Index

A B C D E F G H I J K L M N O P Q R S T U V W

Numerics

389 port, A-8, A-11, B-5

636 port, A-8, A-11, B-5

A

A control information (ACI)

more than one for the same subject, 14-16

abstract object classes, 2-10

superclasses of, 6-4

top, 2-9

access

exclusionary, 14-17

granting

by using command-line tools, 14-48

by using Oracle Directory Manager, 14-18

entry-level, by using command-line tools, 14-50

entry-level, by using Oracle Directory Manager, 14-32

kinds, 14-11

level requirements for LDAP operations, 14-12

object, 14-7

operations, 14-11

rights, setting by using Oracle Directory Manager, 14-22, 14-30

selecting, by DN, 14-51

subject, 14-8

unspecified, 14-12, 14-30

violation event, 10-13

access control

and authorization, 2-12

conceptual discussion, 12-3

default, 17-4

defined, 2-12

directive format. See ACI directive format

for agents, 36-5

for directory integration and provisioning server, 36-5

in Oracle Directory Integration and Provisioning platform, 36-4

in the Oracle Directory Integration and Provisioning platform, 36-4

management constructs, 14-2

managing, 14-1

by using command-line tools, 14-48

by using Oracle Directory Manager, 14-18

overview, 1-9

policies

conflicting, 14-2

inheriting, 14-2

policy administration, overview, 14-2

prescriptive, 14-3

schema elements, B-4

setting, by using wildcards, 14-50

to provisioning profiles, 34-11

access control information (ACI)

attributes, 12-3

components, 14-7

directives, format, 12-3

items

format, E-1

syntax, E-1

object of directives, 14-7

subject of directives, 14-8

access control lists (ACLs), 2-22, 12-3

and integration with SunONE Directory Server, 42-9

directives, within entries, 14-3

evaluation

for groups, 14-17

precedence rules, 14-14

for groups, 14-17

how it works, 14-13

modification, 10-13

precedence

rules, 14-14

within subtrees, 14-3

Access Control Management pane, in Oracle Directory Manager, C-2

access control policy points (ACPs), 14-2, 14-20

adding

by using ldapmodify, 14-49

by using Oracle Directory Manager, 4-9, 14-20

by using the ACP Creation Wizard of Oracle Directory Manager, 14-24

administering, by using Oracle Directory Manager, 4-13

configuring display of, in Oracle Directory Manager, 14-18

creating by using ACP Creation Wizard, 14-24

Creation Wizard, 14-24

defined

groups, 14-4

multiple, 14-2

viewing, 14-20

by using Oracle Directory Manager, 14-20

viewing, by using Oracle Directory Manager, 14-20

accessDirectiveMatch matching rule, B-46

accounts

enabling and disabling

by using command-line tools, 15-9

by using Oracle Internet Directory Self-Service Console, 15-10

unlocking

by using command-line tools, 15-9

by using Oracle Internet Directory Self-Service Console, 15-10

ACI. See access control information (ACI)

ACL. See access control lists (ACLs)

ACP groups, 14-4

ACP. See access control policy points (ACPs)

ACPs. See access control policy points (ACPs)

Active Directory

Microsoft

integration with, 43-1

active server instances

modifying configuration set entries in, 5-4

viewing, 5-4, 5-13

Add New Attributes window, OID Self-Service Console, C-42

added_object_constraint filter, 14-49

added-object-constraint, in access control, 14-11

add.log, A-23

-ADDNODE option, in Replication Environment Management Tool, A-65

administration tools, 7-10

bulkdelete, A-44

bulkload, A-45

bulkmodify, A-51

Catalog Management Tool (catalog.sh), 4-17

command-line, 1-8, 4-14

Human Intervention Queue Manipulation Tool, 4-19

ldapadd, 7-10, A-21

ldapaddmt, A-23

ldapbind, A-25

ldapcompare, A-26

ldapdelete, 7-10, A-28

ldapmoddn, 7-11, A-30

ldapmodify, 7-11, A-31

ldapmodifymt, 7-11, A-37

ldapsearch, A-39

ldifwrite, A-53

OID Database Password Utility (oidpasswd), 4-21

OID Database Statistics Tool (oidstats.sh), 4-21

OID Migration Tool, 4-20

OID Reconciliation Tool, 4-19

Oracle Directory Manager, 4-2

Oracle Internet Directory Self-Service Console, 31-1

Replication Environment Management Tool, 4-19

agent tools, A-107

agents

access controls for, 36-5

log file location, 3-5

uploading agent file, A-120

alias entries

adding, 5-16

dereferencing, 5-14, 5-16

messages, 5-19

modifying, 5-19

searching directory with, 5-17

alternate server list

from the Oracle directory server, 26-4

from user input, 26-4

AlternateServers attribute, in failover, 26-4

ANALYZE function of DBMS_STATS package, 21-3

anonymous authentication, 4-4, 12-4

anonymous login, 4-4

Application Server Control

starting directory server instance, 10-23

stopping directory server instance, 10-24

viewing user logon session information, 10-25

applications

enrollment in, for provisioning, 34-3

automatic, 34-3

manual, 34-3

registering with the Oracle Directory Provisioning Integration Service, 34-6

unsubscribing from Oracle Directory Provisioning Integration Service, 34-9

application-specific repositories

migrating data from, 23-5

Apply button, in Oracle Directory Manager, 4-8

architecture

Oracle Internet Directory, 1-6, 2-1, 2-14

Oracle Internet Directory Server Manageability framework, 10-19

rack-mounted directory server configurations, 27-2

ASR Agreement tab page, in Oracle Directory Manager, C-13

ASR. See Oracle9i Advanced Replication

-ASRCLEANUP option, Replication Environment Management Tool, A-77

-ASRRECTIFY option, in Replication Environment Management Tool, A-78

-ASRSETUP option, in Replication Environment Management Tool, A-68

-ASRVERIFY option, in Replication Environment Management Tool, A-82

Assign Privileges window, in Oracle Directory Manager, C-45

attribute options, 2-7

adding

by using ldapmodify, 7-12

by using Oracle Directory Manager, 7-8

conceptual discussion, 2-7

deleting by using Oracle Directory Manager, 7-9, 7-13

language codes, 2-7

managing

by using command line tools, 7-12

by using Oracle Directory Manager, 7-8

modifying by using Oracle Directory Manager, 7-9

searching for by using ldapsearch, 7-13, A-42

attribute uniqueness

about, 8-2

constraint entries, 8-2

entries

location of, 8-7

known limitations, 8-12

managing, 8-7

managing by suing command-line tools, 8-9

managing, by using Oracle Directory Manager, 8-7

rules for creating, 8-3

schema elements, B-4

attribute values, replacing, A-35

attributes

adding, 6-12

by using ldapadd, A-21

by using ldapmodify, 6-17, 6-18

by using Oracle Directory Manager, 6-14

concurrently, by using ldapaddmt, A-23

guidelines for, 6-12

to existing entries, A-21

AlternateServers, for failover, 26-4

as DNs, 7-4

as metadata in schema, 6-2

attribute options, 7-13

adding by using ldapmodify, 7-12

adding by using Oracle Directory Manager, 7-8

conceptual discussion, 2-7

deleting by using Oracle Directory Manager, 7-9, 7-13

managing by using command line tools, 7-12

managing by using Oracle Directory Manager, 7-8

modifying by using Oracle Directory Manager, 7-9

searching for by using ldapsearch, A-42

base schema

deleting, 6-12

modifying, 6-12

commonName, 2-6

creating by using Oracle Directory Manager, 4-9

deleting, 6-12

by using ldapmodify, A-35

guidelines for, 6-12

determined by object classes, 6-3

ditcontentrule, 6-22

dropping indexes, 6-17

extending number of

by using auxiliary object classes, 6-21

by using content rules, 6-22

for existing entries, 6-21

prior to creating entries, 6-21

for a specific entry

viewing by using Oracle Directory Manager, 7-4

for which data exists

indexing, 6-20

for which no directory data exists

indexing, 6-19

in base schema, 6-11

in LDIF files, A-2

in top, 2-10

indexed

viewing, 6-17

indexes, created by bulkload, 7-16

indexing, 6-16, 6-20

by using Catalog Management tool, 6-16

by using command-line tools, 6-19

by using Oracle Directory Manager, 6-16

when you create them, 6-16

information, kinds of, 2-5

inheritance of, 6-3

jpegPhotos, 2-6, 7-11

kinds of information in, 2-5

labeledURI, 9-4, 9-13

loginID, 41-11

making available for searches, 6-16

managing, 6-11

by using command-line tools, 6-17

by using Oracle Directory Manager, 6-11, 6-12

overview, 6-11

managing by using command-line tools, 6-17

mandatory, 2-8, 6-3, 7-7

in a user entry, 23-8

matching rules, 2-7

modifying

by using ldapmodify, 7-11

by using ldapmodifymt, 7-11

by using Oracle Directory Manager, 6-15, 7-9

concurrently, 7-11

guidelines for, 6-12

rules for, 6-12

using ldapmodify, 6-17, 6-18

multivalued, 2-5, 14-3

converting to single-valued, 6-12

null values in, 6-3

objectclass, 10-11

objects associated with an ACI, 14-7

operational, 5-9

optional, 2-8, 6-3

options, 2-7

language codes., 2-7

orclauditlevel, 10-13

orclauditmessage, 10-11

orclauditoc, 10-11

orcleventtime, 10-11

orcleventtype, 10-11

orclopresult, 10-11

orclsequence, 10-11, 10-12

orclskewedattribute, 21-12

orcluserdn, 10-11

organization, 2-6

organizationalUnitName, 2-6

redefining mandatory, 6-4

ref, 7-17

removing from object classes, 6-5

rules

for adding, 6-12

for deleting, 6-12

for modifying, 6-12

searching for, by using Oracle Directory Manager, 6-13

single-valued, 2-5

converting to multivalued, 6-12

size of values, B-46

skewed, optimizing searches for, 21-12

sn, 2-6

specifying as mandatory or optional, 6-3

surname, 2-6

syntax, 2-6

modifying, 6-12

syntax type

selecting, 6-27

syntaxes

cannot modify, 6-12

selecting, 6-27

system operational, 5-9

types, 2-4

values, 2-4

deleting, A-34

size of, B-46

viewing, 7-4

Attributes tab page, in Oracle Directory Manager, C-20

audit level, 10-12

modifying, 10-15

setting, 10-13

by using ldapmodify, 10-14

by using Oracle Directory Manager, 10-13

audit log, 10-10

container object, 10-16

default configuration, 10-10

entries

in the DIT, position of, 10-12

position in DIT, 10-12

searching, 10-11

searching for, 10-15

searching for by using ldapsearch, 10-16

searching for by using Oracle Directory Manager, 10-15

structure, 10-11

viewing, 10-10

events

access violation, 10-13

ACL modification, 10-13

add, 10-13

adding, 10-13

bind, 10-12

deleting, 10-13

DSE modification, 10-13

modify, 10-13

modifyDN, 10-13

modifying, 10-13

replication login, 10-13

schema element, add/replace, 10-12

schema element, delete, 10-12

selected, 10-13

super user login, 10-12

user password modification, 10-13

garbage collector, 22-3

purging, 10-16

queries, 10-10

sample, 10-12

schema elements, B-4

structure of entries, 10-11

using, 10-10

auditable events, 10-12

auditing selected events, 10-13

authenticated access, by using SSL, 1-9

authentication, 12-4

and Oracle directory integration and provisioning server, 36-3

anonymous, 4-4, 12-4, 12-5

conceptual discussion, 12-4

defined, 2-12

direct

options, 12-4

external, 12-8, 47-2

how it works, 42-4

SASL, 12-5

in a typical directory operation, 2-22

in the Oracle Directory Integration and Provisioning platform, 36-2

indirect, 12-5

through a RADIUS server, 12-5

Kerberos, A-22, A-24, A-29

native, 47-2

non-SSL, 36-3

Oracle directory replication server, 24-18

parameters, B-6

password-based, 4-4, 12-5

PKI, 12-2

profile, 36-4

SASL, 12-5

SASL mechanism

external authentication, 12-5

MD5Digest, 12-5

simple, 1-9, 4-4, 12-5

Simple Authentication and Security Layer (SASL), 12-5

specifying

no SSL, B-6

SSL

defined, 12-5

for Oracle Directory Manager, 4-7

mode, 36-4

no, 4-7

one-way, B-6

server only, 4-7

with ldapadd, A-22

with ldapaddmt, A-25

with ldapbind, A-26

with ldapmodify, A-32

with ldapmodifymt, A-38

three levels, 1-9

through a middle tier, 12-5

two-way SSL, B-6

Authentication Choice list, in Oracle Directory Manager, C-2

Authentication Services Group, 17-17

authorization, 2-12, 12-2

in the Oracle Directory Integration and Provisioning platform, 36-4

automated resolution of conflicts, 24-26

auto-provisioning plug-ins

for integration with Microsoft Windows NT, 43-58

auxiliary object classes, 2-10, 6-5

extending number of attributes by using, 6-21

availability, high, 26-7

average latency, 21-2

B

backup and recovery strategies, failover, 18-6

backup and restore, 11-1

base schema

attributes, 6-11

deleting, 6-12

modifying, 6-12

object classes

modifying, 6-5

base search, 7-3, A-39

batching line-mode commands, 6-9

Begins With filter, in Oracle Directory Manager, C-18

bind event, 10-12

bind mode, 14-10

binding, 2-22

bitStringMatch matching rule, B-46

bootstrap command, in Directory Integration and Provisioning Assistant, A-111

bootstrapping

in integrated environments

by using default integration profiles, 37-5

by using the parameter file, 37-2

in Oracle Directory Integration and Provisioning platform, 37-1

Oracle Internet Directory from Oracle Human Resources, 39-14

BSTAT/ESTAT scripts, 21-8

buffer caches, size, 21-8

bulk loading failure, 7-16

bulk tools

syntax, A-44

bulkdelete, 4-18, 7-16, A-44

and Globalization Support, G-10

syntax, A-44

bulkload, 4-18, 7-15, 7-16, A-45

and Globalization Support, G-9

check mode, performing on LDIF files, 23-4

creating indexes, 7-16

.dat files, 7-16

generating input files, 7-16

-load option, 7-16

log file location, 3-5

syntax, A-45

bulkmodify, 4-18

and Globalization Support, G-10

LDIF file-based modification, A-52

syntax, A-51

By Whom tab page, in Oracle Directory Manager, C-3

C

C API, 2-22

cache, entry, 21-11

cache, metadata, 2-19

caching

client-side referral, 7-19

Cancel button, in Oracle Directory Manager, 4-8

capacity planning, 18-8, 20-1

I/O subsystem, 20-6

network requirements, 20-13

overview, 20-2

caseExactIA5Match matching rule, B-47

caseExactMatch matching rule, B-47

caseIgnoreIA5Match matching rule, B-47

caseIgnoreListMatch matching rule, B-47

caseIgnoreMatch matching rule, B-47

caseIgnoreOrderingMatch matching rule, B-47

catalog entry, 2-20

Catalog Management Tool

syntax, A-19

Catalog Management tool

syntax, A-19

Catalog Management Tool (catalog.sh), 4-17, 6-16, 6-20

log file location, 3-5

cataloged attributes

orcleventtype, 10-11

orcluserdn, 10-11

catalog.sh

syntax, A-19

catalog.sh. See Catalog Management tool.

central enterprise directory, 41-3

Oracle Internet Directory as, 41-3

third-party directory as, 41-4

change log

purging, in multimaster replication, 22-7

Change Log window, in Oracle Directory Manager, C-17

change logging, A-8

change logs, 2-24, 24-6

and directory replication, 24-19

change number-based purging, 22-7

flag, A-7

toggling, A-7

garbage collector, 22-3

in replication, 1-8, 24-19, 24-24

in synchronization process, 32-7

interface

IETF, 32-10

Oracle proprietary, 32-10

object store, and integration with third-party metadirectory solutions, 44-2

purging, 22-7

methods, 22-7

time-based purging, 22-7

used by Oracle Directory Provisioning Integration Service, 34-4

change number-based purging, 22-7

change retry count, setting, C-13

change types, in ldapmodify input files, A-34

changeLog attribute, B-35

changeLogEntry attribute, B-35

changeNumber attribute, B-35

changes

moving from the human intervention queue into the purge queue, A-57

moving from the human intervention queue into the retry queue, A-56

changeStatus attribute, B-35

changeStatusEntry attribute, B-35

changetype attribute, B-35

add, A-34

delete, A-35

modify, A-34

modrdn, A-35

-CHGPWD option, in Replication Environment Management Tool, A-72

cipher suites

SSL, 13-2

SSL, supported, 13-2

SSL_RSA_WITH_3DES_EDE_CBC_SHA, 13-2

SSL_RSA_WITH_NULL_MD5, 13-2

SSL_RSA_WITH_NULL_SHA, 13-2

SSL_RSA_WITH_RC4_128_SHA, 13-2

clients, failover options on, 26-3

client-side referral caching, how it works, 7-19

cluster manager, 29-2

clusters

definition, 29-2

cn attribute, 2-6

cn=replication namecontext, 24-14

cold backups, F-1

command line tools

described, 4-14

command-line tools, 1-8

adding configuration set entries, 2-21, 7-10

Catalog Management Tool, 6-16

comparing attribute values, 7-10

Directory Integration and Provisioning Assistant, A-107

for managing entries, 7-10

indexing, 6-16, 6-20

ldapadd, 7-10, A-21

ldapaddmt, 7-10, A-23

ldapbind, A-25

ldapcompare, A-26

ldapcreateconn.sh, A-121

ldapdelete, 7-10, A-28

ldapmoddn, 7-11, A-30

ldapmodify, 7-11, A-31

ldapmodifymt, 7-11, A-37

ldapsearch, A-39

ldapUploadAgentFile.sh, A-120

managing

attributes, 6-17

entries, 7-10

modifying configuration set entries, 7-11

overview, 4-14

Replication Environment Management Tool, A-62

schemasync, A-125

setting Globalization Support, G-5

stopodiserver.sh, A-124

syntax, A-18

common entry, defined, 2-20

Common Group Attributes Group, 17-20

Common User Attributes Group, 17-19

commonName attribute, 2-6

comparing

attribute values, 7-10

entries, 7-10

two objects, 4-9

component deployment and administration

delegation, 17-11

components

of a directory server, 2-15

of Oracle Internet Directory, 1-7

concurrent database connections, 21-10, B-5

configNLDAP.ora, F-9

configsets, 2-21

configuration parameters

modifying, 2-21

Oracle directory replication server

location, 25-36

configuration set entries, 2-21

adding, 2-21, 5-2, 5-7

by using command line tools, 7-10

by using command-line tools, 2-21

by using Oracle Directory Manager, 5-4

changing, 5-8

database connections, B-5

debug level, B-5

deleting, 5-2

by using ldapmodify, 5-8

by using Oracle Directory Manager, 5-4, 5-6

directory integration and provisioning server, 35-3

directory server processes, B-5

for replication server, 25-36

LDIF files, 5-7

managing, 4-23, 5-2

by using command-line tools, 5-7

by using Oracle Directory Manager, 5-4

preliminary considerations, 5-2

modifying, 2-21, 5-2, A-17

by using command line tools, 7-11

by using ldapmodify, 5-8

by using Oracle Directory Manager, 5-4, 5-6

in an active server instance, 5-4

multiple, 13-3

Oracle directory integration and provisioning server, 35-3, 35-8

orcldebuglevel, B-5

orclmaxcc, B-5

orclserverprocs, B-5

orclssl authentication, B-6

orclsslenable, B-6

orclsslport, B-5

orclsslwalleturl, B-6

overriding user-specified, A-9

schema elements, B-5

SSL parameters in, 13-3

using different, 5-2

viewing, 5-4

configuration set location, C-29

Configuration Sets General tab page, in Oracle Directory Manager, C-27

conflict resolution, in replication, 24-24

conflicting access control policies, 14-2

precedence, rules for resolving, 14-2

conflicts, replication

automated resolution of, 24-26

manual resolution of, 25-20

resolution, 14-14, 24-24

resolving manually, 25-20

typical causes of, 24-26

CONNECT BY assertions, in dynamic groups, 9-4

Connect/Disconnect button in Oracle Directory Manager, 4-10

connected directories

described, 32-6

SSL certificates for, 35-8

connecting

to a directory server, 4-3, 4-23

in a typical directory operation, 2-22

to additional directory servers, 4-11

to multiple directory servers, 4-11

connection

pooling, 1-8

redirection, 26-9

hardware-based, 26-7

network-level, 26-6

software-based, 26-7

connections, LDAP, specifying maximum idle time for, 5-14

connectors, 33-1

managing from the command line, 33-22

registering, 33-7

scheduling, 35-2

SunONE, 42-2

connect-time failover, 29-2

constraints, object classes, 2-10

consumers

defined, 2-23, 24-2

containment

of groups, planning, 19-8

of users, planning, 19-8

content access items, 14-36

of an existing ACP, 14-30

Content Rule dialog box, in Oracle Directory Manager, C-25

content rules

defined, 6-22

defined as values of ditcontentrule attribute, 6-22

extending number of attributes by using, 6-22

managing

by using command-line tools, 6-25

by using Oracle Directory Manager, 6-24

rules for creating and modifying, 6-22

schema enforcement when using, 6-23

control, access, 1-9, 14-1

converting

auxiliary object classes, 6-5

directory data to LDIF, 7-16

structural object classes, 6-5

CPUs

configuration, 20-15

in capacity planning, 20-2

power required for various deployment scenarios, 18-9

processing power, 20-15

requirements, 20-14, 20-16

detailed calculations, 20-16

in capacity planning, 20-14

tuning, 21-4

tuning for Oracle foreground processes, 21-6

usage, 18-11

usage tuning, 21-4

when to tune, 21-4

Create button, in Oracle Directory Manager, 4-10

Create Entry menu item, in Oracle Directory Manager, 4-9

Create Identity Management Realm window, in Oracle Directory Manager, C-46

Create Like

adding entries using templates, 7-5

button, in Oracle Directory Manager, 4-10, 7-6

operation, by using Oracle Directory Manager, 4-8

Create Resource Type window, in Oracle Directory Manager, C-49

createTimestamp attribute, 2-5, 23-4

optional in top, 2-10

creating an integration profile, A-121

creatorsName attribute, 2-5, 23-4

optional attribute in top, 2-10

critical events

in Oracle Internet Directory Server Manageability framework, 10-22

levels, 10-22

D

daemons, 3-2

.dat files, generated by bulkload, 7-16

data integrity, 2-12, 2-13, 12-2, 36-6

in Oracle Directory Integration and Provisioning platform, 36-6

data migration process, 23-2

data privacy, 2-12, 12-2

by using SSL, 1-9

in Oracle Directory Integration and Provisioning platform, 36-6

data, updating by using Oracle Directory Manager, 4-11

database

block buffers parameter, 21-9

block size parameter, 21-9

cache size, 18-10

connections, 2-19

concurrent, 21-10, B-5

pooling, 1-8

dedicated for directory, 2-17

password, changing, 5-14

queries, optimization of, 21-12

server, 1-6

server error, I-2

tuning, 21-9

DB_BLOCK_BUFFERS, 21-8

DBMS_STATS package, 21-3

debug

log files, viewing, A-9

debug dimension, 10-8

debug logging

levels, 10-6, 10-7, B-5

about, 10-2

setting, 10-6

setting by using OID Control Utility, 10-6

setting by using Oracle Directory Manager, 10-6

setting for directory integration and provisioning server, 35-12

levels, setting

by using OID Control Utility, 10-6

by using Oracle Directory Manager, 10-6

log files, viewing, 10-7

schema elements, B-7

debugging the external authentication plug-in, 47-4

debugging, limiting to specific operations, 10-8

default

identity management realm, 2-35, 19-12

default configuration

access controls, 17-4

default directory structure, 23-9

default knowledge references (referrals)

configuring, 7-18

default knowledge references (referrals), configuring, 7-18

default port, 4-3

number, A-8, A-11

Delegated Administration Services

and secure directory access, 30-5

architecture, 30-4

centralized proxy user, 30-5

components, 30-4

creating applications by using, 30-10

defined, 2-30

definition, 30-2

for user entries, 30-11, 30-12

how it works, 30-3

installation, 30-7

installing and configuring, 30-6

Java servlets, 30-3

log file location, 30-7

location of log files, 30-6

log file location, 30-7

manually deploying, 30-13

OC4J, 30-3

Oracle HTTP Server

log file location, 30-7

overview, 2-36

starting and stopping, 30-10

verifying that it is running, 30-8

delegation

component deployment and administration, 17-11

how it works, 17-2

in an Oracle Application Server environment, 17-3

of privileges for user and group management, 17-5

Delete button, in Oracle Directory Manager, 4-11

-DELNODE option, in Replication Environment Management Tool, A-73

deployment

considerations, 18-1

CPU power, 18-9

failover, 18-6

replication, 18-5

tuning, 18-11

examples, 26-9

partitioning, 18-4

deployment considerations

metadirectory, 18-7

dereferencing alias entries, 5-16

deregistering a directory, 44-7

DES40 encryption, 12-2

descriptions of object classes, C-18, C-20

directories

access control, 1-9, 14-1

application, migrating data from, 23-5

as read-focused, 1-3

backup and restore, 11-1

central enterprise, 41-3

contrasted to relational databases, 1-2

database listener, 25-8

defined, 1-2

distributed, 2-22

existing, migrating into the default directory structure, 23-9

expanding role of, 1-2, 18-2

location-independent, 1-3

multimaster replication groups (DRGs)

installing, 25-2

online

expanding role of, 1-2

partitioned, 2-26

password, changing, 5-11

planning structure of, 19-7

read-focused, 1-3

replication groups (DRGs), 24-20, 25-2

and replication agreements, 24-20

configuring, 25-2

schema

managing, 6-1

overview, 6-2

small

backing up and restoring, 11-2

special purpose, 1-4

E

-E argument in Globalization Support, G-6

Edit

button, in Oracle Directory Manager, 4-10

menu item, in Oracle Directory Manager, 4-9

Editing Attribute window, OID Self-Service Console, C-43

encryption

DES40, 12-2

levels available in Oracle Internet Directory, 12-2

password, 12-8

passwords

UNIX crypt, 16-3, 16-5

RC4_40, 12-2

Encryption Choice list, in Oracle Directory Manager, C-3

Ends With filter, in Oracle Directory Manager, C-18

entity component, in access control, 14-9

entries

adding

by copying an existing entry, 7-5

by using ldapadd, 7-10, A-21

by using ldapaddmt, 7-10, A-23

by using Oracle Directory Manager, 7-4, 7-5

concurrently, 7-10

mandatory attributes, 7-5

optional attributes, 7-5

requires write access to parents, 7-5

alias, dereferencing, 5-14

attributes, viewing, 7-4

audit log, 10-10

searching, 10-11

command-line tools for managing, 7-10

comparing, by using ldapcompare, 7-10

conceptual discussion, 2-2

configuration set, 2-21

creating by using Oracle Directory Manager, 4-9

deleting

by using ldapdelete, 7-10, A-28

by using ldapmodify, A-35

large numbers, 7-16

displaying, 7-2

distinguished names of, 2-2

garbage collector, 22-6

group, 2-5

inheriting attributes, 6-3

loading, 6-4

locating by using distinguished names, 2-3

managing, 7-1

by using bulk tools, 7-13

by using command line tools, 7-10

by using Oracle Directory Manager, 4-14, 7-2

managing by using command-line tools, 7-10

many, modifying, 7-16

modifying

by using ldapmodify, A-31

by using Oracle Directory Manager, 7-7

concurrently, by using ldapmodifymt, A-37

large numbers, A-51

naming, 2-2

objects associated with an ACI, 14-7

parent, 6-4

replication naming context container, 24-14

restricting the kinds users can add, 14-22, 14-25, 14-29, 14-33, 14-49

root of search, 7-2

searching

base level, 7-3, A-39

by using ldapsearch, A-39, A-120, A-121

by using Oracle Directory Manager, 7-2

one-level, 7-3, A-39

specifying search depth, 7-3

subtree level, 7-3, A-39

selecting by DN, 14-51

selecting superclass, 7-5

specific, granting access to, C-3

static group

modifying, by using ldapmodify, 9-10, 9-14

superclasses, selecting, 7-5

user

adding, by using ldapadd, 7-11

adding, by using Oracle Directory Manager, 7-6

modifying, 7-12

modifying, by using ldapmodify, 7-12

modifying, by using Oracle Directory Manager, 7-8

with attribute options

adding by using ldapmodify, 7-12

adding by using Oracle Directory Manager, 7-8

deleting by using Oracle Directory Manager, 7-9, 7-13

managing by using command line tools, 7-12

managing by using Oracle Directory Manager, 7-8

modifying by using Oracle Directory Manager, 7-9

searching for by using ldapsearch, 7-13

entry

caching, 21-11

enabling, B-41, C-30

catalog, defined, 2-20

common, defined, 2-20

password policy, defined, 2-21

password verifier, defined, 2-20

plug-in, defined, 2-20

entry-level access, granting by using Oracle Directory Manager, 14-32

environment variables, NLS_LANG, G-2

error messages, I-6

additional, I-6

administration, I-2

database server, I-2

directory server, due to schema modifications, I-2

installation, I-2

provisioning, 34-16

returned from Oracle directory server, I-2

standard, I-2

events, auditable, 10-12

Exact Match filter, in Oracle Directory Manager, C-19, C-35

exclusionary access to objects, granting, 14-17

existing ACPs and their ACI directives, modifying, 14-28

Exit menu item, in Oracle Directory Manager, 4-8

explicit hierarchies, 9-5

extensibility, in LDAP Version 3, 1-5

extensibleObject object class, 7-17

external authentication, 12-8

contrasted with native authentication, 47-2

defined, 47-2

plug-in, 47-1, 47-2

debugging, 47-4

for integration with Microsoft Windows NT, 43-58

for SunONE Directory Server, 42-11

installing, 47-2, 47-5

installing, configuring, and enabling, 47-2

SASL authentication mechanism, 12-5

types, 42-4

external repository, storing security credentials in, 47-1

F

failover, 1-9, 26-1, 26-2

AlternateServers attribute, 26-4

capabilities in Oracle Internet Directory, 26-7

connect-time, 29-2

considerations in deployment, 18-6

in Real Application Clusters environment, 29-1

network-level, 26-6

options in private network infrastructure, 26-8

options in public network infrastructure, 26-5

options on clients, 26-3

failure recognition and recovery. See failover.

failure to apply changes, 24-24

failure tolerance, and replication, 18-6

fan-out replication, 2-23, 24-2, 24-33

groups, 2-23, 24-2, 24-7

in conjunction with multimaster replication groups, 24-9

LDAP-based, 2-23

process, 24-34

fault tolerance mechanisms, 26-3

features, new, i-lxv

in Oracle Internet Directory, Release 3.0.1, i-lxxix

release 10g (9.0.4), i-lxvi

release 2.1.1, i-lxxxi

release 3.0.1, i-lxxix

release 9.0.2, i-lxxiii

File menu, in Oracle Directory Manager, 4-8

file naming conventions, 33-19

files

location, 33-19

filters

Begins With, C-18

Ends With, C-18

Exact Match, C-19, C-35

Greater or Equal, C-19, C-35

IETF-compliant, A-39

in attribute searches, 6-13

in searches, 2-22, 6-7

in Oracle Directory Manager, 6-7

ldapsearch, A-41

Less or Equal, C-19, C-36

not null, C-19

Present, Oracle Directory Manager, C-36

Find Attributes button, in Oracle Directory Manager, 6-13

Find Objects button, in Oracle Directory Manager, 4-10, 6-7

formats, of distinguished names, 2-3

full replication, 2-23, 24-2

function calls, tracing, 10-7

G

garbage collection

framework

about, 22-2

components of, 22-2

how it works, 22-5

in replication, 22-7

plug-in, 22-2

schema elements, B-8

Garbage Collector window, in Oracle Directory Manager, C-5

garbage collectors

audit log, 22-3

change log, 22-3

definition, 22-3

entries for, 22-6

general statistics, 22-3

health statistics, 22-4

managing, 22-8

modifying

by using command-line tools, 22-8

by using Oracle Directory Manager, 22-8

predefined, 22-3

security and refresh events, 22-4

system resource events, 22-4

tombstone, 22-4

general statistics garbage collector, 22-3

generalizedTimeMatch matching rule, B-47

generalizedTimeOrderingMatch matching rule, B-47

Globalization Support, 2-13

bulkdelete, G-10

bulkload, G-9

bulkmodify, G-10

command-line tools, G-5

Java clients, 2-14

ldapadd, G-7

ldapaddmt, G-7

ldapbind, G-7

ldapcompare, G-7

ldapdelete, G-7

ldapmoddn, G-7

ldapmodify, G-7

ldapmodifymt, G-7

ldapsearch, G-7

ldifwrite, G-9

managing, G-1

settings for Oracle Internet Directory, G-2

using with Bulk Tools, G-8

with bulkdelete, G-10

with bulkload, G-9

with bulkmodify, G-10

with command-line tools, G-5

with LDIF Files, G-3

with ldifwrite, G-9

Greater or Equal filter, in Oracle Directory Manager, C-19, C-35

group entries, 2-5

adding, 7-7, 9-8

creating

by using ldapmodify, A-34

by using Oracle Directory Manager, 9-8, 9-11

group search context, 41-13

groupOfNames object class, 9-8, 9-9, 9-11, 9-12

groupOfUniqueNames object class, 9-8, 9-11

groups

ACL evaluation for, 14-17

ACP, 14-4

dynamic, 9-3

managing by using command-line tools, 9-13

managing by using Oracle Directory Manager, 9-11

schema elements for creating, 9-3

dynamic and static, administration of, 9-1

granting access rights to, 14-5

hierarchical, 9-5

membership

how directory server computes, 14-5

names and containment, planning, 19-8

privilege, 14-3, 14-4

defined, 2-20

static, 9-2

managing by using command-line tools, 9-10

managing by using Oracle Directory Manager, 9-8

schema elements for creating, 9-2

when to use static or dynamic, 9-6

guest users

definition, 5-11

managing, 5-11

by using ldapmodify, 5-13

by using Oracle Directory Manager, 5-12

user name and password, 5-11

guidelines

for adding attributes, 6-12

for adding object classes, 6-3

for deleting attributes, 6-12

for deleting object classes, 6-6

for modifying attributes, 6-12

for modifying object classes, 6-5

H

hardware-based connection redirection, 26-7

hashing

passwords to the directory, 16-2

protection

MD4, 16-3

health statistics garbage collector, 22-4

Help

button, in Oracle Directory Manager, 4-11

menu item, in Oracle Directory Manager, 4-10

hierarchical groups, 9-5

hierarchies

explicit, 9-5

implicit, 9-5

high availability, 1-8, 18-3, 18-6, 26-2

and multimaster replication, 26-7

capabilities in Oracle Internet Directory, 26-7

considerations, 18-6

deployment, examples, 26-9

load balancing through network re-director, 27-4

of Oracle Internet Directory, 26-1

human intervention queue, A-56

Human Intervention Queue Manipulation Tool, 4-19, 25-21, A-56

syntax, A-56

I

identity management, 19-12

defined, 2-31

Oracle Identity Management infrastructure, 19-1

planning DIT for, 19-5

policies, 2-35

realms

configuring, 19-14

customizing, 19-14

default, 2-35

defined, 2-34

entry in default DIT, 19-4

implementation in Oracle Internet Directory, 19-4

in enterprise deployments, 19-2

in hosted deployments, 19-3

multiple in enterprise deployments, 19-2

planning, 19-10

single in enterprise deployments, 19-2

realm-specific Oracle Context, 19-5

Identity Management Realm window, in Oracle Directory Manager, C-47

identity management realms, 2-34, 19-2

creating additional, 19-16

multiple, 19-2

single, 19-2

idle time, specifying maximum for LDAP connections, 5-14

IETF

drafts, enforced by Oracle Internet Directory, B-3

LDAP approval

RFCs enforced by Oracle Internet Directory, B-2

standard change log interface, 32-10

implicit hierarchies, 9-5

index

StopOdiServer.sh, A-124

indexed attributes

locations, C-30

orcleventtype, 10-11

orcluserdn, 10-11

viewing, 6-17

indexes

created by bulkload, 7-16

dropping from attributes, 6-17, 10-11

by using Oracle Directory Manager, 6-17

inheritance, 2-8, 2-9

and access control policies, 14-2

from superclasses, 6-3

initNLDAP.ora, F-9

input file, creating, 5-7

installation errors, I-2

installation types

in multimaster replication group installation, 25-3, 25-23, 27-9

insufficient memory, 21-8

IntegerMatch matching rule, B-46, B-47

integrated environments

bootstrapping in, 37-1

security concerns, 41-13

integration

with a relational database, 38-1

managing, 38-2

with Microsoft Windows NT 4.0, 43-56

with Oracle E-Business Suite, 40-1

with Oracle Human Resources, 39-1

with SunONE Directory Server, 42-1

with third-party directories

considerations, 41-1

integration profiles

authentication, 36-4

creating, A-121

default, 37-5

for synchronization, 33-1

relational database, 38-5

SunONE connector, configuring, 42-5

intelligent client failover, 18-6

intelligent network level failover, 18-6

intermediate template file

in migration from application-specific repositories, 23-5

internationalization, and LDAP, G-1

Internet Engineering Task Force (IETF). See IETF.

introduction to LDAP and Oracle Internet Directory, 1-1

I/O subsystem, 20-6

in capacity planning, 20-2, 20-6

requirements, 20-6

sizing, 20-6

throughput, maximizing, 20-6

iostat utility, 21-2

IP address takeover (IPAT), 26-8

iplconfig.sh, 42-5

J

Java clients, Globalization Support and, 2-14

Java Native Interface, 2-22

Java servlets, used by Delegated Administration Services, 30-3

log file location, 30-7

JPEG images, adding with ldapadd, A-23

jpegPhoto attribute, 2-6, 7-11

K

Kerberos authentication, A-22, A-24, A-29

knowledge references, 2-27, 18-3, 18-4

configuring, 7-17

default

configuring, 7-18

defined, 2-27

managing, 7-17

overview, 2-27

restricting permissions for managing, 2-28

smart

configuring, 7-17

superior, 2-27

L

labeledURI attribute, 9-4, 9-13

language codes, as attribute options, 2-7

latency, average, 21-2

LDAP

add or modify performance, 21-15

and internationalization, 2-13

and simplified directory management, 1-4

attributes, common, 2-6

extensibility, 1-5

IETF approval, 1-5

search filters, IETF-compliant, A-39

search performance, 21-14

security, 1-5

server instances, 2-16, 2-17, 2-18

starting, A-7

servers, 2-18

managing, 5-1

multithreaded, 1-8

syntax, B-43

enforced by Oracle Internet Directory, B-43

recognized by Oracle Internet Directory, B-44

Version 3, 1-5

LDAP connections, specifying maximum idle time for, 5-14

LDAP Data Interchange Format (LDIF), 4-14, A-2

syntax, A-2

LDAP dispatcher

log file location, 3-5

ldapadd, 7-10, A-21

adding entries, A-21

adding JPEG images, A-23

and Globalization Support, G-7

LDIF files in, A-21

syntax, A-21

ldapaddmt, 7-10, A-23

adding entries concurrently, A-23

and Globalization Support, G-7

LDIF files in, A-23

log, A-23

syntax, A-23

LDAP-based partial replication

determining what is to be replicated, 25-31

LDAP-based replica

configuring, 25-24

deleting, 25-30

installing, 25-23

LDAP-based replication, 2-23, 24-2

agreements, 24-12

configuring, 25-23

options for configuring, A-64

ldapbind, A-25

and Globalization Support, G-7

syntax, A-25

ldapbind operation, 12-4

ldapcompare, 7-10, A-26

and Globalization Support, G-7

syntax, A-26, A-27

LDAP-compliant directories, migrating data from, 23-2

ldapcreateConn.sh

syntax, A-121

ldapdelete, 7-10, A-28

and Globalization Support, G-7

deleting entries, A-28

syntax, A-28

ldapmoddn, 7-11, A-30

and Globalization Support, G-7

syntax, A-30

ldapmodify, 7-11, A-31

adding ACPs, 14-49

adding attributes, 6-17, 6-18

adding entry-level ACIs, 14-50

adding object classes, 6-9

adding values to multivalued attributes, A-34

and Globalization Support, G-7

change types, A-34

changing audit level, 10-15

creating group entries, A-34

deleting entries, A-35

LDIF files in, A-31

modifying attributes, 6-17, 6-18

modifying object classes, 6-9

replacing attribute values, A-35

syntax, A-31

ldapmodifymt, 7-11, A-37

and Globalization Support, G-7

by using, A-37

LDIF files in, A-37

multithreaded processing, A-38

syntax, A-37

ldap.ora, 5-21

server discovery by using, 5-21

ldapsearch, A-39, A-120, A-121

and Globalization Support, G-7

filters, A-41

querying audit log, 10-10

syntax, A-39

ldapUploadAgentFile.sh

syntax, A-120, A-121

LDIF

converting directory data to, 7-16

file-based modification, not supported by bulkmodify, A-52

files

creating, 5-7

for adding configuration set entries, 5-7

importing by using bulkload, 7-14

importing, by using bulkload, 7-14

in ldapadd commands, A-21

in ldapaddmt commands, A-23

in ldapmodify commands, A-31

in ldapmodifymt commands, A-37

referencing in commands, 5-9

removing proprietary data from in migration, 23-3

formatting notes, A-3

formatting rules, A-3

syntax, A-2

using, 4-14, A-2

ldifmigrator, 4-20

load capability, A-140

reconcile capability, A-140

ldifwrite, 4-18, A-53

and Globalization Support, G-9

syntax, A-53

Less or Equal filter, C-19, C-36

line-mode commands, batching, 6-9

listener, for directory database, 2-16, 2-18

restarting, 25-8

stopping, 25-8

listener.ora, 25-8, F-7

load balancing

and replication, 18-5

network level, 26-5

load capability, in OID Migration Tool (ldifmigrator), A-140

-load option, in bulkload, 7-16

location-independence, of directories, 1-3

log files

debug, viewing, 10-7, A-9

Delegated Administration Services, 30-7

locations, 3-5

Oracle Directory Integration and Provisioning platform, 35-13

logging

for garbage collectors, enabling and disabling, 22-9

anonymous, 4-4

super user, 4-4

user, 4-4

loginID attribute, 41-11

loose consistency model of replication, 18-5

LSNRCTL utility, 25-8

M

managing

directory schema, 6-1

mandatory attributes, 2-8, 6-3

adding to existing object classes, 6-5

adding to object classes in use, 7-7

entering values for, 7-5

in a user entry, 23-8

in object classes, C-18, C-20

redefining, 6-4

manual resolution of conflicts, 25-20

mapping rules, 33-5

for group entries, 41-11

for integration with SunONE Directory Server, 42-7

for user entries, 41-10

Mapping Rules Format, 33-5

matching rules, B-46

accessDirectiveMatch, B-46

as metadata in schema, 6-2

attribute, 2-7

bitStringMatch, B-46

cannot add to subSchemaSubentry, 6-2

caseExactIA5Match, B-47

caseExactMatch, B-47

caseIgnoreIA5Match, B-47

caseIgnoreListMatch, B-47

caseIgnoreMatch, B-47

caseIgnoreOrderingMatch, B-47

distinguishedNameMatch, B-47

generalizedTimeMatch, B-47

generalizedTimeOrderingMatch, B-47

IntegerMatch, B-46, B-47

numericStringMatch, B-46, B-47

objectIdentifierFirstComponentMatch, B-47

ObjectIdentifierMatch, B-47

OctetStringMatch, B-47

presentationAddressMatch, B-47

protocolInformationMatch, B-47

recognized by Oracle Internet Directory, B-46

stored in schema, 6-2

telephoneNumberMatch, B-47

uniqueMemberMatch, B-47

Matching Rules tab page, in Oracle Directory Manager, C-24

maxextents, 25-8

MD4, 16-4, 23-4, B-40

MD5, 16-4, 23-4, B-40

for password encryption, 16-3, 16-5

MD5Digest, SASL authentication mechanism, 12-5

member attribute, 9-8, 9-11

memory

in capacity planning, 20-2

insufficient, 21-8

physical, 20-12

required, 18-10

requirements in capacity planning, 20-12

tuning, 21-7

usage, 18-12

virtual, 20-12

menu bar, Oracle Directory Manager, 4-8

metadata

cache, 2-19

directory, defined, 2-19

stored in schema, 6-2

metadirectory

deployment considerations, 18-7

Microsoft Active Directory

integration with, 43-1

Microsoft Windows, 43-1

integration with, 43-1

Microsoft Windows NT

integration with, 43-56

external authentication plug-in, 43-58

middle tier

using proxy user with, 5-11, 12-5

migrating data, 23-2

from other LDAP directories, 23-2

from other LDAP-compliant directories, 23-1

migration

from application-specific repositories, 23-5

intermediate template file, 23-5

from other LDAP directories, 23-2

modifiersName attribute, 2-5, 23-4

optional in top, 2-10

modifyDN, audit log event, 10-13

modifyTimestamp attribute, 2-5, 23-4

optional in top, 2-10

monitoring servers, 10-17

mpstat utility, 21-2

multimaster flag

toggling, 25-12

multimaster replication, 1-8, 2-23, 18-3, 18-5, 24-2

agreements, 24-12

and high availability, 26-7

architecture, 24-21

conflict resolution, 24-24

groups, 24-6

in conjunction with fan-out replication groups, 24-9

installation types, 25-3, 25-23, 27-9

installing, 25-2

on the consumer side, 24-23

on the supplier side, 24-22

multiple configuration set entries, 13-3

multiple server processes, 2-18

multiple threads, A-38

in ldapaddmt, A-23

increasing the number of, A-23

multithreaded command-line tools

ldapaddmt, 7-10, A-23

ldapmodifymt, 7-11, A-38

multithreaded LDAP servers, 1-8

multivalued attributes, 2-5

adding values to, by using ldapmodify, A-34

converting to single-valued, 6-12

member, 9-8, 9-11

orclEntryLevelACI, 14-3

N

names

of groups, planning, 19-8

of users, planning, 19-8

names, of object classes, C-18, C-20

naming contexts, 2-11

backing up and restoring, 11-2

definition, 2-11

discovering, 2-11

in partitioned directories, 2-26

in replication, 2-24

managing, 5-10

publishing, 2-11, 5-10

by using ldapmodify, 5-11

by using Oracle Directory Manager, 5-11

searching for published, 5-10

subordinate, 2-27

namingContexts attribute, 5-10, B-40

multivalued, 5-10

native authentication

contrasted with external authentication, 47-2

defined, 47-2

navigator pane, in Oracle Directory Manager, 4-8

net service name, A-5

network

bandwidth, 20-13

capacity planning, 20-13

connectivity, in capacity planning, 20-2

requirements, 20-13

Network Interface Cards (NICs), failures of, 26-8

network-level

connection redirection, 26-6

failover, 26-6

New Attribute Type Advanced tab page, in Oracle Directory Manager, C-23

New Attribute Type General tab page, in Oracle Directory Manager, C-22

New Constraint dialog box, in Oracle Directory Manager, C-4

New Content Rule dialog box, in Oracle Directory Manager, C-24

new features, i-lxv

release 10g (9.0.4), i-lxvi

release 2.1.1, i-lxxxi

release 3.0.1, i-lxxix

release 9.0.2, i-lxxiii

New Plug-in dialog box, in Oracle Directory Manager, C-10

new syntaxes, adding, 2-7

newdb.sql, F-10

NLS_LANG environment variable, G-2

setting, G-3

in the client environment, G-7

settings, G-2

no SSL authentication option, 4-7

nodes, Oracle Internet Directory, 2-15

non-default port, running on, 4-3

non-SSL authentication, 36-3

normal mode, running directory servers in, B-5

not null filter, in Oracle Directory Manager, C-19

null values, in attributes, 6-3

number of retries, modifying, 25-37

number of worker threads used in change log processing, modifying, 25-38

numericStringMatch matching rule, B-46, B-47

O

o attribute, 2-6

O3LOGON algorithm, 16-5

object

adding, by using Oracle Directory Manager, 4-8

object class types

structural, 2-9

object classes, 2-8

adding, 6-3

by using command-line tools, 6-9

by using Oracle Directory Manager, 6-8

concurrently, by using ldapaddmt, A-23

as metadata in schema, 6-2

assigning to entries, 6-3

auxiliary, 2-10

converting auxiliary, 6-5

creating, by using Oracle Directory Manager, 4-9

defining, 6-21

deleting

by using Oracle Directory Manager, 6-9

from base schema, 6-22

not in base schema, 6-6

explosion, 6-4

extensibleObject, 7-17

groupOfNames, 9-8, 9-9, 9-11, 9-12

guidelines

for adding, 6-3

for deleting, 6-22

for modifying, 6-5

in LDIF files, A-2

in the base schema, modifying, 6-5

managing

by using command-line tools, 6-9

by using Oracle Directory Manager, 6-3

modifying, 6-5

by using command-line tools, 6-9

by using Oracle Directory Manager, 6-8

orclacpgroup, 14-4

orclauditoc, 10-11

orclprivilegegroup, 2-20

and dynamic groups, 9-7

redefining mandatory attributes in, 6-4

referral, 7-17

removing attributes from, 6-5

removing superclasses from, 6-5

rules, 2-10

searching for, 6-6

searching for, by using Oracle Directory Manager, 6-6

structural, 2-9

structural, converting, 6-5

subclasses, 2-8

defining, 6-21

superclasses, 2-8

top, 2-9

types, 2-9

abstract, 2-10

auxiliary, 2-10

structural, 2-9

types of, 2-9

unique name of, 6-4

unique object identifier, 6-4

viewing, 6-7

viewing properties, 6-7

object identifiers, of object classes, C-18, C-20

objectclass attribute, 10-11

objectIdentifierFirstComponentMatch matching rule, B-47

ObjectIdentifierMatch matching rule, B-47

objects

adding, by using a template, 4-10

adding, by using Oracle Directory Manager, 4-10

comparing, 4-9

modifying

by using ldapmodify, 7-11

by using Oracle Directory Manager, 4-9, 4-10

of ACI directives, 14-7

removing

by using command-line tools, A-28

by using Oracle Directory Manager, 4-9, 4-11

removing by using command-line tools, A-31

searching for

by using Oracle Directory Manager, 4-9, 4-10

searching for, by using Oracle Directory Manager, 4-10

OC4J

used by Delegated Administration Services, 30-3

OCI. See Oracle Call Interface.

OctetStringMatch matching rule, B-47

odisrvreg, 35-14, A-126

OFA. See Optimal Flexible Architecture (OFA).

OID Control Utility, 3-2, 4-16, A-6

and the Oracle Directory Integration Platform, 32-12

restart command, 5-4

run-server command, A-6

start and stop server instances, 3-2

stop-server command, A-6

syntax, A-6

viewing debug log files, 10-7, A-9

OID Database Password Utility, 5-14

syntax, A-131

OID Database Password Utility (oidpasswd), 4-21

OID Database Statistics Collection Tool, A-133

syntax, A-133

OID Database Statistics Tool, 4-21

OID Migration Tool, 4-20

load capability, A-140

reconcile capability, A-140

OID Monitor, 2-17, 4-16, A-6

and the Oracle Directory Integration Platform, 32-12

log file location, 3-5

sleep time, A-5

starting, 3-2, A-4, A-5

stopping, A-5

syntax, A-4

OID Password Utility, 3-4

OID Reconciliation Tool, 4-19, 25-22, A-56

syntax, A-59

OID Self-Service Console

Add New Attributes window, C-42

Editing Attribute window, C-43

oidctl

viewing debug log files, 10-7, A-9

oidctl. See OID Control Utility

oidexaup.sql

contents of, 47-5

for installing external authentication plug-in, 47-2

OIDEXTAUTH PL/SQL package for external authentication, 47-2

OIDLDAPD, 25-19, A-9

oidldapd

log file location, 3-5

oidmon. See OID Monitor.

oidpasswd

syntax, A-131

OIDREPLD, A-11

oidstats.sh, 4-21

oidstats.sh utility, A-133

OLTS_ATTRSTORE tablespace, 20-11

OLTS_CT_STORE tablespace, 20-11

OLTS_DEFAULT tablespace, 20-11

one-level search, 7-3, A-39

one-way authentication, SSL, 4-7, B-6

online administration tool. See Oracle Directory Manager

online directories, 1-2

open cursors parameter, 21-9

OPEN_CURSORS, 21-9

OpenLDAP Community, i-lviii

operation debug dimension, 10-8

operational attributes, 5-9

ACI, 12-3

operation-based plug-ins, 45-3

Operations menu item, in Oracle Directory Manager, 4-9

operations, limiting debugging to specific, 10-8

Optimal Flexible Architecture (OFA), F-2

optional attributes, 2-8, 6-3

adding to pre-defined object classes, 6-21

entering values for, 7-5

in object classes, C-18, C-20

options, attribute, 2-7

Oracle Advanced Security, use of Oracle Internet Directory, 1-11

Oracle Application Server Administrators Group, 17-13

Oracle Application Server Certificate Authority

part of Oracle Identity Management, 1-10

Oracle Application Server Portal, use of Oracle Internet Directory, 1-11

Oracle Application Server Single Sign-On

use of Oracle Internet Directory, 1-11

Oracle background processes, 21-10

Oracle Call Interface, 2-22

Oracle Collaboration Suite, use of Oracle Internet Directory, 1-11

Oracle components

privileges for administering, 17-5

Oracle components, use of Oracle Internet Directory, 1-10

Oracle Context

root, 19-4

Oracle Context Administrators Group, 17-19

Oracle data servers

changing password to, 5-14

error messages, I-2

Oracle Delegated Administration Services

overview, 2-36

part of Oracle Identity Management, 1-9

Oracle Directory Integration and Provisioning platform, 1-12

access control and authorization in, 36-4

data integrity, 36-6

data privacy, 36-6

deletion of users, 32-19

deployment example, 32-13

in a replicated environment, 35-13

log files, 35-13

modification of user properties, 32-17

part of Oracle Identity Management, 1-9

schema elements, B-18

structure, 32-2

user creation and provisioning, 32-16

what it is, 2-30, 18-7, 32-2

Oracle directory integration and provisioning server

about, 35-2

administration, 35-1

authentication, 36-3

configuration set entries, 35-3

managing, 35-8

data import and export, 35-2

described, 32-10

in high availability scenario, 35-10

managing, 35-6

mapping, 35-2

operational information about, 35-2

scheduling connectors, 35-2

sequence of events, 35-4

starting, stopping, and restarting, 35-9

Oracle Directory Manager, 7-3

Access Control Management pane, C-2

adding

ACPs, 14-20

attributes, 6-14

configuration set entries, 5-4

entries, 7-4, 7-5

group entries, 7-7, 9-8

object classes, 6-8

objects, 4-8

and the Oracle Directory Integration Platform, 32-11

Apply button vs. OK button, 4-8

ASR Agreement tab page, C-13

Assign Privileges window, C-45

Attributes tab page, C-20

attributes, searching for, 6-13

Authentication Choice list, C-2

By Whom tab page, C-3

Cancel button, 4-8

Change Log window, C-17

Configuration Sets General tab page, C-27

connecting to a directory server, 4-8, 4-10

Content Rule dialog box, C-25

create access control policy point menu, 4-9

Create button, 4-10

Create Entry menu item, 4-9

Create Identity Management Realm window, C-46

Create Like button, 4-10, 7-6

Create Like operation, 4-8

Create Resource Type window, C-49

creating an attribute, 4-9

creating object classes, 4-9

defined, 1-8

Delete button, 4-11

deleting

configuration set entries, 5-4

objects, 4-11

disconnecting from a directory server, 4-8

displaying help navigator, 4-10

Edit button, 4-10

Edit menu, 4-9

Encryption Choice list, C-3

Ends With filter, C-18

entries management, 4-14

Exact Match filter, C-19, C-35

Exit menu item, 4-8

File menu, 4-8

Find Attributes button, 6-13

Find Objects button, 4-10, 6-7

for registering directory integration agents, 32-11

Garbage Collector window, C-5

granting access, 14-18

Greater or Equal filter, C-19, C-35

Help button, 4-11

Help menu item, 4-10

Identity Management Realm window, C-47

launching, 4-2

Less or Equal filter, C-19, C-36

listing attribute types, A-3

managing

ACPs, 4-13

configuration set entries, 5-4

entries, 4-14

object classes, 6-3

Matching Rules tab page, C-24

menu bar, 4-8

modifying

configuration set entries, 2-21, 5-4

entries, 7-7

object classes, 6-8

objects, 4-9, 4-10

replication agreements, 25-42

navigating, 4-8

New Attribute Type Advanced tab page, C-23

New Attribute Type General tab page, C-22

New Constraint dialog box, C-4

New Content Rule dialog box, C-24

New Plug-in dialog box, C-10

not null filter, C-19

on UNIX, starting, 4-3

on Windows 95, starting, 4-3

on Windows NT, starting, 4-3

Operations menu, 4-9

overview, 4-2, 4-8

Password Policies Account Lockout tab page, C-8

Password Policies General tab page, C-6

Password Policies IP Lockout tab page, C-8

Password Policies Password Syntax tab page, C-8

Password Verifier Profile dialog box, C-9

Present filter, C-36

Query Optimization tab page, C-34

Refresh button, 4-10

Refresh Entry button, 4-11

Refresh Subtree Entries button, 4-11

removing objects, 4-9

Replica Agreements tab page, C-15

Replica Naming Context tab page, C-16

Replica Node General tab page, C-14

Replication Server Configuration Set General tab page, C-13

Revert button, 4-8

root of search, 7-2

running, 4-3

schema administration, 4-14

search criteria bar, 7-3, 10-16

search filters, 6-7

searching

entries, 7-2

for an object, 4-10

for attributes, 6-13

selecting attribute syntax type, 6-27

SSL Settings tab page, C-37

starting, 4-2

on UNIX, 4-3

on Windows NT, 4-3

Synchronization Execution tab page, C-39

Synchronization General tab page, C-38

Synchronization Mapping tab page, C-41

Synchronization Status tab page, C-41

system operation attributes displayed, C-27

System Passwords tab page, C-33

tear-off menu item, 4-9

toolbar, 4-10

updating, 4-9

subtree entry data, 4-11

used by Oracle Directory Integration Platform, 32-11

View menu, 4-9

viewing attributes, 7-4

Oracle Directory Provisioning Integration Service, 34-1

about, 34-2

de-installation, 34-9

deploying, 34-9

managing, 34-9

registering applications with, 34-6

retrieving changes from Oracle Internet Directory, 34-4

security and, 34-11

subscription to, 34-6

troubleshooting, 34-16

unsubscribing applications from, 34-9

Oracle directory replication server

authentication, 24-18

component of Oracle Internet Directory, 1-7

component of Oracle Internet Directory node, 2-16

configuration parameters, location, 25-36

starting, 25-12

uses LDAP to communicate to directory server, 2-17

Oracle directory replication server instances

starting, A-9, A-10

stopping, A-9, A-11

Oracle directory server instance, 2-18

Oracle directory server instances, 1-7, 2-16, 2-17, 2-18

managing, 5-1

starting, 25-11, A-6, A-7

stopping, 3-2, A-6, A-8, A-9

Oracle Directory Synchronization Service

interaction between components, 32-7

Oracle directory version field, in Oracle Directory Manager, C-29

Oracle E-Business Suite, integrating with, 40-1

Oracle Enterprise Manager-Application Server Control

and the Oracle Directory Integration Platform, 32-13

Oracle foreground processes

tuning CPU for, 21-6

Oracle Globalization Support, 2-13

Oracle HTTP Server

used by Delegated Administration Services

log file location, 30-7

verifying that it is running, 30-7

Oracle Human Resources

agent, 39-1

configuring an integration profile, 39-4

mapping rules for, 39-11

importing from, 39-2

running synchronization, 39-12

synchronizing with, 39-1

Oracle Identity Management, 2-32

and Oracle Internet Directory, 1-9, 19-1

components, 2-33

configuring Oracle Delegated Administration Services in, 30-12

delegation in, 17-2

group information, 19-9

in application deployments, 1-10

infrastructure, 2-32

what it does, 2-31

management policies, 2-35

objects, 19-4

planning, 19-5

realms, planning, 19-10

user information, 19-8, 19-13

Oracle Internet Directory

advantages of, 1-8

and Oracle Identity Management, 1-9

architecture, 1-6, 2-14

as the central directory in a synchronized environment, 32-6

components, 1-7

how Oracle components use it, 1-10

multiple installations on same host, 18-6

nodes, 2-15

used by Oracle Advanced Security, 1-11

used by Oracle Application Server Single Sign-On, 1-11

Oracle Internet Directory Self-Service Console, 2-30, 31-1

description of, 31-2

in indirect authentication of end users, 12-5

managing accounts, 15-10

Oracle Internet Directory Server Manageability

architecture and components, 10-19

capabilties, 10-17

configuring, 10-21

framework, 10-17

configuring critical events, 10-22

location of configuration information, 10-21

managing, 10-23

Oracle Net Services, 2-17, 2-22

preparing for replication, 25-6

use of Oracle Internet Directory, 1-11

Oracle wallet parameter

modifying, B-6

Oracle wallets, B-6

changing location of, B-6

with ldapadd, A-23

with ldapaddmt, A-25

with ldapbind, A-26

with ldapcompare, A-28

with ldapdelete, A-29

with ldapmoddn, A-31

with ldapmodify, A-33

with ldapmodifymt, A-38

with ldapsearch, A-41

Oracle9i, 2-22

database, 2-17

Replication Manager, configuring, 25-6

Oracle9i Advanced Replication, 24-20, 25-9

configuring, 25-6, 25-9

by using Oracle9i Advanced Replication Manager, 25-6

by using Oracle9i Replication Manager, 25-6

for directory replication, 25-9

directory replication based on, 2-23, 24-2

installed with Oracle 9i, 25-3

installing, 25-6

setting up, 25-6

Oracle9i Advanced Replication-based replication

options for configuring, A-63

Oracle9i Real Application Clusters, i-lxxix, 29-1

OracleApplication Server Single Sign-On

part of Oracle Identity Management, 1-9

orclACI, 14-3, B-4

access to, 14-3

optional attribute in top, 2-10

orclacpgroup object class, 14-4

orclAgreementID, 25-41

orclAgreementId, B-35

Orclanonymousbindsflag attribute, B-42

orclauditattribute, B-4

orclAuditLevel, B-4

orclauditlevel attribute, 10-13

orclauditlevel operational attribute, 10-10

orclauditmessage, B-4

orclauditmessage attribute, 10-11

OrclAuditOC, B-4

orclauditoc attributes, 10-11

orclauditoc object class, 10-11

orclCatalogEntryDN, B-23

orclChangeRetryCount, 25-37, B-35, B-36

orclChangeSubscriber, 33-7

orclConfigSet, B-23

orclconfigsetnumber, B-23

orclcontainerOC, B-23

orclCryptoScheme attribute, B-40

orclDBType, B-23

orcldebugflag, 10-7

orclDebugLevel, B-23

orcldebuglevel configuration set entry, B-5

orclDIPRepository attribute, B-41

orclDirReplGroupDSAs, 25-43, B-35

orclDITRoot, B-23

orclecachemaxentries attribute, B-41

orclecachemaxsize attribute, B-41

orclEnableGroupCache attribute, B-41

orclEntryLevelACI, 14-3, B-4

optional attribute in top, 2-10

orcleventLog, B-23

orclEvents, B-23

orcleventtime, B-4

orcleventtime attribute, 10-11

orcleventtype, B-4

orcleventtype attribute, 10-11

orclExcludedAttributes, B-35

orclexcludedattributes, 24-15

orclExcludedNamingcontexts, B-35

orclexcludednamingcontexts, 24-14

orclGuid, B-35

optional attribute in top, 2-10

orclGuName, B-23

orclguname attribute, 5-13

orclGuPassword, B-23

orclgupassword attribute, 5-13

orclhostname, B-23

orclIncludedNamingcontexts, B-35

orclincludednamingcontexts, 24-14

orclIndexedAttribute, B-23

orclIndexOC, B-23

orclLastAppliedChangeNumber attribute, 44-5

orclLDAPInstance, B-23

orclLDAPSubConfig, B-23

ORCLLM algorithm, 16-6

orclMatchDNEnabled attribute, B-42

ORCLMAXCC, 21-5

orclMaxCC, B-23

orclmaxcc, 2-19

orclmaxcc configuration set entry, B-5

ORCLNT algorithm, 16-6

orclOdipAgentConfigInfo, 33-7

orclodiplastappliedchangenumber, 33-7

orclOdipLastAppliedChgNum, 38-4

orclodiProfile, 33-7

orclOpResult, B-4

orclopresult attribute, 10-11

orclParentGUID, B-35

orclPluginConfig object class, B-31

orclprivilegegroup object class, 2-20

and dynamic groups, 9-7

orclPrName, B-23

orclprname attribute, 5-13

orclPrPassword, B-23

orclprpassword attribute, 5-13

orclpwdAlphaNumeric attribute, B-25

orclpwdIllegalValues attribute, B-25

orclpwdpolicyenable attribute, B-26

orclpwdToggle attribute, B-25

orclReplAgreementEntry, B-35

orclreplicaDN, B-35

orclReplicationProtocol, B-35

orclREPLInstance, B-23

orclREPLSubConfig, B-23

orclSequence, B-4

orclsequence attribute, 10-11, 10-12

orclServerEvent, B-4

orclServerMode, B-23

orclServerMode attribute, B-40

ORCLSERVERPROCS, 21-5

orclServerProcs, B-23

orclserverprocs configuration set entry, B-5

orclSizeLimit, B-23

orclSizeLimit attribute, B-40

orclskewedattribute attribute, 21-12

orclssl authentication configuration set entry, B-6

orclsslAuthentication, B-40

orclsslEnable, B-40

orclsslenable, B-6

orclsslenable configuration set entry, B-6

orclsslPort, B-40

orclsslport configuration set entry, B-5

orclsslVersion, B-40

orclsslWalletURL, B-40

orclsslwalleturl configuration set entry, B-6

orclStatsFlag attribute, B-42

orclStatsPeriodicity attribute, B-42

orclSuffix, B-23

orclSuName, B-23

orclsuname attribute, 5-13

orclSuPassword, B-23

orclsupassword attribute, 5-13

orclThreadsPerSupplier, B-36

orclTimeLimit, B-23

orclTimeLimit attribute, B-41

orcluniqueattrname, 8-2, B-4

orcluniqueenable, 8-3, B-5

orcluniqueobjectclass, 8-3, B-5

orcluniquescope, 8-2, B-4

orcluniquesubtree, 8-3, B-5

orclUpdateSchedule, B-35

orclUseEncrypt, B-23

orcluserdn, B-4

orcluserdn attribute, 10-11

orclUserV2 attribute, 23-8

orclUserV2 object class, B-17

ORCLWEBDAV algorithm, 16-5

organization attribute, 2-6

organizationalUnitName, 2-6

overall throughput, 21-2

P

-PADDNODE option, in Replication Environment Management Tool, A-89

paging, 20-12

parameters

configuration, for Oracle directory replication server, 25-36

dependent on Oracle directory server configuration, 21-10

for an active instance, modifying, 13-3

in an active server instance

modifying, 5-4

OID Database Statistics Collection Tool, A-134

replication agreement, 25-40

required for tuning, 21-9

SGA, 21-11

partial replication, 2-23, 24-2

partitioning, 2-22, 2-26

deployment considerations, 18-4

partitions, 18-3

password policies, 12-8

about, 15-2

conceptual discussion, 12-8

default, 15-2

definition, 15-2

entry

defined, 2-21

establishing, 15-4

for realms

modifying by using command-line tools, 15-9

viewing by using command-line tools, 15-8

management, 2-12

managing by using command-line tools, 15-8

plug-in, 46-1

how it works, 46-2

realms, managing by using command-line tools, 15-8

realm-specific

modifying by using Oracle Directory Manager, 15-7

viewing by using Oracle Directory Manager, 15-6

setting by using command-line tools, 15-8

setting by using Oracle Directory Manager, 15-5

setting, by using command-line tools, 15-8

verification of, 15-4

Password Policies Account Lockout tab page, in Oracle Directory Manager, C-8

Password Policies General tab page, in Oracle Directory Manager, C-6

Password Policies IP Lockout tab page, in Oracle Directory Manager, C-8

Password Policies Password Syntax tab page, in Oracle Directory Manager, C-8

password policy

schema elements, B-24

password verifier

schema elements, B-29

password verifier entry, defined, 2-20

Password Verifier Profile dialog box, in Oracle Directory Manager, C-9

password verifiers

default. for Oracle components, 16-9

password-based authentication, 4-4, 12-5

passwords

database, 5-14

expiration warning, B-26

expiry time, B-27

failure count interval, B-26

for guest users, 5-11

for proxy users, 5-11

for shell tools, 7-15

for SSL wallets, 4-7

for super user, 5-11

for super users, 5-11

forcing changes by using command-line tools, 15-10

integrity

MD4, 16-3

lockout, B-27

lockout duration, B-27

maximum failure, B-28

policies, 12-8

setting by using command-line tools, 15-8

setting by using Oracle Directory Manager, 15-5

protection, 2-12, 12-8

changing by using ldapmodify, 16-4

changing by using Oracle Directory Manager, 16-3

changing scheme, 16-2

default verifiers for Oracle components, 16-9

managing by using ldapmodify, 16-4

managing by using Oracle Directory Manager, 16-3

MD5, 16-3, 16-5

O3LOGON, 16-5

ORCLLM, 16-6

ORCLNT, 16-6

ORCLWEBDAV, 16-5

SASL/MD5, 16-5

setting by using Oracle Directory Manager, C-31

SHA, 16-3, 16-5

UNIX Crypt, 16-3, 16-5

to a directory, changing, 5-11

to Oracle data servers, changing, 5-14

where to store in an integrated environment, 41-6

-PCHGPWD option, in Replication Environment Management Tool, A-99

-PCHGWALPWD option, in Replication Environment Management Tool, A-106

-PCLEANUP option, in Replication Environment Management Tool, A-101

-PDELNODE option, in Replication Environment Management Tool, A-96

peer-to-peer replication, 2-23, 24-2

performance

add or modify, 21-15

by using multiple threads, A-23

by using orclEntryLevelACI, 14-3

metrics, 21-2

replication and, 18-5

search, 21-14

troubleshooting, 21-14

tuning, tools for, 21-2

permissions, 2-12, 12-2

granting

by using command-line tools, 14-48

by using Oracle Directory Manager, 14-18

physical distribution, partitions and replicas, 18-3

physical memory, 20-12

PKI authentication, 12-2

plug-in

schema elements

, B-31

plug-ins

adding, 45-5, 45-6

deleting, 45-8

entry, 2-20

external authentication, 47-1

for integration with SunONE Directory Server, 42-11

SunONE Directory Server, 42-3

for password policies, 46-1

framework, 45-1

garbage collection, 22-2

modifying, 45-7

operation-based, 45-3

password policy

how it works, 46-2

post-operation, 45-4

pre-operation, 45-3

registering

by using command-line tools, 45-6

by using Oracle Directory Manager, 45-5

when-operation, 45-4

point-to-point replication, 2-23, 24-2

policies

identity management, 2-35

pooling, connection, 1-8

port, 4-5

389, B-5

636, B-5

default, 4-3, A-8, A-11

port 389, A-8, A-11

port 636, A-8, A-11

precedence

at the attribute level, 14-15

at the entry level, 14-15

rules

ACL evaluation, 14-14

in conflicting access policies, 14-2

prescriptive access control, 14-3

Present filter, Oracle Directory Manager, C-36

presentationAddressMatch matching rule, B-47

-PRESETPWD option, in Replication Environment Management Tool, A-105

privacy, data, 2-12, 12-2

by using SSL, 1-9

privilege groups, 14-3, 14-4

associated with orclPrivilegeGroup object class, 14-5

defined, 2-20

privileges, 2-12, 12-2

privileges for user and group management

delegation of, 17-5

process instance location, C-31

processes, 2-17

Oracle background, 21-10

processing power of CPU, 20-15

processor affinity on SMP systems, 21-7

profile tools, A-107

profiles

deregistering, A-123

directory integration, 33-7

deregistering, 33-21, 33-22

managing, 33-20

registering, 33-20

protocolInformationMatch matching rule, B-47

provisioning

agent, 32-8

agents, for legacy applications, 32-8

compared with synchronization, 32-4

contrasted with synchronization, 32-5

defined, 34-2

described, 32-5

enrollment in applications, 34-3

automatic, 34-3

manual, 34-3

error messages, 34-16

goal of, 32-5

how applications obtain information, 34-7

information

received by an application, 34-7

received by Oracle Internet Directory, 34-8

kinds of information required, 34-4

procedures, 34-3

profiles

access control to, 34-11

managing, 34-10

monitoring, 34-11

relation between components, 34-5

tool

syntax, A-127

typical deployment, 34-5

Provisioning Subscription Tool, A-127

subscribing applications with, 34-6

proxy users, 12-5

centralized in Delegated Administration Services, 30-5

definition, 5-11

managing, 5-11

by using ldapmodify, 5-13

by using Oracle Directory Manager, 5-12

user name and password, 5-11

public key infrastructure, 12-2

pwdAllowUserChange attribute, B-25

pwdCheckSyntax attribute, B-26

pwdExpireWarning attribute, B-26, I-10

pwdFailureCountInterval attribute, B-26

pwdGraceLoginLimit attribute, B-26

pwdInHistory attribute, B-27

pwdLockout attribute, B-27

pwdLockoutDuration attribute, B-27

pwdMaxAge attribute, B-27

pwdMaxFailure attribute, B-28

pwdMinLength attribute, B-28

pwdMustChange attribute, B-28

pwdPolicy object class, 15-5

Q

queries, database

optimizing, 21-12

query entry return limit, C-31

Query Optimization tab page, in Oracle Directory Manager, C-34

querying

audit log, 10-10

critical events, 10-10

R

rack-mounted directory server configurations, i-liii, 27-1

architecture, 27-2

benefits, 27-2

how failover works, 27-7

load balancing, 27-4

metadata synchronization, 27-6

rules for managing, 27-9

RC4_40 encryption, 12-2

RDNs. See relative distinguished names (RDNs)

Real Application Clusters, directory failover in, 29-1

realms, 19-2

identity management

configuring, 19-14

customizing, 19-14

default, 2-35, 19-12

defined, 2-34

implementation in Oracle Internet Directory, 19-4

in enterprise deployments, 19-2

in hosted deployments, 19-3

multiple in enterprise deployments, 19-2

planning, 19-10

single in enterprise, 19-2

realm-specific Oracle Context, 19-5

reconcile capability, in OID Migration Tool (ldifmigrator), A-140

recovery features, in Oracle9i, 1-9

redefining mandatory attributes, 6-4

redo log buffers parameter, 21-11

redundancy, 26-2

and failover, 18-3

redundant links, 26-8

ref attribute, 7-17

referral caching, client-side, 7-19

how it works, 7-19

referral object class, 7-17

referrals, 2-27

client-side referral caching, 7-19

defined, 2-27

kinds, 2-29

Refresh button, in Oracle Directory Manager, 4-10

Refresh Entry button, in Oracle Directory Manager, 4-11

Refresh Entry menu item, 4-9

Refresh Subtree Entries button, in Oracle Directory Manager, 4-11

Refresh Subtree Entries menu item, 4-9

registering a directory, 44-4

registration, directory, 44-3

relational databases contrasted to directories, 1-2

relative distinguished names (RDNs), 2-3

displaying for each entry, 7-2

modifying

by using command line tools, 7-11

by using ldapmodify, A-35

modifying, by using ldapmoddn, 7-11

remtool, 25-10, A-62

replica

LDAP-based

installing, 25-23

subentry, 24-14

Replica Agreements tab page, in Oracle Directory Manager, C-15

Replica Naming Context tab page, in Oracle Directory Manager, C-16

Replica Node General tab page, in Oracle Directory Manager, C-14

replicas, 2-23, 18-3, 24-2

in deployment, 18-3

replicated directories, conceptual discussion, 2-22

replication, 2-23, 3-5, 24-24

adding a new entry to a consumer, 24-27

adding a new node for, 25-13, 25-18

agreement entry, 24-14

agreement parameters, 25-40

modifying, 25-42

viewing and modifying, 25-42

agreements, 2-23, 24-2, 24-12, 25-42, C-31

adding nodes to, 25-42

configuring, 25-40

example of, 24-15

LDAP-based, 24-12

multimaster, 24-12

and Oracle Directory Integration and Provisioning platform, 35-13

and SSL, 24-19

architecture, 24-21

authentication, 24-18

change conflicts

monitoring, 25-20

change logs, 1-8, 24-24

change logs in, 24-19

cold backup, F-1

comparison of full and partial, 24-4

configuration parameters

modifying, 25-37

configuring, 25-35

Oracle9i Advanced Replication, 25-9

sqlnet.ora, 25-7

tnsnames.ora, 25-7

conflicts

levels of occurrence, 24-25

resolving manually, 25-20

typical causes of, 24-26

considerations, 18-5

database copy procedure, F-1

deleting a node, 25-18

deleting an entry, 24-28

failure tolerance, 18-6

fan-out, 2-23, 24-2, 24-7, 24-33

process, 24-34

full, 2-23, 24-2, 24-3

groups, 24-5

fan-out, 24-7

multimaster, 2-23, 24-6

single-master, 24-6

in deployment, 18-5

installing and configuring, 25-2

LDAP-based, 2-23, 24-2

configuring, 25-23, 25-24

deleting, 25-30

determining what is to be replicated, 25-31

installing and configuring, 25-22

options for configuring, A-64

load balancing, 18-5

log location, C-31

loose consistency model, 18-5

managing, 25-1

managing naming contexts and attributes, 24-37

modifying a DN, 24-31

modifying an RDN, 24-30

multimaster, 1-8, 2-23, 18-3, 24-2

architecture, 24-21

conflict resolution, 24-24

installing and configuring, 25-2

on the consumer side, 24-23

on the supplier side, 24-22

multimaster with fan-out, 24-9

multimaster, single-master, fan-out, 24-9

naming context container entry, 24-14

naming contexts

included and excluded, 24-11

nodes

adding, 25-13

deleting, 25-18

Oracle9i, 24-20

Oracle9i Advanced Replication-based, 2-23, 24-2

options for configuring, A-63

overview, 24-1

partial, 2-23, 24-2, 24-3

filtering, 24-35

optimization, 24-38

peer-to-peer, 2-23, 24-2

point-to-point, 2-23, 24-2

preparing the Oracle Net Services environment for, 25-6

process, 24-27, 24-28, 24-29, 24-30, 24-31

on the consumer side, 24-23

on the supplier side, 24-22

reasons to implement, 18-5

retries

applying changes, 24-24

modifying number of, 25-37

schema elements, B-35

security, 24-18

server

log file location, 3-5

single-master, 2-23

specifying number of worker threads, C-13

sponsor node, F-3

status location, C-31

transport mechanism, 24-20

Replication Environment Management Tool, 4-19

-ADDNODE option, A-65

-ASRCLEANUP option, A-77

-ASRRECTIFY option, A-78

-ASRSETUP option, A-68

-ASRVERIFY option, A-82

-CHGPWD option, A-72

-DELNODE option, A-73

-DISPASRERR option, A-85

-DISPQSTAT option, A-86

-PADDNODE option, A-89

-PCHGPWD option, A-99

-PCHGWALPWD option, A-106

-PCLEANUP option, A-101

-PDELNODE option, A-96

-PRESETPWD option, A-105

-RESUMEASR option, A-88

-SUSPENDASR option, A-87

syntax, A-62

what it does, A-62

Replication Server Configuration Set General tab page, in Oracle Directory Manager, C-13

resource access information, 2-36

resource information, 2-36

location in DIT, 2-36

schema elements, B-33

resource type information, 2-36

-RESUMEASR option, in Replication Environment Management Tool, A-88

retry queue, A-55

Revert button, in Oracle Directory Manager, 4-8

RFCs enforced by Oracle Internet Directory, B-2

rollback segments, 25-8

creating, 25-7, 25-8, 25-9

Root DSE entry

defined, 2-19

root of search

entering, 7-2

selecting, 7-3

root Oracle Context, 19-4

rules, LDIF, A-3

run-server command, by using OID Control Utility, A-6

S

SASL

clients enabled with

Digest-MD5 authentication to directory server, 12-9

external authentication, 12-9

SASL/MD5, for generating password verifier, 16-5

scalability, of Oracle Internet Directory, 1-8

Scheduler Process Sequence, 35-5

schema

adding and changing object classes (online), 6-3

administration, 6-1

by using Oracle Directory Manager, 4-14

definition location, C-31

definitions in subSchemaSubentry, 6-2

directory, defined, 2-19

elements, B-1

add/replace event, 10-12

delete event, 10-12

for specific Oracle products, B-4

Oracle proprietary, B-3

for orclACI, E-2

for orclEntryLevelACI, E-3

objects, administering by using Oracle Directory Manager, 4-14

schema elements

access control, B-4

attribute uniqueness, B-4

audit log, B-4

configuration set entries, B-5

debug logging, B-7

directory configuration, B-23

dynamic groups, B-7

garbage collection, B-8

Oracle Directory Integration and Provisioning platform, B-18

password policy, B-24

password verifier, B-29

plug-in, B-31

replication, B-35

resource information, B-33

server manageability, B-24

SSL, B-40

scripts, batched line-mode commands, 6-9

and compare operations, 2-7

criteria bar, in Oracle Directory Manager, 7-3, 10-16

depth, specifying, 7-3

filters

IETF-compliant, A-39

ldapsearch, A-41

results, specifying maximum number of entries returned, 7-3, 10-15

Search ACPs

button, 4-11

menu item, 4-9

searches

configuring, 5-13

for ACPs when using Oracle Directory Manager, 14-19

configuring display and duration of, 4-12

duration, 10-15

specifying maximum number of entries returned, 7-3, 10-15

using filters, 6-7

secure

port 636, 13-2, 13-3

Secure Hash Algorithm (SHA), 16-4, B-40, C-31

secure mode

running directory servers in, B-5

running server instances in, 13-3

security, 1-9, 2-11

credentials, stored in an external repository, 47-1

for different clients, 13-3

in integrated environments, 41-13

in LDAP Version 3, 1-5

in replication, 24-18

in the Oracle Directory Integration Platform, 36-1

SSL parameters for different clients, 13-3

tools in Oracle Directory Integration and Provisioning platform, 36-7

within Oracle Internet Directory environment, 2-12

Security Administrators Group, 17-16

security and refresh events garbage collector, 22-4

selected audit log events, 10-13

server

instances

running, 4-2

running in secure mode, 13-3

mode, C-31

operation time limit, C-32

processes

number of, B-5

server manageability

schema elements, B-24

servers

monitoring, 10-17

servers, configuring

by using input files, 7-10

SESSIONS parameter, 21-9

setup process (ldaprepl.sh)

log file location, 3-5

SGA. See System Global Area (SGA).

SHA, 16-4, 23-4, B-40, C-31

for password encryption, 16-3, 16-5

shared pool size, 21-8

parameter, 21-9

shared server, 21-10

simple authentication, 1-9, 12-5

Simple Authentication and Security Layer (SASL)

authentication, 12-5

clients enabled with

Digest-MD5 authentication to directory, 12-9

external authentication, 12-9

how it works, 12-9

in LDAP Version 3, 1-5

single-master replication groups, 24-6

single-valued attributes, 2-5

converting to multivalued, 6-12

size

attribute values, B-46

size, B-46

of database cache, 18-10

sizing, 18-8, 18-9

considerations in deployment, 18-9

I/O subsystem, 20-6

tablespaces, 20-8

skewed attributes, 21-12

sleep time, OID Monitor, A-5

smart knowledge references (referrals)

configuring, 7-17

sn attribute, 2-6

software-based connection redirection, 26-7

sort area parameter, 21-11

special purpose directories, 1-4

SPECint_rate95 baseline, 20-15

sponsor node, 25-15

cold backup procedures, F-3

sqlnet.ora, configuring for replication, 25-7

SRV records

OID-specific format for, 5-24

standard format for, 5-24

SSHA, B-40

SSL, 4-6, 13-3, 13-5, 36-2

attribute values, B-40

authenticated access, 1-9

authentication

for Oracle Directory Manager, 4-7

one-way, 4-7

server only, 4-7

certificates for connected directories, 35-8

cipher suites, 13-2

SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 13-2

SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, 13-2

SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, 13-2

SSL_DH_anon_WITH_DES_CBC_SHA, 13-2

SSL_DH_anon_WITH_RC4_128_MD5, 13-2

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, 13-2

SSL_RSA_EXPORT_WITH_RC4_40_MD5, 13-2

SSL_RSA_WITH_DES_CBC_SHA, 13-2

SSL_RSA_WITH_NULL_SHA, 13-2

SSL_RSA_WITH_RC4_128_MD5, 13-2

supported in Oracle Internet Directory, 13-2

client scenarios, 13-2

configuration parameters, 13-3

modifying, 13-3

configuring, 4-4, 13-3

data privacy, 1-9

default port, B-5

enabling, 13-3, B-6

with ldapadd, A-22

with ldapaddmt, A-25

with ldapbind, A-26

with ldapmodify, A-32

with ldapmodifymt, A-38

enabling Oracle Directory Manager to use, 4-6

handshake, 13-2

issues specific to this release, 13-6

managing, 13-1

modifying orclsslwalleturl parameter, B-6

no authentication, 4-7, B-6

parameters, 13-3

configuring, 13-3

configuring by using command-line tools, 13-5

configuring by using Oracle Directory Manager, 13-3

password to user wallet, 4-7

port 636, 13-3

replication and, 24-19

schema elements, B-40

starting directory server with, 13-6

strong authentication, 12-2

toggling on and off, B-6

two-way authentication, B-6

Version 2, 13-2

Version 3, 13-2

wallets, B-6

changing location of, B-6

SSL Settings tab page, in Oracle Directory Manager, C-37

SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 13-2

stack, technology, 26-2

start-server commands, 5-2

static directory server discovery, 5-21

static groups, 9-2

entries

managing by using command-line tools, 9-10

managing by using Oracle Directory Manager, 9-8

modifying by using ldapmodify, 9-10, 9-14

schema elements for creating, 9-2

stopodiserver.sh, A-124

stop-server command, A-6

store-and-forward transport, in Oracle9i, 24-20

striping, 21-8

strong authentication, 12-5

structural access items, 14-33

structural object class type, 2-9

structural object classes, 2-9

converting, 6-5

structure rules, not enforced by Oracle Internet Directory, 2-10

structure, audit log entries, 10-11

subclasses, 2-8

subconfig, B-23

subentries, definition, 6-2

subordinate naming contexts, 2-27

subregistry, B-23

subSchemaSubentry

adding object classes to, 6-2

holding schema definitions, 6-2

modifying, 6-2

subtree entry data, updating by using Oracle Directory Manager, 4-11

subtree level search, 7-3, A-39

subtrees

displaying, 7-2

SunONE

connector

about, 42-2

configuring, 42-4

integration profile for, 42-5

Directory Server

external authentication plug-in, 42-3, 42-11

integration, 42-1, 42-2

mapping rules for integration with, 42-7

supported configurations for integration, 42-17

synchronization with, troubleshooting, 42-16

SunONE Directory Server

integration profile, 42-8

super users

definition, 5-11

logging in as, 4-4

managing, 5-11

by using ldapmodify, 5-13

by using Oracle Directory Manager, 5-12

user name and password, 5-11

superclass selector, 7-5

superclasses, 2-8

and inheritance, 6-3

of object classes, C-18, C-20

superior knowledge references (referrals), 2-27

suppliers

defined, 2-23, 24-2

surname attribute, 2-6

-SUSPENDASR option, in Replication Environment Management Tool, A-87

Symmetric Multi-Processor (SMP) systems, 21-7

synchronization

contrasted with provisioning, 32-5

described, 32-4

from a connected directory to Oracle Internet Directory, 33-4

from Oracle Internet Directory to a connected directory, 33-3

one-way, 32-6

process, 44-5

profile

creating with the command-line tool, 33-22

deregistering by using the command-line tool, 33-22

profiles, 32-4, 33-1

scenarios, 33-3

status attribute, 33-21

two-way, 32-6

use of the change log, 32-7

with Oracle Human Resources, 39-1

with other directories, 44-1, 44-2

Synchronization Execution tab page, in Oracle Directory Manager, C-39

Synchronization General tab page, in Oracle Directory Manager, C-38

Synchronization Mapping tab page, in Oracle Directory Manager, C-41

Synchronization Status tab page, in Oracle Directory Manager, C-41

syntax

attribute, 2-6

bulk tools, A-44

bulkdelete, A-44

bulkload, A-45

bulkmodify, A-51

Catalog Management Tool, A-19

catalog management tool, A-20

catalog.sh, A-19

command-line tools, A-18

Directory Integration and Provisioning Assistant, A-107

directory integration and provisioning server registration tool, A-126

Human Intervention Queue Manipulation Tool, A-56

LDAP, B-43

ldapadd, A-21

ldapaddmt, A-23

ldapbind, A-25

ldapcompare, A-26, A-27

ldapcreateconn.sh, A-121

ldapdelete, A-28

ldapDeleteConn.sh, A-123

ldapmoddn, A-30

ldapmodify, A-31

ldapmodifymt, A-37

ldapsearch, A-39

ldapUploadAgentFile.sh, A-120, A-121

LDIF, A-2

LDIF and command-line tools, A-1

ldifwrite, A-53

odisrvreg, A-126

OID Control Utility, A-6

OID Database Password Utility, A-131

OID Database Statistics Collection Tool, A-134

OID Monitor, A-4

OID Reconciliation Tool, A-59

oidctl, A-6

oidpasswd, A-131

oidprovtool, A-127

Oracle Directory Integration and Provisioning Platform command-line tools, A-107

Provisioning Subscription Tool, A-127

provisioning tool, A-127

remtool, A-62

replication conflict resolution tools, A-55

Replication Environment Management Tool, A-62

schemasync, A-125

stored in schema, 6-2

syntaxes

cannot add to subSchemaSubentry, 6-2

new, adding, 2-7

viewing

by using by using ldapsearch, 6-27

by using Oracle Directory Manager, 6-27

System Global Area (SGA), 21-7, 25-8

parameters, 21-11

sizing, 21-7

tuning for Oracle9i, 21-7

tuning parameters, 21-11

system operation attributes

displayed in Oracle Directory Manager, C-27

system operational attributes, 5-9

setting, 5-9

by using ldapmodify, 5-10

by using Oracle Directory Manager, 5-9

viewing, 5-9

System Passwords tab page, in Oracle Directory Manager, C-33

system resource events garbage collector, 22-4

SYSTEM tablespace, 20-12

T

tablespaces, 20-8

creating, 25-7, 25-8, 25-9

in replication, 25-8

OLTS_ATTRSTORE, 20-11

OLTS_CT_STORE, 20-11

OLTS_DEFAULT, 20-11

sizing, 20-8

SYSTEM, 20-12

targetDN, B-35

TCP/IP connections, 26-5, 26-8, B-5

tear-off, in Oracle Directory Manager, 4-9

technology stack, 26-2

telephoneNumberMatch matching rule, B-47

templates, creating entries from, 7-5

third-party directories

integration with

considerations, 41-1

throughput, 20-6

overall, 21-2

time-based change log purging, 22-7

tnsnames.ora

configuring for replication, 25-7

in cold backup, F-7

tombstone garbage collector, 22-4

tools

for tuning, 21-2

top object class, 2-9, 2-10

optional attributes in, 2-10

top utility, 21-2

tracing function calls, 10-7

Transparent Application Failover (TAF), 29-2

tree view

browsing, 7-3

selecting root of search, 7-3

troubleshooting, I-1

directory server instance startup, A-9

performance, 21-14

Trusted Application Administrators Group, 17-14

tunables, database, 21-9

tuning, 18-8, 21-1

considerations, 18-11

CPU for Oracle foreground processes, 21-6

CPU for Oracle Internet Directory processes, 21-5

CPU usage, 21-4

deployment considerations, 18-11

disk, 21-8

memory, 21-7

overview, 21-2

SGA parameters, 21-11

System Global Area (SGA) for Oracle9i, 21-7

tools, 21-2

two-way authentication, SSL, B-6

types

of attributes, 2-4

of object classes, C-18, C-20

types of external authentication, 42-4

U

Unicode Transformation Format 8-bit (UTF-8), 2-13

uniqueMemberMatch matching rule, B-47

UNIX crypt

for password encryption, 16-3, 16-5, 23-4, B-40, C-31

for password hashing, 16-4

UNIX, starting Oracle Directory Manager on, 4-3

unspecified access, 14-12, 14-30

user

names and passwords, managing

by using ldapmodify, 5-13

by using Oracle Directory Manager, 5-12

password modification event, 10-13

search context, 41-12

User field, in Oracle Directory Manager, 4-4

User Management Application Administrators Group, 17-14

User Preferences

button, 4-11

menu item, 4-9

User Proxy Privilege Group, 17-18

userPassword attribute, hash values, 23-4

users

entries

adding by using ldapadd, 7-11

adding by using Oracle Directory Manager, 7-6

modifying by using ldapmodify, 7-12

modifying by using Oracle Directory Manager, 7-8

guest, 5-11

names and containment, planning, 19-8

proxy, 5-11, 12-5

super, 5-11

UTF-8. See Unicode Transformation Format 8-bit

UTLBSTAT.SQL, 21-3

UTLESTAT.SQL, 21-3

V

values, deleting attribute, A-34

Verifier Services Group, 17-18

View menu, in Oracle Directory Manager, 4-9

virtual memory, 20-12

vmstat utility, 21-2

W

wallets

changing location of, B-6

location, B-6

passwords, 4-7

SSL, B-6

wildcards, in setting access control policies, 14-50

Windows NT

Performance Monitor, 21-2

starting Oracle Directory Manager on, 4-3

Task Manager, 21-2

worker threads, 21-10

specifying in replication, C-13