Directory Administration Tools, 2 of 4

Using Oracle Directory Manager

Oracle Directory Manager is a Java-based tool for administering Oracle Internet Directory. This section describes some of its basic features. More specific instructions are found in sections throughout this book that explain how to perform various tasks.

This section contains these topics:

Starting Oracle Directory Manager

Before you can launch Oracle Directory Manager, you must have a directory server instance running.

See Also:

Chapter 3, "Preliminary Tasks and Information" for instructions on starting a server instance

"Oracle Internet Directory Architecture" for a conceptual explanation of directory server instances

To start Oracle Directory Manager, follow the instructions for your operating system:

Operating System Instructions

Windows NT

From the Start menu, click Programs > ORACLE_HOME > Integrated Management > Oracle Directory Manager

UNIX

If you have not set the path, then navigate to ORACLE_HOME/bin.
Type at the system prompt:
oidadmin

Operating System	Instructions
Windows NT	From the Start menu, click Programs > ORACLE_HOME > Integrated Management > Oracle Directory Manager
UNIX	If you have not set the path, then navigate to `ORACLE_HOME/bin.` Type at the system prompt: `oidadmin`

The first time you start Oracle Directory Manager, an alert tells you that you must connect to a server. Click OK. The Directory Server Connection dialog box appears.

Connecting to a Directory Server by Using Oracle Directory Manager

To connect to a directory server:

In the Directory Server Connection dialog box, type the name and port number of an available server.

The default port is 389. You can change the port if you wish. However, if you have an Oracle directory server running on a port that is not the default, then be sure that any clients that use that server are informed of the correct port.

Choose OK. The Oracle Directory Manager Connect dialog box appears.

In each field of the Credentials tab page, type the information specific to this server instance as described in the next table.

Table 4-1 Fields in the Credentials Tab Page

Field	Description
User	The first time you log in, do so either as the super user or anonymously. If you intend to configure SSL features during this session, login as the super user. If you are logging in as the super user, in the User box, type `cn=orcladmin`. If you are logging in anonymously, leave the User box empty. If you have already set up the user's entry by using LDAP command-line tools, you can enter that user's entry in one of two ways: Browse and select that entry by using the button to the right of the User field Type the distinguished name (DN) for that user entry by using the correct format, for example, cn=Susie Brown,ou=HR,o=acme,c=us
Password	If you are logging in as the super user and you specified a password for the super user during installation, in the Password field, type the password you specified. Otherwise, type the default password, namely, `welcome`. After you are logged into Oracle Directory Manager and have connected to a directory server, you should change this password to protect the directory. If you are logging in anonymously, leave the Password filed empty. If you want to login as a specific directory user, enter the corresponding password. See Also: "Managing Super Users, Guest Users, and Proxy Users" for instructions on how to change the password
Server	From the Server list, select the host containing the directory server to which you want to connect. If you are already connected to a directory server, and you want to connect to one on a different host: Click the button to the right of the Server list. The Select Directory Servers dialog box displays a list of available servers. Select a server. Choose OK. To add a directory server to the list: In the Select Directory Servers dialog box, choose Add. The Directory Server Connection dialog box appears. In the Server field, type the name of the directory server you want to add. In the Port field, type the port number for the server you want to add. Choose OK. The added directory appears in the list in the Select Directory Server dialog box. To modify a directory server on the list: Select the directory server you want to modify. Choose Edit. The Directory Server Connection dialog box appears. Modify the Server and Port fields, then choose OK. The modifications for that server appear in the list in the Select Directory Server dialog box.
Port	The default port (389) appears in this field. If there is more than one directory server instance on the same host, then each directory server instance has a different port, and, when you select the directory server instance, that port number appears in this field. To change this port number: Choose the button to the right of the Server field. In the Select Directory Server dialog box, select the directory server. Choose Edit. The Directory Server Connection dialog box appears. In the Directory Server Connection dialog box, in the Port field, enter the new port number, then choose OK.
SSL Enabled	Selecting this check box causes all commands you issue by using Oracle Directory Manager to be sent over Secure Sockets Layer (SSL). You can connect to a directory server either with or without SSL. If you connect by using SSL, then Oracle Directory Manager becomes an SSL client. You can connect in this way if both of the following two conditions are met: The server to which you are connecting uses SSL. If that server does not use SSL, and you select this check box, then authentication fails. You have already created a wallet containing a certificate and a list of trusted certificates.

See Also:

Chapter 13, "Secure Sockets Layer (SSL) and the Directory" for instructions on enabling SSL

"Entries" for instructions on formatting distinguished names

"Configuring SSL Parameters" for information about changing ports and their impact on security

Oracle Advanced Security Administrator's Guide for instructions on creating a wallet by using Oracle Wallet Manager when using SSL

If you selected the SSL Enabled check box on the Credentials tab page, then select the SSL tab.

Enter the requested data in the fields as described in the next table.

Table 4-2 Fields in the SSL Tab Page

Field Description

Field	Description
SSL Location	The client wallet used in two-way authentication. If the client wallet is on the local machine, then type the wallet path and file name by using this syntax: `file:` absolute_path_name If the wallet is on another machine, then link to that location and enter the linked path and file name of the wallet.
SSL Password	The password to open the user's wallet
SSL Authentication	Select the authentication level: No SSL Authentication--Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. If you selected the SSL Enabled check box on the Credentials tab, and choose this option, then only SSL encryption/decryption will be used. SSL Client and Server Authentication--Two-way authentication. Both client and server send certificates to each other. SSL Server Authentication--One-way authentication. Only the directory server authenticates itself to the client by sending its certificate to the client.

SSL Location

The client wallet used in two-way authentication. If the client wallet is on the local machine, then type the wallet path and file name by using this syntax:

file: absolute_path_name

If the wallet is on another machine, then link to that location and enter the linked path and file name of the wallet.

SSL Password

The password to open the user's wallet

SSL Authentication

Select the authentication level:

No SSL Authentication--Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. If you selected the SSL Enabled check box on the Credentials tab, and choose this option, then only SSL encryption/decryption will be used.
SSL Client and Server Authentication--Two-way authentication. Both client and server send certificates to each other.
SSL Server Authentication--One-way authentication. Only the directory server authenticates itself to the client by sending its certificate to the client.

Choose Login. Oracle Directory Manager appears.

Navigating Oracle Directory Manager

This section provides an overview of Oracle Directory Manager, and explains the items in the menu bar and the buttons on the toolbar.

Overview of Oracle Directory Manager

Like the directory itself, the navigator pane (left side of the double window interface) has a tree-like structure. When Oracle Directory Manager first opens, the navigator pane shows only one tree item, Oracle Internet Directory Servers. By clicking the plus sign(+) next to the tree item, subcomponents of that tree item appear.

In the right pane, some windows contain buttons labeled Apply and OK. If you choose Apply, the changes you have made are committed, and the window remains available for more changes. If you press OK, the changes you have made are committed, and the window closes.

Similarly, some windows have buttons that are labeled Revert and Cancel. If you press Revert, then the changes you have made in that window do not take effect, the original values reappear in the fields, and the window stays open for further work. If you press Cancel, the changes you have made in that window do not take effect, and the window closes.

The Oracle Directory Manager Menu Bar

Table 4-3 lists and describes the menus you can access by using the menu bar. Menu items become enabled or disabled depending on the pane or tab page you are displaying.

Table 4-3 Oracle Directory Manager Menu Bar

Menu	Menu Items
File	Create--Adds an object Create Like--Adds a new object by using the object selected in the navigator pane as a template Connect--Connects to a directory server selected in the navigator pane Disconnect--Disconnects from a directory server selected in the navigator pane Exit--Exits Oracle Directory Manager
Edit	Edit--Modifies an object Remove--Removes a selected object Find Object Classes or Find Attributes--Searches for either an object class or an attribute, depending on the context. If, in the navigator pane, you navigate to Oracle Internet Directory > *directory server instance* > Server Management > Object Classes, then this menu item searches for an object class. If you navigate to Oracle Internet Directory > *directory server instance* > Server Management > Attributes, then it searches for attributes.
View	Refresh--Updates data stored in memory to reflect changes in the database Tear-Off--Generates a secondary dialog containing the fields and values displayed in Oracle Directory Manager's right pane. This is useful when comparing two pieces of information.
Operation	Create Object Class--Displays the New Object Class dialog box that you use to add a new object class Create Attribute--Displays the New Attribute Type dialog box that you use to add a new attribute to an entry Create Access Ctrl Point--Displays the New Access Control Point dialog box that you use to add a new access control policy point. Create Entry--Displays the New Entry dialog box that you use to add a new directory entry Refresh Entry--Updates data for entries stored in memory to reflect changes in the database Refresh Subtree Entries--Updates the children of entries stored in memory to reflect changes in the database Configure Search Filter--Narrows the range of entries the navigator pane displays according to whatever filter you specify Drop Index--Removes an index from an attribute. When you select this item, an alert asks you to confirm that you want to drop the index. Search--Enables you to configure ACP searches User Preferences--Displays a dialog box that enables you to: Configure the display of entry search results Establish whether ACPs are displayed whenever Oracle Directory Manager runs, or only as the result of a search
Help	Contents--Displays the Contents tab page of the Help navigator Search for Help On...--Displays the Help Search dialog box that you use to search for words in the online help guide About Oracle Internet Directory--Displays Oracle Internet Directory version information

The Oracle Directory Manager Toolbar

Figure 4-1 and Table 4-4 together illustrate and describe the Oracle Internet Directory toolbar, starting at the left. Buttons become enabled or disabled depending on the pane or tab page you are displaying in Oracle Directory Manager.

Figure 4-1 Oracle Directory Manager Toolbar

Text description of the illustration toolsa.gif

Table 4-4 Oracle Directory Manager Toolbar

Button	Purpose
1	Connect/Disconnect--Connects to or disconnect from a directory server selected in the navigator pane
2	Refresh--Updates data for objects other than entries that are stored in memory to reflect changes in the database
3	Create--Adds a new object
4	Create Like--Adds a new object by using another object as a template
5	Edit--Modifies an object
6	Find Object Classes or Attributes--Searches for either an object class or an attribute, depending on the context. If, in the navigator pane, you navigate to Oracle Internet Directory > directory server instance > Server Management > Object Classes, then this button searches for an object class. If you navigate to Oracle Internet Directory > directory server instance > Server Management > Attributes, then it searches for attributes.
7	Delete--Removes an object
8	Add Object Classes--Adds an object class to an existing entry
9	Refresh Entry--Updates data for entries stored in memory to reflect changes in the database
10	Refresh Subtree Entries--Updates the children of entries stored in memory to reflect changes in the database
11	Configure Search Filter--Narrows the range of entries the navigator pane displays according to whatever filter you specify
12	Drop Index--Removes an index from an attribute. When you click this button, an alert asks you to confirm that you want to drop the index.
13	Search--Enables you to configure ACP searches
14	User Preferences--Enables you to configure the display of ACPs in the navigator pane, as well as entries in a search operation
15	Help--Displays the Help system

Connecting to Additional Directory Servers by Using Oracle Directory Manager

You can connect to more than one directory server at a time, and then view and modify the data, schema, and security for each directory server. If you do this, then each server is listed in the navigator pane under Oracle Internet Directory Servers.

To connect to an additional directory server:

In the navigator pane, select Oracle Internet Directory Servers.
In the right pane, choose New.
Follow the login procedures described in "Connecting to a Directory Server by Using Oracle Directory Manager".

Disconnecting from a Directory Server by Using Oracle Directory Manager

To disconnect from a directory server by using Oracle Directory Manager, from the File menu choose Disconnect. Also, when you exit Oracle Directory Manager, connections between all directory servers and the directory are automatically disconnected.

All connection information is stored in the user's home directory in the file osdadmin.ini.

When you restart Oracle Directory Manager, all previously connected server connections appear in the Directory Server Login dialog box.

Configuring the Display and Duration of Searches in Oracle Directory Manager

You can specify the maximum number of entries to be displayed in Oracle Directory Manager as the result of searches and the duration of searches. You can make these configurations in either Oracle Directory Manager or the directory server or both.

If you make the configuration in both Oracle Directory Manager and the directory server, and the configuration in Oracle Directory Manager does not match the one in the directory server, then Oracle Internet Directory resolves the conflict as follows:

If the value you set in Oracle Directory Manager is greater than that in the directory server, then the configuration of the server prevails. For example, if you set Oracle Directory Manager to search for 2 minutes, and the directory server for 3 minutes, then the actual search duration will be 3 minutes.
If the value you set in Oracle Directory Manager is less than that in the directory server, then the configuration of Oracle Directory Manager prevails. For example, if you set Oracle Directory Manager to search for 2 minutes, and the server for 3 minutes, then the actual search duration is 2 minutes.

To configure the display and duration of searches in Oracle Directory Manager:

In the navigator pane, expand Oracle Internet Directory Servers, and select the server you want to configure.
From the toolbar, select User Preferences. The User Preferences dialog box appears.
In the Configure Entry Management tab page, in the Maximum number of one-level subtree entries field, enter the maximum number of entries to be returned by a search.
In the Search Time Limit field, enter the maximum number of seconds for a search to be completed. The default is 3600.
Choose OK.

To configure the display and duration of searches in an Oracle directory server:

In the navigator pane, expand Oracle Internet Directory Servers and select a directory server instance. The group of tab pages for that server appear in the right pane.
In the System Operational Attributes tab page, in the Query Entry Return Limit field, enter the maximum number of entries to be returned by a search. The default is 1000.
In the Server Operation Time Limit field, enter the maximum number of seconds for a search to be completed. The default is 3600.
Choose Apply.

Performing Administration Tasks by Using Oracle Directory Manager

You can perform most of the Oracle Internet Directory administrative tasks through Oracle Directory Manager. Tasks that you cannot perform through Oracle Directory Manager involve running processes, such as starting and stopping the OID Monitor (oidmon) and starting and stopping server instances. To perform tasks that you cannot perform with Oracle Directory Manager, use the appropriate LDAP command-line tool.

The following table lists the task areas you can manage by using Oracle Directory Manager and where to find instructions for each area.

Table 4-5 Task Areas in Oracle Directory Manager

Task Area	Instructions
Access Control Management	"Managing Access Control by Using Oracle Directory Manager" Managing Access Control by Using Command-Line Tools
Attribute Uniqueness Management	Chapter 8, "Attribute Uniqueness in the Directory"
Audit Log Management	Chapter 10, "Logging, Auditing, and Monitoring the Directory"
Change Log Management	"Change Logs in Directory Replication" Chapter 25, "Oracle Directory Replication Administration" "Oracle Directory Synchronization Service" "Synchronization Scenarios" "Managing the Oracle Directory Integration and Provisioning Server"
Entry Management	"Managing Entries by Using Oracle Directory Manager"
Garbage Collection Management	Chapter 22, "Garbage Collection in Oracle Internet Directory"
Password Policy Management	Chapter 15, "Password Policies in Oracle Internet Directory"
Password Verifier Management	Chapter 16, "Directory Storage of Password Verifiers"
Plug-in Management	Part VIII, "Directory Plug-ins"
Replication Management	Chapter 25, "Oracle Directory Replication Administration"
Schema Management	"Object Classes in the Directory" "Attributes in the Directory"
Server Management	Chapter 5, "Oracle Directory Server Administration"