Skip Headers
Oracle® Identity Management Application Developer's Guide
10g Release 2 (10.1.2)
Part No. B14087-01
  Go To Documentation Library
Home		Go To Product List
Solution Area		Go To Index
Index
Next
Next 		 

Contents

List of Figures

List of Tables

Title and Copyright Information

Send Us Your Comments

Preface

Audience
Documentation Accessibility
Structure
Related Documents
Conventions

What's New in the SDK?

New Features in the Release 10.1.2 SDK
New Features in the Release 9.0.4 SDK

Part I Programming for Oracle Identity Management

1 Developing Applications for Oracle Identity Management

1.1 Benefits of Integrating with Oracle Identity Management
1.2 Oracle Identity Management Services Available for Application Integration
1.3 Integrating Existing Applications with Oracle Identity Management
1.4 Integrating New Applications with Oracle Identity Management
1.5 Integrating J2EE Applications with Oracle Identity Management
1.6 Directory Programming: An Overview
1.6.1 Programming Languages Supported by the SDK
1.6.2 SDK Components
1.6.3 Application Development in the Directory Environment
1.6.3.1 Architecture of a Directory-Enabled Application
1.6.3.2 Directory Interactions During the Application Life Cycle
1.6.3.3 Services and APIs for Integrating Applications with Oracle Internet Directory
1.6.3.4 Integrating Existing Applications with Oracle Internet Directory
1.6.3.5 Integrating New Applications with Oracle Internet Directory
1.6.4 Other Components of Oracle Internet Directory

2 Developing Applications with Standard LDAP APIs

2.1 History of LDAP
2.2 LDAP Models
2.2.1 Naming Model
2.2.2 Information Model
2.2.3 Functional Model
2.2.4 Security Model
2.2.4.1 Authentication
2.2.4.2 Access Control and Authorization
2.2.4.3 Data Integrity
2.2.4.4 Data Privacy
2.2.4.5 Password Policies
2.3 About the Standard LDAP APIs
2.3.1 API Usage Model
2.3.2 Getting Started with the C API
2.3.3 Getting Started with the DBMS_LDAP Package
2.3.4 Getting Started with the Java API
2.4 Initializing an LDAP Session
2.4.1 Initializing the Session by Using the C API
2.4.2 Initializing the Session by Using DBMS_LDAP
2.4.3 Initializing the Session by Using JNDI
2.5 Authenticating an LDAP Session
2.5.1 Authenticating an LDAP Session by Using the C API
2.5.2 Authenticating an LDAP Session by Using DBMS_LDAP
2.6 Searching the Directory
2.6.1 Program Flow for Search Operations
2.6.2 Search Scope
2.6.3 Filters
2.6.4 Searching the Directory by Using the C API
2.6.5 Searching the Directory by Using DBMS_LDAP
2.7 Terminating the Session
2.7.1 Terminating the Session by Using the C API
2.7.2 Terminating the Session by Using DBMS_LDAP

3 Developing Applications with Oracle Extensions to the Standard APIs

3.1 Using Oracle Extensions to the Standard APIs
3.1.1 Using the API Extensions in PL/SQL
3.1.2 Using the API Extensions in Java
3.1.2.1 The oracle.java.util Package
3.1.2.2 PropertySetCollection, PropertySet, and Property Classes
3.1.3 How the Standard APIs and The Oracle Extensions Are Installed
3.2 Creating an Application Identity in the Directory
3.2.1 Creating an Application Identity
3.2.2 Assigning Privileges to an Application Identity
3.3 User Management Functionality
3.3.1 User Operations Performed by Directory-Enabled Applications
3.3.2 User Management APIs
3.3.2.1 Java API for User Management
3.3.2.2 C API for User Management
3.3.2.3 PL/SQL API for User Management
3.3.3 User Authentication
3.3.3.1 Java API for User Authentication
3.3.3.2 PL/SQL API for User Authentication
3.3.3.3 C API for User Authentication
3.3.4 User Creation
3.3.4.1 Java API for User Creation
3.3.4.2 PL/SQL API for User Creation
3.3.4.3 C API for User Creation
3.3.5 User Object Retrieval
3.3.5.1 Java API for User Object Retrieval
3.3.5.2 PL/SQL API for User Object Retrieval
3.3.5.3 C API for User Object Retrieval
3.4 Group Management Functionality
3.5 Identity Management Realm Functionality
3.5.1 Realm Object Retrieval for the Java API
3.6 Server Discovery Functionality
3.6.1 Benefits of Oracle Internet Directory Discovery Interfaces
3.6.2 Usage Model for Discovery Interfaces
3.6.3 Determining Server Name and Port Number From DNS
3.6.3.1 Mapping the DN of the Naming Context
3.6.3.2 Search by Domain Component of Local Machine
3.6.3.3 Search by Default SRV Record in DNS
3.6.4 Environment Variables for DNS Server Discovery
3.6.5 Programming Interfaces for DNS Server Discovery
3.6.6 Java APIs for Server Discovery
3.6.7 Examples: Java API for Directory Server Discovery
3.7 SASL Authentication Functionality
3.7.1 SASL Authentication by Using the DIGEST-MD5 Mechanism
3.7.1.1 Steps Involved in SASL Authentication by Using DIGEST-MD5
3.7.1.2 JAVA APIs for SASL Authentication by Using DIGEST-MD5
3.7.2 SASL Authentication by Using External Mechanism
3.8 Proxying on Behalf of End Users
3.9 Creating Dynamic Password Verifiers
3.9.1 Request Control for Dynamic Password Verifiers
3.9.2 Syntax for DynamicVerifierRequestControl
3.9.3 Parameters Required by the Hashing Algorithms
3.9.4 Configuring the Authentication APIs
3.9.4.1 Parameters Passed If ldap_search Is Used
3.9.4.2 Parameters Passed If ldap_compare Is Used
3.9.5 Response Control for Dynamic Password Verifiers
3.9.6 Obtaining Privileges for the Dynamic Verifier Framework
3.10 Dependencies and Limitations for the PL/SQ LDAP API

4 Developing Provisioning-Integrated Applications

4.1 Introduction to the Oracle Directory Provisioning Integration Service
4.2 Developing Provisioning-Integrated Applications
4.2.1 Example of a Provisioning-Integrated Application
4.2.1.1 Requirements of the Employee Self Service Application
4.2.1.2 Registering the Employee Self Service Application in Oracle Internet Directory
4.2.1.3 Identifying the Management Context for the Employee Self Service Application
4.2.1.4 Determining Provisioning Mode for the Employee Self Service Application
4.2.1.5 Determining Events for the Employee Self Service Application
4.2.1.6 Provisioning the Employee Self Service Application for an Identity Management Realm
4.2.1.7 Determining Scheduling Parameters for the Employee Self Service Application
4.2.1.8 Determining the Interface Connection Information for the Employee Self Service Application
4.2.1.9 Implementing the Interface Specification for the Employee Self Service Application
4.2.1.10 Creating the Provisioning Subscription Profile for the Employee Self Service Application
4.3 Provisioning Integration Prerequisites
4.4 Development Usage Model for Provisioning Integration
4.4.1 Initiating Provisioning Integration
4.4.2 Returning Provisioning Information to the Directory
4.5 Development Tasks for Provisioning Integration
4.5.1 Application Installation
4.5.2 User Creation and Enrollment
4.5.3 User Deletion
4.5.4 Extensible Event Definitions
4.5.5 Application Deinstallation
4.5.6 LDAP_NTFY Function Definitions
4.5.6.1 FUNCTION user_exists
4.5.6.2 FUNCTION group_exists
4.5.7 FUNCTION event_ntfy

5 Developing Directory Plug-ins

5.1 Plug-in Prerequisites
5.2 Plug-in Benefits
5.3 What Is the Plug-in Framework?
5.4 Operation-Based Plug-ins Supported by the Directory
5.4.1 Pre-Operation Plug-ins
5.4.2 Post-Operation Plug-ins
5.4.3 When-Operation Plug-ins
5.5 Designing, Creating, and Using Plug-ins
5.5.1 Designing Plug-ins
5.5.1.1 Types of Plug-in Operations
5.5.1.2 Naming Plug-ins
5.5.2 Creating Plug-ins
5.5.2.1 Package Specifications for Plug-in Module Interfaces
5.5.3 Compiling Plug-ins
5.5.3.1 Dependencies
5.5.3.2 Recompiling Plug-ins
5.5.3.3 Granting Permission
5.5.4 Registering Plug-ins
5.5.4.1 The orclPluginConfig Object Class
5.5.4.2 Adding a Plug-in Configuration Entry by Using Command-Line Tools
5.5.4.3 Example 1
5.5.4.4 Example 2
5.5.5 Managing Plug-ins
5.5.5.1 Modifying Plug-ins
5.5.5.2 Debugging Plug-ins
5.5.6 Enabling and Disabling Plug-ins
5.5.7 Exception Handling
5.5.7.1 Error Handling
5.5.7.2 Program Control Handling between Oracle Internet Directory and Plug-ins
5.5.8 Plug-in LDAP API
5.5.9 Plug-ins and Replication
5.5.10 Plug-in and Database Tools
5.5.11 Security
5.5.12 Plug-in Debugging
5.5.13 Plug-in LDAP API Specifications
5.6 Examples of Plug-ins
5.6.1 Example 1: Search Query Logging
5.6.2 Example 2: Synchronizing Two DITs
5.7 Binary Support in the Plug-in Framework
5.7.1 Binary Operations with ldapmodify
5.7.2 Binary Operations with ldapadd
5.7.3 Binary Operations with ldapcompare
5.8 Database Object Types Defined
5.9 Specifications for Plug-in Procedures

6 Integrating with Oracle Delegated Administration Services

6.1 What Is Oracle Delegated Administration Services?
6.1.1 How Applications Benefit from Oracle Delegated Administration Services
6.2 Integrating Applications with the Delegated Administration Services
6.2.1 Integration Profile
6.2.2 Oracle Delegated Administration Services Integration Methodology and Considerations
6.3 Java APIs Used to Access URLs

7 Developing Applications for Single Sign-On

7.1 What Is mod_osso?
7.2 Protecting Applications Using mod_osso: Two Methods
7.2.1 Protecting URLs Statically
7.2.2 Protecting URLs with Dynamic Directives
7.3 Developing Applications Using mod_osso
7.3.1 Developing Statically Protected PL/SQL Applications
7.3.2 Developing Statically Protected Java Applications
7.3.3 Developing Java Applications That Use Dynamic Directives
7.3.3.1 Java Example #1: Simple Authentication
7.3.3.2 Java Example #2: Single Sign-Off
7.3.3.3 Java Example #3: Forced Authentication
7.3.4 A Word About Non-GET Authentication
7.4 Security Issues: Single Sign-Off and Application Logout
7.4.1 Application Login: Code Examples
7.4.1.1 Bad Code Example #1
7.4.1.2 Bad Code Example #2
7.4.1.3 Recommended Code
7.4.2 Application Logout: Recommended Code

Part II Oracle Internet Directory Programming Reference

8 C API Reference

8.1 About the Oracle Internet Directory C API
8.1.1 Oracle Internet Directory SDK C API SSL Extensions
8.1.1.1 SSL Interface Calls
8.1.1.2 Wallet Support
8.2 Functions in the C API
8.2.1 The Functions at a Glance
8.2.2 Initializing an LDAP Session
8.2.2.1 ldap_init and ldap_open
8.2.3 LDAP Session Handle Options
8.2.3.1 ldap_get_option and ldap_set_option
8.2.4 Authenticating to the Directory
8.2.4.1 ldap_sasl_bind, ldap_sasl_bind_s, ldap_simple_bind, and ldap_simple_bind_s
8.2.5 SASL Authentication Using Oracle Extensions
8.2.5.1 ora_ldap_create_cred_hdl, ora_ldap_set_cred_props, ora_ldap_get_cred_props, and ora_ldap_free_cred_hdl
8.2.6 SASL Authentication
8.2.6.1 ora_ldap_init_SASL
8.2.7 Working With Controls
8.2.8 Closing the Session
8.2.8.1 ldap_unbind, ldap_unbind_ext, and ldap_unbind_s
8.2.9 Performing LDAP Operations
8.2.9.1 ldap_search_ext, ldap_search_ext_s, ldap_search, and ldap_search_s
8.2.9.2 Reading an Entry
8.2.9.3 Listing the Children of an Entry
8.2.9.4 ldap_compare_ext, ldap_compare_ext_s, ldap_compare, and ldap_compare_s
8.2.9.5 ldap_modify_ext, ldap_modify_ext_s, ldap_modify, and ldap_modify_s
8.2.9.6 ldap_rename and ldap_rename_s
8.2.9.7 ldap_add_ext, ldap_add_ext_s, ldap_add, and ldap_add_s
8.2.9.8 ldap_delete_ext, ldap_delete_ext_s, ldap_delete, and ldap_delete_s
8.2.9.9 ldap_extended_operation and ldap_extended_operation_s
8.2.10 Abandoning an Operation
8.2.10.1 ldap_abandon_ext and ldap_abandon
8.2.11 Obtaining Results and Peeking Inside LDAP Messages
8.2.11.1 ldap_result, ldap_msgtype, and ldap_msgid
8.2.12 Handling Errors and Parsing Results
8.2.12.1 ldap_parse_result, ldap_parse_sasl_bind_result, ldap_parse_extended_result, and ldap_err2string
8.2.13 Stepping Through a List of Results
8.2.13.1 ldap_first_message and ldap_next_message
8.2.14 Parsing Search Results
8.2.14.1 ldap_first_entry, ldap_next_entry, ldap_first_reference, ldap_next_reference, ldap_count_entries, and ldap_count_references
8.2.14.2 ldap_first_attribute and ldap_next_attribute
8.2.14.3 ldap_get_values, ldap_get_values_len, ldap_count_values, ldap_count_values_len, ldap_value_free, and ldap_value_free_len
8.2.14.4 ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, and ldap_dn2ufn
8.2.14.5 ldap_get_entry_controls
8.2.14.6 ldap_parse_reference
8.3 Sample C API Usage
8.3.1 C API Usage with SSL
8.3.2 C API Usage Without SSL
8.3.3 C API Usage for SASL-Based DIGEST-MD5 Authentication
8.4 Required Header Files and Libraries for the C API
8.5 Dependencies and Limitations of the C API

9 DBMS_LDAP PL/SQL Reference

9.1 Summary of Subprograms
9.2 Exception Summary
9.3 Data Type Summary
9.4 Subprograms
9.4.1 FUNCTION init
9.4.2 FUNCTION simple_bind_s
9.4.3 FUNCTION bind_s
9.4.4 FUNCTION unbind_s
9.4.5 FUNCTION compare_s
9.4.6 FUNCTION search_s
9.4.7 FUNCTION search_st
9.4.8 FUNCTION first_entry
9.4.9 FUNCTION next_entry
9.4.10 FUNCTION count_entries
9.4.11 FUNCTION first_attribute
9.4.12 FUNCTION next_attribute
9.4.13 FUNCTION get_dn
9.4.14 FUNCTION get_values
9.4.15 FUNCTION get_values_len
9.4.16 FUNCTION delete_s
9.4.17 FUNCTION modrdn2_s
9.4.18 FUNCTION err2string
9.4.19 FUNCTION create_mod_array
9.4.20 PROCEDURE populate_mod_array (String Version)
9.4.21 PROCEDURE populate_mod_array (Binary Version)
9.4.22 PROCEDURE populate_mod_array (Binary Version. Uses BLOB Data Type)
9.4.23 FUNCTION get_values_blob
9.4.24 FUNCTION count_values_blob
9.4.25 FUNCTION value_free_blob
9.4.26 FUNCTION modify_s
9.4.27 FUNCTION add_s
9.4.28 PROCEDURE free_mod_array
9.4.29 FUNCTION count_values
9.4.30 FUNCTION count_values_len
9.4.31 FUNCTION rename_s
9.4.32 FUNCTION explode_dn
9.4.33 FUNCTION open_ssl
9.4.34 FUNCTION msgfree
9.4.35 FUNCTION ber_free
9.4.36 FUNCTION nls_convert_to_utf8
9.4.37 FUNCTION nls_convert_to_utf8
9.4.38 FUNCTION nls_convert_from_utf8
9.4.39 FUNCTION nls_convert_from_utf8
9.4.40 FUNCTION nls_get_dbcharset_name

10 Java API Reference

11 DBMS_LDAP_UTL PL/SQL Reference

11.1 Summary of Subprograms
11.2 Subprograms
11.2.1 User-Related Subprograms
11.2.1.1 Function authenticate_user
11.2.1.2 Function create_user_handle
11.2.1.3 Function set_user_handle_properties
11.2.1.4 Function get_user_properties
11.2.1.5 Function set_user_properties
11.2.1.6 Function get_user_extended_properties
11.2.1.7 Function get_user_dn
11.2.1.8 Function check_group_membership
11.2.1.9 Function locate_subscriber_for_user
11.2.1.10 Function get_group_membership
11.2.2 Group-Related Subprograms
11.2.2.1 Function create_group_handle
11.2.2.2 Function set_group_handle_properties
11.2.2.3 Function get_group_properties
11.2.2.4 Function get_group_dn
11.2.3 Subscriber-Related Subprograms
11.2.3.1 Function create_subscriber_handle
11.2.3.2 Function get_subscriber_properties
11.2.3.3 Function get_subscriber_dn
11.2.3.4 Function get_subscriber_ext_properties
11.2.4 Property-Related Subprograms
11.2.5 Miscellaneous Subprograms
11.2.5.1 Function normalize_dn_with_case
11.2.5.2 Function get_property_names
11.2.5.3 Function get_property_values
11.2.5.4 Function get_property_values_len
11.2.5.5 Procedure free_propertyset_collection
11.2.5.6 Function create_mod_propertyset
11.2.5.7 Function populate_mod_propertyset
11.2.5.8 Procedure free_mod_propertyset
11.2.5.9 Procedure free_handle
11.2.5.10 Function check_interface_version
11.2.5.11 Function get_property_values_blob
11.2.5.12 Procedure property_value_free_blob
11.3 Function Return Code Summary
11.4 Data Type Summary

12 DAS_URL Interface Reference

12.1 Directory Entries for the Service Units
12.2 DAS Units and Corresponding URL Parameters
12.3 DAS URL API Parameter Descriptions
12.4 Search-and-Select Service Units for Users or Groups
12.4.1 Invoking Search-and-Select Service Units for Users or Groups
12.4.2 Receiving Data from the User or Group Search-and-Select Service Units

13 Provisioning Integration API Reference

13.1 Versioning of Provisioning Files and Interfaces
13.2 Extensible Event Definition Configuration
13.3 Inbound and Outbound Events
13.4 PL/SQL Bidirectional Interface (Version 2.0)
13.5 Provisioning Event Interface (Version 1.1)
13.5.1 Predefined Event Types
13.5.2 Attribute Type
13.5.3 Attribute Modification Type
13.5.4 Event Dispositions Constants
13.5.5 Callbacks
13.5.5.1 GetAppEvent()
13.5.5.2 PutAppEventStatus()
13.5.5.3 PutOIDEvent()

Part III Appendixes

A Syntax for LDIF and Command-Line Tools

A.1 LDAP Data Interchange Format (LDIF) Syntax
A.2 Starting, Stopping, Restarting, and Monitoring Oracle Internet Directory Servers
A.2.1 The OID Monitor (oidmon) Syntax
A.2.1.1 Starting the OID Monitor
A.2.1.2 Stopping the OID Monitor
A.2.1.3 Starting and Stopping OID Monitor in a Cold Failover Cluster Configuration
A.2.2 The OID Control Utility (oidctl) Syntax
A.2.2.1 Starting and Stopping an Oracle Directory Server Instance
A.2.2.2 Troubleshooting Directory Server Instance Startup
A.2.2.3 Starting and Stopping an Oracle Directory Replication Server Instance
A.2.2.4 Starting the Oracle Directory Integration and Provisioning Server
A.2.2.5 Stopping the Oracle Directory Integration and Provisioning Server
A.2.2.6 Restarting Oracle Internet Directory Server Instances
A.2.2.7 Starting and Stopping Directory Servers on a Virtual Host or an Oracle Application Server Cluster (Identity Management)
A.3 Entry and Attribute Management Command-Line Tools Syntax
A.3.1 The Catalog Management Tool (catalog.sh) Syntax
A.3.2 ldapadd Syntax
A.3.3 ldapaddmt Syntax
A.3.4 ldapbind Syntax
A.3.5 ldapcompare Syntax
A.3.6 ldapdelete Syntax
A.3.7 ldapmoddn Syntax
A.3.8 ldapmodify Syntax
A.3.9 ldapmodifymt Syntax
A.3.10 ldapsearch Syntax
A.3.10.1 Examples of ldapsearch Filters
A.4 Oracle Directory Integration and Provisioning Platform Command-Line Tools Syntax
A.4.1 The Directory Integration and Provisioning Assistant (dipassistant) Syntax
A.4.1.1 Creating, Modifying, and Deleting Synchronization Profiles
A.4.1.2 Listing All Synchronization Profiles in Oracle Internet Directory
A.4.1.3 Viewing the Details of a Specific Synchronization Profile
A.4.1.4 Performing an Express Configuration of the Active Directory Connector Profiles
A.4.1.5 Bootstrapping a Directory by Using the Directory Integration and Provisioning Assistant
A.4.1.6 Properties Expected by the Bootstrapping Command
A.4.1.7 Setting the Wallet Password for the Oracle Directory Integration and Provisioning Server
A.4.1.8 Changing the Password of the Administrator of Oracle Directory Integration and Provisioning Platform
A.4.1.9 Moving an Integration Profile to a Different Identity Management Node
A.4.1.10 Limitations of the Directory Integration and Provisioning Assistant in Oracle Internet Directory 10g Release 2 (10.1.2)
A.4.2 The schemasync Tool Syntax
A.4.3 The Oracle Directory Integration and Provisioning Server Registration Tool (odisrvreg)
A.4.4 Syntax for Provisioning Subscription Tool (oidprovtool)

B DSML Syntax

B.1 Capabilities of DSML
B.2 Benefits of DSML
B.3 DSML Syntax
B.3.1 Top-Level Structure
B.3.2 Directory Entries
B.3.3 Schema Entries
B.4 Tools Enabled for DSML

Glossary

Index

  Next
Next
  Go To Documentation Library
Home		Go To Product List
Solution Area		Go To Index
Index