5 Oracle Virtual Directory

This chapter describes best practices for Oracle Virtual Directory. It includes the following topics:

• Section 5.1, "Give Each Adapter Its Own Namespace to Simplify Configuration"

• Section 5.2, "Use Routing Priority to Control How Order Entries Are Returned for Better Performance"

• Section 5.3, "Use Attribute Flow to Improve Security, Performance and Flexibility"

• Section 5.4, "Use Mapping Scripts to Unify Schema"

• Section 5.5, "Add Microsoft Schema if Using ActiveX Data Objects to Query Oracle Virtual Directory"

5.1 Give Each Adapter Its Own Namespace to Simplify Configuration

With Oracle Virtual Directory the directory namespace is very flexible and can be completely virtualized. It is possible for multiple adapters to have the exact same base Relative Distinguished Name (RDN), such as ou=employees,dc=mycompany,dc=com. However, it is easier to configure Oracle Virtual Directory with less need for customization if you give each adapter its own namespace.

Implementation Details

To implement this best practice, you simply give each adapter a unique branch name.

To give each adapter a unique branch name:

1. Create a new adapter.

2. In the Mapped Namespace field, make sure the value is unique.

   Adapters can share the same base Distinguished Name (DN) but should have their own branch RDN.

See Also:

Chapter 2, "Planning the Virtual Directory," and Chapter 4, "Oracle Virtual Directory," in the Oracle Virtual Directory Product Manual available from the Oracle Technology Network at http://www.oracle.com/pls/wocprod/docs/page/ocom/technology/products/id_mgmt/ovds/pdf/b28833.pdf

5.2 Use Routing Priority to Control How Order Entries Are Returned for Better Performance

When you perform a search, multiple adapters are searched. You can control the search order in which adapters by prioritizing routing. This feature enables you to improve search performance by having Oracle Virtual Directory search the adapters that are faster first. It also enables control over which entries are the master entries when using the UniqueEntry plug-in.

Implementation Details

1. Go to the adapter's Routing tab.

2. Position the priority selector to its proper priority.

   The lower the number, the higher the priority.

3. Repeat for each adapter.

   If multiple adapters have the same priority, they will be searched in the order they were added to Oracle Virtual Directory.

See Also:

Chapter 2, "Planning the Virtual Directory," in the Oracle Virtual Directory Product Manual available from the Oracle Technology Network at http://www.oracle.com/pls/wocprod/docs/page/ocom/technology/products/id_mgmt/ovds/pdf/b28833.pdf

5.3 Use Attribute Flow to Improve Security, Performance and Flexibility

You can use an adapter's attribute flow to provide better control over which attributes can be retrieved or stored in a particular adapter. This can provide you with additional security by restricting control to attributes, even if someone has LDAP administrator privileges to the Oracle Virtual Directory server. It can also improve performance because if a search operation is trying to retrieve attributes that Oracle Virtual Directory knows cannot even be returned from an adapter, it will not waste time searching that adapter. Finally it gives you more flexibility, such as being able to do schema extensions at the Oracle Virtual Directory layer by leveraging a database instead of needing to extend your enterprise directory schema.

Implementation Details

1. Go to Adapter Router tab.

2. Go Attribute Flow section

3. Enter comma-delimited list of attributes in proper fields.

   If you list attributes in any of these fields, only those attributes will be allowed or restricted.

   See Also:

   Chapter 4, "Oracle Virtual Directory Manager" in the Oracle Virtual Directory Product Manual available from the Oracle Technology Network at http://www.oracle.com/pls/wocprod/docs/page/ocom/technology/products/id_mgmt/ovds/pdf/b28833.pdf

5.4 Use Mapping Scripts to Unify Schema

Oracle Virtual Directory can connect to heterogeneous types of LDAP directories and they can have different types of schema. In particular Microsoft Active Directory has its own proprietary user schema different than any other LDAP server. LDAP client applications will not function properly if the LDAP server comes back with entries of different types of schema. You can use mapping scripts, such as the provided Active DirectorytoInterorg mapping script, to make all directory servers appear to have the same schema to LDAP clients connecting to Oracle Virtual Directory.

Implementation Details

1. In Oracle Virtual Directory Manager, expand the Engine tree.

2. Right-click Mapping, and select New > Mapping.

3. Choose the proper mapping.

4. Click Finish.

5. Edit the mapping configuration properties.

6. Right-click the map file, and choose Deploy to Server.

7. Select the adapter you want to apply the mapping to and add the mapping.

See Also:

Chapter 8, "Mapping System" in the Oracle Virtual Directory Product Manual available from the Oracle Technology Network at http://www.oracle.com/pls/wocprod/docs/page/ocom/technology/products/id_mgmt/ovds/pdf/b28833.pdf

5.5 Add Microsoft Schema if Using ActiveX Data Objects to Query Oracle Virtual Directory

If you are using Microsoft .NET APIs—Visual Basic (VB) and Visual Basic Scripting (VBScript)—or ActiveX Data Objects (ADO) to query Oracle Virtual Directory, add the Microsoft schema to Oracle Virtual Directory for this to function properly. The schema is included in 10.1.4.

Implementation Details

1. In Oracle Virtual Directory Manager, go to the Engine > Server > Settings tab.

2. In the Schema > Files field, replace the existing contents with conf/schema.ms.xml,conf/schema.user.xml.