Contents
- Audience
- Documentation Accessibility
- Structure
- Related Documents
- Conventions
- New Features Introduced with Oracle Internet Directory 10g Release 2 (10.1.2)
- New Features Introduced with Oracle Internet Directory 10g (9.0.4)
- About Oracle Internet Directory Release 9.2
- New Features Introduced with Oracle Internet Directory Release 9.0.2
- New Features Introduced with Oracle Internet Directory Release 3.0.1
- New Features Introduced with Oracle Internet Directory Release 2.1.1
- 1.1 What Is a Directory?
- 1.1.1 The Expanding Role of Online Directories
- 1.1.2 The Problem: Too Many Special-Purpose Directories
- 1.2 What Is the Lightweight Directory Access Protocol (LDAP)?
- 1.2.1 LDAP and Simplified Directory Management
- 1.2.2 LDAP Version 3
- 1.3 Oracle Identity Management
- 1.4 What Is Oracle Internet Directory?
- 1.4.1 Overview of Oracle Internet Directory
- 1.4.2 Components of Oracle Internet Directory
- 1.4.3 Advantages of Oracle Internet Directory
- 1.4.3.1 Scalability
- 1.4.3.2 High Availability
- 1.4.3.3 Security
- 1.4.3.4 Integration with the Oracle Environment
- 1.5 How Oracle Components Use Oracle Internet Directory
- 1.5.1 Easier and More Cost-Effective Administration of Applications
- 1.5.2 Tighter Security Through Centralized Security Policy Administration
- 1.5.3 Integration of Multiple Directories
- 2.1 Oracle Internet Directory Architecture
- 2.1.1 An Oracle Internet Directory Node
- 2.1.2 An Oracle Directory Server Instance
- 2.1.3 Directory Metadata
- 2.1.4 Configuration Set Entries
- 2.2 Example: How Oracle Internet Directory Works
- 2.3 Entries
- 2.3.1 Distinguished Names (DNs) and Directory Information Trees (DITs)
- 2.3.2 Entry Caching
- 2.4 Attributes
- 2.4.1 Kinds of Attribute Information
- 2.4.2 Single-Valued and Multivalued Attributes
- 2.4.3 Common LDAP Attributes
- 2.4.4 Attribute Syntax
- 2.4.5 Attribute Matching Rules
- 2.4.6 Attribute Options
- 2.5 Object Classes
- 2.5.1 Subclasses, Superclasses, and Inheritance
- 2.5.2 Object Class Types
- 2.5.2.1 Structural Object Classes
- 2.5.2.2 Auxiliary Object Classes
- 2.5.2.3 Abstract Object Classes
- 2.6 Naming Contexts
- 2.7 Security
- 2.8 Globalization Support
- 2.9 Distributed Directories
- 2.9.1 Directory Replication
- 2.9.2 Directory Partitioning
- 2.10 Knowledge References and Referrals
- 2.11 Oracle Delegated Administration Services and the Oracle Internet Directory Self-Service Console
- 2.12 The Service Registry and Service to Service Authentication
- 2.13 Oracle Directory Integration and Provisioning
- 2.14 Oracle Internet Directory and Identity Management
- 2.14.1 About Identity Management
- 2.14.2 About the Oracle Identity Management Infrastructure
- 2.14.3 Identity Management Realms
- 2.14.3.1 Default Identity Management Realm
- 2.14.3.2 Identity Management Policies
- 2.15 Resource Information
- 2.15.1 Resource Type Information
- 2.15.2 Resource Access Information
- 2.15.3 Location of Resource Information in the DIT
- 3.1 Task 1: Start the OID Monitor
- 3.2 Task 2: Start a Server Instance
- 3.3 Task 3: Reset the Default Security Configuration
- 3.4 Task 4: Reset the Default Password for the Database
- 3.5 Task 5: Run the OID Database Statistics Collection Tool
- 3.6 Log File Locations
- 4.1 Using Oracle Directory Manager
- 4.1.1 Starting Oracle Directory Manager
- 4.1.2 Connecting to a Directory Server by Using Oracle Directory Manager
- 4.1.3 Navigating Oracle Directory Manager
- 4.1.3.1 Overview of Oracle Directory Manager
- 4.1.3.2 The Oracle Directory Manager Menu Bar
- 4.1.3.3 The Oracle Directory Manager Toolbar
- 4.1.4 Connecting to Additional Directory Servers by Using Oracle Directory Manager
- 4.1.5 Disconnecting from a Directory Server by Using Oracle Directory Manager
- 4.1.6 Configuring the Display and Duration of Searches in Oracle Directory Manager
- 4.1.7 Performing Administrative Tasks by Using Oracle Directory Manager
- 4.2 Process Control of Oracle Internet Directory Components
- 4.2.1 Oracle Internet Directory Integration with OPMN
- 4.2.1.1 Semantics of OPMN Monitoring Oracle Internet Directory
- 4.2.1.2 Oracle Internet Directory Snippet in OPMN.XML
- 4.2.1.3 Semantics of OPMN Starting Oracle Internet Directory
- 4.2.1.4 Semantics of OPMN Stopping Oracle Internet Directory
- 4.2.1.5 Semantics of OPMN Monitoring OIDMON
- 4.2.2 Oracle Internet Directory Process Control–Best Practices
- 4.2.2.1 Changing the Configuration of the Default OID LDAP Server Instance
- 4.2.2.2 Configuring Additional Oracle Internet Directory LDAP Server Instances
- 4.2.2.3 Deconfiguring the Default Oracle Internet Directory LDAP Server Instance
- 4.2.2.4 Configuring an Instance of the Oracle Internet Directory Replication Server
- 4.2.2.5 Configuring an Oracle Directory Integration and Provisioning Server Instance
- 4.2.3 OIDMON, OIDCTL, and OPMN
- 4.2.4 Process Control Semantics
- 4.2.4.1 Interaction Between OIDCTL and OIDMON
- 4.2.4.2 Semantics of OIDMON Stop and Start
- 4.3 Using Command-Line Tools
- 4.3.1 Command-Line Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers
- 4.3.2 Command-Line Tools for Managing Entries and Attributes
- 4.3.3 Command-Line Tools for Performing Bulk Operations
- 4.3.4 Command-Line Tools for Managing Replication
- 4.3.5 OID Migration Tool (ldifmigrator)
- 4.3.6 OID Database Statistics Tool (oidstats.sql)
- 4.3.7 OID Database Password Utility (oidpasswd)
- 4.4 Routine Administration at a Glance
- 5.1 Managing Server Configuration Set Entries
- 5.1.1 Preliminary Considerations for Managing Configuration Set Entries
- 5.1.2 Managing Server Configuration Set Entries by Using Oracle Directory Manager
- 5.1.2.1 Viewing Configuration Set Entries by Using Oracle Directory Manager
- 5.1.2.2 Adding Configuration Set Entries by Using Oracle Directory Manager
- 5.1.2.3 Modifying Configuration Set Entries by Using Oracle Directory Manager
- 5.1.2.4 Deleting Configuration Set Entries by Using Oracle Directory Manager
- 5.1.3 Managing Server Configuration Set Entries by Using Command-Line Tools
- 5.1.3.1 Adding Configuration Set Entries by Using ldapadd
- 5.1.3.2 Modifying and Deleting Configuration Set Entries by Using ldapmodify
- 5.2 Setting System Operational Attributes
- 5.2.1 Setting System Operational Attributes by Using Oracle Directory Manager
- 5.2.2 Setting System Operational Attributes by Using ldapmodify
- 5.3 Managing Naming Contexts
- 5.3.1 Publishing Naming Contexts by Using Oracle Directory Manager
- 5.3.2 Publishing Naming Contexts by Using ldapmodify
- 5.4 Managing Super Users, Guest Users, and Proxy Users
- 5.4.1 About Super Users, Guest, Users, and Proxy Users
- 5.4.2 Managing Super Users, Guest Users, and Proxy Users by Using Oracle Directory Manager
- 5.4.3 Managing Super Users, Guest Users, and Proxy Users by Using ldapmodify
- 5.5 Viewing Active Server Instance Information
- 5.6 Closing Idle LDAP Connections
- 5.7 Changing the Password to the Oracle Internet Directory Database Server
- 5.8 Dereferencing Alias Entries
- 5.8.1 About Alias Entries
- 5.8.2 Examples: Using Alias Entry Dereferencing
- 5.8.2.1 Example: Adding an Alias Entry
- 5.8.2.2 Examples: Searching the Directory with Alias Entries
- 5.8.2.3 Example: Modifying Alias Entries
- 5.8.3 Success and Error Messages
- 5.9 Locating Directory Servers in a Distributed Environment
- 5.9.1 Static Directory Server Discovery by Using the Directory Server Usage File (ldap.ora)
- 5.9.2 Dynamic Directory Server Discovery by Using the Domain Name System (DNS)
- 5.9.2.1 How a Client Locates a Directory Server by Using DNS
- 5.9.2.2 Registering a Directory Server with the Domain Name System
- 6.1 Managing Entries by Using Oracle Directory Manager
- 6.1.1 Searching for Entries by Using Oracle Directory Manager
- 6.1.2 Viewing Attributes for a Specific Entry by Using Oracle Directory Manager
- 6.1.3 Adding Entries by Using Oracle Directory Manager
- 6.1.3.1 Adding a New Entry by Using Oracle Directory Manager
- 6.1.3.2 Adding an Entry by Copying an Existing Entry in Oracle Directory Manager
- 6.1.3.3 Example: Adding a User Entry by Using Oracle Directory Manager
- 6.1.4 Modifying Entries by Using Oracle Directory Manager
- 6.1.4.1 Example: Modifying a User Entry by Using Oracle Directory Manager
- 6.1.5 Managing Entries with Attribute Options by Using Oracle Directory Manager
- 6.1.5.1 Adding an Attribute Option to an Existing Entry by Using Oracle Directory Manager
- 6.1.5.2 Modifying an Attribute Option by Using Oracle Directory Manager
- 6.1.5.3 Deleting an Attribute Option by Using Oracle Directory Manager
- 6.2 Managing Entries by Using Command-Line Tools
- 6.2.1 Command-Line Tools for Managing Entries
- 6.2.1.1 Example: Adding a User Entry by Using ldapadd
- 6.2.1.2 Example: Modifying a User Entry by Using ldapmodify
- 6.2.2 Managing Entries with Attribute Options by Using Command-Line Tools
- 6.2.2.1 Example: Adding an Attribute Option by Using ldapmodify
- 6.2.2.2 Example: Deleting an Attribute Option by Using ldapmodify
- 6.2.2.3 Example: Searching for Entries with Attribute Options by Using ldapsearch
- 6.3 Managing Entries by Using Bulk Tools
- 6.3.1 Importing an LDIF File by Using bulkload
- 6.3.1.1 Task 1: Back Up the Oracle Database Server
- 6.3.1.2 Task 2: Find Out the Oracle Internet Directory Password
- 6.3.1.3 Task 3: Check Input for Schema and Data Consistency Violations
- 6.3.1.4 Task 4: Generate the Input Files for SQL*Loader
- 6.3.1.5 Task 5: Load the Input Files
- 6.3.1.6 If Bulk Loading Fails
- 6.3.2 Converting Directory Data to LDIF
- 6.3.3 Modifying a Large Number of Entries
- 6.3.4 Deleting a Large Number of Entries
- 6.4 Managing Knowledge References and Referrals
- 6.4.1 Configuring Smart Referrals
- 6.4.2 Configuring Default Referrals
- 6.4.3 Client-Side Referral Caching
- 6.4.3.1 How Client-Side Referral Caching Works
- 7.1 About Attribute Uniqueness
- 7.2 Rules for Creating Attribute Uniqueness
- 7.2.1 Specifying Multiple Attribute Names in an Attribute Uniqueness Constraint
- 7.2.2 Specifying Multiple Subtrees in an Attribute Uniqueness Constraint
- 7.2.3 Specifying Multiple Scopes in an Attribute Uniqueness Constraint
- 7.2.4 Specifying Multiple Object Classes in an Attribute Uniqueness Constraint
- 7.2.5 Specifying Multiple Subtrees, Scopes, and Object Classes in an Attribute Uniqueness Constraint
- 7.3 Managing Attribute Uniqueness
- 7.3.1 Location of Attribute Uniqueness Entries
- 7.3.2 Managing Attribute Uniqueness by Using Oracle Directory Manager
- 7.3.2.1 Creating an Attribute Uniqueness Constraint Entry
- 7.3.2.2 Modifying an Attribute Uniqueness Constraint Entry by Using Oracle Directory Manager
- 7.3.2.3 Deleting an Attribute Uniqueness Constraint Policy by Using Oracle Directory Manager
- 7.3.3 Managing Attribute Uniqueness by Using Command-Line Tools
- 7.3.3.1 Enabling and Disabling Attribute Uniqueness by Using Command-Line Tools
- 7.3.3.2 Creating Attribute Uniqueness Constraint Entries by Using Command-Line Tools
- 7.3.3.3 Modifying Attribute Uniqueness Constraint Entries by Using Command-Line Tools
- 7.3.3.4 Deleting Attribute Uniqueness Constraint Entries by Using Command-Line Tools
- 7.4 Limitations of Attribute Uniqueness in Oracle Internet Directory 10g Release 2 (10.1.2)
- 8.1 About the Directory Schema
- 8.2 Object Classes in the Directory
- 8.2.1 About Object Class Management
- 8.2.1.1 Inheritance
- 8.2.1.2 Mandatory and Optional Attributes in Object Classes
- 8.2.1.3 Addition of Entries in Top-Down Sequence
- 8.2.1.4 Object Class Explosion
- 8.2.2 Guidelines for Adding, Modifying, and Deleting Object Classes
- 8.2.2.1 Guidelines for Adding Object Classes
- 8.2.2.2 Guidelines for Modifying Object Classes
- 8.2.2.3 Guidelines for Deleting Object Classes
- 8.2.3 Managing Object Classes by Using Oracle Directory Manager
- 8.2.3.1 Searching for Object Classes by Using Oracle Directory Manager
- 8.2.3.2 Viewing Properties of Object Classes by Using Oracle Directory Manager
- 8.2.3.3 Adding Object Classes by Using Oracle Directory Manager
- 8.2.3.4 Modifying Object Classes by Using Oracle Directory Manager
- 8.2.3.5 Deleting Object Classes by Using Oracle Directory Manager
- 8.2.4 Managing Object Classes by Using Command-Line Tools
- 8.2.4.1 Example: Adding a New Object Class
- 8.2.4.2 Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class
- 8.3 Attributes in the Directory
- 8.3.1 About Attribute Management
- 8.3.1.1 Rules for Adding Attributes
- 8.3.1.2 Rules for Modifying Attributes
- 8.3.1.3 Rules for Deleting Attributes
- 8.3.2 Managing Attributes by Using Oracle Directory Manager
- 8.3.2.1 Viewing All Directory Attributes by Using Oracle Directory Manager
- 8.3.2.2 Searching for Attributes by Using Oracle Directory Manager
- 8.3.2.3 Adding an Attribute by Using Oracle Directory Manager
- 8.3.2.4 Modifying an Attribute by Using Oracle Directory Manager
- 8.3.2.5 Deleting an Attribute by Using Oracle Directory Manager
- 8.3.2.6 Indexing an Attribute by Using Oracle Directory Manager
- 8.3.3 Managing Attributes by Using Command-Line Tools
- 8.3.3.1 Adding and Modifying Attributes by Using ldapmodify
- 8.3.3.2 Deleting Attributes by Using ldapmodify
- 8.3.3.3 Indexing an Attribute by Using Command-Line Tools
- 8.4 How to Extend the Number of Attributes Associated with Entries
- 8.4.1 Extending the Number of Attributes Prior to Creating Entries in the Directory
- 8.4.2 Extending the Number of Attributes for Existing Entries by Creating an Auxiliary Object Class
- 8.4.3 Extending the Number of Attributes for Existing Entries by Creating a Content Rule
- 8.4.3.1 Rules for Creating and Modifying Content Rules
- 8.4.3.2 Schema Enforcement When Using Content Rules
- 8.4.3.3 Searches for Object Classes Listed in Content Rules
- 8.4.3.4 Managing Content Rules
- 8.5 Matching Rules in the Directory
- 8.5.1 Viewing Matching Rules by Using Oracle Directory Manager
- 8.5.2 Viewing Matching Rules by Using ldapsearch
- 8.6 Syntaxes in the Directory
- 8.6.1 Viewing Syntaxes by Using Oracle Directory Manager
- 8.6.2 Viewing Syntaxes by Using by Using ldapsearch
- 9.1 About Groups
- 9.1.1 Static Groups
- 9.1.1.1 Schema Elements for Creating Static Groups
- 9.1.2 Dynamic Groups
- 9.1.2.1 Schema Elements for Creating a Dynamic Group
- 9.1.2.2 Limitations of Dynamic Groups in Oracle Internet Directory 10g Release 2 (10.1.2)
- 9.1.3 Hierarchies
- 9.1.4 Querying Group Entries
- 9.1.5 When to Use Each Kind of Group
- 9.2 Managing Group Entries
- 9.2.1 Managing Static Group Entries by Using Oracle Directory Manager
- 9.2.1.1 Creating Static Group Entries by Using Oracle Directory Manager
- 9.2.1.2 Modifying a Static Group Entry by Using Oracle Directory Manager
- 9.2.2 Managing Static Group Entries by Using Command-Line Tools
- 9.2.2.1 Creating a Static Group Entry by Using ldapadd
- 9.2.2.2 Modifying a Static Group by Using ldapmodify
- 9.2.3 Examples of Dynamic Group Entries
- 9.2.3.1 Example: a Dynamic Group Entry Using the labeledURI Attribute
- 9.2.3.2 Example: a Dynamic Group Entry Using the CONNECTBY Assertion
- 9.2.4 Managing Dynamic Groups by Using Oracle Directory Manager
- 9.2.4.1 Creating Dynamic Group Entries by Using Oracle Directory Manager
- 9.2.4.2 Modifying a Dynamic Group Entry by Using Oracle Directory Manager
- 9.2.5 Managing Dynamic Groups by Using Command-Line Tools
- 9.2.5.1 Creating a Dynamic Group Entry by Using ldapadd
- 9.2.5.2 Example: Creating a Dynamic Group Entry by Using ldapadd
- 9.2.5.3 Example: Modifying a Dynamic Group by Using ldapmodify
- 10.1 Using Debug Logging
- 10.1.1 About Oracle Internet Directory Debug Logging
- 10.1.2 About Log Messages
- 10.1.2.1 Log Messages for Specified LDAP Operations
- 10.1.2.2 Log Messages Not Associated with Specified LDAP Operations
- 10.1.2.3 Example: Trace Messages in Oracle Internet Directory Server Log File
- 10.1.2.4 How to Interpret Trace Messages in the Log File
- 10.1.3 Setting Debug Logging Levels
- 10.1.3.1 Setting Debug Logging Levels by Using Oracle Directory Manager
- 10.1.3.2 Setting Debug Logging Levels by Using the OID Control Utility
- 10.1.4 Setting the Operation Debug Dimension
- 10.1.4.1 Setting the Operation Debug Dimension by Using Oracle Directory Manager
- 10.1.4.2 Setting the Operation Debug Dimension by Using ldapmodify
- 10.1.5 Force Flushing the Trace Information to a Log File
- 10.2 Using the Audit Log
- 10.2.1 Structure of Audit Log Entries
- 10.2.2 Position of Audit Log Entries in the DIT
- 10.2.3 Auditable Events
- 10.2.4 Setting the Audit Level
- 10.2.4.1 Setting the Audit Level by Using Oracle Directory Manager
- 10.2.4.2 Setting the Audit Level by Using ldapmodify
- 10.2.5 Searching for Audit Log Entries
- 10.2.5.1 Searching for Audit Log Entries by Using Oracle Directory Manager
- 10.2.5.2 Searching for Audit Log Entries by Using ldapsearch
- 10.2.6 Purging the Audit Log
- 10.3 Monitoring Oracle Internet Directory Servers
- 10.3.1 Capabilities of Oracle Internet Directory Server Manageability
- 10.3.2 Oracle Internet Directory Server Manageability Architecture and Components
- 10.3.3 Location of Configuration Information for Oracle Internet Directory Server Manageability
- 10.3.4 Configuring Oracle Internet Directory Server Manageability
- 10.3.5 Configuring Critical Events
- 10.3.6 Using the Oracle Internet Directory Server Manageability Framework Through Oracle Enterprise Manager 10g Application Server Control Console
- 10.3.6.1 Enabling Information Collection by Using Oracle Enterprise Manager 10g Application Server Control Console
- 10.3.6.2 Starting a New Directory Server Instance by Using Oracle Enterprise Manager 10g Application Server Control Console
- 10.3.6.3 Stopping a Directory Server Instance by Using Oracle Enterprise Manager 10g Application Server Control Console
- 10.3.6.4 Restarting a Directory Server Instance by Using Oracle Enterprise Manager 10g Application Server Control Console
- 10.3.6.5 Viewing Directory Server Activities by Using Oracle Enterprise Manager 10g Application Server Control Console
- 10.3.6.6 Viewing Directory Server Operations by Using Oracle Enterprise Manager 10g Application Server Control Console
- 11.1 Backing Up and Restoring a Small Directory or Specific Naming Context
- 11.2 Backing Up and Restoring a Large Directory
- 12.1 Data Integrity and Oracle Internet Directory
- 12.2 Data Privacy and Oracle Internet Directory
- 12.3 Authorization in Oracle Internet Directory
- 12.4 Authentication in Oracle Internet Directory
- 12.4.1 Direct Authentication
- 12.4.2 Indirect Authentication
- 12.4.3 External Authentication
- 12.5 Protection of User Passwords for Directory Authentication
- 12.6 Password Policies in Oracle Internet Directory
- 12.7 Authentication by Using Simple Authentication and Security Layer (SASL)
- 13.1 Supported Cipher Suites
- 13.2 SSL Client Scenarios
- 13.3 Limitations of the Use of SSL in10g Release 2 (10.1.2)
- 13.4 Configuring and Testing Oracle Internet Directory With SSL
- 13.4.1 Configuring SSL Parameters
- 13.4.1.1 Configuring SSL Parameters by Using Oracle Directory Manager
- 13.4.1.2 Configuring SSL Parameters by Using Command-Line Tools
- 13.4.2 Configure Oracle Internet Directory for SSL
- 13.4.3 Testing SSL Connections From the Command Line
- 13.4.3.1 Testing SSL With Encryption Only
- 13.4.3.2 Testing SSL With Server Authentication
- 13.4.3.3 Testing SSL With Client and Server Authentication
- 13.4.4 Testing SSL Connections With Oracle Directory Manager
- 13.5 Other Components and SSL
- 14.1 Overview of Access Control Policy Administration
- 14.1.1 Access Control Management Constructs
- 14.1.1.1 Access Control Policy Points (ACPs)
- 14.1.1.2 The orclACI Attribute for Prescriptive Access Control
- 14.1.1.3 The orclEntryLevelACI Attribute for Entry-Level Access Control
- 14.1.1.4 Security Groups
- 14.1.2 Access Control Information Components
- 14.1.2.1 Object: To What Are You Granting Access?
- 14.1.2.2 Subject: To Whom Are You Granting Access?
- 14.1.2.3 Operations: What Access Are You Granting?
- 14.1.3 Access Level Requirements for LDAP Operations
- 14.2 How ACL Evaluation Works
- 14.2.1 Precedence Rules Used in ACL Evaluation
- 14.2.1.1 Precedence at the Entry Level
- 14.2.1.2 Precedence at the Attribute Level
- 14.2.2 Use of More Than One ACI for the Same Object
- 14.2.3 Exclusionary Access to Directory Objects
- 14.2.4 ACL Evaluation For Groups
- 14.3 Managing Access Control by Using Oracle Directory Manager
- 14.3.1 Configuring Oracle Directory Manager for Access Control Management
- 14.3.1.1 Configuring the Display of ACPs in Oracle Directory Manager
- 14.3.1.2 Configuring Searches for ACPs When Using Oracle Directory Manager
- 14.3.2 Viewing an ACP by Using Oracle Directory Manager
- 14.3.3 Adding an ACP by Using Oracle Directory Manager
- 14.3.3.1 Task 1: Specify the Entry That Will Be the ACP
- 14.3.3.2 Task 2: Configure Structural Access Items
- 14.3.3.3 Task 3: Configure Content Access Items
- 14.3.4 Adding an ACP by Using the ACP Creation Wizard of Oracle Directory Manager
- 14.3.4.1 Task 1: Specify the Entry That Will Be the ACP
- 14.3.4.2 Task 2: Configure Structural Access Items by Using the ACP Creation Wizard
- 14.3.4.3 Task 3: Configure Content Access Items by Using the ACP Creation Wizard
- 14.3.5 Modifying an ACP by Using Oracle Directory Manager
- 14.3.5.1 Task 1: Specify the Entry That You Want to Modify
- 14.3.5.2 Task 2: Modify Structural Access Items
- 14.3.5.3 Task 3: Modify Content Access Items
- 14.3.6 Granting Entry-Level Access by Using Oracle Directory Manager
- 14.3.7 Example: Managing ACPs by Using Oracle Directory Manager
- 14.3.7.1 Create a New ACP
- 14.3.7.2 Create a Third ACI
- 14.3.7.3 Create a Fourth ACI
- 14.4 Managing Access Control by Using Command-Line Tools
- 14.4.1 Example: Restricting the Kind of Entry a User Can Add
- 14.4.2 Example: Setting Up an Inheritable ACP by Using ldapmodify
- 14.4.3 Example: Setting Up Entry-Level ACIs by Using ldapmodify
- 14.4.4 Example: Using Wild Cards
- 14.4.5 Example: Selecting Entries by DN
- 14.4.6 Example: Using Attribute and Subject Selectors
- 14.4.7 Example: Granting Read-Only Access
- 14.4.8 Example: Granting Selfwrite Access to Group Entries
- 14.4.9 Example: Defining a Completely Autonomous Policy to Inhibit Overriding Policies
- 15.1 About Password Policies
- 15.1.1 What a Password Policy Is
- 15.1.2 Default Password Policy
- 15.1.3 Directory Server Verification of Password Policy Information
- 15.1.4 Overview: Establishing a Password Policy for an Identity Management Realm
- 15.2 Managing Password Policies
- 15.2.1 Managing Password Policies by Using Oracle Directory Manager
- 15.2.1.1 Viewing Password Policies of an Identity Management Realm by Using Oracle Directory Manager
- 15.2.1.2 Modifying Password Policies of an Identity Management Realm by Using Oracle Directory Manager
- 15.2.2 Managing Password Policies by Using Command-Line Tools
- 15.2.2.1 Example: Setting Password Policies by Using Command-Line Tools
- 15.2.2.2 Examples: Managing the Password Policies of an Identity Management Realm by Using Command-Line Tools
- 15.2.2.3 Example: Enabling and Disabling Accounts by Using Command-Line Tools
- 15.2.2.4 Example: Unlocking Accounts by Using Command-Line Tools
- 15.2.2.5 Example: Forcing a Password Change by Using Command-Line Tools
- 15.2.3 Managing Password Policies by Using the Self-Service Console
- 15.2.3.1 Enabling and Disabling Accounts by Using the Oracle Internet Directory Self-Service Console
- 15.2.3.2 Unlocking Accounts by Using the Oracle Internet Directory Self-Service Console
- 15.2.3.3 Resetting Your Own Password by Using the Oracle Internet Directory Self-Service Console
- 15.3 Password Policy Error Messages
- 16.1 About Centralized Storage of User Authentication Credentials
- 16.2 Storing and Managing Password Verifiers for Authenticating to Oracle Internet Directory
- 16.2.1 Password Verifiers and Authentication to the Directory
- 16.2.2 Hashing Schemes for Creating Password Verifiers
- 16.2.3 Managing Password Protection by Using Oracle Directory Manager
- 16.2.4 Managing Password Protection by Using ldapmodify
- 16.3 Storing and Managing Password Verifiers for Authenticating to Oracle Components
- 16.3.1 About Password Verifiers for Oracle Components
- 16.3.2 Attributes for Storing Password Verifiers
- 16.3.3 Default Verifiers for Oracle Components
- 16.3.4 Example: How Password Verification Works for an Oracle Component
- 16.3.5 Managing Password Verifier Profiles for Oracle Components by Using Oracle Directory Manager
- 16.3.5.1 Viewing and Modifying a Password Verifier Profile for an Oracle Component by Using Oracle Directory Manager
- 16.3.6 Managing Password Verifier Profiles for Oracle Components by Using Command-Line Tools
- 16.3.6.1 Viewing a Password Verifier Profile by Using Command-Line Tools
- 16.3.6.2 Example: Modifying a Password Verifier Profile by Using Command-Line Tools
- 16.4 Verifier Generation Using Dynamic Parameters
- 16.4.1 Generating Dynamic Password Verifiers
- 16.4.2 Configuring Oracle Internet Directory to Generate Dynamic Password Verifiers
- 17.1 Delegation in the Oracle Identity Management Model
- 17.1.1 How Delegation Works
- 17.1.2 Delegation in an Oracle Application Server Environment
- 17.1.3 About the Default Configuration
- 17.1.4 Overview: Privileges for Administering the Oracle Technology Stack
- 17.2 Delegation of Privileges for User and Group Management
- 17.2.1 How Privileges Are Granted for Managing User and Group Data
- 17.2.2 Default Privileges for Managing User Data
- 17.2.2.1 Creating Users for a Realm
- 17.2.2.2 Modifying Attributes of a User
- 17.2.2.3 Deleting a User
- 17.2.2.4 Delegating User Administration
- 17.2.3 Default Privileges for Managing Group Data
- 17.2.3.1 Creating Groups
- 17.2.3.2 Modifying the Attributes of Groups
- 17.2.3.3 Deleting Groups
- 17.2.3.4 Delegating Group Administration
- 17.3 Delegation of Privileges for Deployment of Oracle Components
- 17.3.1 How Deployment Privileges Are Granted
- 17.3.2 Oracle Application Server Administrators
- 17.3.3 User Management Application Administrators
- 17.3.4 Trusted Application Administrators
- 17.4 Delegation of Privileges for Component Runtime
- 17.4.1 Default Privileges for Reading and Modifying User Passwords
- 17.4.2 Default Privileges for Comparing User Passwords
- 17.4.3 Default Privileges for Comparing Password Verifiers
- 17.4.4 Default Privileges for Proxying on Behalf of End Users
- 17.4.5 Default Privileges for Managing the Oracle Context
- 17.4.6 Default Privileges for Reading Common User Attributes
- 17.4.7 Default Privileges for Reading Common Group Attributes
- 17.4.8 Default Privileges for Reading the Service Registry
- 17.4.9 Default Privileges for Administering the Service Registry
- 18.1 The Expanding Role of Directories
- 18.2 Logical Organization Of Directory Information
- 18.3 Physical Distribution: Partitions, Replicas, and High Availability
- 18.3.1 An Ideal Deployment
- 18.3.2 Partitioning Considerations
- 18.3.3 Replication Considerations
- 18.3.4 High Availability Considerations
- 18.4 Oracle Directory Integration and Provisioning
- 18.5 Capacity Planning, Sizing, and Tuning
- 18.5.1 Capacity Planning
- 18.5.2 Sizing Considerations
- 18.5.3 Tuning Considerations
- 19.1 Planning the Directory Information Tree for Identity Management
- 19.1.1 Planning the Overall Directory Structure
- 19.1.2 Planning the Names and Containment of Users and Groups
- 19.1.2.1 Considerations for Users
- 19.1.2.2 Considerations for Groups
- 19.1.3 Planning the Identity Management Realm
- 19.1.4 Migrating a DIT from a Third-Party Directory
- 19.2 Identity Management Realms in an Enterprise Deployment
- 19.2.1 Single Identity Management Realm in the Enterprise
- 19.2.2 Multiple Identity Management Realms in the Enterprise
- 19.3 Identity Management Realms in a Hosted Deployment
- 19.4 Identity Management Realm Implementation in Oracle Internet Directory
- 19.5 Default Directory Information Tree and the Identity Management Realm
- 19.6 Administration of Identity Management Realms
- 19.6.1 Customizing the Default Identity Management Realm
- 19.6.1.1 Changing the Location of Users and Groups In The Default Identity Management Realm
- 19.6.2 Creating Additional Identity Management Realms for Hosted Deployments
- 20.1 About Capacity Planning
- 20.2 Getting to Know Directory Usage Patterns: A Case Study
- 20.3 I/O Subsystem Requirements
- 20.3.1 About the I/O Subsystem
- 20.3.2 Rough Estimates of Disk Space Requirements
- 20.3.3 Detailed Calculations of Disk Space Requirements
- 20.4 Memory Requirements
- 20.5 Network Requirements
- 20.6 CPU Requirements
- 20.6.1 CPU Configuration
- 20.6.2 Rough Estimates of CPU Requirements
- 20.6.3 Detailed Calculations of CPU Requirements
- 20.7 Summary of Capacity Plan for Acme Corporation
- 21.1 About Tuning
- 21.2 Tools for Performance Tuning
- 21.3 CPU Usage Tuning
- 21.3.1 Tuning CPU for Oracle Internet Directory Processes
- 21.3.2 Tuning CPU for Oracle Foreground Processes
- 21.3.3 Taking Advantage of Processor Affinity on SMP Systems
- 21.3.4 Other Alternatives for a CPU Constrained System
- 21.4 Memory Tuning
- 21.4.1 Tuning the System Global Area (SGA) for the Oracle Database
- 21.4.2 Other Alternatives for a Memory-Constrained System
- 21.5 Disk Tuning
- 21.6 Database Tuning
- 21.6.1 Required Parameter
- 21.6.2 Parameters Dependent on Oracle Internet Directory Server Configuration
- 21.6.2.1 Using Shared Server Process
- 21.6.3 SGA Parameters Dependent on Hardware Resources
- 21.7 Entry Caching
- 21.8 Optimizing Searches
- 21.8.1 Optimizing Searches for Large Group Entries
- 21.8.2 Optimizing Searches for Skewed Attributes
- 21.8.2.1 Optimizing Searches for Skewed Attributes by Using Oracle Directory Manager
- 21.8.2.2 Optimizing Searches for Skewed Attributes by Using ldapmodify
- 21.9 Setting the Time Limit Mode
- 21.9.1 Setting the Time Limit Mode by Using Oracle Directory Manager
- 21.9.2 Setting the Time Limit Mode by Using ldapmodify
- 21.10 Setting the Timeout for Client/Server Connections
- 22.1 About the Oracle Internet Directory Garbage Collection Framework
- 22.1.1 Components of the Oracle Internet Directory Garbage Collection Framework
- 22.1.1.1 Garbage Collection Plug-in
- 22.1.1.2 Garbage Collectors
- 22.1.2 How Oracle Internet Directory Garbage Collection Works
- 22.1.3 Garbage Collector Entries
- 22.1.4 Change Log Purging in Multimaster Replication
- 22.2 Modifying Oracle Internet Directory Garbage Collectors
- 22.2.1 Modifying a Garbage Collector by Using Oracle Directory Manager
- 22.2.2 Modifying a Garbage Collector by Using Command-Line Tools
- 22.2.2.1 Example 1: Modifying a Garbage Collector
- 22.2.2.2 Example 2: Disabling a Garbage Collector Change Log
- 22.3 Enabling and Disabling Logging for Oracle Internet Directory Garbage Collectors
- 22.3.1 Enabling Logging for Oracle Internet Directory Garbage Collectors
- 22.3.2 Disabling Logging for Oracle Internet Directory Garbage Collectors
- 23.1 Migrating Data from LDAP-Compliant Directories
- 23.1.1 About the Data Migration Process
- 23.1.2 Tasks For Migrating Data from LDAP-Compliant Directories
- 23.1.2.1 Task 1: Export Data from the Non-Oracle Internet Directory Server into LDIF File Format
- 23.1.2.2 Task 2: Analyze the LDIF User Data for Any Required Schema Additions Referenced in the LDIF Data
- 23.1.2.3 Task 3: Extend the Schema in Oracle Internet Directory
- 23.1.2.4 Task 4: Remove Any Proprietary Directory Data from the LDIF File
- 23.1.2.5 Task 5: Remove Operational Attributes from the LDIF File
- 23.1.2.6 Task 6: Remove Incompatible userPassword Attribute Values from the LDIF File
- 23.1.2.7 Task 7: Run the bulkload.sh -check Mode and Determine Any Remaining Schema Violations or Duplication Errors
- 23.2 Migrating User Data from Application-Specific Repositories
- 23.2.1 The Intermediate Template File
- 23.2.2 Reconciling Data in Application Repository with Data Already in Oracle Internet Directory
- 23.2.3 Tasks For Migrating Data from Application-Specific Repositories
- 23.2.3.1 Task 1: Create an Intermediate Template File
- 23.2.3.2 Task 2: Run the OID Migration Tool
- 23.3 The Default Directory Structure
- 24.1 About Directory Replication
- 24.2 Full and Partial Directory Replication
- 24.2.1 Full Directory Replication
- 24.2.2 Partial Directory Replication
- 24.3 Directory Replication Groups
- 24.3.1 Data Transfer Between Nodes in a Directory Replication Group
- 24.3.2 Single-Master Replication Groups
- 24.3.3 Multimaster Replication Groups
- 24.3.4 Fan-Out Replication Groups
- 24.3.5 Types of Directory Replication Compared
- 24.3.6 Multimaster Replication with Fan-Out
- 24.4 Included and Excluded Naming Contexts
- 24.5 Replication Agreements
- 24.5.1 Oracle Database Advanced Replication Agreements
- 24.5.2 LDAP-Based Replication Agreements
- 24.6 Replication Configuration Objects in the Directory
- 24.6.1 The Replication Configuration Container
- 24.6.2 The Replica Subentry
- 24.6.3 The Replication Agreement Entry
- 24.6.4 The Replication Naming Context Container Entry
- 24.6.5 The Replication Naming Context Object Entry
- 24.6.6 Examples of Replication Configuration Objects in the Directory
- 24.7 Replication Security
- 24.7.1 Authentication and the Directory Replication Server
- 24.7.2 Secure Sockets Layer (SSL) and Oracle Internet Directory Replication
- 24.8 Change Logs in Directory Replication
- 24.9 Multimaster Replication
- 24.9.1 Oracle Database Advanced Replication
- 24.9.2 Architecture for Multimaster Replication
- 24.9.2.1 The Multimaster Replication Process on the Supplier Side
- 24.9.2.2 The Multimaster Replication Process on the Consumer Side
- 24.9.3 Conflict Resolution in Multimaster Replication
- 24.9.3.1 Levels at Which Replication Conflicts Occur
- 24.9.3.2 Typical Causes of Conflicts
- 24.9.3.3 Automated Resolution of Conflicts
- 24.10 Fan-Out and Partial Replication
- 24.11 Rules for Oracle Database Advanced Replication Filtering
- 24.12 Rules for Partial Replication Filtering
- 24.12.1 Rules for Managing Naming Contexts and Attributes
- 24.12.2 Optimization of Partial Replication Naming Context for Better Performance
- 25.1 Installing and Configuring Multimaster Replication
- 25.1.1 Rules for Configuring Directory Replication Based on Oracle Database Advanced Replication
- 25.1.2 Installing and Configuring a Multimaster Replication Group
- 25.1.2.1 Preliminary Information for Installing and Configuring a Multimaster Replication Group
- 25.1.2.2 Task 1: Install Oracle Internet Directory as a Master on the Master Definition Site (MDS)
- 25.1.2.3 Task 2: Install the Oracle Internet Directory as a Replica, on the Remote Master Sites (RMS)
- 25.1.2.4 Task 3: Set Up Oracle Database Advanced Replication for a Directory Replication Group
- 25.1.2.5 Task 4 (Optional): Load Data into the Directory
- 25.1.2.6 Task 5: Ensure that Oracle Directory Server Instances are Started on All the Nodes
- 25.1.2.7 Task 6: Start the Replication Servers on All Nodes in the DRG
- 25.1.2.8 Task 7: Test Directory Replication
- 25.1.3 Adding a Node for Multimaster Replication (Oracle Database Advanced Replication Types Only)
- 25.1.3.1 Prepare the Oracle Net Services Environment
- 25.1.3.2 Task 1: Stop the Directory Replication Server on All Nodes
- 25.1.3.3 Task 2: Identify a Sponsor Node and Install Oracle Internet Directory as a Replica on the Remote Site
- 25.1.3.4 Task 3: Switch the Sponsor Node to Read-Only Mode
- 25.1.3.5 Task 4: Back up the Sponsor Node by Using ldifwrite
- 25.1.3.6 Task 5: Perform Advanced Replication Add Node Setup
- 25.1.3.7 Task 6: Switch the Sponsor Node to Updatable Mode
- 25.1.3.8 Task 7: Start the Directory Replication Server on All Nodes Except the New Node
- 25.1.3.9 Task 8: Load Data into the New Node by Using bulkload
- 25.1.3.10 Task 9: Start the Directory Server on the New Node
- 25.1.3.11 Task 10: Start the Directory Replication Server on the New Node
- 25.1.4 Deleting a Node from a Multimaster Replication Group
- 25.1.4.1 Task 1: Stop the Directory Replication Server on All Nodes
- 25.1.4.2 Task 2: Stop All Oracle Internet Directory Processes in the Node to be Deleted
- 25.1.4.3 Task 3: Delete the Node from the Master Definition Site
- 25.1.4.4 Task 4: Start the Directory Replication Server on All Nodes
- 25.1.5 Resolving Conflicts Manually in a Multimaster Replication Group
- 25.1.5.1 Monitoring Replication Change Conflicts
- 25.1.5.2 Examples of Conflict Resolution Messages
- 25.1.5.3 About the Human Intervention Queue Manipulation Tool
- 25.1.5.4 About the Oracle Internet Directory Reconciliation Tool
- 25.2 Installing and Configuring LDAP-Based Replication
- 25.2.1 Rules for Configuring LDAP-Based Replication
- 25.2.2 Back Up Your LDAP Data by Using ldifwrite and bulkload
- 25.2.3 Installing and Configuring an LDAP Replica with Default Settings
- 25.2.3.1 Task 1: Identify and Start the Directory Server on the Supplier Node
- 25.2.3.2 Task 2: Installing Oracle Internet Directory As An LDAP Replica
- 25.2.4 Installing and Configuring an LDAP-Based Replica with Customized Settings
- 25.2.4.1 Configuring an LDAP-Based Replica by Using Automatic Bootstrapping
- 25.2.4.2 Configuring an LDAP-Based Replica by Using the ldifwrite Tool
- 25.2.5 Deleting an LDAP-Based Replica
- 25.2.5.1 Task 1: Stop the Directory Replication Server on the Node to be Deleted
- 25.2.5.2 Task 2: Delete the Replica from the Replication Group
- 25.2.5.3 Task 3: Stop the Directory Server on the Node to be Deleted
- 25.2.6 Determining What Is to Be Replicated in LDAP-Based Partial Replication
- 25.2.6.1 Viewing and Modifying Replica Naming Context Objects by Using Oracle Directory Manager
- 25.2.6.2 Adding Replica Naming Context Objects by Using Oracle Directory Manager
- 25.2.6.3 Deleting Replica Naming Context Objects by Using Oracle Directory Manager
- 25.2.6.4 Modifying Replica Naming Context Object Parameters by Using ldapmodify
- 25.3 Managing Replication
- 25.3.1 Viewing and Modifying Directory Replication Server Configuration Parameters
- 25.3.1.1 Viewing Configuration Parameters of the Directory Replication Server by Using Oracle Directory Manager
- 25.3.1.2 Modifying Configuration Parameters of the Directory Replication Server by Using Oracle Directory Manager
- 25.3.1.3 Modifying Directory Replication Server Configuration Parameters by Using Command-Line Tools
- 25.3.2 Viewing and Modifying Parameters for Particular Replica Nodes
- 25.3.2.1 Viewing and Modifying Parameters for a Particular Replica Node by Using Oracle Directory Manager
- 25.3.2.2 Modifying a Particular Replica Node by Using Command-Line Tools
- 25.3.3 Modifying Parameters for Replication Agreements
- 25.3.3.1 Modifying Parameters for Replication Agreements Based on Oracle Database Advanced Replication
- 25.3.3.2 Modifying Parameters for Replication Agreements Based on LDAP
- 25.3.4 Changing the Replication Administrator's Password on All Nodes
- 25.3.5 Managing the Change Log
- 25.3.6 Modifying the Speed of Directory Replication
- 25.3.6.1 Modifying the Speed of Directory Replication When Using Oracle Database Advanced Replication
- 25.3.6.2 Modifying the Speed of Directory Replication When Using LDAP-Based Replication
- 25.4 Example: Installing and Configuring a Multimaster Replication Group with Fan-Out
- 26.1 About High Availability and Failover for Oracle Internet Directory
- 26.2 Oracle Internet Directory and the Oracle Technology Stack
- 26.3 Failover Options on Clients
- 26.3.1 Alternate Server List from User Input
- 26.3.2 Alternate Server List from the Oracle Internet Directory Server
- 26.3.2.1 Setting the Alternate Server List by Using Oracle Directory Manager
- 26.4 Failover Options in the Public Network Infrastructure
- 26.4.1 Hardware-Based Load Balancing
- 26.4.2 Software-Based Load Balancing
- 26.5 High Availability and Failover Capabilities in Oracle Internet Directory
- 26.6 Failover Options in the Private Network Infrastructure
- 26.6.1 IP Address Takeover (IPAT)
- 26.6.2 Redundant Links
- 26.7 High Availability Deployment Examples
- 27.1 About Oracle Application Server Cluster (Identity Management) Directory Server Configurations
- 27.2 Architecture of the Oracle Application Server Cluster (Identity Management) Configuration
- 27.3 Load Balancing for High Availability
- 27.4 Metadata Synchronization in an Oracle Application Server Cluster (Identity Management) Environment
- 27.5 How Failover Works in an Oracle Application Server Cluster (Identity Management) Environment
- 27.6 Rules for Managing an Oracle Application Server Cluster (Identity Management) Environment
- 28.1 About the Oracle Application Server Cold Failover Cluster (Identity Management)
- 28.2 Installing Oracle Application Server Cold Failover Cluster (Identity Management)
- 28.3 The Simple Cold Failover Configuration
- 28.3.1 How to Ensure that Oracle Internet Directory Runs on the Virtual Host
- 28.3.2 The Simple Cold Failover Process
- 28.4 The Oracle Application Server Cold Failover Cluster (Identity Management) in Conjunction with Oracle Internet Directory Replication
- 29.1 Terminology
- 29.2 Oracle Internet Directory in an Oracle Real Application Clusters Environment
- 29.3 Oracle Directory Server Connection Modes to Real Application Clusters Database Instances
- 29.3.1 Load_balance Parameter
- 29.3.2 Connect-Time Failover (CTF)
- 29.3.3 Transparent Application Failover (TAF)
- 29.3.4 Configuring the tnsnames.ora File for the Failover
- 29.4 Oracle Directory Replication Between Oracle Internet Directory Real Application Clusters Nodes
- 29.5 About Changing the ODS Password on a Real Application Clusters Node
- 30.1 About Directory Server Plug-ins
- 30.2 Creating Plug-ins
- 30.3 Registering and Managing Plug-ins
- 30.3.1 Registering and Managing Plug-ins by Using Oracle Directory Manager
- 30.3.1.1 Adding a Plug-in Configuration Entry by Using Oracle Directory Manager
- 30.3.1.2 Editing a Plug-in by Using Oracle Directory Manager
- 30.3.1.3 Deleting a Plug-in by Using Oracle Directory Manager
- 30.3.2 Registering and Managing Plug-ins by Using Command-Line Tools
- 30.3.2.1 Examples: Adding a Plug-in Configuration Entry by Using Command-Line Tools
- 30.3.2.2 Example: Modifying a Plug-in Configuration Entry by Using Command-Line Tools
- 30.3.2.3 Example: Deleting a Plug-in Configuration Entry by Using Command-Line Tools
- 31.1 How the Password Policy Plug-in Works
- 31.2 Example: Installing, Configuring, and Enabling a Customized Password Policy Plug-in
- 31.2.1 Loading and Registering the PL/SQL Program
- 31.2.2 Coding the Password Policy Plug-in
- 31.2.3 Debugging the Password Policy Plug-in
- 31.2.4 Contents of Sample PL/SQL Package pluginpkg.sql
- 32.1 Native Authentication Contrasted with External Authentication
- 32.2 Example: Installing, Configuring, and Enabling the External Authentication Plug-in
- 32.2.1 Sample PL/SQL Package oidexaup.sql
- 32.2.2 Debugging the External Authentication Plug-in
- 32.2.3 Contents of PL/SQL Package oidexaup.sql
- A.1 LDAP Data Interchange Format (LDIF) Syntax
- A.2 Starting, Stopping, Restarting, and Monitoring Oracle Internet Directory Servers
- A.2.1 The OID Monitor (oidmon) Syntax
- A.2.1.1 Starting the OID Monitor
- A.2.1.2 Stopping the OID Monitor
- A.2.1.3 Starting and Stopping OID Monitor in a Oracle Application Server Cold Failover Cluster (Identity Management)
- A.2.2 The OID Control Utility (oidctl) Syntax
- A.2.2.1 Starting and Stopping an Oracle Directory Server Instance by Using the OID Control Utility
- A.2.2.2 Starting and Stopping an Oracle Directory Replication Server Instance by Using the OID Control Utility
- A.2.2.3 Starting the Oracle Directory Integration and Provisioning Server by Using the OID Control Utility
- A.2.2.4 Stopping the Oracle Directory Integration and Provisioning Server
- A.2.2.5 Restarting Oracle Internet Directory Server Instances by Using the OID Control Utility
- A.2.2.6 Starting and Stopping Oracle Internet Directory Servers on Either a Virtual Host or a Oracle Application Server Identity Management Cluster Node by Using the OID Control Utility
- A.2.3 The OPMN Control Utility Syntax for Starting and Stopping Oracle Internet Directory Servers
- A.2.3.1 Stopping All Oracle Internet Directory Server Instances by Using OPMNCTL
- A.2.3.2 Starting the Oracle Internet Directory Server Instances Previously Stopped by Using OPMNCTL
- A.3 OID Server Diagnostic Tool (oiddiag)
- A.3.1 OID Server Diagnostic Tool Syntax
- A.3.2 OID Server Diagnostic Tool Usage Examples
- A.4 Entry and Attribute Management Command-Line Tools Syntax
- A.4.1 The Catalog Management Tool (catalog.sh) Syntax
- A.4.2 ldapadd Syntax
- A.4.3 ldapaddmt Syntax
- A.4.4 ldapbind Syntax
- A.4.5 ldapcompare Syntax
- A.4.6 ldapdelete Syntax
- A.4.7 ldapmoddn Syntax
- A.4.8 ldapmodify Syntax
- A.4.9 ldapmodifymt Syntax
- A.4.10 ldapsearch Syntax
- A.4.10.1 Examples of ldapsearch Filters
- A.5 Bulk Operations Command-Line Tools Syntax
- A.5.1 bulkdelete Syntax
- A.5.2 bulkload Syntax
- A.5.2.1 About the bulkload Tool
- A.5.2.2 Syntax for the bulkload Tool
- A.5.3 bulkmodify Syntax
- A.5.4 ldifwrite Syntax
- A.5.4.1 Example 1: Converting All Entries Under a Specified Naming Context to an LDIF File
- A.5.4.2 Example 2: Converting Part of a Specified Naming Context to an LDIF File
- A.6 Certificate Upgrade Tool (upgradecert.pl) Syntax
- A.7 Replication-Management Command-Line Tools Syntax
- A.7.1 Replication Conflict Resolution Command-Line Tools
- A.7.1.1 The Human Intervention Queue Manipulation Tool
- A.7.1.2 The OID Reconciliation Tool
- A.7.2 The Replication Environment Management Tool
- A.7.2.1 -addnode
- A.7.2.2 -asrsetup
- A.7.2.3 -chgpwd
- A.7.2.4 -delnode
- A.7.2.5 -asrcleanup
- A.7.2.6 -asrrectify
- A.7.2.7 -asrverify
- A.7.2.8 -dispasrerr
- A.7.2.9 -dispqstat
- A.7.2.10 -suspendasr
- A.7.2.11 -resumeasr
- A.7.2.12 -paddnode
- A.7.2.13 -pdelnode
- A.7.2.14 -pchgpwd
- A.7.2.15 -pcleanup
- A.7.2.16 -presetpwd
- A.7.2.17 -pchgwalpwd
- A.7.2.18 -pilotreplica
- A.7.2.19 -backupmetadata
- A.8 The Directory Integration and Provisioning Assistant (dipassistant) Syntax
- A.8.1 Creating, Modifying, and Deleting Synchronization Profiles
- A.8.2 Listing All Synchronization Profiles in Oracle Internet Directory
- A.8.3 Viewing the Details of a Specific Synchronization Profile
- A.8.4 Performing an Express Configuration of the Active Directory Connector Profiles
- A.8.5 Bootstrapping a Directory by Using the Directory Integration and Provisioning Assistant
- A.8.6 Properties Expected by the Bootstrapping Command
- A.8.7 Setting the Wallet Password for the Oracle Directory Integration and Provisioning Server
- A.8.8 Changing the Password of the Administrator of Oracle Directory Integration and Provisioning
- A.8.9 Moving an Integration Profile to a Different Identity Management Node
- A.8.10 Limitations of the Directory Integration and Provisioning Assistant in Oracle Internet Directory 10g Release 2 (10.1.2)
- A.9 OID Database Password Utility (oidpasswd) Syntax
- A.9.1 Changing the Password to the Oracle Internet Directory Database
- A.9.2 Creating Wallets for the Oracle Internet Directory Database Password and the Oracle Directory Replication Server Password
- A.9.3 Unlocking a Super User Account
- A.9.4 Resetting the Super User Password
- A.9.5 Managing Super User Restricted ACPs
- A.10 OID Database Statistics Collection Tool (oidstats.sql) Syntax
- A.11 The OID Migration Tool (ldifmigrator) Syntax
- A.11.1 Examples: Using the OID Migration Tool
- A.11.1.1 Using the Migration Tool in the Lookup Mode
- A.11.1.2 Using the OID Migration Tool Without the Lookup Option
- A.11.1.3 Overriding Substitution Values Obtained from the Lookup Mode
- A.11.2 OID Migration Tool Error Messages
- A.12 Syntax for Oracle Internet Directory Configuration Assistant in Standalone Mode
- A.12.1 Using the Oracle Internet Directory Configuration Assistant
- A.12.2 Creating an Oracle Context
- A.12.3 Upgrading an Oracle Context
- A.12.4 Deleting an Oracle Context
- A.12.5 Configuring the ldap.ora File
- A.12.6 Converting an Oracle Context to an Identity Management Realm
- B.1 IETF Requests for Comments (RFCs) Enforced by Oracle Internet Directory
- B.2 IETF Drafts Enforced by Oracle Internet Directory
- B.3 Schema Elements Common to Oracle Components
- B.3.1 Access Control Schema Elements
- B.3.2 Audit Log Schema Elements
- B.3.3 Attributes for Oracle Application Server Integration and Provisioning
- B.3.4 Attribute Uniqueness Schema Elements
- B.3.5 Configuration Set Entry Schema Elements
- B.3.6 Debug Logging Schema Elements
- B.3.7 Dynamic Groups Schema Elements
- B.3.8 Garbage Collection Schema Elements
- B.3.9 Optional Attributes of the orclUserV2 Object Class
- B.3.10 Oracle Internet Directory Configuration Schema Elements
- B.3.11 Oracle Internet Directory Server Manageability Schema Elements
- B.3.12 Password Policy Schema Elements
- B.3.13 Password Verifier Schema Elements
- B.3.14 Plug-in Schema Elements
- B.3.15 Resource Information Schema Elements
- B.3.16 Replication Schema Elements
- B.3.17 SSL Schema Elements
- B.3.18 System Operational Attributes
- B.4 LDAP Syntax
- B.4.1 LDAP Syntax Enforced by Oracle Internet Directory
- B.4.2 Commonly Used LDAP Syntax Recognized by Oracle Internet Directory
- B.4.3 Additional LDAP Syntax Recognized by Oracle Internet Directory
- B.4.4 Size of Attribute Values
- B.5 Matching Rules
- B.6 Schema to Represent a User
- B.7 Supported Controls
- B.7.1 Password Policy Controls
- B.7.2 Controls for Dynamic Password Verifiers
- C.1 Connection Management Fields in Oracle Directory Manager
- C.2 Access Control Management Fields in Oracle Directory Manager
- C.3 Attribute Uniqueness Fields in Oracle Directory Manager
- C.4 Garbage Collection Management Fields in Oracle Directory Manager
- C.5 Password Policy Fields in Oracle Directory Manager
- C.6 Password Verifier Fields in Oracle Directory Manager
- C.7 Plug-in Management Fields in Oracle Directory Manager
- C.8 Replication Fields in Oracle Directory Manager
- C.9 Schema Management Fields in Oracle Directory Manager
- C.9.1 Object Classes Fields in Oracle Directory Manager
- C.9.2 Attributes Fields in Oracle Directory Manager
- C.9.3 Matching Rules Fields in Oracle Directory Manager
- C.9.4 Content Rules Management Fields in Oracle Directory Manager
- C.10 Server Management Fields in Oracle Directory Manager
- C.10.1 Configuration Sets Fields in Oracle Directory Manager
- C.10.2 System Operational Attributes Fields in Oracle Directory Manager
- C.10.3 Super, Guest, and Proxy User Fields in Oracle Directory Manager
- C.10.4 Query Optimization Fields in Oracle Directory Manager
- C.10.5 Entry Search Fields and Buttons in Oracle Directory Manager
- C.11 SSL Management Fields in Oracle Directory Manager
- C.12 Synchronization Fields in Oracle Directory Manager
- E.1 Schema for orclACI
- E.2 Schema for orclEntryLevelACI
- F.1 About Character Sets and the Directory
- F.1.1 About Unicode
- F.1.2 About Oracle and UTF-8
- F.1.3 Migration from UTF8 to AL32UTF8 when Upgrading Oracle Internet Directory
- F.2 The NLS_LANG Environment Variable
- F.3 Using Non-AL32UTF8 Databases
- F.4 Using Globalization Support with LDIF Files
- F.4.1 An LDIF file Containing Only ASCII Strings
- F.4.2 An LDIF file Containing UTF-8 Encoded Strings
- F.4.2.1 CASE 1: Native Strings (Non-UTF-8)
- F.4.2.2 CASE 2: UTF-8 Strings
- F.4.2.3 CASE 3: BASE64 Encoded UTF-8 Strings
- F.4.2.4 CASE 4: BASE64 Encoded Native Strings
- F.5 Using Globalization Support with Command-Line Tools
- F.5.1 Specifying the -E Argument When Using Each Tool
- F.5.2 Examples: Using the -E Argument with Command-Line Tools
- F.6 Setting NLS_LANG in the Client Environment
- F.7 Using Globalization Support with Bulk Tools
- F.7.1 Using Globalization Support with bulkload
- F.7.2 Using Globalization Support with ldifwrite
- F.7.3 Using Globalization Support with bulkdelete
- F.7.4 Using Globalization Support with bulkmodify
- G.1 Setting up Access Controls for the User Search Base and the User Creation Base
- G.2 Setting up Access Controls for the Group Search Base and the Group Creation Base
- H.1 How the Multimaster Replication Process Adds a New Entry to a Consumer
- H.2 How the Multimaster Replication Process Deletes an Entry
- H.3 How the Multimaster Replication Process Modifies an Entry
- H.4 How the Multimaster Replication Process Modifies a Relative Distinguished Name
- H.5 How the Multimaster Replication Process Modifies a Distinguished Name
- K.1 Installation Errors
- K.2 Directory Server Error Messages and Causes
- K.2.1 Oracle Database Server Error Due to Schema Modifications
- K.2.2 Standard Error Messages Returned from Oracle Directory Server
- K.2.3 Additional Directory Server Error Messages
- K.3 Troubleshooting Password Policies
- K.3.1 Password Policy Error Messages
- K.3.2 Possible Password Policy Problems
- K.4 Troubleshooting Directory Performance
- K.5 Troubleshooting Starting, Stopping, and Restarting of the Directory Server
- K.6 Troubleshooting Directory Replication
- K.7 Troubleshooting SSL Setup
- K.8 Troubleshooting Change Log Garbage Collection
- K.9 Troubleshooting Dynamic Password Verifiers
- K.10 Troubleshooting Oracle Internet Directory Password Wallets
- K.11 Need More Help?