Skip Navigation Links | |
Exit Print View | |
![]() |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
Managing Entries Using ldapmodify and ldapdelete
Adding Entries Using ldapmodify
Modifying Entries Using ldapmodify
Deleting Entries Using ldapdelete
Deleting Entries Using ldapmodify
Searching Entries Using ldapsearch
To Move or Rename an Entry Using ldapmodify
Guidelines and Limitations for Using the Modify DN Operation
General Guidelines for Using the Modify DN Operation
Guidelines for Using the Modify DN Operation With Replication
To Compress the Size of Entries in Database
To Create and Modify a Smart Referral
Checking Valid Attribute Syntax
To Turn On Automatic Syntax Checking
Tracking Modifications to Directory Entries
To Turn Off Entry Modification Tracking
Attribute Encryption and Performance
Attribute Encryption Usage Considerations
To Configure Attribute Encryption
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
You can simplify entry management by associating related entries in groups. The group mechanism makes it easy to retrieve a list of entries that are members of a given group and set access permissions for a whole group.
Entries can be managed as members of dynamic and static groups. Static groups are suitable for groups with few members, such as a group of directory administrators. A dynamic group specifies one or more URL search filters, so the dynamic group membership is defined each time these search filters are evaluated.
You can retrieve a list of all the static groups a given user is a member of by using the dynamic isMemberOf attribute. This attribute is located in the user entry and in nested group entries and holds the DNs of the static groups to which the member belongs. For example, Kirsten Vaughan is a new system administrator in the human resources department. Her entry shows that she is a member of both the System Administrators group and the HR Managers group.
$ ldapsearch -b "dc=example,dc=com" uid=kvaughan isMemberOf uid=kvaughan, ou=People, dc=example,dc=com isMemberOf: cn=System Administrators, ou=Groups, dc=example,dc=com isMemberOf: cn=HR Managers,ou=groups,dc=example,dc=com
Membership testing for group entries has been improved. These improvements remove some of the previous restrictions on static groups, specifically the restriction on group size. This performance improvement is only effective after the group entry has been loaded into the entry cache.