|
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) Part No. B14085-01 |
|
 Previous |
 Next |
|
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) Part No. B14085-01 |
|
|
Previous |
Next |
This appendix describes the tab pages and corresponding fields in the Oracle Directory Integration and Provisioning Server Administration tool. It contains these topics:
Windows and Fields for Registering and Editing a Directory Integration Profile
Windows and Fields for Configuring the Active Directory Connector
This section lists and describes the windows and fields you use to connect to a directory server.
Table C-1 Fields in the Credentials Tab Page
|
|
|
|---|---|
| User | The default value for the user name is dipadmin. This is the nickname of the user whose entry is cn=dipadmin,cn=odi,cn=oracle internet directory.
If you have already set up the user's entry by using LDAP command-line tools, then you can enter that user's entry in one of two ways:
If you do not have the correct privileges, then access to the tool is denied. To use this tool, you must be a member of the following group: |
| Password | If you are logging in as the super user and you specified a password for the super user during installation, in the Password field, type the password you specified. Otherwise, type the default password, namely, welcome. After you are logged into Oracle Directory Integration and Provisioning Server Administration and have connected to a directory server, you should change this password to protect the directory.
If you are logging in anonymously, leave the Password filed empty. If you want to login as a specific directory user, enter the corresponding password. See Also: The chapter on directory server administration in Oracle Internet Directory Administrator's Guide, for instructions on how to change the password |
| Server | The first time you log in, the Oracle Directory Integration and Provisioning Server Administration tool displays the name of default Oracle directory server you specified during the Oracle Application Server installation.
It obtains the information for the directory server by checking first the value for the If you are want to connect to a server on a different host:
To add a directory server to the list:
To modify a directory server on the list:
|
| Port | The first time you log in, the Oracle Directory Integration and Provisioning Server Administration tool displays the name of default Oracle directory server port you specified during the Oracle Application Server installation.
It obtains this information by checking the value of the To change this port number:
|
Table C-2 Fields in the SSL Tab Page
Use this window to specify:
The number of entries the Oracle Directory Integration and Provisioning Server Administration tool displays in a search result
The duration of searches
You can make these configurations in either this tool or the directory server or both.
If you make the configuration in both this tool and the directory server, and the two configurations do not match, then Oracle Internet Directory resolves the conflict as follows:
If the value you set in this tool is greater than that in the directory server, then the configuration of the server prevails. For example, if you set this tool to search for 2 minutes, and the directory server for 3 minutes, then the actual search duration will be 3 minutes.
If the value you set in this tool is less than that in the directory server, then the configuration of this tool prevails. For example, if you set this tool to search for 2 minutes, and the server for 3 minutes, then the actual search duration is 2 minutes.
Use this tab page to determine whether the navigator pane displays all ACPs automatically or only as the result of a search. If you have a large number of ACPs, then you may want to display them only as the result of a search.
Use this dialog box to add a directory server to the list in the Select Directory Server dialog box.
Use this dialog box to display the hierarchy of entries in the Directory Information Tree (DIT).
Click the plus sign (+) next to the top level entry to expand the tree. Expand the tree by clicking plus signs to see the subordinate entries. When you click a plus sign to expand an entry, that plus sign becomes a minus sign (-).
|
Note: Although an entry that does not have subordinate entries may appear with a plus sign, when you click that plus sign, it disappears. Entries that have no plus or minus sign next to them are leaf nodes on the tree. |
Select the entry you want and choose OK. That entry appears in the Root of the Search field in the Search window.
This dialog box displays a list of all directory servers to which you have connected at any time in the past. You can select a directory server from the list, either to connect to it, delete it, edit it, or to use it as a template for another management connection. To add a server to this list, choose Add. The Directory Server Connection dialog box appears.
The windows and fields described in this section provide information about active server processes.
This window displays a list of currently active directory integration server instances. To display a configuration set entry in a format that is easier to read, select one of the entries and choose View Properties. To change the parameters, in the navigator pane, select the configuration set entry. The corresponding tab pages appear in the right pane.
This dialog box displays information about the directory integration profiles associated with a configuration set entry. If the Integration Profiles tab page is empty, then no directory integration profiles are associated with this configuration set entry. The columns of the Integration Profiles tab page in this dialog box are:
Profile Name: The RDN component of the DN for this directory integration profile
Synchronization Mode: Specifies whether the profile is used for importing or exporting. An import operation brings changes from a connected directory into Oracle Internet Directory. An export operation brings changes from Oracle Internet Directory into a connected directory.
Profile Status: Specifies whether the profile is enabled or disabled
This section lists and describes the windows and fields you use when registering and editing a directory integration profile.
Use this dialog box to create or modify a directory integration profile. You can:
Create an integration profile by copying an existing one. To do this, select the directory integration profile you want to copy, then choose Create Like. The Integration Profile dialog box displays the General tab page.
Create an integration profile without copying an existing one. To do this, choose Create New. The Integration Profile dialog box displays the General tab page.
Edit an integration profile by selecting it, then choosing Edit. This displays the General tab page.
Table C-3 Fields on the General Tab Page for Synchronization in the Oracle Directory Integration and Provisioning Server Administration Tool
| Field | Description |
|---|---|
| Profile Name | Specify the name of the Profile. The name you enter is used as the RDN component of the DN for this integration profile. For example, specifying a profile name MSAccess creates an integration profile named orclodipagentname=MSAccess,cn=subscriber profile, cn=changelog subscriber, cn=oracle internet directory.
This field is mandatory. There is no default. |
| Profile Version | Version of Oracle Directory Integration and Provisioning with which this profile was created. |
| Synchronization Mode | Specify whether this is an import or an export operation. An import operation pulls changes from a connected directory into Oracle Internet Directory. An export operation pushes changes from Oracle Internet Directory into a connected directory.
This field is mandatory. The default is |
| Profile Status | Specify whether the profile is enabled or disabled.
This field is mandatory. The default is |
| Profile Password | Specify the password that directory integration and provisioning server is to use when binding to Oracle Internet Directory on behalf of the profile. This field is mandatory and the default is welcome.
|
| Scheduling Interval | Specify the number of seconds between synchronization attempts between a connected directory and Oracle Internet Directory.
This field is mandatory. The default is |
| Maximum Number of Retries | Specify the maximum number of times the directory integration and provisioning server is to attempt synchronization before it disables synchronization. This field is mandatory.
The default is 5. The first retry takes place 1 minute after the first failure. The second retry happens 2 minutes after the second failure, and subsequently the retry takes place n minutes after the n-th failure. |
| Debug Level | Specify the logging level for debugging as described in Oracle Internet Directory Administrator's Guide |
Table C-4 Fields on the Execution Tab for Synchronization in the Oracle Directory Integration and Provisioning Server Administration Tool
| Field | Description |
|---|---|
| Agent Execution Command | Specify the agent executable name and the arguments used by the directory integration and provisioning server to execute the agent. This field is optional. There is no default.
A typical execution command is of the form, odicmd user=%orclodipcondirAccessAccount pass=%orclodipcondiraccesspassword Where are the command-line arguments. The value to be passed for the user is derived from the attribute A typical example is given in the Oracle Human Resources agent. |
| Connected Directory Account | Specify the account to be used by the connector/agent for accessing the connected directory. For example, if the connected directory is a database, then the account might be Scott. If the connected directory is another LDAP-compliant directory, then the account might be cn=Directory Manager.
This field is optional. There is no default. |
| Connected Directory Account Password | Specify the password the connector/agent is to use when accessing the connected directory. This field is optional. There is no default. |
| Additional Config Info | This field displays additional information that the directory integration and provisioning server passes to an agent. You cannot modify this field through the Oracle Directory Integration and Provisioning Server Administration tool. The only way to modify it is to use Directory Integration and Provisioning Assistant. |
| Connected Directory URL | Connect details required to connect to the connected directory. This parameter refers to the host name and port number as host:port:sslmode
To connect by using SSL, enter Make sure the certificate to connect to the directory is stored in the wallet, the location of which is specified in the file Note: To connect to SunONE Directory Server by using SSL, the server certificate needs to be loaded into the wallet. See Also: The chapter on Oracle Wallet Manager in Oracle Advanced Security Administrator's Guide |
| Interface Type | The format used by the import or export file. Options are DB, LDAP, LDIF, and TAGGED. This field is optional. The default is TAGGED.
|
Table C-5 Fields on the Mapping Tab Page for Synchronization in the Oracle Directory Integration and Provisioning Server Administration Tool
| Field | Description |
|---|---|
| Mapping Rules | This field displays the mapping rules for converting data between a connected directory and Oracle Internet Directory. There is no default.
Note: You cannot edit the mapping rules file by using the Oracle Directory Integration and Provisioning Server Administration tool. You edit the mapping rules in a file manually and then upload it to the profile by using the Oracle Directory Integration and Provisioning. |
| Connected Directory Matching Filter | Specify the attribute that uniquely identifies an entry in the connected directory. |
| OID Matching Filter | Specify the attribute that uniquely identifies records in Oracle Internet Directory. This attribute is used as a key to synchronize Oracle Internet Directory and the connected directory. This field is optional. |
Table C-6 Fields on the Status Tab Page for Synchronization in the Oracle Directory Integration and Provisioning Server Administration Tool
| Field | Description |
|---|---|
| OID Last Applied Change Number
(Import operations only) |
For export operations, specify the identifier of the last change from Oracle Internet Directory that has been applied to the connected directory. The default is 0. The field can be consciously modified by the end user whenever appropriate. The profile should be in the disabled mode. If the number is increased, then any change log entries numbered between the original value and the new value will not be applied.
|
| Last Execution Time | The most recent absolute time that the agent was executed. The default is the time at which the connector is created. Modifying this field will be misleading. |
| Last Successful Execution Time | The most recent absolute time that the agent succeeded. The default is the time at which the connector is created. Modifying this field will be misleading. |
| Synchronization Status | Synchronization success/failure. |
| Synchronization Errors | The last error message. You cannot modify this field. There is no default. |
| Last Applied Change Number
(Export operations only) |
The number of the change log entry that was most recently applied successfully to the connected directory. The field can be consciously modified by the end user whenever appropriate. The profile should be in the disabled mode. If the number is increased, then any change log entries numbered between the original value and the new value will not be applied. |
This section describes the windows and fields you use when configuring the Active Directory Connector.
Use this tab page to perform an express configuration of the Active Directory Connector. This configuration is based on an out-of-the-box installation of Oracle Application Server. Do not use this method to create any other type of directory integration profile.
Table C-7 Fields in the Active Directory Connector Express Synchronization Setup Tab Page
| Field | Description |
|---|---|
| Active Directory Host | The host on which Microsoft Active Directory is installed |
| Active Directory Port | The port number for the Microsoft Active Directory installation |
| Account Name | The user name for logging into Microsoft Active Directory |
| Account Password | The password or logging into Microsoft Active Directory |
| Connector Name | The name of the directory integration profile |
| Import Profile Name | Read only. The value is derived from the profile of the connector |
| Export Profile Name | Read only. The value is derived from the profile of the connector |
| Configuration Set | The default is 1. If you specify another, then that configuration set is automatically created and associated with this profile. |
You can also choose to specify access control policies.
