| Oracle® Identity Management Integration Guide 10g (10.1.4.0.1) Part Number B15995-01 |
|
|
View PDF |
| Oracle® Identity Management Integration Guide 10g (10.1.4.0.1) Part Number B15995-01 |
|
|
View PDF |
This appendix describes the tab pages and corresponding fields in the Oracle Directory Integration Server Administration tool. It contains these topics:
Windows and Fields for Registering and Editing a Directory Integration Profile
Windows and Fields for Configuring the Microsoft Active Directory Connector
This section lists and describes the windows and fields you use to connect to a directory server.
Table A-1 describes the fields on the Credentials tab page.
Table A-1 Fields in the Credentials Tab Page
| Field Name | Description |
|---|---|
|
The default value for the user name is If you have already set up the user's entry by using LDAP command-line tools, then you can enter that user's entry in one of two ways:
If you do not have the correct privileges, then access to the tool is denied. To use this tool, you must be a member of the following group: |
|
|
If you are logging in as the super user and you specified a password for the super user during installation, in the Password field, enter the password you specified. Otherwise, enter the default password, namely, If you are logging in anonymously, leave the Password field empty. If you want to log in as a specific directory user, enter the corresponding password. See Also: The chapter about directory server administration in Oracle Internet Directory Administrator's Guide, for instructions about how to change the password |
|
|
The first time you log in, the Oracle Directory Integration Server Administration tool displays the name of default Oracle directory server you specified during the Oracle Application Server installation. It obtains the information for the directory server by checking first the value for the If you are want to connect to a server on a different host:
To add a directory server to the list:
To modify a directory server on the list:
|
|
|
Port |
The first time you log in, the Oracle Directory Integration Server Administration tool displays the name of default Oracle directory server port you specified during the Oracle Application Server installation. It obtains this information by checking the value of the To change this port number:
|
Table A-2 describes the fields on the SSL tab page.
Table A-2 Fields in the SSL Tab Page
Use this window to specify:
The number of entries the Oracle Directory Integration Server Administration tool displays in a search result
The duration of searches
You can make these configurations in this tool, directory server, or both.
If you make the configuration in both this tool and the directory server, and the two configurations do not match, then Oracle Internet Directory resolves the conflict as follows:
If the value you set in this tool is greater than that in the directory server, then the configuration of the server prevails. For example, if you set this tool to search for 2 minutes, and the directory server for 3 minutes, then the actual search duration will be 3 minutes.
If the value you set in this tool is less than that in the directory server, then the configuration of this tool prevails. For example, if you set this tool to search for 2 minutes, and the server for 3 minutes, then the actual search duration is 2 minutes.
Use this tab page to determine whether the navigator pane displays all ACPs automatically or only as the result of a search. If you have a large number of ACPs, then you may want to display them only as the result of a search.
Use this dialog box to add a directory server to the list in the Select Directory Server dialog box.
Use this dialog box to display the hierarchy of entries in the directory information tree (DIT).
Click the plus sign (+) next to the top-level entry to expand the tree. Expand the tree by clicking plus signs to see the subordinate entries. When you click a plus sign to expand an entry, that plus sign becomes a minus sign (-).
|
Note: Although an entry that does not have subordinate entries may appear with a plus sign, when you click that plus sign, it disappears. Entries that have no plus or minus sign next to them are leaf nodes on the tree. |
Select the entry you want and click OK. That entry appears in the Root of the Search field in the Search window.
This dialog box displays a list of all directory servers to which you have connected at any time in the past. You can select a directory server from the list, either to connect to it, delete it, edit it, or to use it as a template for another management connection. To add a server to this list, click Add. The Directory Server Connection dialog box appears.
The windows and fields described in this section provide information about active server processes.
This window displays a list of Microsoft Active Directory integration server instances. To display a configuration set entry in a format that is easier to read, select one of the entries and click View Properties. To change the parameters, in the navigator pane, select the configuration set entry. The corresponding tab pages appear in the right pane.
This dialog box displays information about the directory integration profiles associated with a configuration set entry. If the Integration Profiles tab page is empty, then no directory integration profiles are associated with this configuration set entry. The columns of the Integration Profiles tab page in this dialog box are:
Profile Name: The RDN component of the DN for this directory integration profile.
Synchronization Mode: Specifies whether the profile is used for importing or exporting. An import operation brings changes from a connected directory into Oracle Internet Directory. An export operation brings changes from Oracle Internet Directory into a connected directory.
Profile Status: Specifies whether the profile is enabled or disabled.
This section lists and describes the windows and fields you use when registering and editing a directory integration profile.
Use this dialog box to create or modify a directory integration profile. You can:
Create an integration profile by copying an existing one. To do this, select the directory integration profile you want to copy, then click Create Like. The Integration Profile dialog box displays the General tab page.
Create an integration profile without copying an existing one. To do this, click Create New. The Integration Profile dialog box displays the General tab page.
Edit an integration profile by selecting it, and then click Edit. This displays the General tab page.
Table A-3 describes the fields on the General tab page.
Table A-3 Fields on the General Tab Page
| Field Name | Description |
|---|---|
|
Profile Name |
Specify the name of the profile. The name you enter is used as the RDN component of the DN for this integration profile. For example, specifying a profile name This field is mandatory. There is no default. |
|
Profile Version |
Version of Oracle Directory Integration Platform with which this profile was created. |
|
Synchronization Mode |
Specify whether this is an import or an export operation. An import operation pulls changes from a connected directory into Oracle Internet Directory. An export operation pushes changes from Oracle Internet Directory into a connected directory. This field is mandatory. The default is |
|
Profile Status |
Specify whether the profile is enabled or disabled. This field is mandatory. The default is |
|
Profile Password |
Specify the password that Oracle directory integration server is to use when binding to Oracle Internet Directory on behalf of the profile. This field is mandatory, and the default is |
|
Scheduling Interval |
Specify the number of seconds between synchronization attempts between a connected directory and Oracle Internet Directory. This field is mandatory. The default is |
|
Maximum Number of Retries |
Specify the maximum number of times the directory integration server is to attempt synchronization before it disables synchronization. This field is mandatory. The default is 5. The first retry takes place 1 minute after the first failure. The second retry happens 2 minutes after the second failure, and subsequently the retry takes place n minutes after the n-th failure. |
|
Debug Level |
Specify the logging level for debugging as described in Oracle Internet Directory Administrator's Guide |
Table A-1 describes the fields in the Execution tab page.
Table A-4 Fields on the Execution Tab Page
| Field Name | Description |
|---|---|
|
Agent Execution Command |
Specify the agent executable name and the arguments used by the Oracle directory integration server to run the agent. This field is optional. There is no default. A typical execution command is of the form, odicmd user=%orclodipcondirAccessAccount pass=%orclodipcondiraccesspassword Where user=%orclodipcondirAccessAccount pass=%orclodipcondiraccesspassword are the command-line arguments. The value to be passed for the user is derived from the attribute A typical example is given in the Oracle Human Resources agent. |
|
Connected Directory Account |
Specify the account to be used by the connector agent for accessing the connected directory. For example, if the connected directory is a database, then the account might be This field is optional. There is no default. |
|
Connected Directory Account Password |
Specify the password the connector/agent is to use when accessing the connected directory. This field is optional. There is no default. |
|
Additional Config Info |
This field displays additional information that the Oracle directory integration server passes to an agent. You cannot modify this field through the Oracle Directory Integration Server Administration tool. The only way to modify it is to use Directory Integration Assistant ( |
|
Connected Directory URL |
Connection information required to connect to the connected directory. This parameter refers to the host name and port number as To connect by using SSL, enter Make sure the certificate to connect to the directory is stored in the wallet, the location of which is specified in the file Note: To connect to Sun Java System Directory by using SSL, the server certificate needs to be loaded into the wallet. See Also: The chapter about Oracle Wallet Manager in Oracle Advanced Security Administrator's Guide |
|
Interface Type |
The format used by the import or export file. Options are |
Table A-5 describes the fields in the Mapping tab page.
Table A-5 Fields on the Mapping Tab Page
| Field Name | Description |
|---|---|
|
Mapping Rules |
This field displays the mapping rules for converting data between a connected directory and Oracle Internet Directory. There is no default. Note: You cannot edit the mapping rules file by using the Oracle Directory Integration Server Administration tool. You edit the mapping rules in a file manually and then upload it to the profile by using Oracle Directory Integration Platform. |
|
Connected Directory Matching Filter |
Specify the attribute that uniquely identifies an entry in the connected directory. |
|
OID Matching Filter |
Specify the attribute that uniquely identifies records in Oracle Internet Directory. This attribute is used as a key to synchronize Oracle Internet Directory with the connected directory. This field is optional. |
Table A-6 describes the fields in the Status tab page.
Table A-6 Fields on the Status Tab Page
| Field Name | Description |
|---|---|
|
OID Last Applied Change Number (Import operations only) |
For export operations, specify the identifier of the last change from Oracle Internet Directory that has been applied to the connected directory. The default is |
|
Last Execution Time |
The most recent absolute time that the agent was executed. The default is the time at which the connector is created. Modifying this field will be misleading. |
|
Last Successful Execution Time |
The most recent absolute time that the agent succeeded. The default is the time at which the connector is created. Modifying this field will be misleading. |
|
Synchronization Status |
Synchronization success or failure. |
|
Synchronization Errors |
The last error message. You cannot modify this field. There is no default. |
|
Last Applied Change Number (Export operations only) |
The number of the change log entry that was most recently applied successfully to the connected directory. The field can be consciously modified by the end user whenever appropriate. The profile should be in disabled mode. If the number is increased, then any change log entries numbered between the original value and the new value will not be applied. |
This section describes the windows and fields you use when configuring the Microsoft Active Directory Connector.
Use this tab page to perform an express configuration of the Microsoft Active Directory Connector. This configuration is based on an out-of-the-box installation of Oracle Application Server. Do not use this method to create any other type of directory integration profile.
Table A-7 describes the fields in the Microsoft Active Directory Connector Express Synchronization Setup tab page.
Table A-7 Fields in the Microsoft Active Directory Connector Express Synchronization Setup Tab Page
| Field Name | Description |
|---|---|
|
Microsoft Active Directory Host |
The host on which Microsoft Active Directory is installed. |
|
Microsoft Active Directory Port |
The port number for the Microsoft Active Directory installation. |
|
Account Name |
The user name for logging in to Microsoft Active Directory. |
|
Account Password |
The password or logging in to Microsoft Active Directory. |
|
Connector Name |
The name of the directory integration profile. |
|
Import Profile Name |
Read only. The value is derived from the profile of the connector. |
|
Export Profile Name |
Read only. The value is derived from the profile of the connector. |
|
Configuration Set |
The default is 1. If you specify another configuration set, then that configuration set is automatically created and associated with this profile. |
You can also choose to specify access control policies.
