Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Oracle Internet Directory Administrator's Guide describes the features, architecture, and administration of Oracle Internet Directory. For information about installation, see the installation documentation for your operating system.
This preface contains these topics:
Oracle Internet Directory Administrator's Guide is intended for anyone who performs administration tasks for the Oracle Internet Directory. You should be familiar with either the UNIX operating system or the Microsoft Windows NT operating system in order to understand the line-mode commands and examples. You can perform all of the tasks through the line-mode commands, and you can perform most of the tasks through Oracle Directory Manager, which is operating system-independent.
To use this document, you need some familiarity with the Lightweight Directory Access Protocol (LDAP).
This document contains the chapters and appendixes listed in this section. Oracle Corporation encourages you to read the conceptual and other introductory material presented in Part I before performing installation and maintenance.
Depending on your administrative role, you may find some parts of this guide more pertinent to the tasks you perform.
Part I provides an overview of the product and its features, a conceptual foundation necessary to configure and manage a directory.
This chapter provides an introduction to directories, LDAP, and Oracle Internet Directory features.
This chapter gives an overview of online directories and Lightweight Directory Access Protocol (LDAP). Provides conceptual descriptions of directory entries, attributes, object classes, naming contexts, schemas, distributed directories, security, and Globalization Support. It also discusses Oracle Internet Directory architecture.
This chapter discusses how to prepare your directory for configuration and use. It tells you how to start and stop OID Monitor and instances of Oracle directory server and Oracle directory replication server. It discusses the need to reset the default security configuration, how to upgrade from earlier releases of Oracle Internet Directory, and how to migrate data from other LDAP-compliant directories.
This chapter explains how to use the various administration tools: Oracle Directory Manager, command-line tools, bulk tools, Catalog Management tool, OID Database Password Utility, replication tools, and Database Statistics Collection tool.
Part II guides you through the tasks required to configure and maintain Oracle Internet Directory.
This chapter provides instructions for managing server configuration set entries; setting system operational attributes; managing naming contexts and password encryption; configuring searches; managing super, guest, and proxy users; setting debug logging levels; using audit log; viewing active server instance information; and changing the password to an Oracle database server.
This chapter explains what a directory schema is, what an object class is, and what an attribute is. It tells you how to manage the Oracle Internet Directory schema by using Oracle Directory Manager and the command-line tools.
This chapter explains how to search, view, add, modify and manage entries by using Oracle Directory Manager and the command-line tools.
This chapter explains the attribute uniqueness feature that enables applications synchronizing with Oracle Internet Directory to use attributes other than distinguished names as their unique keys.
This chapter describes both static and dynamic groups and explains how to administer them in Oracle Internet Directory.
This chapter describes the comprehensive framework provided by Oracle Internet Directory for enabling you to debug, audit, and monitor the directory.s
Part III tells how to secure data within the directory itself and within an enterprise deployment of a directory.
This appendix tells how to backup and restore both small and large directories.
This chapter describes the security features available with Oracle Internet Directory, and explains how to deploy the directory for administrative delegation.
This chapter introduces and explains how to configure the features of Secure Sockets Layer (SSL).
This chapter provides an overview of access control policies and describes how to administer directory access.
This chapter discusses password policies--that is, sets of rules that govern how passwords are used. When a user attempts to bind to the directory, the directory server uses the password policy to ensure that the password meets the requirements set in that policy.
This chapter explains how Oracle components store application security credentials in Oracle Internet Directory to make their administration easy for both end users and administrators and to address a major security threat to any enterprise.
This chapter explains how to store all the data for users, groups, and services in one repository, and delegate the administration of that data to various administrators. It also explains the default security configuration in Oracle Internet Directory.
Part IV discusses important deployment considerations, including capacity planning, high availability, and tuning.
This chapter discusses general issues to consider when deploying Oracle Internet Directory. This chapter helps you assess the requirements of a directory in an enterprise and make effective deployment choices.
Many Oracle components use Oracle Internet Directory for a variety of purposes. In doing this, they rely on a consolidated Oracle Internet Directory schema and a default Directory Information Tree (DIT). This chapter:
This chapter tells you how to assess applications' directory access requirements and ensure that the Oracle Internet Directory has adequate computer resources to service requests at an acceptable rate.
This chapter gives guidelines for ensuring that the combined hardware and software are yielding the desired levels of performance.
The term "garbage" refers to any data not needed by the directory but still occupying space on it. The process of removing this unwanted data from the directory is called garbage collection. This chapter describes the predefined garbage collectors available with Oracle Internet Directory, and tells how to modify them.
This chapter explains the steps to migrate data from LDAP v3-compatible and application-specific directories into Oracle Internet Directory.
Part IV provides a detailed discussion of replication and how to manage it.
This chapter expands on the discussion about replication in Chapter 2, "Directory Concepts and Architecture".
This chapter explains how to install and initialize Oracle directory replication server software the first time, and how to install new nodes into an environment where that software is already installed.
This chapter describes the availability and failover features of various components in the Oracle Internet Directory technology stack, and provides guidelines for exploiting them optimally for typical directory deployment.
This chapter describes rack-mounted directory server configuration, which provides high availability of a directory server. This configuration involves running multiple directory server instances on different hardware nodes. The directory servers are connected to the same directory store, which is an Oracle9i Database Server.
This chapter explains how to increase high availability by using logical hosts--as opposed to physical hosts--in clustered environments.
This chapter discusses the ways you can run Oracle Internet Directory in an Oracle Real Application Clusters system.
This chapter describes Oracle Delegated Administration Services, a framework consisting of pre-defined, Web-based units for building administrative and self-service consoles. These consoles can be used by Delegated administrators and users to perform specified directory operations.
This chapter describes the Oracle Internet Directory Self-Service Console, a ready-to-use application created by using Oracle Delegated Administration Services.
Part VII explains the concepts, architecture, and components of the Oracle Directory Integration and Provisioning platform, and tells you how to configure and use it to synchronize multiple directories with Oracle Internet Directory.
This chapter introduces the Oracle Directory Integration and Provisioning platform, its components, architecture, and administration tools.
This chapter discusses the synchronization profiles and connectors that link Oracle Internet Directory and connected directories.
This chapter describes the Oracle Directory Provisioning Integration Service, which enables your applications to receive provisioning information from Oracle Internet Directory.
This chapter discusses Oracle directory integration and provisioning server and tells you how to configure and manage it.
This chapter discusses the most important aspects of security in the Oracle Directory Integration and Provisioning platform.
This chapter explains some of the initial setup tasks you may need to perform as you begin using the Oracle Directory Integration and Provisioning platform.
This chapter explains how to synchronize data to Oracle Internet Directory from tables in a relational database. The synchronization can be either incremental--for example, one database table row at a time--or all the database tables at once.
If you store employee data in Oracle Internet Directory, and if you use Oracle Human Resources to create, modify, and delete that data, then you must ensure that the data is synchronized between the two. This chapter explains the Oracle Human Resources agent, which enables you to do this.
In Oracle Internet Directory 10g (9.0.4), you can use the Oracle Directory Provisioning Integration Service to synchronize user accounts and other user information from the Oracle E-Business Suite.
Before you begin integrating any third-party directory with Oracle Internet Directory, you need to decide how you want to configure the integrated environment. This chapter discusses the basic decisions you need to make. Once you have made them, you can follow the steps for setting up successive bootstrapping and synchronization of data between the directories.
This chapter explains how you can synchronize between Oracle Internet Directory and an SunONE Directory Server by using the SunONE connector.
This chapter explains how to integrate the Oracle Application Server infrastructure with the Microsoft Windows Operating System. This integration is achieved by using the Active Directory Connector in the Oracle Directory Integration and Provisioning platform.
Oracle Internet Directory uses change logs to enable synchronization with supported third party metadirectory solutions. This chapter describes how change log information is generated and how supporting solutions use that information. It tells you how to enable the directory integration agents of third-party metadirectory solutions so that they can synchronize with Oracle Internet Directory.
This chapter describes how you can extend the capabilities of the Oracle directory server by using plug-ins developed by either Oracle Corporation or third-party vendors.
Oracle Internet Directory uses plug-ins to add password value checking to its other password policy management capabilities. These plug-ins enable you to verify that, for example, a new or modified password has the specified minimum length. You can customize password value checking to meet your own requirements. This chapter describes the plug-in for password policies and provides an example of its use.
You can store user security credentials in a repository other than Oracle Internet Directory--for example, a database or another LDAP directory--and use these credentials for user authentication to Oracle components. You do not need to store the credentials in Oracle Internet Directory and then worry about keeping them synchronized. Authenticating a user by way of credentials stored in an external repository is called external authentication. This chapter describes the external authentication plug-in and provides an example of its use.
This appendix provides syntax, usage notes, and examples for LDAP Data Interchange Format and LDAP command-line tools.
This appendix lists schema elements supported in Oracle Internet Directory.
This appendix lists and describes the various fields and control devices in Oracle Directory Manager and the Oracle Internet Directory Self-Service Console.
This appendix, copied with permission from the Internet Engineering Task Force (IETF), describes a directory access protocol that provides both read and update access.
This appendix describes the format (syntax) of Access Control Information Items(ACIs).
This chapter describes an alternate method of adding a node to a replicated directory system if the directory is very large.
This chapter discusses Globalization Support as used by Oracle Internet Directory.
This appendix lists possible failures and error codes and their probable causes.
For more information, see:
Printed documentation is available for sale in the Oracle Store at
http://oraclestore.oracle.com/
To download free release notes, installation documentation, white papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registration is free and can be done at
http://otn.oracle.com/membership/
If you already have a username and password for OTN, then you can go directly to the documentation section of the OTN Web site at
http://otn.oracle.com/documentation/
For additional information, see:
http://www.iana.org
, for information about object identifiers
http://www.ietf.org
, especially:
http://www.openldap.org
This section describes the conventions used in the text and code examples of this documentation set. It describes:
We use various conventions in text to help you more quickly identify special terms. The following table describes those conventions and provides examples of their use.
Code examples illustrate SQL, PL/SQL, SQL*Plus, or other command-line statements. They are displayed in a monospace (fixed-width) font and separated from normal text as shown in this example:
SELECT username FROM dba_users WHERE username = 'MIGRATE';
The following table describes typographic conventions used in code examples and provides examples of their use.
The following table describes conventions for Windows operating systems and provides examples of their use.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For additional information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consists solely of a bracket or brace.
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|