Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) Part Number E10029-05 |
|
|
PDF · Mobi · ePub |
This chapter describes attributes that control the LDAP server. See Chapter 41, "Managing Replication Configuration Attributes" for information about attributes that control the replication server.
This chapter contains the following topics:
Section 9.1, "Introduction to Managing System Configuration Attributes"
Section 9.2, "Managing System Configuration Attributes by Using Fusion Middleware Control"
Section 9.3, "Managing System Configuration Attributes by Using WLST"
Section 9.4, "Managing System Configuration Attributes by Using LDAP Tools"
Section 9.5, "Managing System Configuration Attributes by Using ODSM Data Browser"
This introduction contains the following topics:
Most Oracle Internet Directory configuration information is stored in the directory itself. The information is stored as attributes of specific configuration entries. You must have superuser privileges to set system configuration attributes.
Some configuration attributes are specific to an individual instance of the Oracle Internet Directory server. Instance-specific attributes are located in the instance-specific configuration entry, a specific subentry of the Oracle Internet Directory instance entry. Figure 8-1, "DIT Showing Two Instance-Specific Configuration Entries" show s the location of these entries in the DIT.
Some configuration attributes are shared by all Oracle Internet Directory server instances in a WebLogic Server domain that are connected to the same database. Shared attributes reside in the DSA Configuration entry. Replication-specific attributes reside in the Replica Subentry, Replication Configuration, and Replication Agreement Entry.
Some attributes reside in the DSE Root. Most of those are non-configurable.
You can manage all the configuration attributes from the command-line. In addition, many of the configuration attributes have specific, task-oriented management interfaces in Oracle Enterprise Manager Fusion Middleware Control or Oracle Directory Services Manager. You can also use the Data Browser feature of Oracle Directory Services Manager to manage the entries directly.
Do not confuse configuration attributes with operational attributes. Operational attributes have special meaning to the directory server and they are used for storing information needed for processing by the server itself or for holding other data maintained by the server that is not explicitly provided by clients. These are attributes that are maintained by the server and either reflect information the server manages about an entry or affect server operation.
Operational attributes are not returned by a search operation unless you specifically request them by name or with the "+" option in the search request. See Section 13.3.2, "Listing Operational Attributes by Using ldapsearch" for more information.
Examples of operational attributes include the time stamp for an entry and the state values needed for enforcing password policies, described in Section 28.1.6, "Password Policy-Related Operational Attributes." You cannot modify operational attributes.
During installation, Oracle Identity Management 11g Installer creates an instance-specific configuration entry for the first Oracle Internet Directory instance. It copies default values from a read-only entry under cn=configset0
. (You can specify different values for the SSL port and non-SSL during the install.)
The DN of an instance-specific configuration entry has the form:
cn=componentname,cn=osdldapd,cn=subconfigsubentry
For example, if the component name for a server instance is oid1
,then the DIT of the instance-specific configuration entry would be:
cn=oid1,cn=osdldapd,cn=subconfigsubentry
Table 9-1 lists the attributes of the instance-specific configuration entry. The Update Mechanism column contains the following abbreviations:
EM
– Oracle Enterprise Manager Fusion Middleware Control. See Section 9.2, "Managing System Configuration Attributes by Using Fusion Middleware Control."
WLST
–WebLogic Scripting tool. See Section 9.3, "Managing System Configuration Attributes by Using WLST."
LDAP
–LDAP command-line tools, such as ldapmodify
and ldapadd
. See Section 9.4, "Managing System Configuration Attributes by Using LDAP Tools."
Table 9-1 Attributes of the Instance-Specific Configuration Entry
Attribute | Description | Update Mechanism | Default | Possible Values |
---|---|---|---|---|
Number of Server Processes. Restart the server after changing. See Chapter 4. |
EM, LDAP, WLST |
1 |
Integer, up to 1024. |
|
Preserve the case of required attribute names specified in an See Chapter 7. |
EM, LDAP |
0 |
0: Do not preserve attribute case 1: Preserve attribute case |
|
Hostname or IP address. See Chapter 10. If you change the hostname, run |
LDAP |
Set during install |
Host or IP address |
|
Non-SSL port See Section 9.2.1, "Configuring Server Properties." If you change the port number, restart the server and run |
EM, LDAP, WLST |
3060 |
Port number |
|
SSL port See Section 9.2.1, "Configuring Server Properties." If you change the port number, restart the server and run |
EM, LDAP, WLST |
3131 |
Port number |
|
|
Maximum time allowed in a transaction (seconds). See Using LDAP Transactions in Oracle Fusion Middleware Application Developer's Guide for Oracle Identity Management and Section 9.2.1, "Configuring Server Properties." |
EM, LDAP, WLST |
0 |
Positive integer (seconds) |
|
Maximum number of operations allowed in a transaction. See Using LDAP Transactions in Oracle Fusion Middleware Application Developer's Guide for Oracle Identity Management and Section 9.2.1, "Configuring Server Properties." |
EM, LDAP, WLST |
0 |
Positive integer |
Server Mode See Chapter 15. |
EM, LDAP, WLST |
rw |
R: read-only rw: read/write rm: read-modify |
|
A comma-separated list of events and category names to be audited. Custom events are only applicable when |
EM, LDAP, WLST |
Empty |
Examples include: Authentication.SUCCESSESONLY, Authorization(Permission -eq 'CSFPerfmission") |
|
Replaces the audit levels used in 10g (10.1.4.0.1) and earlier releases. See Chapter 22. |
EM, LDAP, WLST |
None |
|
|
A comma separated list of users for whom auditing is always enabled, even if |
EM, LDAP, WLST |
Empty |
Valid users. For example: cn=orcladmin. |
|
Debug Flag See Chapter 23. |
EM, LDAP, WLST |
0 |
0 ~ 117440511 See Table 23-3. |
|
Force flush debug messages See Chapter 23. |
LDAP |
0 |
0: Disable 1: Enable |
|
Operations Enabled for Debug See Chapter 23. |
EM, LDAP, WLST |
511 |
||
Maximum Number of Log Files to Keep in Rotation See Chapter 23. |
EM, LDAP, WLST |
100 |
Integer |
|
Maximum Log File Size (MB) See Chapter 23. |
EM, LDAP, WLST |
1 MB |
Size, in MB |
|
Statistics collection event level See Chapter 24. |
EM, LDAP, WLST |
0 |
||
Security event tracking level See Chapter 24. |
EM, LDAP, WLST |
0 |
||
Flag to turn on or off OID statistics data See Chapter 24. |
EM, LDAP, WLST |
1 |
0: disable 1: enable |
|
Enable user statistics collection See Chapter 24. |
EM, LDAP, WLST |
0 |
0: disable 1: enable |
|
Frequency of flushing statistics to data bases See Chapter 24. |
EM, LDAP, WLST |
30 |
60 |
|
SSL Authentication Restart the server after changing See Chapter 26. |
EM, LDAP, WLST |
1 |
1: No SSL authentication 32: One-way authentication 64: Two-way authentication |
|
SSL Cipher Suite Restart the server after changing See Chapter 26. |
EM, LDAP, WLST |
Empty |
See Table 26-1, "SSL Cipher Suites Supported in Oracle Internet Directory", left column. |
|
SSL Enable Restart the server after changing. Do not set See Chapter 26. |
EM, LDAP, WLST |
2 |
0: Non-SSL only 1: SSL only, 2: Non-SSL & SSL mode |
|
SSL Interoperability Mode Restart the server after changing See Chapter 26 |
LDAP |
1 |
0: disabled 1: enabled |
|
SSL Version Restart the server after changing See Chapter 26. |
EM, LDAP, WLST |
3 |
3 |
|
SSL Wallet URL Restart the server after changing See Chapter 26. |
EM, LDAP, WLST |
File |
SSL wallet file location. |
|
Allow Anonymous binds See Chapter 32, |
EM, LDAP, WLST |
2 |
See Table 32-4, "Orclanonymousbindsflag Value and Directory Server Behavior". |
|
SASL Authentication Restart the server after changing Mode See Chapter 32. |
EM, LDAP, WLST |
1 |
auth, auth-int, auth-conf. Specify all three or a subset of these 3 as a comma separated string. |
|
SASL Cipher Choice Restart the server after changing See Chapter 32. |
EM, LDAP, WLST |
Rc4-56,rc4-40,rc4,des,3des |
Any combination of Rc4-56, des, 3des, rc4, rc4-40 |
|
SASL Mechanism Restart the server after changing See Chapter 32. |
EM, LDAP, WLST |
DIGEST-MD5, EXTERNAL |
DIGEST-MD5, EXTERNAL |
|
|
DIT Masking See Chapter 38. |
LDAP |
No value |
List of DIT subtrees. |
|
DIT Masking See Chapter 38. |
LDAP |
No value |
LDAP attribute filter. |
|
DIT Masking See Chapter 38. |
LDAP |
No value |
List of attributes, possibly preceded by |
Maximum number of dispatcher threads per server process. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide Restart server after changing. |
EM, LDAP, WLST |
1 |
Integer (Max 16) |
|
LDAP Connection Timeout, in minutes See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
0 |
Integer Note: Users configured for statistics tracking do not time out as per this setting. |
|
Maximum Number of DB Connections Restart the server after changing. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
2 |
Integer, maximum128 |
|
Maximum number of cached user group connections See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
100000 |
Integer |
|
Maximum number of concurrent connections per server process See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
1024 |
Int (Max system max file descriptors per process) |
|
Maximum Time in seconds for Server process to respond back to Dispatcher process See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
300 seconds |
Number of Seconds 0: Dispatcher does not detect the server hang. |
|
Maximum time in seconds for OID Server to wait for LDAP client respond to a Read/Write operation. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
30 seconds |
Integer |
|
Maximum number of bytes of RAM that security events tracking can use for each type of operation. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
LDAP |
100000000 Bytes |
Available RAM, in bytes |
|
Number of in-memory cache containers for storing information about users performing operations. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
LDAP |
256 |
Integer |
|
orcloptracknumelemcontainers;2ndlevel |
Number of in-memory cache containers for storing information about users whose user password is compared and tracked when detailed compare operation statistics is programmed. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
LDAP |
256 |
Integer |
Maximum number of plug-in worker threads per server process Restart the server after changing. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
2 |
Int (Max 64) |
|
Number of entries that can be returned in an See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
LDAP |
10000 |
Integer |
|
Maximum time that server can spend for a given |
EM, LDAP, WLST |
3600 |
Integer (seconds) |
|
Generate stack dump. See Appendix S. |
LDAP |
0 |
0: Generate stack trace file. 1: Do not generate stack trace file, but generate a core file. |
The DSA configuration entry has the DN:
cn=dsaconfig,cn=configsets,cn=oracle internet directory
Table 9-2 shows shared attributes in the DSA configuration entry. The Update Mechanism column contains the following abbreviations:
EM
– Oracle Enterprise Manager Fusion Middleware Control. See Section 9.2, "Managing System Configuration Attributes by Using Fusion Middleware Control."
LDAP
–LDAP command-line tools, such as ldapmodify
and ldapadd
. See Section 9.4, "Managing System Configuration Attributes by Using LDAP Tools."
Note:
DSA is an X.500 term for the directory server.
Table 9-2 Attributes in the DSA Configuration Entry
Attribute | Description | Update Mechanism | Default | Possible Values |
---|---|---|---|---|
Maximum Filter Size |
EM, LDAP |
24576 |
Integer |
|
Refresh Dynamic Group Memberships. See Chapter 14. |
LDAP |
0 |
Set to 1 to cause a refresh. Server will reset it to 0. |
|
|
Index attributes on first search. See Section 20.1.3.4, "About Indexing Attributes." |
EM, LDAP |
1 |
0: Disabled 1: Enabled |
Referential Integrity. See Chapter 21. |
EM, LDAP |
0 |
0: Disabled 1: Enabled |
|
User DNs for statistics collection. See Chapter 24. |
EM, LDAP |
Empty |
DNs of entries |
|
Sensitive attributes encrypted when returned See Chapter 27. |
LDAP |
0 |
0: Disabled 1: Enabled |
|
Sensitive attributes stored in encrypted format. See Chapter 27. |
LDAP |
See Table 27-1. |
Attributes |
|
|
Attributes stored in hashed format. See Chapter 27. |
EM, LDAP |
Empty |
Attributes |
PKI Matching Rule for mapping user's PKI certificate DN to the user's entry DN. See Chapter 32. |
EM, LDAP |
2 |
0: Exact match. 1: Certificate search. 2: Combination of 0 and 1. 3: Mapping rule only. 4: Try in order: 3, 2 |
|
Whether to generate change logs for user operations. See Chapter 42 and the Oracle Internet Directory chapter of Oracle Fusion Middleware Performance and Tuning Guide |
LDAP |
1 |
1: enable 0: disable |
|
|
Options passed to the JVM when a server plug-in is invoked. See Chapter 44. |
EM, LDAP |
-Xmx64M |
Valid JVM options |
Search Filters to be processed in memory See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP |
See list in Oracle Fusion Middleware Performance and Tuning Guide |
Valid search filters |
|
Whether to provide detailed MatchDN information when base DN of a search is not present. See the Oracle Internet Directory chapter of Oracle Fusion Middleware Performance and Tuning Guide |
EM, LDAP |
1 |
0: Do not match 1: Match |
|
Skewed attributes. Server restart recommended after changing. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP |
objectclass |
List of attributes |
|
Skip referral for search. Server restart recommended after changing. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP |
0 |
0: Disabled 1: Enabled |
|
Specify search time limit mode to be either accurate or approximate. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
LDAP |
0 |
0: Accurate 1: Approximate |
|
Enable Entry Cache. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
1 |
1: Enable, 0: Disable |
|
Maximum Entries in Entry Cache. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
100000 |
Integer |
|
Entry Cache Size in bytes. See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
200000000 Bytes |
Size_t (can be specified using |
|
|
Result Set Cache Attributes See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
EM, LDAP, WLST |
cn, mail, uid, orclguid |
Comma-separated list of attributes. Typically these attributes are not modified for the life of the entry. |
Enable/Disable Group cache See the Oracle Internet Directory chapter in Oracle Fusion Middleware Performance and Tuning Guide. |
LDAP |
1 |
1 Enable, 0 Disable |
The DSA-specific entry (DSE) is the root of the DIT. This is where Oracle Internet Directory publishes information about itself, such as naming contexts, supported controls, and matching rules. Most attributes of the DSE should not be modified directly. Some attributes that you might need to modify are listed in Table 9-3.
Table 9-3 Attributes of the DSE
Attribute | Description | Update Mechanism | Default | Possible Values |
---|---|---|---|---|
Naming contexts. See Chapter 11. |
LDAP |
c=us dc=com |
Any valid naming context. |
|
Referral specification. See Chapter 19. |
LDAP |
|||
Access control at the root DSE level. See Chapter 29. |
LDAP |
|||
Hashing algorithm for protecting passwords. See Chapter 30. |
LDAP |
SHA |
MD4, MD5, SHA, SSHA, SHA256, SHA384, SHA512, SSHA256, SSHA384, SSHA512, SMD5, UNIX Crypt |
|
Contains DN of password policy governing the DSE root. See Chapter 28. |
LDAP |
cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext |
You can view and set most of the configuration attributes for an Oracle directory server by using Oracle Enterprise Manager Fusion Middleware Control.
This section contains the following topics:
You can configure most of the attributes in the instance-specific configuration entry by using the Oracle Internet Directory Server Properties pages of Fusion Middleware Control., as follows:
Select Administration, then Server Properties from the Oracle Internet Directory menu.
Select General, Performance, SASL, Statistics, or Logging, depending on which parameters you want to configure.
After changing the configuration, choose Apply.
The correspondence between server properties and configuration attributes on the General tab of the Server Properties page is shown in Table 9-4.
General
Table 9-4 Configuration Attributes on Server Properties Page, General Tab.
Performance
The correspondence between server properties and configuration attributes on the Performance tab of the Server Properties page is shown in Table 9-5
Table 9-5 Configuration Attributes on Server Properties Page, Performance Tab
Restart the server after changing orclserverprocs
, orclmaxcc
, orcldispthreads
, or orclpluginworkers
.
SASL
The correspondence between server properties and configuration attributes on the SASL tab of the Server Properties page is shown in Table 32-1, "Configuration Attributes on Server Properties, SASL Tab".
Statistics
The correspondence between server properties and configuration attributes on the Statistics tab of the Server Properties page is shown in Table 24-2, "Configuration Attributes on Server Properties Page, Statistics Tab".
Logging
The correspondence between server properties and configuration attributes on the Logging tab of the Server Properties page is shown in Table 23-2, "Configuration Attributes on Server Properties Page, Logging Tab".
You can configure some of the shared system configuration attributes in the DSA configuration entry by using the Oracle Internet Directory Shared Properties page of Fusion Middleware Control. Select Administration, then Shared Properties, then select General, Change Superuser Password, or Replication from the Oracle Internet Directory menu. After changing the configuration, choose Apply. The correspondence is as follows:
General
Table 9-6 Configuration Attributes on Shared Properties Page, General Tab
Field or Heading | Configuration Attribute |
---|---|
Number of users in privilege group membership cache NOT on EM page |
|
Result Set Cache Attributes |
|
Java Plug-in VM Options |
|
A server restart is recommended after changing orclskiprefinsql
or orclskewedattribute
.
Change Superuser Password
See Section 12.5, "Changing the Superuser Password by Using Fusion Middleware Control."
Replication
Replication-related attributes are described in Chapter 41, "Managing Replication Configuration Attributes." See Section 41.2.1, "Configuring Attributes on the Shared Properties, Replication Tab."
You can configure SSL parameters by using the Oracle Internet Directory SSL Configuration Page. See Section 26.2, "Configuring SSL by Using Fusion Middleware Control." You must restart the server for SSL configuration changes to take effect.
You can configure Audit attributes by using the Oracle Internet Directory Audit Policy Settings page. See Section 22.2, "Managing Auditing by Using Fusion Middleware Control."
A managed bean (MBean) is a Java object that represents a JMX manageable resource in a distributed environment, such as an application, a service, a component or a device. The WebLogic server uses custom MBeans as its interface to OPMN-managed components, such as Oracle Internet Directory. You can use the WebLogic Scripting Tool (wlst
) in the Oracle Common home to manage the attributes of the Oracle Internet Directory instance-specific configuration entry that have Oracle Enterprise Manager Fusion Middleware Control interfaces.
Note:
WLST manages Oracle Internet Directory through its SSL port. The Oracle Internet Directory SSL port must be configured for no authentication or server authentication. If the Oracle Internet Directory SSL port is configured for mutual authentication, you will not be able to change Oracle Internet Directory attributes by using WLST. See Section 26.1.3, "SSL Authentication Modes."
See Also:
You use WLST as follows:
Invoke WLST
ORACLE_COMMON_HOME/common/bin/wlst.sh
Connect to the WebLogic server
connect('username', 'password', 'localhost:7001')
To navigate to the custom mbean tree, type:
custom()
at the wlst prompt.
To get a one-level list of the MBean in the custom MBean tree, type:
ls()
In the ls()
output, you see two domains that contain MBeans that are related to Oracle Internet Directory configuration. The domains are oracle.as.management.mbeans.register
and oracle.as.oid
.
To get to a domain, use the cd()
command. For example:
cd('oracle.as.management.mbeans.register')
or
cd('oracle.as.oid')
If you type ls()
, you see a list of MBeans in that domain. There are three MBeans related to Oracle Internet Directory configuration under oracle.as.management.mbeans.register
and two under oracle.as.oid
. Table 9-7lists them.
Table 9-7 Oracle Internet Directory-Related MBeans
MBean Name | MBean Domain | MBean Format in ls() Output |
---|---|---|
Root Proxy MBean |
oracle.as.management.mbeans.register |
oracle.as.management.mbeans.register:type=component,name=COMPONENT_NAME,instance=INSTANCE |
Non-SSL Port MBean |
oracle.as.management.mbeans.register |
oracle.as.management.mbeans.register:type=component.nonsslport,name=nonsslport1,instance=INSTANCE,component=COMPONENT_NAME |
Audit MBean |
oracle.as.management.mbeans.register |
oracle.as.management.mbeans.register:type=component.auditconfig,name=auditconfig1,instance=INSTANCE,component=COMPONENT_NAME |
SSL Port MBean |
oracle.as.oid |
oracle.as.oid:type=component.sslconfig,name=sslport1,instance=INSTANCE,component=COMPONENT_NAME |
Key Store MBean |
oracle.as.oid |
oracle.as.oid:type=component.keystore,name=keystore,instance=INSTANCE,component=COMPONENT_NAME |
INSTANCE and COMPONENT_NAME refer to the Oracle instance where your Oracle Internet Directory component is located and the name of the component, respectively.
Note:
The Audit MBean is shown here for completeness, but you use different commands for managing auditing by using wlst
. See "Managing Auditing by Using WLST".
To get to a specific MBean, type:
cd('MBEAN_NAME')
For example, if you are in the domain oracle.as.management.mbeans.register
, and you want to manage the Root Proxy MBean for Oracle Internet Directory component oid1
in Oracle instance instance1
, type:
cd('oracle.as.management.mbeans.register:type=OID,name=oid1,instance=instance1')
Once you have navigated to the desired MBean, you can get the current value for an attribute by typing:
get('ATTRIBUTE_NAME')
For example, to get the value for orclserverprocs
, type:
get('orclserverprocs')
Before you make any changes to attributes, you must ensure that the MBean has the current server configuration. To do that, load the configuration from Oracle Internet Directory server to the mbean. Type:
invoke('load',jarray.array([],java.lang.Object),jarray.array([],java.lang.String))
Then you can use the set command to set a specific attribute. Type:
set('ATTRIBUTE_NAME', ATTRIBUTE_VALUE)
For example, to set orclserverprocs
= 12
, type:
set('orclserverprocs', 12)
After making changes, you must save the MBean configuration to the Oracle Internet Directory server. Type:
invoke('save',jarray.array([],java.lang.Object),jarray.array([],java.lang.String))
From the command line, you can modify most system configuration attributes by using ldapmodify
and list most system configuration by using ldapsearch
.
You can modify most attributes in Table 9-1, Table 9-2, and Table 9-3 by using the command-line:
ldapmodify -D cn=orcladmin -q -p portNum -h hostname -f ldifFile
The contents of the LDIF file depends on the DN and the operation being performed.
The LDIF file for changing the value of the orclgeneratechangelog
attribute in the instance-specific entry to 1
would be:
dn: cn=componentname,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclgeneratechangelog
orclgeneratechangelog: 1
The LDIF file for adding the orclinmemfiltprocess
attribute to the DSA configuration entry would be:
dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory changetype: modify add: orclinmemfiltprocess orclinmemfiltprocess: (objectclass=inetorgperson)(orclisenabled=TRUE)
Notes:
In 11g Release 1 (11.1.1), consecutive settings of orcldebugflag
and of orcloptracklevel
are additive.
Restart the server after changing orclskiprefinsql
, orclskewedattribute
, orclserverprocs
, orcldispthreads
, orclmaxcc
, orclpluginworkers
, or any attribute with a name that begins with "orclssl
" or "orclsasl
."
After changing orclnonsslport
or orclsslport
, restart the server and run opmnctl
updatecomponentregistration
, as described in Section 8.3.4, "Updating the Component Registration of an Oracle Instance by Using opmnctl."
See Also:
The Oracle Internet Directory chapter of Oracle Fusion Middleware Performance and Tuning Guide for more examples of LDIF files
The ldapmodify
command-line tool reference in Oracle Fusion Middleware Reference for Oracle Identity Management for a more detailed discussion of ldapmodify
, and a list of its options
The "Oracle Identity Management LDAP Attribute Reference" in Oracle Fusion Middleware Reference for Oracle Identity Management for descriptions of the modifiable system configuration attributes.
You can use ldapsearch
to list most attributes.
Instance-Specific Configuration Entry
If the component name for a server instance is oid1
,then you can list the attributes in the instance-specific configuration entry with a command line such as:
ldapsearch -p 3060 -h myhost.example.com -D cn=orcladmin -q \ -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*"
DSA Configuration Entry
You can list the attributes with the command line:
ldapsearch -p 3060 -h myhost.example.com -D cn=orcladmin -q \ -b "cn=dsaconfig,cn=configsets,cn=oracle internet directory" \ -s base "objectclass=*"
DSE
You can list the attributes with the command line:
ldapsearch -p 3060 -h myhost.example.com -D cn=orcladmin -q \ -b "" -s base "objectclass=*"
Oracle Enterprise Manager Fusion Middleware Control is the recommended graphical user interface for managing system configuration attributes. You can also use ODSM to manage system configuration attributes, which can be useful if Fusion Middleware Control is not available or if you must modify an attribute that has no Fusion Middleware Control interface.
See Section 13.2, "Managing Entries by Using Oracle Directory Services Manager" for detailed instructions for changing the attributes of a directory entry. The following sections explain how to get to the entries that contain system configuration attributes in ODSM.
On the Data Browser tab, in the navigation tree, expand subconfigsubentry
, then osdldapd
. Then select the name of the Oracle Internet Directory component you want to manage.
On the Data Browser tab, in the navigation tree, expand oracle internet directory
, then configsets
, then select the entry dsaconfig
.