Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
Creating and Configuring LDIF Data Views
To Configure an LDIF Data View
Defining Access Control on Virtual Data Views
To Define a New ACI Storage Repository
To Configure Virtual Access Controls
Defining Schema Checking on Virtual Data Views
Creating and Configuring Join Data Views
To Configure a Join Data View to Enable Referencing of a Data View by Multiple Join Data Views
Creating and Configuring Coordinator Data Views
To Create a Coordinator Data View
To Configure a Coordinator Data View
Creating and Configuring JDBC Data Views
To Configure JDBC Tables, Attributes, and Object Classes
Defining Relationships Between JDBC Tables
Joining an LDAP Directory and a MySQL Database
Configuring and Testing the LDAP Data View
Configuring and Testing the JDBC Data View
Creating and Testing the Join Data View
Joining Multiple Disparate Data Sources
Client Application Requirements
Aggregate Data From the HR LDAP Directory and the Administration LDIF File
Add Data From Company 22 to Example.Com's DIT by Renaming the DN
Add Company 22's Data to the HR Data
Enable LDAP Clients to Access the Payroll Data in an SQL Database
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
A join data view is an aggregation of multiple data views. For information about how a join data view works, see Join Data Views in Oracle Directory Server Enterprise Edition Reference.
For information about how to create and configure join data views, see the following procedures.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
The primary and secondary data views must exist before the join view can be created. The primary and secondary views can be any type of data view, including an LDAP data view, LDIF data view, JDBC data view, or another join data view. Specific properties must be configured on the secondary view to allow it to function as the source for a join view. For more information, see To Configure the Secondary View of a Join View.
$ dpconf create-join-data-view -h host -p port view-name primary-view secondary-view \ suffix-dn
$ dpconf list-join-data-views -h host -p port
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
$ dpconf get-join-data-view-prop -h host -p port view-name
The default properties of a join data view are as follows:
allow-heuristic-search : true allow-partial-search : false alternate-search-base-dn : - attr-name-mappings : none base-dn : suffixDN contains-shared-entries : false custom-distribution-algorithm : none description : - distribution-algorithm : none dn-join-rule : none dn-mapping-attrs : none dn-mapping-source-base-dn : none excluded-subtrees : - filter-join-rule : none is-enabled : true is-read-only : false is-routable : true join-rule-control-enabled : false lexicographic-attrs : all lexicographic-lower-bound : none lexicographic-upper-bound : none non-viewable-attr : none non-writable-attr : none numeric-attrs : all numeric-default-data-view : false numeric-lower-bound : none numeric-upper-bound : none pattern-matching-base-dn-regular-expression : all pattern-matching-base-object-search-filter : all pattern-matching-dn-regular-expression : all pattern-matching-one-level-search-filter : all pattern-matching-subtree-search-filter : all primary-view : primary-view process-bind : - replication-role : master request-grouping-size : 5 secondary-view : secondary-view viewable-attr : all except non-viewable-attr vlv-control-enabled : false vlv-control-page-size : 1k vlv-control-sorting-attr : objectclass writable-attr : all except non-writable-attr
$ dpconf set-join-data-view-prop -h host -p port view-name property:value \ [property:value ... ]
For example, to change the primary data view of a data source to myLDAPDataView, use the following command:
$ dpconf set-join-data-view-prop -h host1 -p 1389 -D cn="Proxy Manager" \ myJoinDataView primary-view:myLDAPDataView
If vlv-control-enabled is set to true, Directory Proxy Server uses VLV control in search requests when it contacts the primary data view.
Setting of these properties helps in splitting the search filters appropriately on primary and secondary data views. Otherwise, there might be discrepancies in search results when search filter contains attributes from secondary data view.
For information about restarting Directory Proxy Server, see To Restart Directory Proxy Server.
Setting join rule configuration information in the join data view makes the data view to be referenced by multiple join data views. To do so, perform the following:
$ dpconf set-join-data-view-prop view-name join-rule-control-enabled:true
After setting join-rule-control-enabled to true, join rule configuration information stored in the join data view is used by the server. If you have a join data view with the join rule configuration information stored in the secondary data view then this information is not used by the server. To have this information used by the server, you will have to manually add the configuration information at the join data view level.
The join rule can be one of the following:
DN join rule
$ dpconf set-join-data-view-prop view-name \ dn-join-rule:uid=\${primary-view-name.uid},ou=People,dc=example
Filter join rule
$ dpconf set-join-data-view-prop view-name \ filter-join-rule:uid=\${primary-view-name.uid}
In the above commands, the attribute name is enclosed in ${} when treated as a variable. If you do not use attribute names enclosed in ${}, the attribute names are treated as constants.
If you use bash or ksh in UNIX, the $ character should be escaped by \ in the \${primary-view-name.uid} like constructions whereas no escaping is required on Windows.
Specific properties must be configured on the secondary data view to allow it to function as the source for a join view. Because the secondary view can be any type of data view, the command you use will depend on the data view type. The following sample commands assume that the secondary view is an LDAP data view. For more information about the properties described here, see Additional Secondary Data View Properties in Oracle Directory Server Enterprise Edition Reference.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
Never set the filter-join-rule and dn-join-rule on the primary data view of a join view.
The join rule can be one of the following:
DN join rule
$ dpconf set-ldap-data-view-prop -h host -p port secondary-view-name \ dn-join-rule:uid=\${primary-view-name.uid},ou=People,dc=example
Filter join rule
$ dpconf set-ldap-data-view-prop -h host -p port secondary-view-name \ filter-join-rule:uid=\${primary-view-name.uid}
The configuration for the dn-join-rule and filter-join-rule properties is used by the server only if the join-rule-control-enabled property on the join data view is set to false. Otherwise, if the join-rule-control-enabled property is set to true on the join data view, then the information set on the secondary view will be ignored.
dpconf add-virtual-transformation secondary-view-name \ write add-attr-value dn uid=\${uid}
Note - Without setting this rule, addition of entries to join data view would not be possible.
By default, binds are permitted on all data views. If you want to prohibit binds to the secondary data view, run the following command:
$ dpconf set-ldap-data-view-prop -h host -p port secondary-view-name process-bind:false
For more information about this property, see Handling of Binds in Oracle Directory Server Enterprise Edition Reference.
$ dpconf set-ldap-data-view-prop -h host -p port secondary-view-name \ contains-shared-entries:true
For more information about this property, see Handling of Shared Entries in Oracle Directory Server Enterprise Edition Reference.