Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Glossary for Oracle Unified Directory 11g Release 1 (11.1.1) |
access control instruction (ACI)
authentication password syntax
authorization identity control
Common Development and Distribution License
deprecated password storage scheme
Directory Services Markup Language
entry change notification control
extensible match search filter
greater than or equal to search filter
less than or equal to search filter
Lightweight Directory Access Protocol
notice of disconnection unsolicited notification
Password Modify extended operation
Simple Authentication and Security Layer
A virtual attribute is a type of attribute in which the attribute value are not actually stored in the back end but are instead dynamically generated in some manner. The values can be obtained in various manners, depending on the type of virtual attribute. Some virtual attributes use a hard-coded value, while others compute their values at runtime based on some kind of logic.
See the Virtual Attribute Configuration for information about the types of virtual attributes available for use in the directory server.
The virtual attributes only control requests that the server include only virtual attributes in matching entries. That is, real attributes are excluded from search result entries.
The virtual attributes only control has a request OID of 2.16.840.1.113730.3.4.19 and no value.
The following example shows a search on the base DN without the virtual attributes only control:
$ ldapsearch -p 1389 -D "cn=directory manager" -w password -b "dc=example,dc=com" \ -s base "objectclass=*" version: 1 dn: dc=example,dc=com objectClass: domain objectClass: top dc: example
The following example shows the same search with the virtual attributes only control:
$ ldapsearch -p 1389 -D "cn=directory manager" -w password \ -J "2.16.840.1.113730.3.4.19" -b "dc=example,dc=com" -s base "objectclass=*" version: 1 dn: dc=example,dc=com
A virtual directory is a type of network daemon that communicates with clients using LDAP but obtains the underlying data from a combination of different sources. Virtual directories may have a number of different capabilities, including:
Providing an LDAP front end to a different repository, like a relational database or a flat file
Providing a mechanism to merge data from multiple repositories
The virtual list view (VLV) control can be attached to a search operation to indicate that only a subset of the results are to be returned. It can be used to iterate through the search results a page at a time. It is similar to the simple paged results control with the exception that it can be used to retrieve an arbitrary subset of the results from the server, and it requires that the search request also include the server-side sort control to ensure that the results are consistently sorted across requests.
The VLV control is defined in draft-ietf-ldapext-ldapv3-vlv-09. The request control has an OID of 2.16.840.1.113730.3.4.9 and the value is encoded as follows:
VirtualListViewRequest ::= SEQUENCE { beforeCount INTEGER (0..maxInt), afterCount INTEGER (0..maxInt), target CHOICE { byOffset [0] SEQUENCE { offset INTEGER (1 .. maxInt), contentCount INTEGER (0 .. maxInt) }, greaterThanOrEqual [1] AssertionValue }, contextID OCTET STRING OPTIONAL }
The response control has an OID of 2.16.840.1.113730.3.4.10 and the value is encoded as shown below:
VirtualListViewResponse ::= SEQUENCE { targetPosition INTEGER (0 .. maxInt), contentCount INTEGER (0 .. maxInt), virtualListViewResult ENUMERATED { success (0), operationsError (1), protocolError (3), unwillingToPerform (53), insufficientAccessRights (50), timeLimitExceeded (3), adminLimitExceeded (11), innapropriateMatching (18), sortControlMissing (60), offsetRangeError (61), other(80), ... }, contextID OCTET STRING OPTIONAL }
For an example of using this control in a search request, see Searching Using the Virtual List View Control in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.
A virtual static group is a special type of group that appears to be static to external clients but obtains its membership information from another group (like a dynamic group) in the server.
Virtual static groups are primarily used in cases where a client application only supports static groups but have a very large number of members that are better suited for maintaining in a dynamic group.
A virtual list view (VLV) index is a mechanism used by the Directory Server database that can be used to efficiently process searches with virtual list view control. A VLV index effectively notifies the server that a virtual list view, with specific query and sort parameters, will be performed. This index also allows the server to collect and maintain the information required to make using the virtual list view faster. A VLV index stores sorted blocks of ID lists, which are a set of entry IDs and the attribute values of the entry to sort on.