|
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) Part No. B14085-01 |
|
 Previous |
 Next |
|
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) Part No. B14085-01 |
|
|
Previous |
Next |
This chapter describes the Oracle Directory Integration and Provisioning Server Administration tool along with various other tools used for administering Oracle Directory Integration and Provisioning. It contains these topics:
The Oracle Directory Integration and Provisioning Server Administration Tool
Graphical Tools for Oracle Directory Integration and Provisioning Administration
Command-Line Tools for Oracle Directory Integration and Provisioning Administration
The Oracle Directory Integration and Provisioning Server Administration tool is a Java-based utility for graphically administering the Oracle directory integration and provisioning server. This section describes some of its basic features. More specific instructions are found in sections throughout this book that explain how to perform various tasks.
This section contains these topics:
Starting the Oracle Directory Integration and Provisioning Server Administration Tool
Navigating the Oracle Directory Integration and Provisioning Server Administration Tool
Before you can launch the Oracle Directory Integration and Provisioning Server Administration tool, you must have a directory server instance running.
To start the Oracle Directory Integration and Provisioning Server Administration tool, follow the instructions for your operating system as described in Table 3-1:
Table 3-1 Operating System-Specific Instructions for Starting Oracle Directory Integration and Provisioning Server Administration tool
The first time you start the Oracle Directory Integration and Provisioning Server Administration tool, an alert tells you that you must connect to a server. Choose OK. The Directory Server Connection dialog box appears.
|
Note: To use this tool, you must be a member of the following group: cn=dipadmingrp,cn=odi,cn=oracle internet directory. If you do not have the correct privileges, then access to the tool is denied.
|
To connect to a directory server:
In the Directory Server Connection dialog box, type the name and port number of an available server.
The default port is 389. You can change the port if you wish. However, if you have an Oracle directory server running on a port that is not the default, then be sure that any clients that use that server are informed of the correct port.
Choose OK. The Oracle Directory Integration and Provisioning Server Administration Connect dialog box appears.
If the directory server to which you want to connect does not appear in the initial login window—that is, it is not the default directory server—then you can select another directory server by clicking the button to the right of the Server field.
This dialog box then displays a list of all directory servers to which you have connected at any time in the past. You can select a directory server from the list, either to connect to it, delete it, edit it, or to use it as a template for another management connection.
To connect to a server from the list, select it and choose Select at the bottom of the dialog box. The server and port appear in the Oracle Internet Directory Connect dialog box, from which you can connect.
To delete an existing defined connection, select the server, then choose Delete. The server entry is removed from your list of defined management connections.
To define a new management connection:
To add a new management connection, choose Add. This displays the Directory Server Connection dialog box. After you enter a server name and port in this dialog box and choose OK, the new management connection appears in the list in the Select Directory Server dialog box. From here you can select it to appear in the Oracle Internet Directory Connect dialog box, and thus connect.
To use an existing management connection as the template for a new connection, select the server you want to use as a template, then click Add Like. The Directory Server Connection dialog box appears, with the template server information filled in. You must edit these entries to create a new management connection. After you enter a server name and port in this dialog box and click OK, the new management connection appears in the list in the Select Directory Server dialog box. From here you can select it to appear in the Oracle Internet Directory Connect dialog box, and thus connect.
To edit an existing connection, select it, then click Edit. The Directory Server Connection dialog box appears, with the server and port information filled in. Edit the entries and save any changes. After you enter a server name and port in this dialog box and click OK, the new management connection appears in the list in the Select Directory Server dialog box. From here you can select it to appear in the Oracle Internet Directory Connect dialog box, and thus connect.
In each field of the Credentials tab page, type the information specific to this server instance.
The fields in the Credentials tab page are described in Table C-1.
|
See Also:
|
If you selected the SSL Enabled check box on the Credentials tab page, then select the SSL tab.
In the SSL tab page, enter the requested data in the fields.
The fields in the SSL tab page are described in Table C-2
Choose Login. The Oracle Directory Integration and Provisioning Server Administration tool appears.
This section provides an overview of Oracle Directory Integration and Provisioning Server Administration, and explains the items in the menu bar and the buttons on the toolbar.
Like the directory itself, the navigator pane (left side of the double window interface) has a tree-like structure. When the tool first opens, the navigator pane shows only one tree item. By clicking the plus sign(+) next to the tree item, subcomponents of that tree item appear.
In the right pane, some windows contain buttons labeled Apply and OK. If you choose Apply, then your changes are committed, and the window remains available for more changes. If you choose OK, then your changes are committed, and the window closes.
Similarly, some windows have buttons that are labeled Revert and Cancel. If you press Revert, then your changes in that window do not take effect, the original values reappear in the fields, and the window stays open for further work. If you press Cancel, then your changes in that window do not take effect, and the window closes.
Table 3-2 lists and describes the menus you can access by using the menu bar. Menu items become enabled or disabled depending on the pane or tab page you are displaying.
Table 3-2 Oracle Directory Integration and Provisioning Server Administration Menu Bar
To disconnect from a directory server by using the Oracle Directory Integration and Provisioning Server Administration tool, from the File menu choose Disconnect. Also, when you exit the Oracle Directory Integration and Provisioning Server Administration tool, connections between all directory servers and the directory are automatically disconnected.
All connection information is stored in the user's home directory in the file osdadmin.ini.
When you restart the Oracle Directory Integration and Provisioning Server Administration tool, all previously connected server connections appear in the Directory Server Login dialog box.
You can specify the maximum number of entries to be displayed in the Oracle Directory Integration and Provisioning Server Administration tool as the result of searches and the duration of searches. You can make these configurations in either this tool or the directory server or both.
If you make the configuration in both this tool and the directory server, and the two configurations do not match, then Oracle Internet Directory resolves the conflict as follows:
If the value you set in this tool is greater than that in the directory server, then the configuration of the server prevails. For example, if you set this tool to search for 2 minutes, and the directory server for 3 minutes, then the actual search duration will be 3 minutes.
If the value you set in this tool is less than that in the directory server, then the configuration of this tool prevails. For example, if you set this tool to search for 2 minutes, and the server for 3 minutes, then the actual search duration is 2 minutes.
To configure the display and duration of searches in the Oracle Directory Integration and Provisioning Server Administration tool:
In the navigator pane, select the server you want to configure.
From the toolbar, select User Preferences. The User Preferences dialog box appears.
In the Configure Entry Management tab page, in the field labeled Maximum number of one-level subtree entries, enter the maximum number of entries to be returned by a search. The default is 200.
In the Search Time Limit field, enter the maximum number of seconds for a search to be completed. The default is 25.
Choose OK.
The Oracle Directory Integration and Provisioning Server Administration tool enables you to determine whether the navigator pane displays all ACPs automatically or only as the result of a search. If you have a large number of ACPs, then you may want to display them only as the result of a search.
To configure the display of ACPs:
In the navigator pane, select the server you want to configure.
On the toolbar, choose User Preferences. The User Preferences dialog box appears.
Select the Configure Access Control Policy Management tab page.
Select either:
Always display all ACPs
Only display ACPs based on search request
Choose OK.
To effect your changes, restart the Oracle Directory Integration and Provisioning Server Administration tool.
In addition to the Oracle Directory Integration and Provisioning Server Administration tool, you can use the following graphical tools to administer Oracle Directory Integration and Provisioning:
Oracle Directory Manager is a Java-based tool for graphically administering Oracle Internet Directory. You can use Oracle Directory Manager to:
Create, modify, and delete directory integration profiles for synchronization
Monitor synchronization profiles and synchronization status
Monitor the status of all Oracle directory integration and provisioning server instances
Troubleshoot synchronization
|
See Also:
|
The Oracle Internet Directory Self-Service Console enables you to delegate administrative privileges to various administrators and to end users. It is a ready-to-use standalone application created by using Oracle Delegated Administration Services that provides a single graphical interface for delegated administrators and end users to manage data in the directory. The Oracle Internet Directory Self-Service Console enables both administrators and end users, depending on their privileges, to perform various directory operations. In an integrated deployment, the Oracle Internet Directory Self-Service Console is primarily used for customizing realm parameters.
|
See Also: The Oracle Internet Directory Self-Service Console chapter in Oracle Identity Management Guide to Delegated Administration. |
The following command-line tools are available for administering Oracle Directory Integration and Provisioning:
The Oracle Directory Integration and Provisioning Server Registration Tool (odisrvreg)
Directory Integration and Provisioning Assistant (dipassistant)
|
See Also: Appendix A, "Syntax for LDIF and Command-Line Tools" for the required syntax for each of the tools discussed in this section, along with information on other command-line tools that you can use to administer Oracle Internet Directory and Oracle Directory Integration and Provisioning |
OID Control and OID Monitor enable you to start, stop, and monitor the Oracle directory integration and provisioning server.
In Oracle Internet Directory, you can use OID Control and OID Monitor to control the directory integration and provisioning server in the ORACLE_HOME where either the Oracle directory server or Oracle directory integration and provisioning server are installed.
If the Oracle Internet Directory installation is client-only, then the OID Control Utility and OID Monitor are not installed. In this case, start Oracle directory integration and provisioning server manually. In this configuration you can still use Oracle Directory Integration and Provisioning Server Administration tool to learn the status of Oracle directory integration and provisioning server.
The Oracle Directory Integration and Provisioning Server Registration tool (odisrvreg) registers an Oracle directory integration and provisioning server with the directory. It does this by creating an entry in the directory and setting the password for the Oracle directory integration and provisioning server. If the registration entry already exists, then you can use the odisrvreg tool to reset the existing password. The odisrvreg tool also creates a local file named odisrvwallet_hostname, at $ORACLE_HOME/ldap/odi/conf. This file acts as a private wallet for the Oracle directory integration and provisioning server, which uses it on startup to bind to the directory.
The Directory Integration and Provisioning Assistant (dipassistant) is the command-line version of the Oracle Directory Integration and Provisioning Server Administration tool. Some of the tasks you can perform with the Directory Integration and Provisioning Assistant include:
Creating, modifying, and deleting synchronization profiles
Viewing all synchronization profile names in Oracle Internet Directory
Viewing the details of a specific synchronization profile
Migrating data (or "bootstrapping") between a connected directory and Oracle Internet Directory
Setting the wallet password for Oracle directory integration and provisioning server
Resetting the password of the Oracle Directory Integration and Provisioning administrator
Moving integration profiles to a different Oracle Internet Directory node
You use the Provisioning Subscription tool (oidprovtool) to administer provisioning profile entries in the directory. More specifically, you can use Provisioning Subscription tool to:
Create new provisioning profiles
Enable/disable existing provisioning profiles
Modify existing provisioning profiles
Delete existing provisioning profiles
Get the current status of a provisioning profile
Clear all errors in an existing provisioning profile
Table 3-3 lists the entry and attribute management command-line tools that you can use with Oracle Directory Integration and Provisioning.
Table 3-3 Entry and Attribute Management Command-Line Tools
| Tool | Description |
|---|---|
Catalog Management Tool (catalog.sh)
|
Indexes attributes |
ldapadd
|
Add entries and their object classes, attributes, and values to the directory |
ldapaddmt
|
Supports multiple threads for concurrently adding entries and their object classes, attributes, and values to the directory |
ldapbind
|
Determines whether you can authenticate a client to a server |
ldapcompare
|
Matches specified attribute values with an entry's attribute values |
ldapdelete
|
Removes entries from the directory |
ldapmoddn
|
Modifies an entry's DN or RDN |
ldapmodify
|
Modifies an entry's attributes |
ldapmodifymt
|
Supports multiple threads for modifying entries concurrently |
ldapsearch
|
Searches for entries in the directory |
