|
Oracle® Internet Directory Administrator's Guide,
10g Release 2 (10.1.2) B14082-02 |
|
 Previous |
 Next |
|
Oracle® Internet Directory Administrator's Guide,
10g Release 2 (10.1.2) B14082-02 |
|
|
Previous |
Next |
This chapter introduces the various administration tools of Oracle Internet Directory. It discusses the online administration tool, called Oracle Directory Manager, and tells you how to launch it, navigate through it, and connect to directory servers with it. It also introduces the command-line tools for ldap, bulk, and catalog operations.
This chapter contains these topics:
Directory administration is also aided by the Oracle Delegated Administration Services, a set of pre-defined, Web-based units for performing directory operations on behalf of a user. It frees directory administrators from the more routine directory management tasks by enabling them to delegate specific functions to other administrators and to end users. You can use it, for example, to enable end users to modify their personal profile information (including Oracle Application Server Single Sign-On passwords) without requiring the intervention of an administrator.
One tool, created by using Oracle Delegated Administration Services, is the Oracle Internet Directory Self-Service Console. This ready-to-use application provides a single graphical interface for delegated administrators and end users to manage data in the directory.
Oracle Directory Manager is a Java-based tool for administering Oracle Internet Directory. This section describes some of its basic features. More specific instructions are found in sections throughout this book that explain how to perform various tasks.
This section contains these topics:
Connecting to a Directory Server by Using Oracle Directory Manager
Connecting to Additional Directory Servers by Using Oracle Directory Manager
Disconnecting from a Directory Server by Using Oracle Directory Manager
Configuring the Display and Duration of Searches in Oracle Directory Manager
Performing Administrative Tasks by Using Oracle Directory Manager
|
Note: You cannot use Oracle Directory Manager to administer LDAP directories other than Oracle Internet Directory. |
Before you can launch Oracle Directory Manager, you must have a directory server instance running. If no server instance is running, start one as described in "Semantics of OPMN Starting Oracle Internet Directory".
|
See Also: "Oracle Internet Directory Architecture" for a conceptual explanation of directory server instances |
To start Oracle Directory Manager, follow the instructions for your operating system as described in Table 4-1:
Table 4-1 Operating System-Specific Instructions for Starting Oracle Directory Manager
The first time you start Oracle Directory Manager, an alert tells you that you must connect to a server. Choose OK. The Directory Server Connection dialog box appears.
To connect to a directory server:
In the Directory Server Connection dialog box, type the name and port number of an available server.
The default port is 389. You can change the port if you wish. However, if you have an Oracle directory server running on a port that is not the default, then be sure that any clients that use that server are informed of the correct port.
Choose OK. The Oracle Directory Manager Connect dialog box appears.
In each field of the Credentials tab page, type the information specific to this server instance. These fields are described in Table A-1.
|
See Also:
|
If you selected the SSL Enabled check box on the Credentials tab page, then select the SSL tab.
In the SSL tab page, enter the requested data in the fields. These fields are described in Table A-2.
Choose Login. Oracle Directory Manager appears.
This section provides an overview of Oracle Directory Manager, and explains the items in the menu bar and the buttons on the toolbar.
Like the directory itself, the navigator pane (left side of the double window interface) has a tree-like structure. When Oracle Directory Manager first opens, the navigator pane shows only one tree item, Oracle Internet Directory Servers. By clicking the plus sign (+) next to the tree item, subcomponents of that tree item appear.
In the right pane, some windows contain buttons labeled Apply and OK. If you choose Apply, the changes you have made are committed, and the window remains available for more changes. If you press OK, the changes you have made are committed, and the window closes.
Similarly, some windows have buttons that are labeled Revert and Cancel. If you press Revert, then the changes you have made in that window do not take effect, the original values reappear in the fields, and the window stays open for further work. If you press Cancel, the changes you have made in that window do not take effect, and the window closes.
Table 4-2 lists and describes the menus you can access by using the menu bar. Menu items become enabled or disabled depending on the pane or tab page you are displaying.
Table 4-2 Oracle Directory Manager Menu Bar
| Menu | Menu Items |
|---|---|
|
Create Like—Adds a new object by using the object selected in the navigator pane as a template Connect—Connects to a directory server selected in the navigator pane Disconnect—Disconnects from a directory server selected in the navigator pane |
|
|
Remove—Removes a selected object Find Object Classes or Find Attributes—Searches for either an object class or an attribute, depending on the context. If, in the navigator pane, you select Oracle Internet Directory, then directory server instance, then Server Management, then Object Classes, then this menu item searches for an object class. If you navigate to Oracle Internet Directory, then directory server instance, then Server Management, then Attributes, then it searches for attributes. |
|
|
Refresh—Updates data stored in memory to reflect changes in the database Tear-Off—Generates a secondary dialog containing the fields and values displayed in Oracle Directory Manager's right pane. This is useful when comparing two pieces of information. |
|
|
Create Object Class—Displays the New Object Class dialog box that you use to add a new object class Create Attribute—Displays the New Attribute Type dialog box that you use to add a new attribute to an entry Create Access Cutler Point—Displays the New Access Control Point dialog box that you use to add a new access control policy point (ACP). Create Entry—Displays the New Entry dialog box that you use to add a new directory entry Refresh Entry—Updates data for entries stored in memory to reflect changes in the database Refresh Subtree Entries—Updates the children of entries stored in memory to reflect changes in the database Configure Search Filter—Narrows the range of entries the navigator pane displays according to whatever filter you specify Drop Index—Removes an index from an attribute. When you select this item, an alert asks you to confirm that you want to drop the index. Search—Enables you to configure ACP searches User Preferences—Displays a dialog box that enables you to:
|
|
|
Contents—Displays the Contents tab page of the Help navigator Search for Help On...—Displays the Help Search dialog box that you use to search for words in the online help guide About Oracle Internet Directory—Displays Oracle Internet Directory version information |
Table 4-3 illustrates and describes the buttons in the Oracle Internet Directory toolbar. Buttons become enabled or disabled depending on the pane or tab page you are displaying in Oracle Directory Manager.
Table 4-3 Oracle Directory Manager Toolbar
You can connect to more than one directory server at a time, and then view and modify the data, schema, and security for each directory server. If you do this, then each server is listed in the navigator pane under Oracle Internet Directory Servers.
To connect to an additional directory server:
In the navigator pane, select Oracle Internet Directory Servers.
In the right pane, choose New.
Follow the login procedures described earlier in this chapter, in "Connecting to a Directory Server by Using Oracle Directory Manager".
To disconnect from a directory server by using Oracle Directory Manager, from the File menu choose Disconnect. Also, when you exit Oracle Directory Manager, connections between all directory servers and the directory are automatically disconnected.
All connection information is stored in the user's home directory in the file osdadmin.ini.
When you restart Oracle Directory Manager, all previously connected server connections appear in the Directory Server Login dialog box.
You can specify the maximum number of entries to be displayed in Oracle Directory Manager as the result of searches and the duration of searches. You can make these configurations in either Oracle Directory Manager or the directory server or both.
If you make the configuration in both Oracle Directory Manager and the directory server, and the configuration in Oracle Directory Manager does not match the one in the directory server, then Oracle Internet Directory resolves the conflict as follows:
If the value you set in Oracle Directory Manager is greater than that in the directory server, then the configuration of the server prevails. For example, if you set Oracle Directory Manager to search for 2 minutes, and the directory server for 3 minutes, then the actual search duration will be 3 minutes.
If the value you set in Oracle Directory Manager is less than that in the directory server, then the configuration of Oracle Directory Manager prevails. For example, if you set Oracle Directory Manager to search for 2 minutes, and the server for 3 minutes, then the actual search duration is 2 minutes.
To configure the display and duration of searches in Oracle Directory Manager:
In the navigator pane, expand Oracle Internet Directory Servers, and select the server you want to configure.
From the toolbar, select User Preferences. The User Preferences dialog box appears.
In the Configure Entry Management tab page, in the Maximum number of one-level subtree entries field, enter the maximum number of entries to be returned by a search.
In the Search Time Limit field, enter the maximum number of seconds for a search to be completed. The default is 3600.
Choose OK.
To configure the display and duration of searches in an Oracle directory server:
In the navigator pane, expand Oracle Internet Directory Servers and select a directory server instance. The group of tab pages for that server appear in the right pane.
In the System Operational Attributes tab page, in the Query Entry Return Limit field, enter the maximum number of entries to be returned by a search. The default is 1000.
In the Server Operation Time Limit field, enter the maximum number of seconds for a search to be completed. The default is 3600.
Choose Apply.
You can perform most of the Oracle Internet Directory administrative tasks through Oracle Directory Manager. Those that you cannot perform through Oracle Directory Manager involve running processes, such as starting and stopping the OID Monitor (oidmon) and starting and stopping server instances. To perform tasks that you cannot perform with Oracle Directory Manager, use the appropriate LDAP command-line tool.
|
See Also:
|
Table 4-4 lists the task areas you can manage by using Oracle Directory Manager and where to find instructions for each area.
Table 4-4 Task Areas in Oracle Directory Manager
This section enumerates the concepts behind the process control model in Oracle Internet Directory. This applies to Oracle Internet Directory LDAP, Replication, and Directory Integration Server instances.
This section contains these topics:
For information on starting and stopping the Oracle Directory Integration and Provisioning server, see the chapter on managing the Oracle Directory Integration and Provisioning server in Oracle Identity Management Integration Guide.
OPMN is a daemon process that monitors the different components in an installation of Oracle Application Server. It is installed and configured in every middle-tier and Oracle Application Server Infrastructure installation and is essential for running Oracle Application Server. Since Oracle Internet Directory is installed as part of the Oracle Application Server Infrastructure, OPMN is responsible for monitoring Oracle Internet Directory as an Oracle Application Server component. The command-line interface to OPMN is $ORACLE_HOME/opmn/bin/opmnctl. You use OPMNCTL to stop or start Oracle Internet Directory as a component.
|
See Also: The chapter entitled "Configuring Oracle Internet Directory" in Oracle Process Manager and Notification Server Administrator's Guide |
OIDMON ($ORACLE_HOME/bin/oidmon) is a daemon process responsible for the process control of all Oracle Internet Directory Server instances.
OIDCTL ($ORACLE_HOME/bin/oidctl) is a command line tool that lets you configure additional Oracle Internet Directory Server Instances or perform process control at the instance level.
This section describes Oracle Internet Directory interaction with OPMN. It includes the following sections:
Monitoring rules are as follows:
OPMN is responsible for monitoring Oracle Internet Directory as an Oracle Application Server component.
OPMN integration with Oracle Internet Directory is such that OPMN knows only about OIDMON and is unaware of the Oracle Internet Directory Server Instances.
OPMN is responsible for the direct start, stop, restart and monitoring of OIDMON only. OIDMON continues to be responsible for the direct start, stop, restart and monitoring of all Oracle Internet Directory Server Instances.
Oracle Internet Directory component-specific directives are located as follows:
Oracle Internet Directory component-specific directives for OPMN are located under the tag <ias-component id="OID" status="enabled> in $ORACLE_HOME/opmn/conf/opmn.xml.
OPMN uses the directives in the OID component snippet in opmn.xml and invokes OIDMON and OIDCTL as required.
OIDCTL related requirements are located under the tag <category id="oidctl parameters">.
OIDMON related requirements are located under the tag <category id="oidmon parameters">. There should be only one such directive.
The default value of OID Snippet in opmn.xml has one entry for OIDMON and one for OIDCTL.
|
See Also: The chapter entitled "Configuring Oracle Internet Directory" in Oracle Process Manager and Notification Server Administrator's Guide |
OPMN startup of an Oracle Internet Directory component proceeds as follows:
You can indicate to OPMN the intent to start an Oracle Internet Directory component with one of the following commands:
opmnctl startall opmnctl startproc ias-component=OID
OPMN issues an oidmon start command with appropriate arguments to OIDMON as specified in the contents of "oidmon parameters" in the OID Snippet in opmn.xml.
OPMN issues oidctl start commands if the OID Snippet in opmn.xml has entries that require this.
Note that when you use opmnctl startproc ias-component=OID, the opmn.xml parameters are not reloaded as they are when you use when you use opmnctl startall
OPMN stopping of an Oracle Internet Directory component proceeds as follows:
You can indicate to OPMN the intent to stop an Oracle Internet Directory component with one of the following commands:
opmnctl stopall opmnctl stopproc ias-component=OID
OPMN issues an oidmon stop.
OPMN does not issue oidctl stop commands; instead, the OIDMON stop semantics ensure that the Oracle Internet Directory Server Instances are stopped as required. For more information, see "OIDMON and the ODS_PROCESS Table" .
Note that when you use opmnctl stopproc ias-component=OID, the opmn.xml parameters are not reloaded as they are when you use when you use opmnctl stopall
OPMN monitors OIDMON as follows:
Once you start OIDMON through OPMN, OPMN ensures that OIDMON is up and running. If OIDMON goes down for some reason, OPMN will bring it back up.
If you issue oidmon stop on the command line, OIDMON will be stopped but OPMN will immediately bring it back up.
The recommended approach for using OPMNCTL and OIDCTL is as follows:
Use OPMNCTL to stop or start Oracle Internet Directory as a component. That is, use it to stop or start all Oracle Internet Directory LDAP, replication, and Oracle Directory Integration and Provisioning server instances.
Using OPMNCTL to stop Oracle Internet Directory causes OPMN to issue an oidmon stop, which results in OIDMON shutting down all configured LDAP, replication, and Oracle Directory Integration and Provisioning server instances.
Using OPMNCTL to start Oracle Internet Directory causes OPMN to issue an oidmon start, which results in OIDMON starting up all configured LDAP, replication, and Oracle Directory Integration and Provisioning server instances.
Use OIDCTL to configure required additional Oracle Internet Directory Server Instances.
To configure an Oracle Internet Directory LDAP, replication, or Oracle Directory Integration and Provisioning server that is not part of the default configuration, use the OIDCTL command to start such an instance.
Issue the oidctl start command only once for each instance for the duration of the deployment of that configuration. The OIDMON start and stop semantics ensure that configured servers start and stop appropriately.
Use OIDCTL to perform process control at the instance level only.
Use oidctl stop to stop a particular instance of the Oracle Internet Directory LDAP, replication, or Oracle Directory Integration and Provisioning server. Do not use it to stop all the configured instances of the servers.
Use oidctl start to start an additional instance of the Oracle Internet DirectoryLDAP, replication, or Oracle Directory Integration and Provisioning server that is not already configured.
If, for some reason, a server instance is stopped using oidctl stop, then it is removed from the process table and will not be known to OIDMON any longer. To restart an instance that was stopped this way, use oidctl start.
The following sections provide examples of the recommended approach. The examples are:
Changing the Configuration of the Default OID LDAP Server Instance
Configuring Additional Oracle Internet Directory LDAP Server Instances
Deconfiguring the Default Oracle Internet Directory LDAP Server Instance
Configuring an Instance of the Oracle Internet Directory Replication Server
Configuring an Oracle Directory Integration and Provisioning Server Instance
|
See Also: "Oracle Internet Directory Server Administration Tools" in Oracle Identity Management User Reference for more information on the syntax of the commands used in the examples. |
A default Oracle Internet Directory installation uses the default configuration set (configset0), which provides a single server instance with one server process and two database connections configured. This configuration might be inadequate to handle the production LDAP load in your environment. If so, you need to increase the number of server processes or database connections or both. You change these by changing the orclserverprocs and orclmaxcc attributes values, respectively, in configset0.You change the default configset using Oracle Directory Manager, as follows:
Launch Oracle Directory Manager.
Log in as orcladmin.
Expand Server Management.
Click Default Configuration.
Change Max Number of DB Connections to the desired value. A typical recommendation is 10.
Change Number of Child Process if required. A typical value is 1 or the number of CPUs on the system.
Click Apply.
Restart the Oracle Internet Directory servers, as follows:
opmnctl stopproc ias-component=OID opmnctl startproc ias-component=OID
Oracle recommends that you not change other parameters in the default configuration set.
To start additional Oracle Internet Directory LDAP server instances, add additional configuration sets with the required configuration values and use these additional configuration sets to start additional server instances. (Do not use the default configuration set and override the default values.) You add a configuration set and to use it to start an Oracle Internet Directory LDAP Server Instance as follows:
Launch Oracle Directory Manager.
Expand Server Management.
Expand Directory Server.
Right click Default Configuration Set.
Click Create Like.
Change the required parameters in the new configuration set. Ensure that the port numbers do not overlap with those of the default configuration set or any other configuration set.
Click OK.
To start an LDAP server instance using a new configuration set called configset2, type:
oidctl connect=connStr server=oidldapd instance=2 configset=2 start
To replace the Oracle Internet Directory LDAP server instance with one or more Oracle Internet Directory LDAP Server Instances, you must edit opmn.xml to deconfigure the default LDAP instance. By default, opmn.xml contains an XML snippet that attempts to start the default Oracle Internet Directory LDAP server instance when you type opmnctl start. To deconfigure the default Oracle Internet Directory LDAP server instance, perform the following steps:
Type:
oidctl connect=connStr server=oidldapd instance=1 stop
Edit the file $ORACLE_HOME/opmn/conf/opmn.xml and remove the following lines:
<category id="oidctl-parameters"> <data id="connect" value="iasdb"/> <data id="startoidldapd" value="true"/> </category>
To configure an instance of OID Replication Server, use the oidctl start command. For example:
oidctl connect=connStr server=oidrepld instance=1 \ flags="-h LdapHost -p LdapPort" start
Do not start more than one instance of oidrepld.
To configure an instance of the Oracle Directory Integration and Provisioning Server, use the oidctl start command. For example:
oidctl connect=connStr server=odisrv instance=1 \ flags="-h LdapHost -p LdapPort" start
OIDMON It is responsible for starting, stopping, restarting, and monitoring of all the Oracle Internet Directory Server instances including Oracle Internet Directory LDAP, Replication, and Directory Server instances.
OIDMON reads the contents of the ods_process table in the ODS database user schema once every periodicity and acts upon the intent conveyed by the contents of that table. The periodicity is controlled by the value of the sleep command line argument used at oidmon startup, and the default value is 10 seconds.
Table 4-5 describes the information in the ODS_PROCESS table that is relevant to process control:
Table 4-5 Process Control Items in the ODS_PROCESS Table
| Item | Meaning |
|---|---|
|
Instance |
Unique instance number for a given server ID on a given host |
|
PID |
Process ID of the server that is up and running |
|
ServerID |
Server ID (2=OIDLDAPD, 3=OIDREPLD, 7=ODISRV) |
|
Flags |
Command line arguments that need to be passed to the server instance |
|
Hostname |
Name of the host on which this server must be present |
|
Configset |
Configset information |
|
State |
State of the Server Instance (0=stop, 1=start, 2=running, 3=restart, 4=shutdown) |
|
RetryCount |
Number of attempts to start the server instance before it could be started successfully |
|
Notes:
|
OIDMON takes the following actions with respect to Oracle Internet Directory server instances:
When OIDMON is stopped, it performs the following tasks before shutting down:
OIDMON stops all the server instances active (up and running) on its node, that is, all instances active on the same host as OIDMON
OIDMON updates the value of the "state" column of rows in the ods_process table with matching hostname to 4
When OIDMON is started, it starts all Oracle Internet Directory Server instances whose information in the ods_process table has state value 1 or 4 and hostname value matching the host on which OIDMON is active.
This section explains the semantics of starting and stopping Oracle Internet Directory server instances by using OIDCTL.
OIDCTL communicates the intent to start, stop, or restart a particular Oracle Internet Directory Server instance by updating the ods_process table in the ODS database user schema.
When you start an Oracle Internet Directory server instance:
You use the OIDCTL command line utility to indicate the intent to start a particular Oracle Internet Directory server instance
OIDCTL inserts a row into the ods_process table to convey the intent to OIDMON
If the uniqueness constraint on the ods_process table is violated, then OIDCTL reports the error "Instance number already in use"
OIDMON reads this information, starts the server instance, and updates the state and PID columns of the ods_process table as appropriate
When you stop an Oracle Internet Directory server instance by using OIDCTL:
You use the OIDCTL command line utility to indicate the intent to stop a particular Oracle Internet Directory server instance
OIDCTL updates the corresponding row in the ods_process table to convey the intent to OIDMON.
If the corresponding row is not found, that is, the given instance is not configured, then OIDCTL reports the error "Cannot Stop an Instance that is not running"
OIDCTL updates the state value to 0
OIDMON reads this information, stops the server instance, and deletes the row representing this server instance from the ods_process table
Oracle Internet Directory provides several types of command-line tools for manipulating directory entries and attributes—for example:
LDAP tools, for altering objects in text files written in the LDAP Data Interchange Format (LDIF)
A catalog management tool, for indexing existing attributes
Various tools to help you synchronize multiple directories in your enterprise
Many of the command-line tools act on objects that are in text files written in the LDAP Data Interchange Format (LDIF).
|
Note: To use the command-line tools, set the following environment variables:
|
|
Note: Command-line examples in Oracle Identity Management documentation are based on the UNIXksh. Arguments that must be escaped from the shell are shown in double quotes ("). Use the appropriate quote characters for your shell environment.
|
|
See Also: "LDIF File Formatting Rules" in Oracle Identity Management User Referencefor information on formatting an LDIF file |
This section contains these topics:
Table 4-6 lists and describes the various command-line tools for starting, stopping, and monitoring Oracle Internet Directory servers and points you to more information about each one.
Table 4-6 Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers
| Tool | Description | More Information |
|---|---|---|
|
Oracle Process Manager and Notification Server (OPMN) |
Use OPMNCTL to stop or start Oracle Internet Directory as a component of Oracle Application Server. |
The "opmnctl" command-line tool reference in Oracle Identity Management User Reference. The chapter entitled "Configuring Oracle Internet Directory" in Oracle Process Manager and Notification Server Administrator's Guide |
|
OID Control Utility (OIDCTL) |
Use this tool to start and stop an individual instance of the server. The commands are interpreted and executed by the OID Monitor process. |
"Oracle Internet Directory Architecture" for a conceptual description The "oidctl" command-line tool reference in Oracle Identity Management User Reference |
|
OID Monitor (OIDMON) |
You do not need to invoke OIDMON directly. You start and stop it using OPMN. When you issue commands through OID Control Utility (OIDCTL) to start or stop directory server instances, your commands are interpreted by OIDMON. |
"Oracle Internet Directory Architecture" for a conceptual description The "oidmon" command-line tool reference in Oracle Identity Management User Reference for syntax and usage notes |
Table 4-7 lists and describes the command-line tools for managing entries and attributes, and points you to further information.
Table 4-7 Tools for Managing Entries
| Tool | Description | More Information |
|---|---|---|
|
Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, the entry cn=catalogs lists available attributes that can be used in a search. Only those attributes that have an equality matching rule can be indexed. If you want to use additional attributes in search filters, you must add them to the catalog entry. You can do this at the time you create the attribute by using Oracle Directory Manager. However, if the attribute already exists, then you can index it only by using the Catalog Management tool. Useful in creating and dropping the indexes. |
The "catalog.sh" command-line tool reference in Oracle Identity Management User Reference for syntax and usage notes |
|
|
ldapadd |
Use this tool to add entries one at a time. |
The "ldapadd" command-line tool reference in Oracle Identity Management User Reference |
|
ldapaddmt |
Use this tool to add several entries concurrently by using this shared-server tool. |
The "ldapaddmt" command-line tool reference in Oracle Identity Management User Reference |
|
ldapbind |
Use this tool to authenticate user/client to a directory server. |
The "ldapbind" command-line tool reference in Oracle Identity Management User Reference |
|
ldapcompare |
Use this tool to see whether an entry contains a specified attribute value. |
The "ldapcompare" command-line tool reference in Oracle Identity Management User Reference |
|
ldapdelete |
Use this tool to delete entries. |
The "ldapdelete" command-line tool reference in Oracle Identity Management User Reference |
|
ldapmoddn |
Use this tool to modify the DN or RDN of an entry, rename an entry or a subtree, or move an entry or a subtree under a new parent. |
The "ldapmoddn" command-line tool reference in Oracle Identity Management User Reference |
|
ldapmodify |
Use this tool to create, update, and delete attribute data for an entry. |
The "ldapmodify" command-line tool reference in Oracle Identity Management User Reference |
|
ldapmodifymt |
Use this tool to modify several entries concurrently by using this shared-server tool. |
The "ldapmodifymt" command-line tool reference in Oracle Identity Management User Reference |
|
ldapsearch |
Use this tool to search for directory entries. |
The "ldapsearch" command-line tool reference in Oracle Identity Management User Reference |
Table 4-8 lists and describes the command-line tools for performing bulk operations, and points you to further information.
Table 4-8 Command-Line Tools for Performing Bulk Operations
| Tool | Description | More Information |
|---|---|---|
|
Use this tool to delete a subtree efficiently |
The "bulkdelete" command-line tool reference in Oracle Identity Management User Reference |
|
|
Use this tool to load and append large numbers of entries to Oracle Internet Directory through LDIF files |
The "bulkload" command-line tool reference in Oracle Identity Management User Reference |
|
|
Use this tool to modify a large number of existing entries efficiently |
The "bulkmodify" command-line tool reference in Oracle Identity Management User Reference |
|
|
Use this tool to copy data from the directory information base into an LDIF file that can be read by any LDAP-compliant directory server. You can use ldifwrite in conjunction with bulkload. You can also use ldifwrite to back up information from all or part of a directory. |
The "ldifwrite" command-line tool reference in Oracle Identity Management User Reference |
Table 4-9 lists and describes the command-line tools for managing replication, and points you to further information.
Table 4-9 Command-Line Tools for Managing Replication
| Tool | Description | More Information |
|---|---|---|
|
This tool ensures that Advanced Replication is properly configured for directory replication. In the event of a directory replication failure, this tool looks for the problems and seeks to rectify them. If it cannot solve the problem, then it gives you a report of the nature of the problem and points you to a possible solution. |
The "remtool" command-line tool reference in Oracle Identity Management User Reference for syntax and examples |
|
|
When a replication conflict arises, Oracle directory replication server places the change in the retry queue and tries to apply it from there for a specified number of times. If it fails after that specified number, then the replication server puts the change in the human intervention queue. From there, the replication server repeats the change application process at less frequent intervals while awaiting your action. At this point, you need to:
|
""About the Oracle Internet Directory Reconciliation Tool" The "oidreconcile" command-line tool reference in Oracle Identity Management User Reference |
|
|
Once you have reconciled conflicting changes by using the OID Reconciliation Tool, the Human Intervention Queue Manipulation Tool enables you to move them from the human intervention queue to either the retry queue or the purge queue. Moving the change to the purge queue means that there are no further attempts to re-apply the change log entry. |
"About the Human Intervention Queue Manipulation Tool" The "hiqretry" command-line tool reference in Oracle Identity Management User Reference for syntax and an explanation of how OID Reconciliation Tool works |
Use this tool to migrate data from application-specific repositories into Oracle Internet Directory.
|
See Also: The "ldifmigrator" command-line tool reference in Oracle Identity Management User Reference for instructions on using this tool |
Use this tool to analyze the various database ods schema objects to estimate the statistics. You must run this utility whenever there are significant changes in directory data—including the initial load of data into the directory.
If you load data into the directory by any means other than the bulkload tool (bulkload.sh), then you must run the OID Database Statistics Collection tool after loading. Statistics collection is essential for the Oracle Optimizer to choose an optimal plan in executing the queries corresponding to the LDAP operations. You can run OID Database Statistics Collection tool at any time, without shutting down any of the OID daemons.
|
See Also: The "oidstats.sql" command-line tool reference in Oracle Identity Management User Reference |
The OID Database Password Utility is used to:
Change the password to the Oracle Internet Directory database.
Oracle Internet Directory uses a password when connecting to an Oracle database. The default for this password matches the value you specified during installation for the Oracle Application Server administrator's password. You can change this password by using the OID Database Password Utility.
Create a wallet, named oidpwdlldap1, for the Oracle Internet Directory database password, and a wallet, named oidpwdrsid, for the Oracle directory replication server password.
The sid is obtained not from the environment variable SID but from the connected database.
With the create_wallet=true option, you need to provide the ODS password to authenticate yourself to the ODS database before the ODS wallet can be generated. Note that the default ODS password is the same as that for the Oracle Application Server administrator.
Unlock a locked directory super user account, namely, cn=orcladmin.
|
Note: To change the ODS database user password, you must use the oidpasswd tool. If you change the ODS database user password by any other means, then Oracle Internet Directory instances fail to start. |
Reset the super user password
Manage super user restricted ACPs
Oracle Internet Directory routine administration tasks are described throughout this manual. Table 4-10 points you to the information you need for some of the more common tasks.
Table 4-10 Routine Administration Tasks
| Task | Information |
|---|---|
|
Managing Attributes |
- |
|
Add, modify, or delete an attribute by using command-line tools |
"Managing Attributes by Using Command-Line Tools" |
|
Add, modify, or delete an attribute by using the Oracle Directory Manager |
|
|
Managing Entries |
- |
|
Add, modify, or delete a directory entry by using command-line tools |
|
|
Add, modify, or delete a directory entry by using Oracle Directory Manager |
"Managing Entries by Using Oracle Directory Manager" |
|
Import bulk data files |
The "bulkload" command-line tool reference in Oracle Identity Management User Reference "LDIF File Formatting Rules and Examples" in Oracle Identity Management User Reference |
|
View Directory Information Tree (DIT) hierarchy of entries |
"Managing Entries by Using Oracle Directory Manager" |
|
Managing Object Classes |
- |
|
Add, modify, or delete object classes by using command-line tools |
"Managing Object Classes by Using Command-Line Tools" |
|
Add, modify, or delete object classes by using Oracle Directory Manager |
"Object Classes in the Directory" |
|
Managing Replication |
- |
|
Set up replication |
Chapter 25, "Oracle Internet Directory Replication Administration" |
|
Resolve replication change conflicts |
"Resolving Conflicts Manually in a Multimaster Replication Group" |
|
Move replication changes from human intervention queue to either the retry queue or the purge queue |
"About the Oracle Internet Directory Reconciliation Tool" |
|
Managing Security |
- |
|
Set up an Access Control Policy Point (ACP) |
Chapter 14, "Directory Access Control" |
|
Set up SSL |
Chapter 13, "Secure Sockets Layer (SSL) and the Directory" |
|
Managing Servers |
- |
|
Configure server instance parameters by using command-line tools |
"Managing Server Configuration Set Entries by Using Command-Line Tools" |
|
Configure server instance parameters by using Oracle Directory Manager |
"Managing Server Configuration Set Entries by Using Oracle Directory Manager" |
|
"Connecting to a Directory Server by Using Oracle Directory Manager" "Connecting to Additional Directory Servers by Using Oracle Directory Manager" |
|
|
Start the directory server processes |
Chapter 3, "Post-Installation Tasks and Information" |
|
Chapter 3, "Post-Installation Tasks and Information" |
|
|
View system operational attributes |
"Setting System Operational Attributes by Using Oracle Directory Manager" |
