Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Oracle Directory Server Administration, 10 of 10
To perform an operation on a particular entry, a client must be able to find the server in which that entry resides. In a distributed environment, information about the location of a server can be available in one of two ways:
ldap.ora
) stored on the client host
This section discusses these two methods of locating server information. It contains these topics:
"Discovering LDAP Services with DNS," Michael P. Armijo et alii (draft-ietf-ldapext-locate-08.txt) at
"A DNS RR for specifying the location of services (DNS SRV)", Internet RFC 2782 at
See Also:
http://www.ietf.org
http://www.ietf.org
Using this method, when a client seeks to perform an operation on a directory entry, it obtains directory server location information from the directory server usage file (ldap.ora
) stored on the client host. This file contains configuration parameters that specify:
The file ldap.ora
resides in the file system of the LDAP client. When the client looks for this file, it follows this precedence:
LDAP_ADMIN
environment variable
ORACLE_HOME
/ldap/admin
(or, on Microsoft Windows NT, ORACLE_HOME
\ldap\admin
)
TNS_ADMIN
environment variable
ORACLE_HOME
/network/admin
(or, on Microsoft Windows NT, ORACLE_HOME
\network\admin
)
If the file ldap.ora
is present in more than one location, then the location having higher precedence is honored.
Using the static method to discover a directory server can increase management overhead. For example, because the ldap.ora
file is stored on the client host, the administrator must update that file on every client whenever the host name or port number of a directory server is changed. To avoid this increased overhead, you can enable an application to discover directory servers dynamically by using the domain name system (DNS).
The domain name system (DNS) is a dynamic way of locating domain names and translating them into the actual addresses of computers. This translation process is handled by a central domain name server, which contains information about the locations of directory servers.
Once a network administrator has entered the necessary information about directory server locations in a domain name server, clients can retrieve that information from that server instead of from ldap.ora
files.
For a client to locate a directory server by using DNS, the following steps must have been completed:
To find the directory server on which an entry resides, a client communicates with the domain name server. Specifically, it provides to the domain name server a domain name. The domain name specifies where the needed directory server is located.
To generate the domain name, the client extracts the domain component from the DN entered by the user. For example, in the DN cn=John Doe,ou=accounting,dc=example,dc=net
, the domain component is dc=example,dc=net
. That domain component represents the server on which the requested entry resides. The client then converts that domain name component to a domain name in a format recognized by the domain name server, namely, example.net
.
Figure 5-4 and the accompanying text show the process of locating a directory server from the perspective of a client.
cn=John Doe,ou=accounting,dc=example,dc=net
.
dc=example,dc=net
--to the domain name example.net
.
See Also:
http://www.ietf.org
http://www.ietf.org
Registering server location information for a directory server involves entering a DNS service location record (SRV) into the domain name server. The SRV record contains:
The SRV resource record enables administrators to use several servers for a single domain, to move services from host to host easily, and to designate some hosts as primary servers for a service and others as backups.
The format of the SRV record can be either specific to Oracle Internet Directory servers or standard. For information about Oracle Internet Directory servers, the Oracle Internet Directory-specific format is preferred. When a client first queries a domain name server, it looks for SRV records that have the Oracle Internet Directory-specific format. If it does not find any with this format, then it queries for SRV records that have the standard format.
The Oracle Internet Directory-specific format is:
_Service._Proto._product.Domain TTL Class Type Priority Weight Port Target
Table 5-3 describes the arguments. The following is an example of an SRV record that uses the Oracle Internet Directory-specific format.
_ldap._tcp._oid.acme.com 0 IN SRV 0 1 389 ldap.acme.com
The standard format is:
_Service._Proto.Domain TTL Class Type Priority Weight Port Target
Table 5-3 describes the arguments. The following is an example of an SRV record for a non-SSL-based directory server that uses the standard format.
_ldap._tcp.acme.com 0 IN SRV 0 1 389 ldap.acme.com
Argument | Description |
---|---|
Service |
For a non-SSL-based server, the value for this argument is |
Proto |
The value is always |
Product |
The value is always |
Domain |
The domain name. It is usually obtained by converting the DN of the naming context mastered by the directory server into a domain name. See Also: "How a Client Locates a Directory Server by Using DNS" |
TTL |
Time to live. This argument has the standard DNS meaning. It specifies how long the resource record may be cached before the source of the information is again consulted. |
Class |
This argument has the standard DNS meaning. SRV records occur in the IN class. |
Type |
For all SRV records, the value for this argument is SRV. |
Priority |
The priority of the directory server. A client must attempt to contact the target host with the lowest-numbered priority. |
Weight |
A server selection mechanism, this argument specifies a relative weight for entries with the same priority. If multiple SRVs have the same priority, then they are ordered according to the following protocol:
|
Port |
The port on target host for the directory service. |
Target |
The domain name of the host on which the directory server is running. |
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|