logical Organization Of Directory Information
Directory Entry Naming
DIT Hierarchy and Structure
Physical Distribution: Partitions and Replicas
An Ideal Deployment
Partitioning Considerations
Replication Considerations
Failover Considerations
About Capacity Planning, Sizing, and Tuning
Capacity Planning
Sizing Considerations
Tuning Considerations
Running Multiple Installations of Oracle Internet Directory on One Host
15 Oracle Components and Oracle Internet Directory
About Oracle Components and Directory Usage
Ready-to-Use Default Configuration
The Root Oracle Context
The Subscriber Oracle Context
A Default Subscriber Configuration
16 Directory-Based Application Security
Delegated Directory Administration
Application-Specific Access Control
Directory Domains and Roles
17 Directory Storage of User Authentication Credentials
About Centralized Storage of User Authentication Credentials
Storing Password Verifiers for Authenticating to Oracle Internet Directory
Managing Password Protection by Using Oracle Directory Manager
Managing Password Protection by Using ldapmodify
Storing Passwords for Authenticating to Oracle Components
About Password Verifiers
Attributes for Storing Password Verifiers
Example: How Password Verification Works
Managing Password Verifier Profiles by Using Oracle Directory Manager
Viewing and Modifying a Password Verifier Profile by Using Oracle Directory
Manager
Managing Password Verifier Profiles by Using Command-Line Tools
Viewing a Password Verifier Profile by Using Command-Line Tools
Modifying a Password Verifier Profile by Using Command-Line Tools
18 Password Policies
About Password Policies
Managing Password Policies by Using Oracle Directory Manager
Viewing a Subscriber's Password Policies by Using Oracle Directory Manager
Modifying a Subscriber's Password Policies by Using Oracle Directory Manager
Managing Password Policies by Using Command-Line Tools
Setting Password Policies by Using Command-Line Tools
Managing a Subscriber's Password Policies Using Command-Line Tools
Example: Viewing a Subscriber's Password Policies Using Command-Line Tools
Example: Modifying a Subscriber's Password Policies Using Command-Line
Tools
Error Messages
19 Capacity Planning Considerations
About Capacity Planning
Getting to Know Directory Usage Patterns: A Case Study
I/O Subsystem Requirements
About the I/O Subsystem
Rough Estimates of Disk Space Requirements
Detailed Calculations of Disk Space Requirements
Memory Requirements
Network Requirements
CPU Requirements
CPU Configuration
Rough Estimates of CPU Requirements
Detailed Calculations of CPU Requirements
Summary of Capacity Plan for Acme Corporation
20 Tuning Considerations
About Tuning
Tools for Performance Tuning
CPU Usage Tuning
Tuning CPU for Oracle Internet Directory Processes
Tuning CPU for Oracle Foreground Processes
Taking Advantage of Processor Affinity on SMP Systems
Other Alternatives for a CPU Constrained System
Memory Tuning
Tuning the System Global Area (SGA) for Oracle9
i
Other Alternatives for a Memory-Constrained System
Disk Tuning
Balancing Tablespaces
RAID
Database Tuning
Required Parameter
Parameters Dependent on Oracle Internet Directory Server Configuration
Using Shared Server Process
SGA Parameters Dependent on Hardware Resources
Entry Caching
Performance Troubleshooting
21 High Availability And Failover Considerations
About High Availability and Failover for Oracle Internet Directory
Oracle Internet Directory and Oracle9
i
Technology Stack
Failover Options on Clients
Alternate Server List from User Input
Alternate Server List from the Oracle Internet Directory Server
Failover Options in the Public Network Infrastructure
Hardware-Based Connection Redirection
Software-Based Connection Redirection
Availability and Failover Capabilities in Oracle Internet Directory
Failover Options in the Private Network Infrastructure
IP Address Takeover (IPAT)
Redundant Links
High Availability Deployment Examples
Part V Directory Replication
22 Directory Replication Concepts
Directory Replication Groups and Replication Agreements
Oracle9
i
Replication
Replication Architecture
The Replication Process on the Supplier Side
The Replication Process on the Consumer Side
Change Log Purging
Conflict Resolution in Replication
Levels at Which Replication Conflicts Occur
Entry-Level Conflicts
Attribute-Level Conflicts
Typical Causes of Conflicts
Automated Resolution of Conflicts
The Replication Process
How the Replication Process Adds a New Entry to a Consumer
How the Replication Process Deletes an Entry
How the Replication Process Modifies an Entry
How the Replication Process Modifies a Relative Distinguished Name
How the Replication Process Modifies a Distinguished Name
23 Oracle Directory Replication Server Administration
Installing and Configuring Replication
Task 1: Install Oracle Internet Directory on All Nodes in the DRG
Task 2: Decide Which Node Will Serve as the Oracle9
i
Replication Master
Definition Site (MDS)
Task 3: Set Up Oracle9
i
Replication for a Directory Replication Group
On All Nodes, Prepare the Oracle Net Services Environment for Replication
From the MDS, Configure Oracle9
i
Replication For Directory Replication
Task 4: Load Data into the Directory
Task 5: Start Oracle Directory Server Instances on All the Nodes
Task 6: Start the Replication Servers on All Nodes in the DRG
Task 7: Test Directory Replication
Managing Replication
Modifying Directory Replication Server Configuration Parameters
Viewing and Modifying Replication Configuration Parameters by Using Oracle Directory Manager
Modifying Replication Configuration Parameters by Using Command-Line
Tools
Modifying Replication Agreement Parameters
Viewing and Modifying Replication Agreement Parameters by Using
Oracle Directory Manager
Modifying Replication Agreement Parameters by Using ldapmodify
Changing the Replication Administrator's Password on All Nodes
Adding a Replication Node
Task 1: Stop the Directory Replication Server on All Nodes
Task 2: Identify a Sponsor Node and Switch the Sponsor Node to Read-Only Mode
Task 3: Backup the Sponsor Node by Using ldifwrite
Task 4: Perform Oracle9
i
Replication Add Node Setup
Task 5: Switch the Sponsor Node to Updatable Mode
Task 6: Start the Directory Replication Server on All Nodes Except the New Node
Task 7: Load Data into the New Node by Using bulkload
Task 8: Start LDAP Server on the New Node
Task 9: Start the Directory Replication Server on the New Node
Deleting a Replication Node
Task 1: Stop the Directory Replication Server on All Nodes
Task 2: Stop All Processes in the Node to be Deleted
Task 3: Delete the Node from the Master Definition Site
Task 4: Start the Directory Replication Server on All Nodes
Resolving Conflicts Manually
Monitoring Replication Change Conflicts
Examples of Conflict Resolution Messages
Example 1: An Attempt to Modify a Non-Existent Entry
Example 2: An Attempt to Add an Existing Entry
Example 3: An Attempt to Delete a Non-Existent Entry
Using the Human Intervention Queue Manipulation Tool
Using the OID Reconciliation Tool
Identifying a Node as Independent of Its Host
Troubleshooting Replication Setup
24 Addition of a Node by Using the Database Copy Procedure
Assumptions
Sponsor Directory Site Environment
New Directory Site Environment
Tasks To Be Performed on the Sponsor Node
Tasks To Be Performed on the New Node
Verification Process
Part VI The Directory and Clusters
25 Failover in Cluster Configurations
Introduction
Configuring Failover in a Clustered Environment
Step 1: Start OID Monitor
Step 2: Start a Directory Server or Directory Replication Server by Using the OID Control Utility
Step 3: Stop, then Restart, the Directory Server and OID Monitor
How Failover Works in a Clustered Environment
26 Directory Failover in an Oracle9
i
Real Application Clusters Environment
Terminology
The Oracle Directory Server in an Oracle9
i
Real Application Clusters Environment
Oracle Internet Directory with Basic High Availability Configuration
Oracle Internet Directory with Default N-Node Configuration
The Oracle Directory Replication Server in an Oracle9
i
Real Application Clusters Environment
Part VII Directory Plug-ins
27 Oracle Internet Directory Plug-in Framework
About Directory Server Plug-ins
Operation-Based Plug-ins
Registering Plug-ins
The orclPluginConfig Object Class
Adding a Plug-in Entry Using Command-Line Tools
Example 1
Example 2
Part VIII The Oracle Directory Integration Platform
28 Oracle Directory Integration Platform Concepts and Components
What Is the Oracle Directory Integration Platform?
Why is the Oracle Directory Integration Platform Needed?
Structure of the Oracle Directory Integration Platform
Provisioning versus Synchronization
Provisioning
Synchronization
How Provisioning and Synchronization Differ
Directory Synchronization Service
Provisioning Integration Service
Oracle Directory Integration Server
Directory Integration Toolkit
Administration and Monitoring Tools
Oracle Directory Manager
OID Control and OID Monitor
Oracle Enterprise Manager
Sample Deployment of the Directory Integration Platform
Overall Deployment
User Creation and Provisioning
Modification of User Properties
Deletion of Users
29 Directory Synchronization
About Connectors and Directory Integration Profiles
Connectors
Directory Synchronization Profiles
Directories with Unique Formats
Synchronization Scenarios
Synchronizing from Oracle Internet Directory to a Connected Directory
Synchronizing from a Connected Directory to Oracle Internet Directory
Registration of Connectors into Oracle Directory Integration Platform
Additional Connector Configuration Information
Mapping Rules and Formats
Updating Mapping Rules
Location and Naming of Files
Managing Synchronization Profiles
Managing Profiles by Using Oracle Directory Manager
Registering a Profile by Using Oracle Directory Manager
Deregistering a Profile by Using Oracle Directory Manager
Managing Connectors from the Command Line
Creating a Synchronization Profile with the Command-Line Tool
Deregistering a Profile Using ldapdeleteConn.sh
30 Oracle Directory Integration Server Administration
What the Oracle Directory Integration Server Is
Registering the Oracle Directory Integration Server
Operational Information about the Oracle Directory Integration Server
The Oracle Directory Integration Server and Configuration Set Entries
Standard Sequences of Directory Integration Server Events
Main Thread Process Sequence
Scheduler Process Sequence
Connector Process Sequence
Managing Configuration Set Entries
Managing the Oracle Directory Integration Server
Starting the Oracle Directory Integration Server
Using the OID Monitor and Control Utilities to Start the Oracle Directory Integration Server
Starting the Oracle Directory Integration Server Without Using OID Monitor and the OID Control Utility
Stopping the Oracle Directory Integration Server
Using OID Monitor and the OID Control Utility to Stop the Server
Stopping the Directory Integration Server Without Using OID Monitor and the OID Control Utility
Using the Restart Command
Setting the Debug Level
Finding the Log Files
Changing the Synchronization Status Attribute
Viewing Oracle Directory Integration Server Information
Viewing Oracle Directory Integration Server Runtime Information by Using Oracle Directory Manager
Viewing Oracle Directory Integration Server Runtime Information by
Using ldapsearch
Managing the Oracle Directory Integration Platform in a Replicated Environment
31 Security in the Oracle Directory Integration Platform
Authentication
Secure Sockets Layer (SSL) and the Oracle Directory Integration Platform
Oracle Directory Integration Server Authentication
Non-SSL Authentication
Authentication in SSL Mode
Profile Authentication
Access Control and Authorization
Access Controls for the Oracle Directory Integration Server
Access Controls for Agents
Data Integrity
Data Privacy
Tools Security
32 Bootstrapping of a Directory in the Oracle Directory Integration Platform
Bootstrapping Oracle Internet Directory from a Connected Directory
Using External Tools to Import Data into Oracle Internet Directory
Setting up a Connector to Import Data in Oracle Internet Directory
Bootstrapping a Connected Directory from Oracle Internet Directory
Using External Tools to Export Data from OID
Setting up a Connector to Export Data from OID
33 Synchronization with Oracle Human Resources
Introduction
Data that You Can Import from Oracle Human Resources
Managing Synchronization with Oracle Human Resources
Configuring a Directory Integration Profile for the Oracle Human Resources
Connector
Customizing the List of Attributes to Be Synchronized with Oracle Internet Directory
Including Additional Oracle Human Resources Attributes for Synchronization
Excluding Oracle Human Resources Attributes from Synchronization
Configuring a SQL SELECT Statement in the Configuration File to Support Complex Selection Criteria
Customizing Mapping Rules for the Oracle Human Resources Connector
Default Oracle Human Resources Connector Mapping Rules
Creating Oracle Human Resources Attribute Mapping Rules
Modifying Oracle Human Resources Attribute Mapping Rules
Deleting Oracle Human Resources Attribute Mapping Rules
Running Synchronization from Oracle Human Resources to Oracle Internet
Directory
Preparing for Synchronization
The Synchronization Process
Boostrapping Oracle Internet Directory from Oracle HR
34 Synchronization with iPlanet Directory Server
About the iPlanet Connector for Synchronizing between the Oracle Internet Directory Server and iPlanet Directory Server
Configuring the Oracle Internet Directory Integration Solution for the iPlanet Directory Server
Task 1: Prepare Both Directories for Synchronization
Task 2: Configure the Integration Profile for the Oracle Internet Directory Integration Solution for the iPlanet Directory Server
Task 3: Configure Mapping Rules
Task 4: Configure Access Control
Task 5: Configure the Password Protection
Synchronizing Between Oracle Internet Directory and iPlanet Directory Server
Preparing for Synchronization
The Synchronization Process
Troubleshooting
Limitations in This Release
35 Synchronization with Third-Party Metadirectory Solutions
About Change Logs
Enabling External Agents to Synchronize with Oracle Internet Directory
Task 1: Perform Initial Bootstrapping
Task 2: Create a Change Subscription Object in Oracle Internet Directory for the External Agent
About the Change Subscription Object
Creating a Change Subscription Object
Task 3: Grant External Agents Access to the Oracle Internet Directory Change Log Object Container
The Synchronization Process
How a Connected Directory Retrieves Changes the First Time from Oracle Internet Directory
How a Connected Directory Updates the orclLastAppliedChangeNumber Attribute in Oracle Internet Directory
Disabling and Deleting Change Subscription Objects
Disabling a Change Subscription Object
Deleting a Change Subscription Object
36 The Oracle Directory Provisioning Integration Service
About the Oracle Directory Provisioning Integration Service
About Provisioning
Provisioning Procedures
User Enrollment in Applications
Provisioning Information
How the Oracle Directory Provisioning Integration Service Retrieves Changes from Oracle Internet Directory
How an Application Obtains Provisioning Information by Using the Oracle Directory Provisioning Integration Service
Managing the Oracle Directory Provisioning Integration Service Environment
Overview: Deploying the Oracle Directory Provisioning Integration Service
Managing the Oracle Directory Provisioning Integration Service
Managing the Oracle Directory Integration Server
Managing Provisioning Profiles
Security and the Oracle Directory Provisioning Integration Service
Entry-Level Privileges
Attribute Level Privileges
Troubleshooting the Oracle Directory Provisioning Integration Service
Part IX Appendixes
A Syntax for LDIF and Command-Line Tools
LDAP Data Interchange Format (LDIF) Syntax
Command-Line Tools Syntax
ldapadd Syntax
ldapaddmt Syntax
ldapbind Syntax
ldapcompare Syntax
ldapdelete Syntax
ldapmoddn Syntax
ldapmodify Syntax
ldapmodifymt Syntax
ldapsearch Syntax
Examples of ldapsearch Filters
ldapUploadAgentFile.sh Syntax
ldapCreateConn.sh Syntax
StopOdiServer.sh Syntax
Provisioning Subscription Tool Syntax
Bulk Tools Syntax
bulkdelete Syntax
bulkload Syntax
bulkmodify Syntax
ldifwrite Syntax
Catalog Management Tool Syntax
OID Monitor Syntax
Starting the OID Monitor
Stopping the OID Monitor
OID Control Utility Syntax
Starting and Stopping an Oracle Directory Server Instance
Starting an Oracle Directory Server Instance
Stopping an Oracle Directory Server Instance
Starting and Stopping an Oracle Directory Replication Server Instance
Starting an Oracle Directory Replication Server Instance
Stopping an Oracle Directory Replication Server Instance
Restarting Directory Server Instances
Troubleshooting Directory Server Instance Startup
OID Database Password Utility Syntax
Human Intervention Queue Manipulation Tool Syntax
Moving a Change from the Human Intervention Queue into the Retry Queue
Moving a Change from the Human Intervention Queue into the Purge Queue
Examples: Using the
Human Intervention Queue Manipulation Tool
Example: Retrying and Discarding Changes
Example: Moving a Single Change from the Human Intervention Queue to the Retry Queue
Example: Moving a Group of Changes from the Human Intervention Queue to the Retry Queue
Example: Moving All Changes from the Human Intervention Queue to the Retry Queue
OID Reconciliation Tool Syntax
Reconciling Inconsistent Data by Using the OID Reconciliation Tool
How the OID Reconciliation Tool Works
OID Database Statistics Collection Tool Syntax
SchemaSync Syntax
B The Access Control Directive Format
Schema for orclACI
Schema for orclEntryLevelACI
C Schema Elements
IETF Requests for Comments (RFCs) Enforced by Oracle Internet Directory
IETF Drafts Enforced by Oracle Internet Directory
Proprietary Oracle Internet Directory Schema Elements
LDAP Syntax
LDAP Syntax Enforced by Oracle Internet Directory
Commonly Used LDAP Syntax Recognized by Oracle Internet Directory
Additional LDAP Syntax Recognized by Oracle Internet Directory
Size of Attribute Values
Matching Rules
Schema to Represent a User
D Oracle Wallet Manager
Overview
Managing Wallets
Starting Oracle Wallet Manager
Creating a New Wallet
Opening an Existing Wallet
Closing a Wallet
Saving Changes
Saving the Open Wallet to a New Location
Saving in System Default
Deleting the Wallet
Changing the Password
Using Auto Login
Enabling Auto Login
Disabling Auto Login
Using Oracle Wallet Manager with Oracle Application Server
Managing Certificates
Managing User Certificates
Creating a Certificate Request
Exporting a User Certificate Request
Importing the User Certificate into the Wallet
Removing a User Certificate from a Wallet
Managing Trusted Certificates
Importing a Trusted Certificate
Removing a Trusted Certificate
Exporting a Trusted Certificate
Exporting All Trusted Certificates
Exporting a Wallet
E Upgrading Oracle Internet Directory
Upgrading in a Single Node Environment
Upgrading in a Multi-Node Environment
LDIF-Based Upgrading
Task 1: Backup the Older Version of Oracle Internet Directory
Task 2: Perform a Fresh Installation of Oracle Internet Directory Release 3.0.1
Task 3: Restore the User-Defined Schema and Data from the Previous Version of Oracle Internet Directory
Task 4: Start Oracle Internet Directory Processes
Upgrading a Standalone Oracle Internet Directory Node
Task 1: Stop Oracle Directory Server on the Old Version Node
Task 2: Backup the Sponsor Node by Using Export Utility
Task 3: Load Data into the New Node by Using the Import Utility
Task 4: Perform Oracle Internet Directory Schema Upgrade
F Migrating Data from Other LDAP-Compliant Directories
About the Data Migration Process
Migrating Data
Task 1: Export Data from the Non-Oracle Internet Directory Server into LDIF File Format
Task 2: Analyze the LDIF User Data for Any Required Schema Additions Referenced in the LDIF Data
Task 3: Extend the Schema in Oracle Internet Directory
Task 4: Remove Any Proprietary Directory Data from the LDIF File
Task 5: Remove Operational Attributes from the LDIF File
Task 6: Remove Incompatible userPassword Attribute Values from the LDIF File
Task 7: Run the bulkload.sh -check Mode and Determine Any Remaining Schema Violations or Duplication Errors
G The LDAP Filter Definition
H Troubleshooting
Installation Errors
Administration Error Messages and Causes
Oracle Database Server Error Due to Schema Modifications
Standard Error Messages Returned from Oracle Directory Server
Additional Error Messages
Password Policy Violation Error Messages
I Migrating User Data from Application-Specific Repositories
About Migrating from Application-Specific Repositories
Tasks For Migrating Data from Application-Specific Repositories
Task 1: Create an Intermediate Template File
Example: User Entries in an Intermediate Template File
Attributes in User Entries
Task 2: Run the OID Migration Tool
The OID Migration Tool
Examples: Using the OID Migration Tool
Using the Migration Tool in the Lookup Mode
Using the OID Migration Tool Without the Lookup Option
Overriding Substitution Values Obtained from the Lookup Mode
OID Migration Tool Error Messages
Glossary
Index
Copyright © 1999, 2002 Oracle Corporation.
All Rights Reserved.
Home
Solution Area
Index
