Oracle® Application Server Release Notes 10g Release 2 (10.1.2) for Linux Itanium B25821-07 |
|
Previous |
Next |
This chapter describes issues associated with Oracle Internet Directory. It includes the following topics:
This section describes configuration issues and their workarounds for Oracle Internet Directory. It includes the following topics:
If Referential Integrity is enabled, whenever you update an entry in the directory, the server also updates other entries that refer to that entry. For example, if you remove a user's entry from the directory, and the user is a member of a group, the server also removes the user from the group. If Referential Integrity is not enabled, the user remains a member of the group until manually removed.
To learn how to configure referential integrity, see Metalink Note: 404838.1: How to Configure OID Referential Integrity in 10gAS 10.1.2.2, on Oracle MetaLink, https://metalink.oracle.com.
This section describes administration issues and their workarounds for Oracle Internet Directory. It includes the following topics:
Password polices are sets of rules that govern how passwords are used in Oracle Internet Directory. Oracle recommends that you set the following values for password policy attributes
Table 20-1 Recommended Values for Password Policy Attributes
Attribute | Meaning | Value |
---|---|---|
|
Password expiration in seconds |
15552000 (180 days) |
|
Password expiration warning in seconds |
1209600 (14 days) |
|
Password grace login limit (the numberof times that user is allowed to loginafter the password has expired) |
5 |
To set these values, use an LDIF file similar to this example, pwdpolicydef.ldif:
dn:cn=pwdpolicyentry, cn=common,cn=products,cn=oraclecontext changetype:modify replace: pwdmaxage pwdmaxage: 15552000 - replace: pwdexpirewarning pwdexpirewarning: 1209600 - add: pwdgraceloginlimit pwdgraceloginlimit: 5
To modify the password policies of a root Oracle context using this LDIF file, you would type:
ldapmodify -h host -p port -D cn=orcladmin -w password -f pwdpolicydef.ldif
See Also: Oracle Internet Directory Administrator's Guide for information on using Oracle Directory Manager to modify password policies of an identity management realm. |
This section describes errors in the documentation for Oracle Internet Directory. It includes these topics:
Section 20.3.1, "Parameters in init$ORACLE_SID.ora are Not Loaded Automatically at Database Startup"
Section 20.3.2, "ODM Online Help Might Have Extra Pages in Non-English Locales"
Section 20.3.3, "Missing Attribute in Oracle Identity Management User Reference"
At startup, the database reads database initialization parameters from spfile
$ORACLE_SID
.ora
rather than from init
$ORACLE_SID
.ora
—unless the user explicitly specifies the latter when starting the database. Thus, wherever the Oracle Internet Directory Administrator's Guide specifies database parameter changes, the subsequent database restart must specify explicitly the init
$ORACLE_SID
.ora
file. For example:
<>SQL> STARTUP PFILE = /u01/oracle/dbs/initmynewdb.ora
For more information, see "Using SQL*Plus to Start Up a Database" in Chapter 3 of Oracle Database Administrator's Guide
Users in non-English locales might notice help pages in Oracle Directory Manager online help for integration profile configuration that have no corresponding support in the product.
The entry for the class orclApplicationEntity
in the "Object Class Reference" chapter of Oracle Identity Management User Reference is missing the attribute orclApplicationAddress
. The "Attribute Reference" chapter is also missing an entry for that attribute. The entry should contain the following information:
orclApplicationAddress
Description
The address of the application.
Syntax
1.3.6.1.4.1.1466.115.121.1.15 (Directory String)
Matching Rule
caseIgnoreMatch
Object ID
2.16.840.1.113894.1.1.318