Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Directory Concepts and Architecture, 8 of 15
This section contains these topics:
An Oracle Internet Directory node consists of one or more directory server instances connected to the same directory store. The directory store--that is, the repository of the directory data--is an Oracle9i Database Server.
Figure 2-4 shows the various directory server components and their relationships running on a single node.
Oracle Net Services is used for all connections between the Oracle database server and:
LDAP is used for connections between directory server instance 1 on non-SSL port 389 and:
The two Oracle directory server instances and the Oracle directory replication server connect to OID Monitor by way of the operating system.
As shown in Figure 2-4, an Oracle Internet Directory node includes the following major components:
The Oracle directory replication server uses LDAP to communicate with an Oracle directory (LDAP) server instance. To communicate with the database, all components use OCI/Oracle Net Services. Oracle Directory Manager and the command-line tools communicate with the Oracle directory servers over LDAP.
Each Oracle directory server instance, also called an LDAP server instance, looks similar to what Figure 2-5 illustrates.
One instance comprises one dispatcher process and one or more server processes. By default, there is one server process for each instance, but you can increase this number. Oracle Internet Directory dispatcher and server processes can use multiple threads to distribute the load.LDAP clients send LDAP requests to an Oracle Internet Directory listener/dispatcher process listening for LDAP commands at its port.
The OID listener/dispatcher sends the request to the Oracle directory server which, in turn creates server processes. A server process handles an LDAP operation request and connects to the Oracle database instance to access the directory store. The directory server handles the client request by generating one server process for each operation.
Multiple server processes enable Oracle Internet Directory to take advantage of multiple processor systems. The number of server processes created is determined by the configuration parameter ORCLSERVERPROCS. The default is 1 (one).
Database connections from each server process are spawned as needed, depending on the value set for the configuration parameter ORCLMAXCC. The default value for this parameter is 10. The server processes communicate with the data server by way of Oracle Net Services. A Oracle Net Services Listener/Dispatcher relays the request to the Oracle9i database server.
Directory metadata is the information used by the directory server during run time for processing LDAP requests. It is stored in the underlying data repository. During startup, the directory server reads this information and stores it in a local metadata cache. It then uses this cache during its runtime to process incoming LDAP operation requests.
The directory server has the following types of metadata in its local metadata cache.
The definitions of object classes, attributes, and matching rules supported by the directory server. The directory server uses this information during creation and modification of directory objects. A directory object is a collection of object classes and their associated attributes and matching rules.
A directory administrative domain for defining and controlling access to the information in that domain. The directory server uses ACPs when determining whether to allow a certain LDAP operation performed by a user.
The root DSE (DSA-Specific Entry) contains a number of attributes that store information about the directory server itself. For example, these attributes contain the following information items, to mention just a few:
Groups that can be used in access control policies.
The directory schema supports directory group objects through the standard groupofuniquenames
and groupofnames
object classes. These object classes hold information for such groups as distribution lists and mailing lists to mention just two.
Oracle Internet Directory extends these standard group objects through an auxiliary object class called orclprivilegegroup
. This object class, which supports privilege groups that can be used in access control policies, provides flexibility to grant or deny access to groups of users. The directory server uses this information during:
Instructions on how to modify a group entry to associate it with or disassociate it from an object class can be found in either "Modifying Entries by Using Oracle Directory Manager" or "Example: Modifying a User Entry by Using ldapmodify".
A special entry containing information about indexed attributes in the underlying database. The directory uses this information during directory search operations.
A special entry containing information about hosted companies. A hosted company is an enterprise to which another enterprise provides services. The metadata in this entry includes the hosted company DN, user search base, nickname and other attributes, all of which are described in Chapter 19, "Deployment of Oracle Identity Management Realms".
A special entry containing information about the kind of operation that triggers a plug-in event, and the point in the operation when that plug-in is to be triggered. This information is described in Chapter 45, "Oracle Internet Directory Plug-in Framework".
A special entry containing information about the encryption and verifier attribute types. This information is described in Chapter 16, "Directory Storage of Password Verifiers".
A special entry containing information about the policies enforced by the directory server for the user password credentials. The directory server uses this information during runtime to enforce the password policies.
The configuration parameters for each Oracle directory server instance are stored in an entry called a configuration set entry, or configset. When you start an instance of a server by using the OID Control Utility, the start-command you enter contains a reference to one of these configuration set entries and uses the information it contains.
The Oracle directory server is installed with a default configuration set entry (configset0
) so that you can run the directory server immediately. You can create customized configuration set entries with parameters to meet your specific needs.
You can view, add, and modify configuration set entries by using either Oracle Directory Manager or the appropriate command-line tool.
See Also:
|
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|