Fields in Oracle Internet Directory Self-Service Console

This section contains these topics:

• User Management Fields in the Oracle Internet Directory Self-Service Console

• Identity Management Realm Fields in the Oracle Internet Directory Self-Service Console

• Resource Access Information Fields in the Oracle Internet Directory Self-Service Console

User Management Fields in the Oracle Internet Directory Self-Service Console

Table C-44  Fields in the Add New Attributes Window

Field	Description
Directory Attribute Name	The attribute name
UI Label	Specify the friendly name of the attribute to be displayed in the user interface. For example, you can display the sn attribute as Last Name in the interface.
Required Field	Specify whether you want the attribute to be required in user creation and modification. Required attributes appear in the interface with an asterisk (*) to the left of the field. If you do not select this check box, then the attribute is optional.
Viewable	Specify whether you want the attribute to appear in search results by selecting this check box.
Self-Editable	Specify whether the end user can modify the value for this attribute in his or her own entry by using the Edit My Profile window.
Password Reset Validation	Select to specify that this attribute can be used to validate the user if the user forgets his or her password.
Searchable	By default, when a user enters a search request, the Oracle Internet Directory Self-Service Console searches based on the cn, firstname, lastname, and e-mail attributes. You can customize the attributes that can be searchable. For example, if you want to enable searching based on the attribute you are adding, then select this check box. The only restriction is that, to be searchable, the attribute must be cataloged.
UI Type	Specify the type of interface for this field. Options are: Single Line Text--a text field into which the user enters a value Multi Line Text--a text area where a user can type multiple lines of text Predefined List--a combo box in which a user selects a value from a drop-down list. When you select this type of interface, the LOV Values text area appears. In that text area, enter the values for the list, pressing the ENTER key after each one. Date--a text field into which the user enters a date--for example, an employee's birthday Browse and Select--a button enabling the user to browse for a manager's entry or any entry that needs a DN as an attribute value Number--a text field into which the user enters numbers only--for example, a postal code

See Also: "Configuring User Entries by Using the Oracle Internet Directory Self-Service Console"

Table C-45  Fields in the Editing Attribute Window

Field	Description
UI Label	Specify the friendly name of the attribute to be displayed in the user interface. For example, you can display the sn attribute as Last Name in the interface.
Required Field	Specify whether you want the attribute to be required in user creation and modification. Required attributes appear in the interface with an asterisk (*) to the left of the field. If you do not select this check box, then the attribute is optional.
Viewable	Specify whether you want the attribute to appear in search results by selecting this check box.
Self-Editable	Specify whether the end user can modify the value for this attribute in his or her own entry by using the Edit My Profile window.
Password Reset Validation	Select to specify that this attribute can be used to validate the user if the user forgets his or her password.
Searchable	By default, when a user enters a search request, the Oracle Internet Directory Self-Service Console searches based on the cn, firstname, lastname, and e-mail attributes. You can customize the attributes that can be searchable. For example, if you want to enable searching based on the attribute you are editing, then select this checkbox.The only restriction is that, to be searchable, the attribute must be cataloged.
UI Type	Specify the type of interface for this field. Options are: Single Line Text--a text field into which the user enters a value Multi Line Text--a text area where a user can type multiple lines of text Predefined List--a combo box in which a user selects a value from a drop-down list. When you select this type of interface, the LOV Values text area appears. In that text area, enter the values for the list, pressing the ENTER key after each one. Date--a text field into which the user enters a date--for example, an employee's birthday Browse and Select--a button enabling the user to browse for a manager's entry or any entry that needs a DN as an attribute value Number--a text field into which the user enters numbers only--for example, a postal code

See Also: "Configuring User Entries by Using the Oracle Internet Directory Self-Service Console"

Table C-46  Fields in the Assign Privileges Windows

Privilege	Description of Access Granted
Allow user creation	Create user entries
Allow user editing	Modify user entries
Allow user deletion	Delete user entries
Allow group creation	Create group entries
Allow group editing	Modify group entries
Allow group deletion	Delete group entries
Allow privilege assignment to users	Assign access rights to users
Allow privilege assignment to groups	Assign access rights to groups
Allow service management	Enable group members to manage services for users. If this is selected, then a Services link becomes available in the Directory tab page when the latter is accessed by group members.
Allow account management	Enable group members to manage services for users. If this is selected, then an Accounts link becomes available in the Directory tab page when the latter is accessed by group members.
Allow Oracle Delegated Administration Services configuration	Configure Oracle Delegated Administration Services user interface

See Also: Assigning Privileges to Users by Using the Oracle Internet Directory Self-Service Console "Assigning Privileges to Groups by Using the Oracle Internet Directory Self-Service Console"

Identity Management Realm Fields in the Oracle Internet Directory Self-Service Console

Table C-47  Create Identity Management Realm Window for ASP Administrators

Field	Description
Basic Information
Realm Name	Enter a relatively short version of the name of the realm for this realm. The name you enter is used to create the DN for this realm entry. This field is mandatory.
Realm Contact	Enter the name of the person to contact for any issues regarding this realm.
Description	Enter any additional information about this realm. This field is optional.
Logo Management
Enable Realm Logo	Select to display the realm logo on the Identity Management Realm Configuration window.
Enable Product Logo	Select to display the product logo on the Identity Management Realm Configuration window. Note: If both Enable Realm Logo and Enable Product Logo are selected, then the realm logo appears at the top, with the product logo beneath it.
Update Realm Logo	Enter the path and file name of the logo for this realm or, alternatively, navigate to it by choosing Browse.

Table C-48  Fields in the Identity Management Realm Window

Field	Description
Directory Configuration
Attribute for Login Name	Enter the attribute by which you want users to identify themselves when they log in--for example, UID, EmployeeNumber, SSN. This is the attribute that uniquely identifies the user. Oracle Application Server Single Sign-On locates the user by using this attribute during login. When you make changes to this attribute, be sure that the user entries contain this attribute and are unique. You can enforce the uniqueness by setting up an attribute uniqueness constraint on this attribute under the user search base. This field is mandatory.
Attribute for RDN	The attribute used for creating the RDN component of the user entry. The value you enter for this field should not be the same as the value you entered in the Attribute for Login Name field.
User Search Base	Enter the DN of the entry under which the user entries for this realm are located. Make sure you enter the valid DN and users are present under this context. Oracle Application Server Single Sign-On looks for users under this context during user login. Also, be sure that all the ACLs are set up properly. Any discrepancy among the ACLs will disrupt either the login process or the behavior of Oracle Internet Directory Self-Service Console. This field is mandatory.
User Creation Base	Enter the DN of the entry under which to create users for this realm. This should be the same as that for the user search base. If you want to distribute the users under different contexts under the user search base, then you can set this value to be different than that of the user search base. In either case, this DN should be either that of the user search base, or of a context under the user search base. For example, if the user search base is cn=users,dc=acme,dc=com, and you want to divide the users based on the locality, then you can set this value to: L=America, cn=users,dc=acme,dc=com L=Asia, cn=users,dc=acme,dc=com L=Europe, cn=users,dc=acme,dc=com Note: The Oracle Internet Directory Self-Service Console expects these contexts to be present and the privileges under these contexts to be set correctly.
Group Search Base	Enter the DN of the entry under which group entries for this realm are located. This field is mandatory.
Group Creation Base	Enter the DN of the entry under which to create groups for this realm
Search Return Limit	Enter the maximum number to be displayed in a search. This field is mandatory.
Logo Management
Enable Realm Logo	Select to display the realm logo on the Identity Management Realm Configuration window.
Enable Product Logo	Select to display the product logo on the Identity Management Realm Configuration window. Note: If both Enable Realm Logo and Enable Product Logo are selected, then the realm logo appears at the top, with the product logo beneath it.
Update Realm Logo	Enter the path and file name of the logo for this realm or, alternatively, navigate to it by choosing Browse.

See Also: "Configuring an Identity Management Realm by Using the Oracle Internet Directory Self-Service Console" Appendix H, "Setting up Access Controls for Creation and Search Bases for Users and Groups" for instructions on properly setting up creation and search bases if you modify them

Resource Access Information Fields in the Oracle Internet Directory Self-Service Console

Table C-49 Fields in the Create Resource Type Window

Property	Description
Display Name	Name to be used when the resource type appears in the user interface.
Description	Textual description that explains the purpose of the resource type and any other information you want to enter for it.
Authentication Class	Leave this field blank.
Connection String	Format for constructing the connection string using the values stored in Oracle Internet Directory for the resource. For example: For the Oracle9i Database Server or a JDBC data source your connection string format might be: orclUserIDAttribute/orclPasswordAttribute @orclFlexAttribute1 This string indicates that the user name is followed by a slash, the password, an at sign (@), and then additional attribute 1--for example, for the TNS name of the database. A connection string that adheres to this format would look similar to this one: scott/tiger@db1 For Oracle Express your connection string format might be: server=orclFlexAttribute1/domain=orclFlexAttribute2/user=orclUserIDAttribute/password=orclPasswordAttribute This string indicates that server= is followed by the first additional attribute, a slash, domain=, the second additional attribute, a slash, the user name, a slash, and the password. A connection string that adheres to this format would look similar to this one: server=a1/domain=a2/user=scott/password=tiger
User Name/ID Field Name	Display name of the user name field that appears on the Create Resource window when a user creates new resource access information. Typically, this display name is something like "Username" or "User Name".
Password Field Name	Display name of the password field in the Create Resource window. Typically, this display name is "Password".
Additional Fields	Display name of the additional fields displayed in the Create Resource window beyond user name and password. For example, you might use one of these fields to contain a server or domain name. Typically, this display name is descriptive of the field contents, such as "Server" or "Domain".