Oracle® Identity Management Concepts and Deployment Planning Guide
10g (9.0.4) for Windows or UNIX Part No. B10660-01 |
|
![]() |
![]() |
This appendix describes the default settings that are available upon installation of Oracle Internet Directory.
The installation of Oracle Internet Directory creates a default DIT and sets up a default identity management realm using several assumptions about the deployment.
The following is a summary of all of the operations performed during the Oracle Internet Directory installation:
A default DIT is created based on the domain name of the machine on which Oracle Internet Directory is installed. For example, if Oracle Internet Directory is being installed on a machine named oidhost.us.acme.com
, the default DIT is dc=us,dc=acme,dc=com
.
A default identity management realm is created, whose base corresponds to the domain name of the machine. Following the preceding example, the root of the default identity management realm is dc=us,dc=acme,dc=com
.
Associated with this realm is an entity called Oracle Context, that stores all the realm-specific policies and metadata. In the example, Oracle Context is created with the distinguished name cn=OracleContext,dc=us,dc=acme, dc=com
. This entry, and the nodes under it, serves as the basis for Oracle software to detect realm specific policies and settings.
Directory structure and naming policies are created in the default identity management realm that enable Oracle components to locate various identities. Following are the default values for these policies:
All users are located in the cn=users
container under the base of the identity management realm. In this scenario, the distinguished name is cn=users,dc=us,dc=acme,dc=com
.
Any new users created in the identity management realm using the Oracle Identity Management infrastructure are also created under the cn=users
container
All new users created in the identity management realm using the Oracle Identity Management infrastructure belong to the object classes orclUserV2
and inetOrgPerson
All groups are located in the cn=groups
container under the base of the identity management realm. In this scenario, the distinguished name is cn=groups,dc=us,dc=acme,dc=com
.
A bootstrap user named cn=orcladmin
is createdunder the cn=users
container. In this scenario, the fully-qualified distinguished name of the bootstrap user is cn=orcladmin,cn=users,dc=us,dc=acme,dc=com
.
Default authentication policies are created that enable the authentication services to perform appropriate actions, including the default directory password policy (such as password length, lockout, and expiration) and additional password verifiers that must be automatically generated when provisioning users
Identity management privileges are created and granted to the bootstrap user who can further delegate these authorizations through the Oracle Delegated Administration Services self-service console. Some of these privileges include: