1/77
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Internet Directory?
New Features Introduced with Oracle Internet Directory 11
g
Release 1 (11.1.1.4.0)
New Features Introduced with Oracle Internet Directory 11
g
Release 1 (11.1.1)
New Features Introduced with Oracle Internet Directory 10g (10.1.4.1)
New Features Introduced with Oracle Internet Directory 10g Release 2 (10.1.2)
Part I Understanding Directory Services
1
Introduction to Directory Services
1.1
What Is a Directory?
1.1.1
The Expanding Role of Online Directories
1.1.2
The Problem: Too Many Special-Purpose Directories
1.2
What Is the Lightweight Directory Access Protocol (LDAP)?
1.2.1
LDAP and Simplified Directory Management
1.2.2
LDAP Version 3
1.3
What Is Oracle Internet Directory?
1.3.1
Overview of Oracle Internet Directory
1.3.2
Components of Oracle Internet Directory
1.3.3
Advantages of Oracle Internet Directory
1.3.3.1
Scalability
1.3.3.2
High Availability
1.3.3.3
Security
1.3.3.4
Integration with the Oracle Environment
1.4
How Oracle Products Use Oracle Internet Directory
1.4.1
Easier and More Cost-Effective Administration of Oracle Products
1.4.2
Tighter Security Through Centralized Security Policy Administration
1.4.3
Integration of Multiple Directories
2
Understanding Oracle Internet Directory in Oracle Fusion Middleware
2.1
WebLogic Server Domain
2.2
Oracle Internet Directory as a System Component
2.3
Oracle Internet Directory Deployment Options
2.4
Middleware Home
2.5
WebLogic Server Home
2.6
Oracle Common Home
2.7
Oracle Home
2.8
Oracle Instance
2.9
Oracle Enterprise Manager Fusion Middleware Control
2.10
Logging, Auditing, and Diagnostics
2.11
MBeans and the WebLogic Scripting Tool
3
Understanding Oracle Internet Directory Concepts and Architecture
3.1
Oracle Internet Directory Architecture
3.1.1
An Oracle Internet Directory Node
3.1.2
An Oracle Directory Server Instance
3.1.3
Oracle Internet Directory Ports
3.1.4
Directory Metadata
3.2
How Oracle Internet Directory Processes a Search Request
3.3
Directory Entries
3.3.1
Distinguished Names (DNs) and Directory Information Trees (DITs)
3.3.2
Entry Caching
3.4
Attributes
3.4.1
Kinds of Attribute Information
3.4.2
Single-Valued and Multivalued Attributes
3.4.3
Common LDAP Attributes
3.4.4
Attribute Syntax
3.4.5
Attribute Matching Rules
3.4.6
Attribute Options
3.5
Object Classes
3.5.1
Subclasses, Superclasses, and Inheritance
3.5.2
Object Class Types
3.5.2.1
Structural Object Classes
3.5.2.2
Auxiliary Object Classes
3.5.2.3
Abstract Object Classes
3.6
Naming Contexts
3.7
Security
3.8
Globalization Support
3.9
Distributed Directories
3.9.1
Directory Replication
3.9.2
Directory Partitioning
3.10
Knowledge References and Referrals
3.11
Oracle Delegated Administration Services and the Oracle Internet Directory Self-Service Console
3.12
The Service Registry and Service to Service Authentication
3.13
Oracle Directory Integration Platform
3.14
Oracle Internet Directory and Identity Management
3.14.1
About Identity Management
3.14.2
Oracle Identity Management Products
3.14.3
Identity Management Realms
3.14.3.1
Default Identity Management Realm
3.14.3.2
Identity Management Policies
3.15
Resource Information
3.15.1
Resource Type Information
3.15.2
Resource Access Information
3.15.3
Location of Resource Information in the DIT
4
Understanding Process Control of Oracle Internet Directory Components
4.1
Oracle Internet Directory Process Control Architecture
4.2
The ODS_PROCESS_STATUS Table
4.3
Starting, Stopping, and Monitoring of Oracle Internet Directory Processes
4.3.1
Oracle Internet Directory Snippet in opmn.xml
4.3.2
OPMN Starting Oracle Internet Directory
4.3.3
OPMN Stopping of Oracle Internet Directory
4.3.4
Process Monitoring
4.4
Oracle Internet Directory Process Control–Best Practices
5
Understanding Oracle Internet Directory Organization
5.1
The Directory Information Tree
5.2
Planning the Overall Directory Structure
5.3
Planning the Names and Organization of Users and Groups
5.3.1
Organizing Users
5.3.2
Organizing Groups
5.4
Migrating a DIT from a Third-Party Directory
6
Understanding Oracle Internet Directory Replication
6.1
Why Use Replication?
6.2
Replication Concepts
6.2.1
Content to be Replicated: Full or Partial
6.2.2
Direction: One-Way, Two-Way, or Peer to Peer
6.2.3
Transport Mechanism: LDAP or Oracle Database Advanced Replication
6.2.4
Directory Replication Group (DRG) Type: Single-master, Multimaster, or Fan-out
6.2.4.1
Single-Master Replication Example
6.2.4.2
Multimaster Replication Example
6.2.4.3
Fan-out Replication Example
6.2.5
Loose Consistency Model
6.2.6
How the Replication Concepts Fit Together
6.2.7
Multimaster Replication with Fan-Out
6.3
What Kind of Replication Do You Need?
Part II Basic Administration
7
Getting Started With Oracle Internet Directory
7.1
Patching Your System to 11
g
Release 1 (11.1.1.4.0)
7.1.1
Deselecting Cipher Suites for SSL Server Authentication
7.1.2
Upgrading a Directory Replication Group
7.2
Postinstallation Tasks and Information
7.2.1
Setting Up the Environment
7.2.2
Starting and Stopping the Oracle Stack
7.2.3
Identifying Default URLs and Ports
7.2.4
Tuning Oracle Internet Directory
7.2.5
Enabling Anonymous Binds
7.2.6
Enabling Oracle Internet Directory to run on Privileged Ports
7.2.7
Verifying Oracle Database Time Zone
7.3
Using Fusion Middleware Control to Manage Oracle Internet Directory
7.4
Using Oracle Directory Services Manager
7.4.1
Introduction to Oracle Directory Services Manager
7.4.1.1
Using the JAWS Screen Reader with Oracle Directory Services Manager
7.4.1.2
Non-Super User Access to Oracle Directory Services Manager
7.4.1.3
Single Sign-On Integration with Oracle Directory Services Manager
7.4.2
Configuring ODSM for SSO Integration
7.4.3
Configuring the SSO Server for ODSM Integration
7.4.4
Configuring the Oracle HTTP Server for ODSM-SSO Integration
7.4.5
Invoking Oracle Directory Services Manager
7.4.6
Connecting to the Server from Oracle Directory Services Manager
7.4.6.1
Logging in to the Directory Server from Oracle Directory Services Manager
7.4.6.2
Logging Into the Directory Server from Oracle Directory Services Manager Using SSL
7.4.6.3
Connecting to an SSO-Enabled Directory as an SSO-Authenticated User
7.4.7
Configuring Oracle Directory Services Manager Session Timeout
7.4.8
Configuring Oracle HTTP Server to Support Oracle Directory Services Manager in an Oracle WebLogic Server Cluster
7.5
Using Command-Line Utilities to Manage Oracle Internet Directory
7.5.1
Using Standard LDAP Utilities
7.5.2
Using Bulk Tools
7.5.3
Using WLST
7.6
Basic Tasks for Configuring and Managing Oracle Internet Directory
8
Managing Oracle Internet Directory Instances
8.1
Introduction to Managing Oracle Internet Directory Instances
8.1.1
The Instance-Specific Configuration Entry
8.1.2
Creating the First Oracle Internet Directory Instance
8.1.3
Creating Additional Oracle Internet Directory Instances
8.1.4
Registering an Oracle Instance or Component with the WebLogic Server
8.2
Managing Oracle Internet Directory Components by Using Fusion Middleware Control
8.2.1
Viewing Active Server Information by Using Fusion Middleware Control
8.2.2
Starting the Oracle Internet Directory Server by Using Fusion Middleware Control
8.2.3
Stopping the Oracle Internet Directory Server by Using Fusion Middleware Control
8.2.4
Restarting the Oracle Internet Directory Server by Using Fusion Middleware Control
8.3
Managing Oracle Internet Directory Components by Using opmnctl
8.3.1
Creating an Oracle Internet Directory Component by Using opmnctl
8.3.2
Registering an Oracle Instance by Using opmnctl
8.3.3
Unregistering an Oracle Instance by Using opmnctl
8.3.4
Updating the Component Registration of an Oracle Instance by Using opmnctl
8.3.5
Deleting an Oracle Internet Directory Component by Using opmnctl
8.3.6
Viewing Active Server Instance Information by Using opmnctl
8.3.7
Starting the Oracle Internet Directory Server by Using opmnctl
8.3.8
Stopping the Oracle Internet Directory Server by Using opmnctl
8.3.9
Restarting the Oracle Internet Directory Server by Using opmnctl
8.3.10
Changing the Oracle Database Information in opmn.xml
8.4
Starting an Instance of the Replication Server by Using OIDCTL
9
Managing System Configuration Attributes
9.1
Introduction to Managing System Configuration Attributes
9.1.1
What are Configuration Attributes?
9.1.2
What are Operational Attributes?
9.1.3
Attributes of the Instance-Specific Configuration Entry
9.1.4
Attributes of the DSA Configuration Entry
9.1.5
Attributes of the DSE
9.2
Managing System Configuration Attributes by Using Fusion Middleware Control
9.2.1
Configuring Server Properties
9.2.2
Configuring Shared Properties
9.2.3
Configuring Other Parameters
9.3
Managing System Configuration Attributes by Using WLST
9.4
Managing System Configuration Attributes by Using LDAP Tools
9.4.1
Setting System Configuration Attributes by Using ldapmodify
9.4.2
Listing Configuration Attributes with ldapsearch
9.5
Managing System Configuration Attributes by Using ODSM Data Browser
9.5.1
Navigating to the Instance-Specific Configuration Entry
9.5.2
Navigating to the DSA Configuration Entry
9.5.3
Navigating to the DSE Root
10
Managing IP Addresses
10.1
Introduction to Managing IP Addresses
10.2
Configuring an IP Address for IP V6, Cold Failover Cluster, or Virtual IP
11
Managing Naming Contexts
11.1
Introduction to Managing Naming Contexts
11.2
Searching for Published Naming Contexts
11.3
Publishing a Naming Context
12
Managing Accounts and Passwords
12.1
Introduction to Managing Accounts and Passwords
12.2
Managing Accounts and Passwords by Using Command-Line Tools
12.2.1
Enabling and Disabling Accounts by Using Command-Line Tools
12.2.2
Unlocking Accounts by Using Command-Line Tools
12.2.3
Forcing a Password Change by Using Command-Line Tools
12.3
Managing Accounts and Passwords by Using the Self-Service Console
12.3.1
Enabling and Disabling Accounts by Using the Oracle Internet Directory Self-Service Console
12.3.2
Unlocking Accounts by Using the Oracle Internet Directory Self-Service Console
12.3.3
Resetting Your Own Password by Using the Oracle Internet Directory Self-Service Console
12.4
Listing and Unlocking Locked Accounts by Using Oracle Directory Services Manager
12.5
Changing the Superuser Password by Using Fusion Middleware Control
12.6
Creating Another Account With Superuser Privileges
12.7
Managing the Superuser Password by Using ldapmodify
12.8
Changing the Oracle Internet Directory Database Password
12.9
Resetting the Superuser Password
12.10
Changing the Password for the EMD Administrator Account
12.11
Changing the Password for the ODSSM Administrator Account
13
Managing Directory Entries
13.1
Introduction to Managing Directory Entries
13.2
Managing Entries by Using Oracle Directory Services Manager
13.2.1
Displaying Entries by Using Oracle Directory Services Manager
13.2.2
Searching for Entries by Using Oracle Directory Services Manager
13.2.3
Importing Entries from an LDIF File by Using Oracle Directory Services Manager
13.2.4
Exporting Entries to an LDIF File by Using Oracle Directory Services Manager
13.2.5
Viewing Attributes for a Specific Entry by Using Oracle Directory Services Manager
13.2.6
Adding a New Entry by Using Oracle Directory Services Manager
13.2.7
Deleting an Entry or Subtree by Using Oracle Directory Services Manager
13.2.8
Adding an Entry by Copying an Existing Entry in Oracle Directory Services Manager
13.2.9
Modifying an Entry by Using Oracle Directory Services Manager
13.3
Managing Entries by Using LDAP Command-Line Tools
13.3.1
Listing All the Attributes in the Directory by Using ldapsearch
13.3.2
Listing Operational Attributes by Using ldapsearch
13.3.3
Attribute Case in ldapsearch Output
13.3.4
Adding a User Entry by Using ldapadd
13.3.5
Modifying a User Entry by Using ldapmodify
13.3.6
Adding an Attribute Option by Using ldapmodify
13.3.7
Deleting an Attribute Option by Using ldapmodify
13.3.8
Searching for Entries with Attribute Options by Using ldapsearch
14
Managing Dynamic and Static Groups
14.1
Introduction to Managing Dynamic and Static Groups
14.1.1
Static Groups
14.1.1.1
Schema Elements for Creating Static Groups
14.1.2
Dynamic Groups
14.1.2.1
Cached and Uncached Dynamic Groups
14.1.2.2
Enhancements to and Limitations of Dynamic Groups in Oracle Internet Directory
14.1.2.3
Schema Elements for Creating a Dynamic Group
14.1.3
Hierarchies
14.1.4
Querying Group Entries
14.1.5
orclMemberOf Attribute
14.1.6
When to Use Each Kind of Group
14.2
Managing Group Entries by Using Oracle Directory Services Manager
14.2.1
Creating Static Group Entries by Using Oracle Directory Services Manager
14.2.2
Modifying a Static Group Entry by Using Oracle Directory Services Manager
14.2.3
Creating Dynamic Group Entries by Using Oracle Directory Services Manager
14.2.4
Modifying a Dynamic Group Entry by Using Oracle Directory Services Manager
14.3
Managing Group Entries by Using the Command Line
14.3.1
Creating a Static Group Entry by Using ldapadd
14.3.2
Modifying a Static Group by Using ldapmodify
14.3.3
Creating a Dynamic Group Entry by Using ldapadd
14.3.3.1
Creating a Cached Dynamic Group Using labeledURI Attribute
14.3.3.2
Creating an Uncached Dynamic List Using labeledURI Attribute
14.3.3.3
Creating a Dynamic Group Using CONNECT BY String
14.3.4
Modifying a Dynamic Group by Using ldapmodify
15
Performing Bulk Operations
15.1
Introduction to Performing Bulk Operations
15.2
Changing Server Mode
15.2.1
Setting the Server Mode by Using Fusion Middleware Control
15.2.2
Setting the Server Mode by Using ldapmodify
15.3
Loading Data Into the Schema by Using bulkload
15.3.1
Importing an LDIF File by Using bulkload
15.3.2
Loading Data in Incremental or Append Mode By Using bulkload
15.3.3
Performing Index Verification By Using bulkload
15.3.4
Re-Creating Indexes By Using bulkload
15.3.5
Recovering Data After a Load Failure By Using bulkload
15.4
Modifying Attributes of a Large Number of Entries By Using bulkmodify
15.4.1
Adding a Description for All Entries Under a Specified Naming Context
15.4.2
Adding an Attribute for Entries Under a Specified Naming Context Matching a Filter
15.4.3
Replacing an Attribute for All Entries Under a Specified Naming Context
15.5
Deleting Entries or Attributes of Entries by Using bulkdelete
15.5.1
Deleting All Entries Under a Specified Naming Context by Using bulkdelete
15.5.2
Deleting Entries Under Naming Contexts and Making them Tombstone Entries
15.6
Dumping Data from Oracle Internet Directory to a File by Using ldifwrite
15.6.1
Dumping Part of a Specified Naming Context to an LDIF File
15.6.2
Dumping Entries Under a Specified Naming Context to an LDIF File
15.7
Creating and Dropping Indexes from Existing Attributes by Using catalog
15.7.1
Changing a Searchable Attribute into a Non-searchable Attribute
15.7.2
Changing a Non-searchable Attribute into a Searchable Attribute
16
Managing Collective Attributes
16.1
Introduction to Collective Attributes
16.1.1
The RFC Definition and Oracle Extensions
16.1.1.1
RFC 3671
16.1.1.2
Oracle Extensions
16.1.2
Defining the Collective Attribute Subentry
16.1.3
Using subtreeSpecification
16.1.3.1
Base
16.1.3.2
Minimum and Maximum
16.1.3.3
Specific Exclusions
16.1.4
Overriding a Collective Attribute
16.2
Managing Collective Attributes by Using the Command Line
16.2.1
Adding a Subentry by Using ldapadd
16.2.2
Modifying a Subentry by Using ldapmodify
17
Managing Alias Entries
17.1
Introduction to Managing Alias Entries
17.2
Adding an Alias Entry
17.3
Searching the Directory with Alias Entries
17.3.1
Searching the Base with Alias Entries
17.3.2
Searching One-Level with Alias Entries
17.3.3
Searching a Subtree with Alias Entries
17.4
Modifying Alias Entries
17.5
Interpreting Messages Related to Alias Dereferencing
18
Managing Attribute Uniqueness Constraint Entries
18.1
Introduction to Managing Attribute Uniqueness Constraint Entries
18.2
Specifying Attribute Uniqueness Constraint Entries
18.2.1
Specifying Multiple Attribute Names in an Attribute Uniqueness Constraint
18.2.2
Specifying Multiple Subtrees in an Attribute Uniqueness Constraint
18.2.3
Specifying Multiple Scopes in an Attribute Uniqueness Constraint
18.2.4
Specifying Multiple Object Classes in an Attribute Uniqueness Constraint
18.2.5
Specifying Multiple Subtrees, Scopes, and Object Classes in an Attribute Uniqueness Constraint
18.3
Managing an Attribute Uniqueness Constraint Entry by Using Oracle Directory Services Manager
18.3.1
Creating an Attribute Uniqueness Constraint Entry by Using ODSM
18.3.2
Modifying an Attribute Uniqueness Constraint Entry by Using ODSM
18.3.3
Deleting an Attribute Uniqueness Constraint Entry by Using ODSM
18.4
Managing an Attribute Uniqueness Constraint Entry by Using the Command Line
18.4.1
Creating Attribute Uniqueness Across a Directory by Using Command-Line Tools
18.4.2
Creating Attribute Uniqueness Across One Subtree by Using Command-Line Tools
18.4.3
Creating Attribute Uniqueness Across One Object Class by Using Command-Line Tools
18.4.4
Modifying Attribute Uniqueness Constraint Entries by Using Command-Line Tools
18.4.5
Deleting Attribute Uniqueness Constraint Entries by Using Command-Line Tools
18.4.6
Enabling and Disabling Attribute Uniqueness by Using Command-Line Tools
19
Managing Knowledge References and Referrals
19.1
Introduction to Managing Knowledge References and Referrals
19.2
Configuring Smart Referrals
19.3
Configuring Default Referrals
20
Managing Directory Schema
20.1
Introduction to Managing Directory Schema
20.1.1
Where Schema Information is Stored in the Directory
20.1.2
Understanding Object Classes
20.1.2.1
About Adding Object Classes
20.1.2.2
About Modifying Object Classes
20.1.2.3
About Deleting Object Classes
20.1.3
Understanding Attributes
20.1.3.1
About Adding Attributes
20.1.3.2
About Modifying Attributes
20.1.3.3
About Deleting Attributes
20.1.3.4
About Indexing Attributes
20.1.4
Extending the Number of Attributes Associated with Entries
20.1.4.1
Extending the Number of Attributes before Creating Entries in the Directory
20.1.4.2
Extending the Number of Attributes for Existing Entries by Creating an Auxiliary Object Class
20.1.4.3
Extending the Number of Attributes for Existing Entries by Creating a Content Rule
20.1.4.4
Rules for Creating and Modifying Content Rules
20.1.4.5
Schema Enforcement When Using Content Rules
20.1.4.6
Searches for Object Classes Listed in Content Rules
20.1.5
Understanding Attribute Aliases
20.1.6
Object Identifier Support in LDAP Operations
20.2
Managing Directory Schema by Using Oracle Directory Services Manager
20.2.1
Searching for Object Classes by Using Oracle Directory Services Manager
20.2.2
Adding Object Classes by Using Oracle Directory Services Manager
20.2.3
Modifying Object Classes by Using Oracle Directory Services Manager
20.2.4
Deleting Object Classes by Using Oracle Directory Services Manager
20.2.5
Viewing Properties of Object Classes by Using Oracle Directory Services Manager
20.2.6
Adding a New Attribute by Using Oracle Directory Services Manager
20.2.7
Modifying an Attribute by Using Oracle Directory Services Manager
20.2.8
Deleting an Attribute by Using Oracle Directory Services Manager
20.2.9
Viewing All Directory Attributes by Using Oracle Directory Services Manager
20.2.10
Searching for Attributes by Using Oracle Directory Services Manager
20.2.11
Adding an Index to a New Attribute by Using Oracle Directory Services Manager
20.2.12
Adding an Index to an Existing Attribute by Using Oracle Directory Services Manager
20.2.13
Dropping an Index from an Attribute by Using Oracle Directory Services Manager
20.2.14
Creating a Content Rule by Using Oracle Directory Services Manager
20.2.15
Modifying a Content Rule by Using Oracle Directory Services Manager
20.2.16
Viewing Matching Rules by Using Oracle Directory Services Manager
20.2.17
Viewing Syntaxes by Using Oracle Directory Services Manager
20.3
Managing Directory Schema by Using the Command Line
20.3.1
Viewing the Schema by Using ldapsearch
20.3.2
Adding a New Object Class by Using Command-Line Tools
20.3.3
Adding a New Attribute to an Auxiliary or User-Defined Object Class by Using Command-Line Tools
20.3.4
Modifying Object Classes by Using Command-Line Tools
20.3.5
Adding and Modifying Attributes by Using ldapmodify
20.3.6
Deleting Attributes by Using ldapmodify
20.3.7
Indexing an Attribute for Which
No
Data Exists by Using ldapmodify
20.3.8
Dropping an Index from an Attribute by Using ldapmodify
20.3.9
Indexing an Attribute for Which Data Exists by Using the Catalog Management Tool
20.3.10
Adding a New Attribute With Attribute Aliases by Using the Command Line
20.3.11
Adding or Modifying Attribute Aliases in Existing Attributes by Using the Command Line
20.3.12
Deleting Attribute Aliases by Using the Command Line
20.3.13
Using Attribute Aliases with LDAP Commands
20.3.13.1
Using Attribute Aliases with ldapsearch
20.3.13.2
Using Attribute Aliases with ldapadd
20.3.13.3
Using Attribute Aliases with ldapmodify
20.3.13.4
Using Attribute Aliases with ldapdelete
20.3.13.5
Using Attribute Aliases with ldapmoddn
20.3.14
Managing Content Rules by Using Command-Line Tools
20.3.15
Viewing Matching Rules by Using ldapsearch
20.3.16
Viewing Syntaxes by Using by Using ldapsearch
21
Configuring Referential Integrity
21.1
Introduction to Configuring Referential Integrity
21.2
Enabling Referential Integrity by Using Fusion Middleware Control
21.3
Disabling Referential Integrity by Using Fusion Middleware Control
21.4
Enabling Referential Integrity by Using the Command Line
21.5
Configuring Specific Attributes for Referential Integrity by Using the Command Line
21.6
Disabling Referential Integrity by Using the Command Line
21.7
Detecting and Correcting Referential Integrity Violations
22
Managing Auditing
22.1
Introduction to Auditing
22.1.1
Configuring the Audit Store
22.1.2
Oracle Internet Directory Audit Configuration
22.1.3
Replication and Oracle Directory Integration Platform Audit Configuration
22.1.4
Audit Record Fields
22.1.5
Audit Record Storage
22.1.6
Generating Audit Reports
22.2
Managing Auditing by Using Fusion Middleware Control
22.3
Managing Auditing by Using WLST
22.4
Managing Auditing from the Command Line
22.4.1
Viewing Audit Configuration from the Command Line
22.4.2
Configuring Oracle Internet Directory Auditing from the Command Line
22.4.3
Enabling Replication and Oracle Directory Integration Platform Auditing
23
Managing Logging
23.1
Introduction to Logging
23.1.1
Features of Oracle Internet Directory Debug Logging
23.1.2
Interpreting Log Messages
23.1.2.1
Log Messages for Specified LDAP Operations
23.1.2.2
Log Messages Not Associated with Specified LDAP Operations
23.1.2.3
Example: Trace Messages in Oracle Internet Directory Server Log File
23.2
Managing Logging by Using Fusion Middleware Control
23.2.1
Viewing Log Files by Using Fusion Middleware Control
23.2.2
Configuring Logging by Using Fusion Middleware Control
23.3
Managing Logging from the Command Line
23.3.1
Viewing Log Files from the Command Line
23.3.2
Setting Debug Logging Levels by Using the Command Line
23.3.3
Setting the Debug Operation by Using the Command Line
23.3.4
Force Flushing the Trace Information to a Log File
24
Monitoring Oracle Internet Directory
24.1
Introduction to Monitoring Oracle Internet Directory Server
24.1.1
Capabilities of Oracle Internet Directory Server Manageability
24.1.2
Oracle Internet Directory Server Manageability Architecture and Components
24.1.3
Purging of Security Events and Statistics Entries
24.1.4
Account Used for Accessing Server Manageability Information
24.2
Setting Up Statistics Collection by Using Fusion Middleware Control
24.2.1
Configuring Directory Server Statistics Collection by Using Fusion Middleware Control
24.2.2
Configuring a User for Statistics Collection by Using Fusion Middleware Control
24.3
Viewing Statistics Information with Fusion Middleware Control
24.3.1
Viewing Statistics Information on the Oracle Internet Directory Home Page
24.3.2
Viewing Information on the Oracle Internet Directory Performance Page
24.4
Viewing Statistics Information from the Oracle Directory Services Manager Home Page
24.5
Setting Up Statistics Collection by Using the Command-Line
24.5.1
Configuring Health, General, and Performance Statistics Attributes
24.5.2
Configuring Security Events Tracking
24.5.3
Configuring User Statistics Collection from the Command Line
24.5.4
Configuring Event Levels from the Command Line
24.5.5
Configuring a User for Statistics Collection by Using the Command Line
24.6
Viewing Information with the OIDDIAG Tool
25
Backing Up and Restoring Oracle Internet Directory
25.1
Introduction to Backing Up and Restoring Oracle Internet Directory
25.2
Backing Up and Restoring a Small Directory or Specific Naming Context
25.3
Backing Up and Restoring a Large Directory
Part III Advanced Administration: Security
26
Configuring Secure Sockets Layer (SSL)
26.1
Introduction to Configuring Secure Sockets Layer (SSL)
26.1.1
Supported Cipher Suites
26.1.2
Supported Protocol Versions
26.1.3
SSL Authentication Modes
26.1.4
Limitations of the Use of SSL in11
g
Release 1 (11.1.1)
26.1.5
Oracle Wallets
26.1.6
Other Components and SSL
26.1.7
SSL Interoperability Mode
26.1.8
StartTLS
26.2
Configuring SSL by Using Fusion Middleware Control
26.2.1
Creating a Wallet by Using Fusion Middleware Control
26.2.2
Configuring SSL Parameters by Using Fusion Middleware Control
26.2.3
Setting SSL Parameters with Fusion Middleware Control
26.3
Configuring SSL by Using WLST
26.4
Configuring SSL by Using LDAP Commands
26.5
Testing SSL Connections by Using Oracle Directory Services Manager
26.6
Testing SSL Connections From the Command Line
26.6.1
Testing SSL With Encryption Only
26.6.2
Testing SSL With Server Authentication
26.6.3
Testing SSL With Client and Server Authentication
26.7
Configuring SSL Interoperability Mode
27
Configuring Data Privacy
27.1
Introduction to Table Space Encryption
27.2
Enabling and Disabling Table Space Encryption
27.3
Introduction to Using Database Vault With Oracle Internet Directory
27.4
Configuring Oracle Database Vault to Protect Oracle Internet Directory Data
27.4.1
Registering Oracle Database Vault
27.4.2
Adding a Database Vault Realm and Policies for Oracle Internet Directory
27.4.3
Managing Oracle Database Vault Configuration for Oracle Internet Directory
27.4.4
Deleting Database Vault Policies For Oracle Internet Directory
27.4.5
Disabling Oracle Database Vault for the Oracle Internet Directory Database
27.5
Best Practices for Using Database Vault with Oracle Internet Directory
27.6
Introduction to Sensitive Attributes
27.6.1
List of Sensitive Attributes
27.6.2
Encryption Algorithm for Sensitive Attributes
27.7
Configuring Privacy of Retrieved Sensitive Attributes
27.8
Introduction to Hashed Attributes
27.9
Configuring Hashed Attributes
27.9.1
Configuring Hashed Attributes by Using Fusion Middleware Control
27.9.2
Configuring Hashed Attributes by Using ldapmodify
28
Managing Password Policies
28.1
Introduction to Managing Password Policies
28.1.1
What a Password Policy Is
28.1.2
Steps Required to Create and Apply a Password Policy
28.1.3
Fine-Grained Password Policies
28.1.4
Default Password Policy
28.1.5
Password Policy Attributes
28.1.6
Password Policy-Related Operational Attributes
28.1.7
Directory Server Verification of Password Policy Information
28.1.8
Password Policy Error Messages
28.1.9
Releases Before 10g (10.1.4.0.1)
28.2
Managing Password Policies by Using Oracle Directory Services Manager
28.2.1
Viewing Password Policies by Using Oracle Directory Services Manager
28.2.2
Modifying Password Policies by Using Oracle Directory Services Manager
28.2.3
Creating a Password Policy and Assigning it to a Subtree by Using ODSM
28.3
Managing Password Policies by Using Command-Line Tools
28.3.1
Viewing Password Policies by Using Command-Line Tools
28.3.2
Creating a New Password Policy by Using Command-Line Tools
28.3.3
Applying a Password Policy to a Subtree by Using Command-Line Tools
28.3.4
Setting Password Policies by Using Command-Line Tools
29
Managing Directory Access Control
29.1
Introduction to Managing Directory Access Control
29.1.1
Access Control Management Constructs
29.1.1.1
Access Control Policy Points (ACPs)
29.1.1.2
The orclACI Attribute for Prescriptive Access Control
29.1.1.3
The orclEntryLevelACI Attribute for Entry-Level Access Control
29.1.1.4
Security Groups
29.1.2
Access Control Information Components
29.1.2.1
Object: To What Are You Granting Access?
29.1.2.2
Subject: To Whom Are You Granting Access?
29.1.2.3
Operations: What Access Are You Granting?
29.1.3
Access Level Requirements for LDAP Operations
29.1.4
How ACL Evaluation Works
29.1.4.1
Precedence Rules Used in ACL Evaluation
29.1.4.2
Use of More Than One ACI for the Same Object
29.1.4.3
Exclusionary Access to Directory Objects
29.1.4.4
ACL Evaluation For Groups
29.2
Managing Access Control by Using Oracle Directory Services Manager
29.2.1
Viewing an ACP by Using Oracle Directory Services Manager
29.2.2
Adding an ACP by Using Oracle Directory Services Manager
29.2.2.1
Task 1: Specify the Entry That Will Be the ACP
29.2.2.2
Task 2: Configure Structural Access Items
29.2.2.3
Task 3: Configure Content Access Items
29.2.2.4
Delete a Structural or Content Access Item
29.2.3
Modifying an ACP by Using Access Control Management in ODSM
29.2.4
Adding or Modifying an ACP by Using the Data Browser in ODSM
29.2.5
Setting or Modifying Entry-Level Access by Using the Data Browser in ODSM
29.3
Managing Access Control by Using Command-Line Tools
29.3.1
Restricting the Kind of Entry a User Can Add
29.3.2
Setting Up an Inheritable ACP by Using ldapmodify
29.3.3
Setting Up Entry-Level ACIs by Using ldapmodify
29.3.4
Using Wildcards in an LDIF File with ldapmodify
29.3.5
Selecting Entries by DN
29.3.6
Using Attribute and Subject Selectors
29.3.7
Granting Read-Only Access
29.3.8
Granting Selfwrite Access to Group Entries
29.3.9
Defining a Completely Autonomous Policy to Inhibit Overriding Policies
30
Managing Password Verifiers
30.1
Introduction to Password Verifiers for Authenticating to the Directory
30.1.1
Userpassword Verifiers and Authentication to the Directory
30.1.2
Hashing Schemes for Creating Userpassword Verifiers
30.2
Managing Hashing Schemes for Password Verifiers for Authenticating to the Directory
30.3
Introduction to Password Verifiers for Authenticating to Components
30.3.1
About Password Verifiers for Authenticating to Oracle Components
30.3.2
Attributes for Storing Password Verifiers for Authenticating to Oracle Components
30.3.3
Default Verifiers for Oracle Components
30.3.4
How Password Verification Works for an Oracle Component
30.4
Managing Password Verifier Profiles for Oracle Components by Using ODSM
30.5
Managing Password Verifier Profiles for Components by Using Command-Line Tools
30.5.1
Viewing a Password Verifier Profile by Using Command-Line Tools
30.5.2
Example: Modifying a Password Verifier Profile by Using Command-Line Tools
30.6
Introduction to Generating Verifiers by Using Dynamic Parameters
30.7
Configuring Oracle Internet Directory to Generate Dynamic Password Verifiers
31
Delegating Privileges for Oracle Identity Management
31.1
Introduction to Delegating Privileges for Oracle Identity Management
31.1.1
How Delegation Works
31.1.2
Delegation in an Oracle Fusion Middleware Environment
31.1.3
About the Default Configuration
31.1.4
Privileges for Administering the Oracle Technology Stack
31.2
Delegating Privileges for User and Group Management
31.2.1
How Privileges Are Granted for Managing User and Group Data
31.2.2
Default Privileges for Managing User Data
31.2.2.1
Creating Users for a Realm
31.2.2.2
Modifying Attributes of a User
31.2.2.3
Deleting a User
31.2.2.4
Delegating User Administration
31.2.3
Default Privileges for Managing Group Data
31.2.3.1
Creating Groups
31.2.3.2
Modifying the Attributes of Groups
31.2.3.3
Deleting Groups
31.2.3.4
Delegating Group Administration
31.3
Delegating Privileges for Deployment of Oracle Components
31.3.1
How Deployment Privileges Are Granted
31.3.2
Oracle Application Server Administrators
31.3.3
User Management Application Administrators
31.3.4
Trusted Application Administrators
31.4
Delegating Privileges for Component Run Time
31.4.1
Default Privileges for Reading and Modifying User Passwords
31.4.2
Default Privileges for Comparing User Passwords
31.4.3
Default Privileges for Comparing Password Verifiers
31.4.4
Default Privileges for Proxying on Behalf of End Users
31.4.5
Default Privileges for Managing the Oracle Context
31.4.6
Default Privileges for Reading Common User Attributes
31.4.7
Default Privileges for Reading Common Group Attributes
31.4.8
Default Privileges for Reading the Service Registry
31.4.9
Default Privileges for Administering the Service Registry
32
Managing Authentication
32.1
Introduction to Authentication
32.1.1
Direct Authentication
32.1.2
Indirect Authentication
32.1.3
External Authentication
32.1.4
Simple Authentication and Security Layer (SASL)
32.2
Configuring Certificate Authentication Method by Using Fusion Middleware Control
32.3
Configuring SASL Authentication by Using Fusion Middleware Control
32.4
Configuring Certificate Authentication Method by Using Command-Line Tools
32.5
Configuring SASL Authentication by Using the Command Line
32.6
Introduction to Anonymous Binds
32.7
Managing Anonymous Binds
32.7.1
Managing Anonymous Binds by Using Fusion Middleware Control
32.7.2
Managing Anonymous Binds by Using the Command Line
Part IV Advanced Administration: Managing Directory Deployment
33
Planning, Deploying and Managing Realms
33.1
Introduction to Planning, Deploying and Managing Realms
33.1.1
Planning the Identity Management Realm
33.1.2
Identity Management Realms in an Enterprise Deployment
33.1.2.1
Single Identity Management Realm in the Enterprise
33.1.2.2
Multiple Identity Management Realms in the Enterprise
33.1.3
Identity Management Realms in a Hosted Deployment
33.1.4
Identity Management Realm Implementation in Oracle Internet Directory
33.1.5
Default Directory Information Tree and the Identity Management Realm
33.2
Customizing the Default Identity Management Realm
33.2.1
Steps to Update the Existing User and Group Search Base
33.2.2
Set up an Additional Search Base
33.2.3
Refresh Oracle Single Sign-On
33.2.4
Reconfigure Provisioning Profiles
33.3
Creating Additional Identity Management Realms for Hosted Deployments
34
Tuning and Sizing Oracle Internet Directory
35
Managing Garbage Collection
35.1
Introduction to Managing Garbage Collection
35.1.1
Components of the Oracle Internet Directory Garbage Collection Framework
35.1.1.1
Garbage Collection Plug-in
35.1.1.2
Background Database Processes
35.1.2
How Oracle Internet Directory Garbage Collection Works
35.1.3
Garbage Collector Entries and the Oracle Internet Directory Statistics Collector Entry
35.1.4
Change Log Purging
35.2
Set Oracle Database Time Zone for Garbage Collection
35.3
Modifying Oracle Internet Directory Garbage Collectors
35.3.1
Modifying a Garbage Collector by Using Oracle Directory Services Manager
35.3.2
Modifying a Garbage Collector by Using Command-Line Tools
35.3.2.1
Example 1: Modifying a Garbage Collector
35.3.2.2
Example 2: Disabling a Garbage Collector Change Log
35.3.3
Modifying the Oracle Internet Directory Statistics Collector
35.4
Managing Logging for Oracle Internet Directory Garbage Collectors
35.4.1
Enabling Logging for Oracle Internet Directory Garbage Collectors
35.4.2
Disabling Logging for Oracle Internet Directory Garbage Collectors
35.4.3
Monitoring Garbage Collection Logging
35.5
Configuring Time-Based Change Log Purging
36
Migrating Data from Other Data Repositories
36.1
Introduction to Migrating Data from Other Data Repositories
36.2
Migrating Data from LDAP-Compliant Directories
36.2.1
Migrating LDAP Data by Using an LDIF File and bulkload
36.2.2
Migrating LDAP Data by Using syncProfileBootstrap Directly
36.2.3
Migrating LDAP Data by Using an LDIF File and syncProfileBootstrap
36.2.4
Migrating LDAP Data by Using syncProfileBootstrap, bulkload, and LDIF Files
36.2.5
Migrating LDAP Data by Using the Oracle Directory Integration Platform Server
36.3
Migrating User Data from Application-Specific Repositories
36.3.1
The Intermediate Template File
36.3.2
Reconciling Data in Application Repository with Data Already in the Directory
36.3.3
Tasks For Migrating Data from Application-Specific Repositories
36.3.3.1
Task 1: Create an Intermediate Template File
36.3.3.2
Task 2: Run the OID Migration Tool
37
Configuring Server Chaining
37.1
Introduction to Configuring Server Chaining
37.1.1
Supported External Servers
37.1.2
Integrated Oracle Products
37.1.2.1
Oracle Single Sign-On
37.1.2.2
Enterprise User Security
37.1.3
Supported Operations
37.1.4
Server Chaining with Replication
37.2
Configuring Server Chaining
37.2.1
Configuring Server Chaining by Using Oracle Directory Services Manager
37.2.2
Configuring Server Chaining from the Command Line
37.3
Creating Server Chaining Configuration Entries
37.3.1
Configuration Entry Attributes
37.3.2
Requirements for User and Group Containers
37.3.3
Attribute Mapping
37.3.4
Active Directory Example
37.3.5
Active Directory with SSL Example
37.3.6
Active Directory with New Attributes Example
37.3.7
Oracle Directory Server Enterprise Edition and Sun Java System Directory Server (iPlanet) Example
37.3.8
Oracle Directory Server Enterprise Edition and Sun Java System Directory Server (iPlanet) with SSL Example
37.3.9
eDirectory Example
37.3.10
eDirectory with SSL Example
37.4
Debugging Server Chaining
37.5
Configuring an Active Directory Plug-in for Password Change Notification
Part V Advanced Administration: Directory Replication
38
Setting Up Replication
38.1
Introduction to Setting Up Replication
38.1.1
Replication Transport Mechanisms
38.1.2
Replication Setup Methods
38.1.2.1
Replication Wizard
38.1.2.2
Command Line Tools
38.1.2.3
Database Copy Procedure
38.1.3
Bootstrap Rules
38.1.4
The Replication Agreement
38.1.5
Other Replication Configuration Attributes
38.1.6
Replication Process and Architecture
38.1.7
Rules for Configuring LDAP-Based Replication
38.1.8
Replication Security
38.1.8.1
Authentication and the Directory Replication Server
38.1.8.2
Secure Sockets Layer (SSL) and Oracle Internet Directory Replication
38.1.9
LDAP Replication Filtering for Partial Replication
38.1.9.1
Included and Excluded Naming Contexts in LDAP Replication Filtering
38.1.9.2
Attributes that Control Naming Contexts
38.1.9.3
Rules for LDAP Replication Filtering
38.1.9.4
Examples of LDAP Replication Filtering
38.1.9.5
Rules for Managing Naming Contexts and Attributes
38.1.9.6
Optimization of Partial Replication Naming Context for Better Performance
38.2
Converting an Advanced Replication-Based Agreement to an LDAP-Based Agreement
38.3
Setting Up an LDAP-Based Replication Agreement by Using the Replication Wizard
38.4
Testing Replication by Using Oracle Directory Services Manager
38.5
Setting Up an LDAP-Based Replication by Using the Command Line
38.5.1
Copying Your LDAP Data by Using ldifwrite and bulkload
38.5.2
Setting Up an LDAP-Based Replica with Customized Settings
38.5.2.1
Setting Up an LDAP-Based Replica by Using Automatic Bootstrapping
38.5.2.2
Setting Up an LDAP-Based Replica by Using the ldifwrite Tool
38.5.3
Password Policy and Fan-out Replication
38.5.4
Deleting an LDAP-Based Replica
38.5.4.1
Task 1: Stop the Directory Replication Server on the Node to be Deleted
38.5.4.2
Task 2: Delete the Replica from the Replication Group
38.6
Setting Up a Multimaster Replication Group with Fan-Out
39
Setting Up Replication Failover
39.1
Introduction to Replication Failover
39.1.1
Limitations and Warnings for Replication Failover
39.1.2
Determining Which Type of Replication Failover to Use
39.2
Performing a Stateless Replication Failover
39.2.1
Task 1: Stop all Directory Replication Server on related Nodes
39.2.2
Task 2: Break Old Replication Agreement and Set up New Agreement
39.2.3
Task 3: Save Last Change Number
39.2.4
Task 4: Compare and Reconcile New Supplier and Consumer
39.2.5
Task 5: Update Last Applied Change Number of New Agreement
39.2.6
Task 6: Clean Up Old Agreement on Old Supplier
39.2.7
Task 7: Start All Directory Replication Server on related Nodes
39.3
Performing a Time-Based Replication Failover
39.3.1
Task 1: Configure Change Log Garbage Collection Object on New Supplier
39.3.2
Task 2: Save Last Change Number from New Supplier
39.3.3
Task 3: Enable Change Log Regeneration on New Supplier
39.3.4
Task 4: Wait for the Desired Time Period to Elapse
39.3.5
Task 5: Stop all Directory Replication Servers on Related Nodes
39.3.6
Task 6: Break Old Replication Agreement and Set Up New Agreement
39.3.7
Task 7: Update Last Applied Change Number of New Agreement
39.3.8
Task 8: Clean Up Old Agreement on Old Supplier
39.3.9
Task 9: Start All Directory Replication Servers on Related Nodes
40
Managing Replication Configuration Attributes
40.1
Introduction to Replication Configuration Attributes
40.1.1
The Replication Configuration Container
40.1.2
The Replica Subentry
40.1.3
The Replication Agreement Entry
40.1.3.1
Replication Agreement Entry Attributes
40.1.3.2
Oracle Database Advanced Replication-Based Replication Agreements
40.1.3.3
LDAP Replication Agreements
40.1.3.4
Two-Way LDAP Replication Agreements
40.1.4
The Replication Naming Context Container Entry
40.1.5
The Replication Naming Context Object Entry
40.1.6
The Replication Configuration Set
40.1.7
Examples of Replication Configuration Objects in the Directory
40.2
Configuring Replication Configuration Attributes by Using Fusion Middleware Control
40.2.1
Configuring Attributes on the Shared Properties, Replication Tab
40.2.2
Configuring Replication Wizard Parameters
40.3
Managing Replication Configuration Attributes From the Command Line
41
Managing and Monitoring Replication
41.1
Introduction to Managing and Monitoring Replication
41.1.1
Modifying What Is to Be Replicated in LDAP-Based Partial Replication
41.1.2
Managing Worker Threads
41.1.3
Change Logs in Directory Replication
41.1.4
The Human Intervention Queue
41.1.4.1
Managing the Queues
41.1.4.2
Queue Statistics
41.1.4.3
The Number of Entries the Human Intervention Queue Tools Can Process
41.1.5
Pilot Mode
41.1.6
Conflict Resolution in Oracle Replication
41.1.6.1
Levels at Which Replication Conflicts Occur
41.1.6.2
Automatic Conflict Resolution
41.1.6.3
How Automated Conflict Resolution Works
41.2
Managing and Monitoring Replication by Using ODSM and Fusion Middleware Control
41.2.1
Enabling or Disabling Change Log Generation by Using Fusion Middleware Control
41.2.2
Viewing the Local Change Logs by Using Oracle Directory Services Manager
41.2.3
Viewing and Modifying Replica Naming Context Objects
41.2.4
Viewing or Modifying a Replication Setup by Using the Replication Wizard
41.2.5
Deleting an LDAP-Based Replication Agreement by Using the Replication Wizard
41.2.6
Configure Replication Attributes by Using Fusion Middleware Control
41.2.7
Activating or Inactivating a Replication Server by Using Fusion Middleware Control
41.2.8
Configuring the Replication Debug Level by Using Fusion Middleware Control
41.2.9
Configuring Replica Details by Using Fusion Middleware Control
41.2.10
Viewing Queue Statistics by Using Fusion Middleware Control
41.2.11
Managing Changelog Processing by Using Fusion Middleware Control
41.2.12
Monitoring Conflict Resolution Messages by Using Fusion Middleware Control
41.3
Managing and Monitoring Replication by Using the Command Line
41.3.1
Enabling and Disabling Change Log Generation by Using the Command Line
41.3.2
Viewing Change Logs by Using ldapsearch
41.3.3
Configuring Attributes of the Replica Subentry by Using ldapmodify
41.3.4
Specifying Pilot Mode for a Replica by Using remtool
41.3.5
Configuring Replication Agreement Attributes by Using ldapmodify
41.3.6
Modifying Replica Naming Context Object Parameters by Using ldapmodify
41.3.7
Configuring Attributes of the Replication Configuration Set by Using ldapmodify
41.3.8
Monitoring Conflict Resolution Messages by Using the Command Line
41.3.9
Managing the Human Intervention Queue
41.3.10
Viewing Queue Statistics and Verifying Replication by Using remtool
41.3.11
Managing the Number of Entries the Human Intervention Queue Tools Can Process
41.3.12
Changing the Replication Administrator's Password for Advanced Replication
41.4
Comparing and Reconciling Inconsistent Data by Using oidcmprec
41.4.1
Conflict Scenarios
41.4.2
Operations Supported by oidcmprec
41.4.3
Output from oidcmprec
41.4.4
How oidcmprec Works
41.4.5
Setting the Source and Destination Directories
41.4.6
Selecting the DIT for the Operation
41.4.7
Selecting the Attributes for the Operation
41.4.8
Controlling Change Log Generation
41.4.9
Using a Text or XML Parameter File
41.4.10
Including Directory Schema
41.4.11
Overriding Predefined Conflict Resolution Rules
41.4.12
Using the User-Defined Compare and Reconcile Operation
41.4.13
Known Limitations of the oidcmprec Tool
Part VI Advanced Administration: Directory Plug-ins
42
Configuring a Customized Password Policy Plug-In
42.1
Introduction to Configuring a Customized Password Policy Plug-in
42.2
Installing, Configuring, and Enabling a Customized Password Policy Plug-in
42.2.1
Loading and Registering the PL/SQL Program
42.2.2
Coding the Password Policy Plug-in
42.2.3
Debugging the Password Policy Plug-in
42.2.4
Contents of Sample PL/SQL Package pluginpkg.sql
43
Developing Plug-ins for the Oracle Internet Directory Server
43.1
Introduction to Developing Plug-ins for the Oracle Internet Directory Server
43.1.1
Supported Languages for Server Plug-ins
43.1.2
Server Plug-in Prerequisites
43.1.3
Server Plug-in Benefits
43.1.4
Guidelines for Designing Plug-ins
43.1.5
The Server Plug-in Framework
43.1.6
LDAP Operations and Timings Supported by the Directory
43.1.6.1
Pre-Operation Server Plug-ins
43.1.6.2
Post-Operation Server Plug-ins
43.1.6.3
When-Operation Server Plug-ins
43.1.6.4
When_Replace-Operation Server Plug-ins
43.1.7
Using Plug-ins in a Replication Environment
43.2
Creating a Plug-in
43.3
Registering a Plug-in From the Command Line
43.3.1
Creating a Plug-in Configuration Entry
43.3.2
Adding a Plug-in Configuration Entry by Using Command-Line Tools
43.4
Managing Plug-ins by Using Oracle Directory Services Manager
43.4.1
Creating a New Plug-in by Using Oracle Directory Services Manager
43.4.2
Registering a Plug-in by Using Oracle Directory Services Manager
43.4.3
Editing a Plug-in by Using Oracle Directory Services Manager
43.4.4
Deleting a Plug-in by Using Oracle Directory Services Manager
44
Configuring a Customized External Authentication Plug-in
44.1
Introduction to Configuring a Customized External Authentication Plug-in
44.2
Installing, Configuring, and Enabling the External Authentication Plug-in
44.3
Debugging the External Authentication Plug-in
44.4
Creating the PL/SQL Package oidexaup.sql
Part VII Appendixes
A
Differences Between 10
g
and 11
g
A.1
Instance Creation and Process Management
A.2
Locations of Configuration Attributes
A.3
Default Ports
A.4
Enabling Server Debugging
A.5
Command Line Tools
A.6
Path Names
A.7
Graphical User Interfaces
A.8
Audit
A.9
Referential Integrity
A.10
Server Chaining
A.11
Replication
A.12
Oracle Directory Integration Platform
A.13
Oracle Single Sign-On and Oracle Delegated Administration Services
A.14
Java Containers
B
Managing Oracle Internet Directory Instances by Using OIDCTL
B.1
Introduction to Managing Oracle Internet Directory by Using OIDCTL
B.2
Creating and Starting an Oracle Internet Directory Server Instance by Using OIDCTL
B.3
Stopping an Oracle Internet Directory Server Instance by Using OIDCTL
B.4
Starting an Oracle Internet Directory Server Instance by Using OIDCTL
B.5
Viewing Status Information by Using OIDCTL
B.6
Deleting an Oracle Internet Directory Server Instance by Using OIDCTL
C
Setting Up Oracle Database Advanced Replication-Based Replication
C.1
Introduction to Setting up Oracle Database Advanced Replication-Based Replication
C.1.1
Database Version Compatibility
C.1.2
Advanced Replication Filtering for Partial Replication
C.1.2.1
Excluded Naming Contexts
C.1.2.2
Rules for Advanced Replication Filtering.
C.2
Setting Up Advanced Replication-Based Replication
C.2.1
Rules for Setting Up Advanced Replication
C.2.2
Setting Up an Advanced Replication-Based Multimaster Replication Group
C.2.2.1
Task 1: Install Oracle Internet Directory on the Master Definition Site (MDS)
C.2.2.2
Task 2: Install the Oracle Internet Directory on the Remote Master Sites (RMS)
C.2.2.3
Task 3: Set Up Advanced Replication for a Directory Replication Group
C.2.2.4
Task 4 (Optional): Load Data into the Directory
C.2.2.5
Task 5: Ensure that Oracle Directory Server Instances are Started on All the Nodes
C.2.2.6
Task 6: Start the Replication Servers on All Nodes in the DRG
C.2.2.7
Task 7: Test Directory Replication
C.2.3
Adding a Node for Advanced Replication-Based Multimaster Replication
C.2.3.1
Prepare the Oracle Net Services Environment
C.2.3.2
Task 1: Stop the Directory Replication Server on All Nodes
C.2.3.3
Task 2: Identify a Sponsor Node and Install Oracle Internet Directory
C.2.3.4
Task 3: Switch the Sponsor Node to Read-Only Mode
C.2.3.5
Task 4: Back up the Sponsor Node by Using ldifwrite
C.2.3.6
Task 5: Perform Advanced Replication Add Node Setup
C.2.3.7
Task 6: Switch the Sponsor Node to Updatable Mode
C.2.3.8
Task 7: Start the Directory Replication Server on All Nodes Except the New Node
C.2.3.9
Task 8: Load Data into the New Node by Using bulkload
C.2.3.10
Task 9: Start the Directory Server on the New Node
C.2.3.11
Task 10: Start the Directory Replication Server on the New Node
C.2.4
Deleting a Node from a Multimaster Replication Group
C.2.4.1
Task 1: Stop the Directory Replication Server on All Nodes
C.2.4.2
Task 2: Stop All Oracle Internet Directory Processes in the Node to be Deleted
C.2.4.3
Task 3: Delete the Node from the Master Definition Site
C.2.4.4
Task 4: Start the Directory Replication Server on All Nodes
D
How Replication Works
D.1
Features of Oracle Database Advanced Replication-Based Replication
D.2
Architecture for Oracle Database Advanced Replication-Based Replication
D.3
Architecture of LDAP-Based Replication
D.4
LDAP Replica States
D.5
The Replication Process
D.5.1
How the Multimaster Replication Process Adds a New Entry to a Consumer
D.5.2
How the Multimaster Replication Process Deletes an Entry
D.5.3
How the Multimaster Replication Process Modifies an Entry
D.5.4
How the Multimaster Replication Process Modifies a Relative Distinguished Name
D.5.5
How the Multimaster Replication Process Modifies a Distinguished Name
E
Java Server Plug-in Developer's Reference
E.1
Advantages of Java Plug-ins
E.2
Setting Up a Java Plug-in
E.3
Java Plug-in API
E.3.1
Communication Between the Server and Plug-in
E.3.2
Java Plug-in Structure
E.3.3
PluginDetail
E.3.3.1
Server
E.3.3.2
LdapBaseEntry
E.3.3.3
LdapOperation
E.3.3.4
PluginFlexfield
E.3.4
PluginResult
E.3.5
ServerPlugin Interface
E.3.5.1
ServerPlugin Methods for Ldapbind
E.3.5.2
ServerPlugin Methods for Ldapcompare
E.3.5.3
ServerPlugin Methods for Ldapadd
E.3.5.4
ServerPlugin Methods for Ldapmodify
E.3.5.5
ServerPlugin Methods for Ldapmoddn
E.3.5.6
ServerPlugin Methods for Ldapsearch
E.3.5.7
ServerPlugin Methods for Ldapdelete
E.4
Java Plug-in Error and Exception Handling
E.4.1
Run-time Exception Example
E.4.2
Run-time Error Example
E.4.3
PluginException Example
E.5
Java Plug-in Debugging and Logging
E.6
Java Plug-in Examples
E.6.1
Example 1: Password Validation Plug-in
E.6.1.1
Password Validation Plug-in Configuration Entry
E.6.1.2
Password Validation Plug-in Code Example
E.6.2
Example 2: External Authentication Plug-in for Active Directory
E.6.2.1
External Authentication Plug-in Configuration Entry
E.6.2.2
External Authentication Plug-in Code
F
PL/SQL Server Plug-in Developer's Reference
F.1
Designing, Creating, and Using PL/SQL Server Plug-ins
F.1.1
PL/SQLPlug-in Caveats
F.1.1.1
Types of PL/SQL Plug-in Operations
F.1.1.2
Naming PL/SQL Plug-ins
F.1.2
Creating PL/SQLPlug-ins
F.1.2.1
Package Specifications for Plug-in Module Interfaces
F.1.3
Compiling PL/SQLPlug-ins
F.1.3.1
Dependencies
F.1.3.2
Recompiling Plug-ins
F.1.4
Managing PL/SQL Plug-ins
F.1.4.1
Modifying Plug-ins
F.1.4.2
Debugging Plug-ins
F.1.5
Enabling and Disabling PL/SQL Plug-ins
F.1.6
Exception Handling in a PL/SQL Plug-in
F.1.6.1
Error Handling
F.1.6.2
Program Control Handling between Oracle Internet Directory and Plug-ins
F.1.7
PL/SQL Plug-in LDAP API
F.1.8
PL/SQL Plug-in and Database Tools
F.1.9
PL/SQL Plug-in Security
F.1.10
PL/SQL Plug-in Debugging
F.1.11
PL/SQL Plug-in LDAP API Specifications
F.1.12
Database Limitations
F.2
Examples of PL/SQL Plug-ins
F.2.1
Example 1: Search Query Logging
F.2.2
Example 2: Synchronizing Two DITs
F.3
Binary Support in the PL/SQLPlug-in Framework
F.3.1
Binary Operations with ldapmodify
F.3.2
Binary Operations with ldapadd
F.3.3
Binary Operations with ldapcompare
F.4
Database Object Types Defined
F.5
Specifications for PL/SQL Plug-in Procedures
G
The LDAP Filter Definition
H
The Access Control Directive Format
H.1
Schema for orclACI
H.2
Schema for orclEntryLevelACI
I
Globalization Support in the Directory
I.1
About Character Sets and the Directory
I.1.1
About Unicode
I.1.2
About Oracle and UTF-8
I.1.3
Migration from UTF8 to AL32UTF8 when Upgrading Oracle Internet Directory
I.2
The NLS_LANG Environment Variable
I.3
Using Non-AL32UTF8 Databases
I.4
Using Globalization Support with LDIF Files
I.4.1
An LDIF file Containing Only ASCII Strings
I.4.2
An LDIF file Containing UTF-8 Encoded Strings
I.4.2.1
CASE 1: Native Strings (Non-UTF-8)
I.4.2.2
CASE 2: UTF-8 Strings
I.4.2.3
CASE 3: BASE64 Encoded UTF-8 Strings
I.4.2.4
CASE 4: BASE64 Encoded Native Strings
I.5
Using Globalization Support with Command-Line LDAP Tools
I.5.1
Specifying the -E Argument When Using Each Tool
I.5.2
Examples: Using the -E Argument with Command-Line LDAP Tools
I.6
Setting NLS_LANG in the Client Environment
I.7
Using Globalization Support with Bulk Tools
I.7.1
Using Globalization Support with bulkload
I.7.2
Using Globalization Support with ldifwrite
I.7.3
Using Globalization Support with bulkdelete
I.7.4
Using Globalization Support with bulkmodify
J
Setting up Access Controls for Creation and Search Bases for Users and Groups
J.1
Setting up Access Controls for the User Search Base and the User Creation Base
J.2
Setting up Access Controls for the Group Search Base and the Group Creation Base
K
Searching the Directory for User Certificates
K.1
Certificate Mapping
K.2
Search Types
L
Adding a Directory Node by Using the Database Copy Procedure
L.1
Definitions
L.2
Prerequisites
L.3
Sponsor Directory Site Environment
L.4
New Directory Site Environment
L.5
Addition of a Directory Node
M
Oracle Authentication Services for Operating Systems
N
RFCs Supported by Oracle Internet Directory
O
Managing Oracle Directory Services Manager's Java Key Store
O.1
Introduction to Managing ODSM's Java Key Store
O.2
Retrieving ODSM's Java Key Store Password
O.3
Listing the Contents of odsm.cer Java Key Store
O.4
Deleting Expired Certificates
O.4.1
Determining the Expiration Date of a Certificate
O.4.2
Deleting a Certificate
P
Starting and Stopping the Oracle Stack
P.1
Starting the Stack
P.2
Stopping the Stack
Q
Performing a Rolling Upgrade
Q.1
Prerequisites for Rolling Upgrade
Q.2
Rolling Upgrade Instructions
Q.3
Rolling Upgrade Example
R
Troubleshooting Oracle Internet Directory
R.1
Problems and Solutions
R.1.1
Installation Errors
R.1.2
Oracle Database Server Errors
R.1.2.1
Oracle Database Server Connection is Down
R.1.2.2
Oracle Database Server Error Due to Interrupted Client Connection
R.1.2.3
Oracle Database Server Error Due to Schema Modifications
R.1.3
Directory Server Error Messages and Causes
R.1.3.1
Inappropriate Authentication Error
R.1.3.2
Constraint Violation Error Due to Editing a User or Group or Creating a Realm
R.1.3.3
Standard Error Messages Returned from Oracle Directory Server
R.1.3.4
Additional Directory Server Error Messages
R.1.4
Getting a Core Dump and Stack Trace When Oracle Internet Directory Crashes
R.1.5
TCP/IP Problems
R.1.5.1
Do Not Use TCP-Based Monitoring of Server Availability on Windows 2003 Server
R.1.5.2
Do Not Install DaimondCS Port Explorer
R.1.6
Troubleshooting Password Policies
R.1.6.1
Password Policy is Not Enforced
R.1.6.2
Password Policy Error Messages
R.1.7
Troubleshooting Directory Performance
R.1.7.1
Poor LDAP Search Performance
R.1.7.2
Poor LDAP Add or Modify Performance
R.1.7.3
Poor Oracle Database Server Performance
R.1.8
Troubleshooting Port Configuration
R.1.9
Troubleshooting Creating Oracle Internet Directory Component with opmnctl
R.1.10
Troubleshooting Starting Oracle Internet Directory
R.1.10.1
Oracle Internet Directory is Down
R.1.10.2
Oracle Internet Directory is Read-Only
R.1.11
Troubleshooting Starting, Stopping, and Restarting of the Directory Server
R.1.11.1
About the Tools for Starting, Stopping, and Restarting the Directory Server Instance
R.1.11.2
Problems Starting, Stopping, and Restarting the Directory Server
R.1.12
Troubleshooting Oracle Internet Directory Replication
R.1.12.1
Replication Server Does Not Start
R.1.12.2
Repository Creation Assistant Error
R.1.12.3
Errors in Replication Bootstrap
R.1.12.4
Changes Are Not Replicated
R.1.12.5
Replication Stops Working
R.1.13
Troubleshooting Change Log Garbage Collection
R.1.14
Troubleshooting Dynamic Password Verifiers
R.1.15
Troubleshooting Oracle Internet Directory Password Wallets
R.1.15.1
Oracle Internet Directory Server Does Not Start
R.1.15.2
Password Not Synchronized
R.1.16
Troubleshooting bulkload
R.1.17
Troubleshooting bulkdelete, bulkmodify, and ldifwrite
R.1.18
Troubleshooting catalog
R.1.19
Troubleshooting remtool
R.1.20
Troubleshooting Server Chaining
R.1.21
Viewing Version Information
R.1.22
Troubleshooting Fusion Middleware Control and WLST
R.1.23
Troubleshooting Oracle Directory Services Manager
R.1.23.1
Cannot Invoke ODSM from Fusion Middleware Control
R.1.23.2
Cannot Invoke ODSM from Fusion Middleware Control in Multiple NIC and DHCP Enabled Environment
R.1.23.3
Various Failover Issues
R.1.23.4
ODSM Displays an Error Message
R.1.23.5
Cursor Loses Focus
R.2
Need More Help?
Index
Scripting on this page enhances content navigation, but does not change the content in any way.