1/80
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Internet Directory?
New Features Introduced with Oracle Internet Directory 11
g
Release 1 (11.1.1.7.0)
New Features Introduced with Oracle Internet Directory 11
g
Release 1 (11.1.1.6.0)
New Features Introduced with Oracle Internet Directory 11
g
Release 1 (11.1.1.4.0)
New Features Introduced with Oracle Internet Directory 11g Release 1 (11.1.1)
New Features Introduced with Oracle Internet Directory 10g (10.1.4.1)
New Features Introduced with Oracle Internet Directory 10g Release 2 (10.1.2)
Part I Understanding Directory Services
1
Introduction to Directory Services
1.1
What Is a Directory?
1.1.1
The Expanding Role of Online Directories
1.1.2
The Problem: Too Many Special-Purpose Directories
1.2
What Is the Lightweight Directory Access Protocol (LDAP)?
1.2.1
LDAP and Simplified Directory Management
1.2.2
LDAP Version 3
1.3
What Is Oracle Internet Directory?
1.3.1
Overview of Oracle Internet Directory
1.3.2
Components of Oracle Internet Directory
1.3.3
Advantages of Oracle Internet Directory
1.3.3.1
Scalability
1.3.3.2
High Availability
1.3.3.3
Security
1.3.3.4
Integration with the Oracle Environment
1.4
How Oracle Products Use Oracle Internet Directory
1.4.1
Easier and More Cost-Effective Administration of Oracle Products
1.4.2
Tighter Security Through Centralized Security Policy Administration
1.4.3
Integration of Multiple Directories
2
Understanding Oracle Internet Directory in Oracle Fusion Middleware
2.1
WebLogic Server Domain
2.2
Oracle Internet Directory as a System Component
2.3
Oracle Internet Directory Deployment Options
2.4
Middleware Home
2.5
WebLogic Server Home
2.6
Oracle Common Home
2.7
Oracle Home
2.8
Oracle Instance
2.9
Oracle Enterprise Manager Fusion Middleware Control
2.10
Logging, Auditing, and Diagnostics
2.11
MBeans and the WebLogic Scripting Tool
3
Understanding Oracle Internet Directory Concepts and Architecture
3.1
Oracle Internet Directory Architecture
3.1.1
An Oracle Internet Directory Node
3.1.2
An Oracle Directory Server Instance
3.1.3
Oracle Internet Directory Ports
3.1.4
Directory Metadata
3.2
How Oracle Internet Directory Processes a Search Request
3.3
Directory Entries
3.3.1
Distinguished Names (DNs) and Directory Information Trees (DITs)
3.3.2
Entry Caching
3.4
Attributes
3.4.1
Kinds of Attribute Information
3.4.2
Single-Valued and Multivalued Attributes
3.4.3
Common LDAP Attributes
3.4.4
Attribute Syntax
3.4.5
Attribute Matching Rules
3.4.6
Attribute Options
3.5
Object Classes
3.5.1
Subclasses, Superclasses, and Inheritance
3.5.2
Object Class Types
3.5.2.1
Structural Object Classes
3.5.2.2
Auxiliary Object Classes
3.5.2.3
Abstract Object Classes
3.6
Naming Contexts
3.7
Security
3.8
Globalization Support
3.9
Distributed Directories
3.9.1
Directory Replication
3.9.2
Directory Partitioning
3.10
Knowledge References and Referrals
3.11
Oracle Delegated Administration Services and the Oracle Internet Directory Self-Service Console
3.12
The Service Registry and Service to Service Authentication
3.13
Oracle Directory Integration Platform
3.14
Oracle Internet Directory and Identity Management
3.14.1
About Identity Management
3.14.2
Identity Management Realms
3.14.2.1
Default Identity Management Realm
3.14.2.2
Identity Management Policies
3.15
Resource Information
3.15.1
Resource Type Information
3.15.2
Resource Access Information
3.15.3
Location of Resource Information in the DIT
4
Understanding Process Control of Oracle Internet Directory Components
4.1
Oracle Internet Directory Process Control Architecture
4.2
The ODS_PROCESS_STATUS Table
4.3
Starting, Stopping, and Monitoring of Oracle Internet Directory Processes
4.3.1
Oracle Internet Directory Snippet in opmn.xml
4.3.2
OPMN Starting Oracle Internet Directory
4.3.3
OPMN Stopping of Oracle Internet Directory
4.3.4
Process Monitoring
4.4
Oracle Internet Directory Process Control–Best Practices
5
Understanding Oracle Internet Directory Organization
5.1
The Directory Information Tree
5.2
Planning the Overall Directory Structure
5.3
Planning the Names and Organization of Users and Groups
5.3.1
Organizing Users
5.3.2
Organizing Groups
5.4
Migrating a DIT from a Third-Party Directory
6
Understanding Oracle Internet Directory Replication
6.1
Why Use Replication?
6.2
Replication Concepts
6.2.1
Content to be Replicated: Full or Partial
6.2.2
Direction: One-Way, Two-Way, or Peer to Peer
6.2.3
Transport Mechanism: LDAP or Oracle Database Advanced Replication
6.2.4
Directory Replication Group (DRG) Type: Single-master, Multimaster, or Fan-out
6.2.4.1
Single-Master Replication Example
6.2.4.2
Multimaster Replication Example
6.2.4.3
Fan-out Replication Example
6.2.5
Loose Consistency Model
6.2.6
How the Replication Concepts Fit Together
6.2.7
Multimaster Replication with Fan-Out
6.3
What Kind of Replication Do You Need?
Part II Basic Administration
7
Getting Started With Oracle Internet Directory
7.1
Patching Your System to 11
g
Release 1 (11.1.1.7.0)
7.1.1
Upgrading a Directory Replication Group
7.2
Postinstallation Tasks and Information
7.2.1
Setting Up the Environment
7.2.2
Adding Datafiles to the OLTS_CT_STORE and OLTS_ATTRSTORE Tablespaces
7.2.3
Changing Settings of Windows Services
7.2.4
Starting and Stopping the Oracle Stack
7.2.5
Identifying Default URLs and Ports
7.2.6
Tuning Oracle Internet Directory
7.2.7
Enabling Anonymous Binds
7.2.8
Enabling Oracle Internet Directory to run on Privileged Ports
7.2.9
Verifying Oracle Database Time Zone
7.3
Using Fusion Middleware Control to Manage Oracle Internet Directory
7.4
Using Oracle Directory Services Manager
7.4.1
Introduction to Oracle Directory Services Manager
7.4.1.1
Using the JAWS Screen Reader with Oracle Directory Services Manager
7.4.1.2
Non-Super User Access to Oracle Directory Services Manager
7.4.1.3
Single Sign-On Integration with Oracle Directory Services Manager
7.4.2
Configuring ODSM for SSO Integration
7.4.3
Configuring the SSO Server for ODSM Integration
7.4.4
Configuring the Oracle HTTP Server for ODSM-SSO Integration
7.4.5
Invoking Oracle Directory Services Manager
7.4.6
Connecting to the Server from Oracle Directory Services Manager
7.4.6.1
Logging in to the Directory Server from Oracle Directory Services Manager
7.4.6.2
Logging Into the Directory Server from Oracle Directory Services Manager Using SSL
7.4.6.3
Connecting to an SSO-Enabled Directory as an SSO-Authenticated User
7.4.7
Configuring Oracle Directory Services Manager Session Timeout
7.4.8
Configuring Oracle HTTP Server to Support Oracle Directory Services Manager in an Oracle WebLogic Server Cluster
7.5
Using Command-Line Utilities to Manage Oracle Internet Directory
7.5.1
Using Standard LDAP Utilities
7.5.2
Using Bulk Tools
7.5.3
Using WLST
7.6
Basic Tasks for Configuring and Managing Oracle Internet Directory
8
Managing Oracle Internet Directory Instances
8.1
Introduction to Managing Oracle Internet Directory Instances
8.1.1
The Instance-Specific Configuration Entry
8.1.2
Creating the First Oracle Internet Directory Instance
8.1.3
Creating Additional Oracle Internet Directory Instances
8.1.4
Registering an Oracle Instance or Component with the WebLogic Server
8.2
Managing Oracle Internet Directory Components by Using Fusion Middleware Control
8.2.1
Viewing Active Server Information by Using Fusion Middleware Control
8.2.2
Starting the Oracle Internet Directory Server by Using Fusion Middleware Control
8.2.3
Stopping the Oracle Internet Directory Server by Using Fusion Middleware Control
8.2.4
Restarting the Oracle Internet Directory Server by Using Fusion Middleware Control
8.3
Managing Oracle Internet Directory Components by Using opmnctl
8.3.1
Creating an Oracle Internet Directory Component by Using opmnctl
8.3.2
Registering an Oracle Instance by Using opmnctl
8.3.3
Unregistering an Oracle Instance by Using opmnctl
8.3.4
Updating the Component Registration of an Oracle Instance by Using opmnctl
8.3.5
Deleting an Oracle Internet Directory Component by Using opmnctl
8.3.6
Viewing Active Server Instance Information by Using opmnctl
8.3.7
Starting the Oracle Internet Directory Server by Using opmnctl
8.3.8
Stopping the Oracle Internet Directory Server by Using opmnctl
8.3.9
Restarting the Oracle Internet Directory Server by Using opmnctl
8.3.10
Changing the Oracle Database Information in opmn.xml
8.4
Starting an Instance of the Replication Server by Using OIDCTL
9
Managing System Configuration Attributes
9.1
Introduction to Managing System Configuration Attributes
9.1.1
What are Configuration Attributes?
9.1.2
What are Operational Attributes?
9.1.3
Attributes of the Instance-Specific Configuration Entry
9.1.4
Attributes of the DSA Configuration Entry
9.1.5
Attributes of the DSE
9.2
Managing System Configuration Attributes by Using Fusion Middleware Control
9.2.1
Configuring Server Properties
9.2.2
Configuring Shared Properties
9.2.3
Configuring Other Parameters
9.3
Managing System Configuration Attributes by Using WLST
9.4
Managing System Configuration Attributes by Using LDAP Tools
9.4.1
Setting System Configuration Attributes by Using ldapmodify
9.4.2
Listing Configuration Attributes with ldapsearch
9.5
Managing System Configuration Attributes by Using ODSM Data Browser
9.5.1
Navigating to the Instance-Specific Configuration Entry
9.5.2
Navigating to the DSA Configuration Entry
9.5.3
Navigating to the DSE Root
10
Managing IP Addresses
10.1
Introduction to Managing IP Addresses
10.2
Configuring an IP Address for IP V6, Cold Failover Cluster, or Virtual IP
10.3
Configuring IP Addresses for Notifications in a Cluster
11
Managing Naming Contexts
11.1
Introduction to Managing Naming Contexts
11.2
Searching for Published Naming Contexts
11.3
Publishing a Naming Context
12
Managing Accounts and Passwords
12.1
Introduction to Managing Accounts and Passwords
12.2
Managing Accounts and Passwords by Using Command-Line Tools
12.2.1
Enabling and Disabling Accounts by Using Command-Line Tools
12.2.2
Unlocking Accounts by Using Command-Line Tools
12.2.3
Forcing a Password Change by Using Command-Line Tools
12.3
Managing Accounts and Passwords by Using the Self-Service Console
12.3.1
Enabling and Disabling Accounts by Using the Oracle Internet Directory Self-Service Console
12.3.2
Unlocking Accounts by Using the Oracle Internet Directory Self-Service Console
12.3.3
Resetting Your Own Password by Using the Oracle Internet Directory Self-Service Console
12.4
Listing and Unlocking Locked Accounts by Using Oracle Directory Services Manager
12.5
Changing the Superuser Password by Using Fusion Middleware Control
12.6
Creating Another Account With Superuser Privileges
12.7
Managing the Superuser Password by Using ldapmodify
12.8
Changing the Oracle Internet Directory Database Password
12.9
Resetting the Superuser Password
12.10
Changing the Password for the EMD Administrator Account
12.11
Changing the Password for the ODSSM Administrator Account
13
Managing Directory Entries
13.1
Introduction to Managing Directory Entries
13.2
Managing Entries by Using Oracle Directory Services Manager
13.2.1
Displaying Entries by Using Oracle Directory Services Manager
13.2.2
Searching for Entries by Using Oracle Directory Services Manager
13.2.3
Importing Entries from an LDIF File by Using Oracle Directory Services Manager
13.2.4
Exporting Entries to an LDIF File by Using Oracle Directory Services Manager
13.2.5
Viewing Attributes for a Specific Entry by Using Oracle Directory Services Manager
13.2.6
Adding a New Entry by Using Oracle Directory Services Manager
13.2.7
Deleting an Entry or Subtree by Using Oracle Directory Services Manager
13.2.8
Adding an Entry by Copying an Existing Entry in Oracle Directory Services Manager
13.2.9
Modifying an Entry by Using Oracle Directory Services Manager
13.3
Managing Entries by Using LDAP Command-Line Tools
13.3.1
Listing All the Attributes in the Directory by Using ldapsearch
13.3.2
Listing Operational Attributes by Using ldapsearch
13.3.3
Attribute Case in ldapsearch Output
13.3.4
Adding a User Entry by Using ldapadd
13.3.5
Modifying a User Entry by Using ldapmodify
13.3.6
Adding an Attribute Option by Using ldapmodify
13.3.7
Deleting an Attribute Option by Using ldapmodify
13.3.8
Searching for Entries with Attribute Options by Using ldapsearch
14
Managing Dynamic and Static Groups
14.1
Introduction to Managing Dynamic and Static Groups
14.1.1
Static Groups
14.1.1.1
Schema Elements for Creating Static Groups
14.1.2
Dynamic Groups
14.1.2.1
Cached and Uncached Dynamic Groups
14.1.2.2
Enhancements to and Limitations of Dynamic Groups in Oracle Internet Directory
14.1.2.3
Schema Elements for Creating a Dynamic Group
14.1.3
Hierarchies
14.1.4
Querying Group Entries
14.1.5
orclMemberOf Attribute
14.1.6
When to Use Each Kind of Group
14.2
Managing Group Entries by Using Oracle Directory Services Manager
14.2.1
Creating Static Group Entries by Using Oracle Directory Services Manager
14.2.2
Modifying a Static Group Entry by Using Oracle Directory Services Manager
14.2.3
Creating Dynamic Group Entries by Using Oracle Directory Services Manager
14.2.4
Modifying a Dynamic Group Entry by Using Oracle Directory Services Manager
14.3
Managing Group Entries by Using the Command Line
14.3.1
Creating a Static Group Entry by Using ldapadd
14.3.2
Modifying a Static Group by Using ldapmodify
14.3.3
Creating a Dynamic Group Entry by Using ldapadd
14.3.3.1
Creating a Cached Dynamic Group Using labeledURI Attribute
14.3.3.2
Creating an Uncached Dynamic List Using labeledURI Attribute
14.3.3.3
Creating a Dynamic Group Using CONNECT BY String
14.3.4
Modifying a Dynamic Group by Using ldapmodify
15
Performing Bulk Operations
15.1
Introduction to Performing Bulk Operations
15.2
Changing Server Mode
15.2.1
Setting the Server Mode by Using Fusion Middleware Control
15.2.2
Setting the Server Mode by Using ldapmodify
15.3
Loading Data Into the Schema by Using bulkload
15.3.1
Importing an LDIF File by Using bulkload
15.3.2
Loading Data in Incremental or Append Mode By Using bulkload
15.3.3
Performing Index Verification By Using bulkload
15.3.4
Re-Creating Indexes By Using bulkload
15.3.5
Recovering Data After a Load Failure By Using bulkload
15.4
Modifying Attributes of a Large Number of Entries By Using bulkmodify
15.4.1
Adding a Description for All Entries Under a Specified Naming Context
15.4.2
Adding an Attribute for Entries Under a Specified Naming Context Matching a Filter
15.4.3
Replacing an Attribute for All Entries Under a Specified Naming Context
15.5
Deleting Entries by Using bulkdelete
15.5.1
Deleting All Entries Under a Specified Naming Context by Using bulkdelete
15.5.2
Deleting Entries Under Naming Contexts and Making them Tombstone Entries
15.6
Dumping Data from Oracle Internet Directory to a File by Using ldifwrite
15.6.1
Dumping Part of a Specified Naming Context to an LDIF File
15.6.2
Dumping Entries Under a Specified Naming Context to an LDIF File
15.7
Creating and Dropping Indexes from Existing Attributes by Using catalog
15.7.1
Changing a Searchable Attribute into a Non-searchable Attribute
15.7.2
Changing a Non-searchable Attribute into a Searchable Attribute
16
Managing Collective Attributes
16.1
Introduction to Collective Attributes
16.1.1
The RFC Definition and Oracle Extensions
16.1.1.1
RFC 3671
16.1.1.2
Oracle Extensions
16.1.2
Defining the Collective Attribute Subentry
16.1.3
Using subtreeSpecification
16.1.3.1
Base
16.1.3.2
Minimum and Maximum
16.1.3.3
Specific Exclusions
16.1.4
Overriding a Collective Attribute
16.2
Managing Collective Attributes by Using the Command Line
16.2.1
Adding a Subentry by Using ldapadd
16.2.2
Modifying a Subentry by Using ldapmodify
17
Managing Computed Attributes
17.1
Introduction to Computed Attributes
17.2
Configuring Computed Attributes
17.2.1
Rules and Syntax Used for Computed Attributes
17.2.2
Examples Using Computed Attributes
17.2.2.1
Returning an Attribute Value as Uppercase
17.2.2.2
Returning the Substring of an Attribute Value
17.2.2.3
Replacing an Attribute Value
17.2.2.4
Specifying a URI-Based Configuration
17.2.2.5
Using a Combination of Different Rules
17.2.2.6
Using an OR (|) Operator
18
Managing Alias Entries
18.1
Introduction to Managing Alias Entries
18.2
Adding an Alias Entry
18.3
Searching the Directory with Alias Entries
18.3.1
Searching the Base with Alias Entries
18.3.2
Searching One-Level with Alias Entries
18.3.3
Searching a Subtree with Alias Entries
18.4
Modifying Alias Entries
18.5
Interpreting Messages Related to Alias Dereferencing
19
Managing Attribute Uniqueness Constraint Entries
19.1
Introduction to Managing Attribute Uniqueness Constraint Entries
19.2
Cleaning Up Duplicate Attribute Values
19.3
Specifying Attribute Uniqueness Constraint Entries
19.3.1
Specifying Multiple Attribute Names in an Attribute Uniqueness Constraint
19.3.2
Specifying Multiple Subtrees in an Attribute Uniqueness Constraint
19.3.3
Specifying Multiple Scopes in an Attribute Uniqueness Constraint
19.3.4
Specifying Multiple Object Classes in an Attribute Uniqueness Constraint
19.3.5
Specifying Multiple Subtrees, Scopes, and Object Classes in an Attribute Uniqueness Constraint
19.4
Managing an Attribute Uniqueness Constraint Entry by Using Oracle Directory Services Manager
19.4.1
Creating an Attribute Uniqueness Constraint Entry by Using ODSM
19.4.2
Modifying an Attribute Uniqueness Constraint Entry by Using ODSM
19.4.3
Deleting an Attribute Uniqueness Constraint Entry by Using ODSM
19.5
Managing an Attribute Uniqueness Constraint Entry by Using the Command Line
19.5.1
Creating Attribute Uniqueness Across a Directory by Using Command-Line Tools
19.5.2
Creating Attribute Uniqueness Across One Subtree by Using Command-Line Tools
19.5.3
Creating Attribute Uniqueness Across One Object Class by Using Command-Line Tools
19.5.4
Modifying Attribute Uniqueness Constraint Entries by Using Command-Line Tools
19.5.5
Deleting Attribute Uniqueness Constraint Entries by Using Command-Line Tools
19.5.6
Enabling and Disabling Attribute Uniqueness by Using Command-Line Tools
20
Managing Knowledge References and Referrals
20.1
Introduction to Managing Knowledge References and Referrals
20.2
Configuring Smart Referrals
20.3
Configuring Default Referrals
21
Managing Directory Schema
21.1
Introduction to Managing Directory Schema
21.1.1
Where Schema Information is Stored in the Directory
21.1.2
Understanding Object Classes
21.1.2.1
About Adding Object Classes
21.1.2.2
About Modifying Object Classes
21.1.2.3
About Deleting Object Classes
21.1.3
Understanding Attributes
21.1.3.1
About Adding Attributes
21.1.3.2
About Modifying Attributes
21.1.3.3
About Deleting Attributes
21.1.3.4
About Indexing Attributes
21.1.4
Extending the Number of Attributes Associated with Entries
21.1.4.1
Extending the Number of Attributes before Creating Entries in the Directory
21.1.4.2
Extending the Number of Attributes for Existing Entries by Creating an Auxiliary Object Class
21.1.4.3
Extending the Number of Attributes for Existing Entries by Creating a Content Rule
21.1.4.4
Rules for Creating and Modifying Content Rules
21.1.4.5
Schema Enforcement When Using Content Rules
21.1.4.6
Searches for Object Classes Listed in Content Rules
21.1.5
Understanding Attribute Aliases
21.1.6
Object Identifier Support in LDAP Operations
21.2
Managing Directory Schema by Using Oracle Directory Services Manager
21.2.1
Searching for Object Classes by Using Oracle Directory Services Manager
21.2.2
Adding Object Classes by Using Oracle Directory Services Manager
21.2.3
Modifying Object Classes by Using Oracle Directory Services Manager
21.2.4
Deleting Object Classes by Using Oracle Directory Services Manager
21.2.5
Viewing Properties of Object Classes by Using Oracle Directory Services Manager
21.2.6
Adding a New Attribute by Using Oracle Directory Services Manager
21.2.7
Modifying an Attribute by Using Oracle Directory Services Manager
21.2.8
Deleting an Attribute by Using Oracle Directory Services Manager
21.2.9
Viewing All Directory Attributes by Using Oracle Directory Services Manager
21.2.10
Searching for Attributes by Using Oracle Directory Services Manager
21.2.11
Adding an Index to a New Attribute by Using Oracle Directory Services Manager
21.2.12
Adding an Index to an Existing Attribute by Using Oracle Directory Services Manager
21.2.13
Dropping an Index from an Attribute by Using Oracle Directory Services Manager
21.2.14
Creating a Content Rule by Using Oracle Directory Services Manager
21.2.15
Modifying a Content Rule by Using Oracle Directory Services Manager
21.2.16
Viewing Matching Rules by Using Oracle Directory Services Manager
21.2.17
Viewing Syntaxes by Using Oracle Directory Services Manager
21.3
Managing Directory Schema by Using the Command Line
21.3.1
Viewing the Schema by Using ldapsearch
21.3.2
Adding a New Object Class by Using Command-Line Tools
21.3.3
Adding a New Attribute to an Auxiliary or User-Defined Object Class by Using Command-Line Tools
21.3.4
Modifying Object Classes by Using Command-Line Tools
21.3.5
Adding and Modifying Attributes by Using ldapmodify
21.3.6
Deleting Attributes by Using ldapmodify
21.3.7
Indexing an Attribute by Using ldapmodify
21.3.8
Dropping an Index from an Attribute by Using ldapmodify
21.3.9
Indexing an Attribute by Using the Catalog Management Tool
21.3.10
Adding a New Attribute With Attribute Aliases by Using the Command Line
21.3.11
Adding or Modifying Attribute Aliases in Existing Attributes by Using the Command Line
21.3.12
Deleting Attribute Aliases by Using the Command Line
21.3.13
Using Attribute Aliases with LDAP Commands
21.3.13.1
Using Attribute Aliases with ldapsearch
21.3.13.2
Using Attribute Aliases with ldapadd
21.3.13.3
Using Attribute Aliases with ldapmodify
21.3.13.4
Using Attribute Aliases with ldapdelete
21.3.13.5
Using Attribute Aliases with ldapmoddn
21.3.14
Managing Content Rules by Using Command-Line Tools
21.3.15
Viewing Matching Rules by Using ldapsearch
21.3.16
Viewing Syntaxes by Using by Using ldapsearch
22
Configuring Referential Integrity
22.1
Introduction to Configuring Referential Integrity
22.2
Enabling Referential Integrity by Using Fusion Middleware Control
22.3
Disabling Referential Integrity by Using Fusion Middleware Control
22.4
Enabling Referential Integrity by Using the Command Line
22.5
Configuring Specific Attributes for Referential Integrity by Using the Command Line
22.6
Disabling Referential Integrity by Using the Command Line
22.7
Detecting and Correcting Referential Integrity Violations
23
Managing Auditing
23.1
Introduction to Auditing
23.1.1
Configuring the Audit Store
23.1.2
Oracle Internet Directory Audit Configuration
23.1.3
Replication and Oracle Directory Integration Platform Audit Configuration
23.1.4
Audit Record Fields
23.1.5
Audit Record Storage
23.1.6
Generating Audit Reports
23.2
Managing Auditing by Using Fusion Middleware Control
23.3
Managing Auditing by Using WLST
23.4
Managing Auditing from the Command Line
23.4.1
Viewing Audit Configuration from the Command Line
23.4.2
Configuring Oracle Internet Directory Auditing from the Command Line
23.4.3
Enabling Replication and Oracle Directory Integration Platform Auditing
24
Managing Logging
24.1
Introduction to Logging
24.1.1
Features of Oracle Internet Directory Debug Logging
24.1.2
Interpreting Log Messages
24.1.2.1
Log Messages for Specified LDAP Operations
24.1.2.2
Log Messages Not Associated with Specified LDAP Operations
24.1.2.3
Example: Trace Messages in Oracle Internet Directory Server Log File
24.2
Managing Logging by Using Fusion Middleware Control
24.2.1
Viewing Log Files by Using Fusion Middleware Control
24.2.2
Configuring Logging by Using Fusion Middleware Control
24.3
Managing Logging from the Command Line
24.3.1
Viewing Log Files from the Command Line
24.3.2
Setting Debug Logging Levels by Using the Command Line
24.3.3
Setting the Debug Operation by Using the Command Line
24.3.4
Force Flushing the Trace Information to a Log File
25
Monitoring Oracle Internet Directory
25.1
Introduction to Monitoring Oracle Internet Directory Server
25.1.1
Capabilities of Oracle Internet Directory Server Manageability
25.1.2
Oracle Internet Directory Server Manageability Architecture and Components
25.1.3
Purging of Security Events and Statistics Entries
25.1.4
Account Used for Accessing Server Manageability Information
25.2
Setting Up Statistics Collection by Using Fusion Middleware Control
25.2.1
Configuring Directory Server Statistics Collection by Using Fusion Middleware Control
25.2.2
Configuring a User for Statistics Collection by Using Fusion Middleware Control
25.3
Viewing Statistics Information with Fusion Middleware Control
25.3.1
Viewing Statistics Information on the Oracle Internet Directory Home Page
25.3.2
Viewing Information on the Oracle Internet Directory Performance Page
25.4
Viewing Statistics Information from the Oracle Directory Services Manager Home Page
25.5
Setting Up Statistics Collection by Using the Command-Line
25.5.1
Configuring Health, General, and Performance Statistics Attributes
25.5.2
Configuring Security Events Tracking
25.5.3
Configuring User Statistics Collection from the Command Line
25.5.4
Configuring Event Levels from the Command Line
25.5.5
Configuring a User for Statistics Collection by Using the Command Line
25.6
Viewing Information with the OIDDIAG Tool
26
Backing Up and Restoring Oracle Internet Directory
Part III Advanced Administration: Security
27
Configuring Secure Sockets Layer (SSL)
27.1
Introduction to Configuring Secure Sockets Layer (SSL)
27.1.1
Supported Cipher Suites
27.1.2
Supported Protocol Versions
27.1.3
SSL Authentication Modes
27.1.4
Limitations of the Use of SSL in11g Release 1 (11.1.1)
27.1.5
Oracle Wallets
27.1.6
Other Components and SSL
27.1.7
SSL Interoperability Mode
27.1.8
StartTLS
27.2
Configuring SSL by Using Fusion Middleware Control
27.2.1
Creating a Wallet by Using Fusion Middleware Control
27.2.2
Configuring SSL Parameters by Using Fusion Middleware Control
27.2.3
Setting SSL Parameters with Fusion Middleware Control
27.3
Configuring SSL by Using WLST
27.4
Configuring SSL by Using LDAP Commands
27.5
Testing SSL Connections by Using Oracle Directory Services Manager
27.6
Testing SSL Connections From the Command Line
27.6.1
Testing SSL With Encryption Only
27.6.2
Testing SSL With Server Authentication
27.6.3
Testing SSL With Client and Server Authentication
27.7
Configuring SSL Interoperability Mode
28
Configuring Data Privacy
28.1
Introduction to Table Space Encryption
28.2
Enabling and Disabling Table Space Encryption
28.3
Introduction to Using Database Vault With Oracle Internet Directory
28.4
Configuring Oracle Database Vault to Protect Oracle Internet Directory Data
28.4.1
Registering Oracle Database Vault
28.4.2
Adding a Database Vault Realm and Policies for Oracle Internet Directory
28.4.3
Managing Oracle Database Vault Configuration for Oracle Internet Directory
28.4.4
Deleting Database Vault Policies For Oracle Internet Directory
28.4.5
Disabling Oracle Database Vault for the Oracle Internet Directory Database
28.5
Best Practices for Using Database Vault with Oracle Internet Directory
28.6
Introduction to Sensitive Attributes
28.6.1
List of Sensitive Attributes
28.6.2
Encryption Algorithm for Sensitive Attributes
28.7
Configuring Privacy of Retrieved Sensitive Attributes
28.8
Introduction to Hashed Attributes
28.9
Configuring Hashed Attributes
28.9.1
Configuring Hashed Attributes by Using Fusion Middleware Control
28.9.2
Configuring Hashed Attributes by Using ldapmodify
29
Managing Password Policies
29.1
Introduction to Managing Password Policies
29.1.1
What a Password Policy Is
29.1.2
Steps Required to Create and Apply a Password Policy
29.1.3
Fine-Grained Password Policies
29.1.4
Default Password Policy
29.1.5
Password Policy Attributes
29.1.6
Password Policy-Related Operational Attributes
29.1.7
Directory Server Verification of Password Policy Information
29.1.8
Password Policy Error Messages
29.1.9
Releases Before 10g (10.1.4.0.1)
29.2
Managing Password Policies by Using Oracle Directory Services Manager
29.2.1
Viewing Password Policies by Using Oracle Directory Services Manager
29.2.2
Modifying Password Policies by Using Oracle Directory Services Manager
29.2.3
Creating a Password Policy and Assigning it to a Subtree by Using ODSM
29.3
Managing Password Policies by Using Command-Line Tools
29.3.1
Viewing Password Policies by Using Command-Line Tools
29.3.2
Creating a New Password Policy by Using Command-Line Tools
29.3.3
Applying a Password Policy to a Subtree by Using Command-Line Tools
29.3.4
Setting Password Policies by Using Command-Line Tools
29.3.5
Making a Password Policy Entry Specific by Using Command-Line Tools
30
Managing Directory Access Control
30.1
Introduction to Managing Directory Access Control
30.1.1
Access Control Management Constructs
30.1.1.1
Access Control Policy Points (ACPs)
30.1.1.2
The orclACI Attribute for Prescriptive Access Control
30.1.1.3
The orclEntryLevelACI Attribute for Entry-Level Access Control
30.1.1.4
Security Groups
30.1.2
Access Control Information Components
30.1.2.1
Object: To What Are You Granting Access?
30.1.2.2
Subject: To Whom Are You Granting Access?
30.1.2.3
Operations: What Access Are You Granting?
30.1.3
Access Level Requirements for LDAP Operations
30.1.4
How ACL Evaluation Works
30.1.4.1
Precedence Rules Used in ACL Evaluation
30.1.4.2
Use of More Than One ACI for the Same Object
30.1.4.3
Exclusionary Access to Directory Objects
30.1.4.4
ACL Evaluation For Groups
30.2
Managing Access Control by Using Oracle Directory Services Manager
30.2.1
Viewing an ACP by Using Oracle Directory Services Manager
30.2.2
Adding an ACP by Using Oracle Directory Services Manager
30.2.2.1
Task 1: Specify the Entry That Will Be the ACP
30.2.2.2
Task 2: Configure Structural Access Items
30.2.2.3
Task 3: Configure Content Access Items
30.2.2.4
Delete a Structural or Content Access Item
30.2.3
Modifying an ACP by Using Access Control Management in ODSM
30.2.4
Adding or Modifying an ACP by Using the Data Browser in ODSM
30.2.5
Setting or Modifying Entry-Level Access by Using the Data Browser in ODSM
30.3
Managing Access Control by Using Command-Line Tools
30.3.1
Restricting the Kind of Entry a User Can Add
30.3.2
Setting Up an Inheritable ACP by Using ldapmodify
30.3.3
Setting Up Entry-Level ACIs by Using ldapmodify
30.3.4
Using Wildcards in an LDIF File with ldapmodify
30.3.5
Selecting Entries by DN
30.3.6
Using Attribute and Subject Selectors
30.3.7
Granting Read-Only Access
30.3.8
Granting Selfwrite Access to Group Entries
30.3.9
Defining a Completely Autonomous Policy to Inhibit Overriding Policies
31
Managing Password Verifiers
31.1
Introduction to Password Verifiers for Authenticating to the Directory
31.1.1
Userpassword Verifiers and Authentication to the Directory
31.1.2
Hashing Schemes for Creating Userpassword Verifiers
31.2
Managing Hashing Schemes for Password Verifiers for Authenticating to the Directory
31.3
Introduction to Password Verifiers for Authenticating to Components
31.3.1
About Password Verifiers for Authenticating to Oracle Components
31.3.2
Attributes for Storing Password Verifiers for Authenticating to Oracle Components
31.3.3
Default Verifiers for Oracle Components
31.3.4
How Password Verification Works for an Oracle Component
31.4
Managing Password Verifier Profiles for Oracle Components by Using ODSM
31.5
Managing Password Verifier Profiles for Components by Using Command-Line Tools
31.5.1
Viewing a Password Verifier Profile by Using Command-Line Tools
31.5.2
Example: Modifying a Password Verifier Profile by Using Command-Line Tools
31.6
Introduction to Generating Verifiers by Using Dynamic Parameters
31.7
Configuring Oracle Internet Directory to Generate Dynamic Password Verifiers
32
Delegating Privileges for Oracle Identity Management
32.1
Introduction to Delegating Privileges for Oracle Identity Management
32.1.1
How Delegation Works
32.1.2
Delegation in an Oracle Fusion Middleware Environment
32.1.3
About the Default Configuration
32.1.4
Privileges for Administering the Oracle Technology Stack
32.2
Delegating Privileges for User and Group Management
32.2.1
How Privileges Are Granted for Managing User and Group Data
32.2.2
Default Privileges for Managing User Data
32.2.2.1
Creating Users for a Realm
32.2.2.2
Modifying Attributes of a User
32.2.2.3
Deleting a User
32.2.2.4
Delegating User Administration
32.2.3
Default Privileges for Managing Group Data
32.2.3.1
Creating Groups
32.2.3.2
Modifying the Attributes of Groups
32.2.3.3
Deleting Groups
32.2.3.4
Delegating Group Administration
32.3
Delegating Privileges for Deployment of Oracle Components
32.3.1
How Deployment Privileges Are Granted
32.3.2
Oracle Application Server Administrators
32.3.3
User Management Application Administrators
32.3.4
Trusted Application Administrators
32.4
Delegating Privileges for Component Run Time
32.4.1
Default Privileges for Reading and Modifying User Passwords
32.4.2
Default Privileges for Comparing User Passwords
32.4.3
Default Privileges for Comparing Password Verifiers
32.4.4
Default Privileges for Proxying on Behalf of End Users
32.4.5
Default Privileges for Managing the Oracle Context
32.4.6
Default Privileges for Reading Common User Attributes
32.4.7
Default Privileges for Reading Common Group Attributes
32.4.8
Default Privileges for Reading the Service Registry
32.4.9
Default Privileges for Administering the Service Registry
33
Managing Authentication
33.1
Introduction to Authentication
33.1.1
Direct Authentication
33.1.2
Indirect Authentication
33.1.3
External Authentication
33.1.4
Simple Authentication and Security Layer (SASL)
33.2
Configuring Certificate Authentication Method by Using Fusion Middleware Control
33.3
Configuring SASL Authentication by Using Fusion Middleware Control
33.4
Configuring Certificate Authentication Method by Using Command-Line Tools
33.5
Configuring SASL Authentication by Using the Command Line
33.6
Introduction to Anonymous Binds
33.7
Managing Anonymous Binds
33.7.1
Managing Anonymous Binds by Using Fusion Middleware Control
33.7.2
Managing Anonymous Binds by Using the Command Line
Part IV Advanced Administration: Managing Directory Deployment
34
Planning, Deploying and Managing Realms
34.1
Introduction to Planning, Deploying and Managing Realms
34.1.1
Planning the Identity Management Realm
34.1.2
Identity Management Realms in an Enterprise Deployment
34.1.2.1
Single Identity Management Realm in the Enterprise
34.1.2.2
Multiple Identity Management Realms in the Enterprise
34.1.3
Identity Management Realms in a Hosted Deployment
34.1.4
Identity Management Realm Implementation in Oracle Internet Directory
34.1.5
Default Directory Information Tree and the Identity Management Realm
34.2
Customizing the Default Identity Management Realm
34.2.1
Steps to Update the Existing User and Group Search Base
34.2.2
Set up an Additional Search Base
34.2.3
Refresh Oracle Single Sign-On
34.2.4
Reconfigure Provisioning Profiles
34.3
Creating Additional Identity Management Realms for Hosted Deployments
35
Tuning and Sizing Oracle Internet Directory
36
Managing Garbage Collection
36.1
Introduction to Managing Garbage Collection
36.1.1
Components of the Oracle Internet Directory Garbage Collection Framework
36.1.1.1
Garbage Collection Plug-in
36.1.1.2
Background Database Processes
36.1.2
How Oracle Internet Directory Garbage Collection Works
36.1.3
Garbage Collector Entries and the Oracle Internet Directory Statistics Collector Entry
36.1.4
Change Log Purging
36.2
Set Oracle Database Time Zone for Garbage Collection
36.3
Modifying Oracle Internet Directory Garbage Collectors
36.3.1
Modifying a Garbage Collector by Using Oracle Directory Services Manager
36.3.2
Modifying a Garbage Collector by Using Command-Line Tools
36.3.2.1
Example 1: Modifying a Garbage Collector
36.3.2.2
Example 2: Disabling a Garbage Collector Change Log
36.3.3
Modifying the Oracle Internet Directory Statistics Collector
36.4
Managing Logging for Oracle Internet Directory Garbage Collectors
36.4.1
Enabling Logging for Oracle Internet Directory Garbage Collectors
36.4.2
Disabling Logging for Oracle Internet Directory Garbage Collectors
36.4.3
Monitoring Garbage Collection Logging
36.5
Configuring Time-Based Change Log Purging
37
Migrating Data from Other Data Repositories
37.1
Introduction to Migrating Data from Other Data Repositories
37.2
Migrating Data from LDAP-Compliant Directories
37.2.1
Migrating LDAP Data by Using an LDIF File and bulkload
37.2.2
Migrating LDAP Data by Using syncProfileBootstrap Directly
37.2.3
Migrating LDAP Data by Using an LDIF File and syncProfileBootstrap
37.2.4
Migrating LDAP Data by Using syncProfileBootstrap, bulkload, and LDIF Files
37.2.5
Migrating LDAP Data by Using the Oracle Directory Integration Platform Server
37.3
Migrating User Data from Application-Specific Repositories
37.3.1
The Intermediate Template File
37.3.2
Reconciling Data in Application Repository with Data Already in the Directory
37.3.3
Tasks For Migrating Data from Application-Specific Repositories
37.3.3.1
Task 1: Create an Intermediate Template File
37.3.3.2
Task 2: Run the OID Migration Tool
38
Configuring Server Chaining
38.1
Introduction to Configuring Server Chaining
38.1.1
Supported External Servers
38.1.2
Integrated Oracle Products
38.1.2.1
Oracle Single Sign-On
38.1.2.2
Enterprise User Security
38.1.3
Supported Operations
38.1.4
Server Chaining with Replication
38.2
Configuring Server Chaining
38.2.1
Configuring Server Chaining by Using Oracle Directory Services Manager
38.2.2
Configuring Server Chaining from the Command Line
38.3
Creating Server Chaining Configuration Entries
38.3.1
Configuration Entry Attributes
38.3.2
Requirements for User and Group Containers
38.3.3
Attribute Mapping
38.3.4
Active Directory Example
38.3.5
Active Directory with SSL Example
38.3.6
Active Directory with New Attributes Example
38.3.7
Oracle Directory Server Enterprise Edition and Sun Java System Directory Server (iPlanet) Example
38.3.8
Oracle Directory Server Enterprise Edition and Sun Java System Directory Server (iPlanet) with SSL Example
38.3.9
eDirectory Example
38.3.10
eDirectory with SSL Example
38.4
Debugging Server Chaining
38.5
Configuring an Active Directory Plug-in for Password Change Notification
39
Managing DIT Masking
39.1
Configuring Masking
39.2
Masking Examples
39.2.1
Restricting Access by Container Name
39.2.2
Restricting Access by Entry Data
39.2.3
Disallowing Access to Containers from the Entire Directory
Part V Advanced Administration: Directory Replication
40
Setting Up Replication
40.1
Introduction to Setting Up Replication
40.1.1
Replication Transport Mechanisms
40.1.2
Replication Setup Methods
40.1.2.1
Replication Wizard
40.1.2.2
Command Line Tools
40.1.2.3
Database Copy Procedure
40.1.3
Bootstrap Rules
40.1.4
The Replication Agreement
40.1.5
Other Replication Configuration Attributes
40.1.6
Replication Process and Architecture
40.1.7
Rules for Configuring LDAP-Based Replication
40.1.8
Replication Security
40.1.8.1
Authentication and the Directory Replication Server
40.1.8.2
Secure Sockets Layer (SSL) and Oracle Internet Directory Replication
40.1.9
LDAP Replication Filtering for Partial Replication
40.1.9.1
Included and Excluded Naming Contexts in LDAP Replication Filtering
40.1.9.2
Attributes that Control Naming Contexts
40.1.9.3
Rules for LDAP Replication Filtering
40.1.9.4
Examples of LDAP Replication Filtering
40.1.9.5
Rules for Managing Naming Contexts and Attributes
40.1.9.6
Optimization of Partial Replication Naming Context for Better Performance
40.2
Converting an Advanced Replication-Based Agreement to an LDAP-Based Agreement
40.3
Setting Up an LDAP-Based Replication Agreement by Using the Replication Wizard
40.4
Testing Replication by Using Oracle Directory Services Manager
40.5
Setting Up an LDAP-Based Replication by Using the Command Line
40.5.1
Copying Your LDAP Data by Using ldifwrite and bulkload
40.5.2
Setting Up an LDAP-Based Replica with Customized Settings
40.5.2.1
Setting Up an LDAP-Based Replica by Using Automatic Bootstrapping
40.5.2.2
Setting Up an LDAP-Based Replica by Using the ldifwrite Tool
40.5.3
Password Policy and Fan-out Replication
40.5.4
Deleting an LDAP-Based Replica
40.5.4.1
Task 1: Stop the Directory Replication Server on the Node to be Deleted
40.5.4.2
Task 2: Delete the Replica from the Replication Group
40.6
Setting Up a Multimaster Replication Group with Fan-Out
41
Setting Up Replication Failover
41.1
Introduction to Replication Failover
41.1.1
Limitations and Warnings for Replication Failover
41.1.2
Determining Which Type of Replication Failover to Use
41.2
Performing a Stateless Replication Failover
41.2.1
Task 1: Stop all Directory Replication Server on related Nodes
41.2.2
Task 2: Break Old Replication Agreement and Set up New Agreement
41.2.3
Task 3: Save Last Change Number
41.2.4
Task 4: Compare and Reconcile New Supplier and Consumer
41.2.5
Task 5: Update Last Applied Change Number of New Agreement
41.2.6
Task 6: Clean Up Old Agreement on Old Supplier
41.2.7
Task 7: Start All Directory Replication Server on related Nodes
41.3
Performing a Time-Based Replication Failover
41.3.1
Task 1: Configure Change Log Garbage Collection Object on New Supplier
41.3.2
Task 2: Save Last Change Number from New Supplier
41.3.3
Task 3: Enable Change Log Regeneration on New Supplier
41.3.4
Task 4: Wait for the Desired Time Period to Elapse
41.3.5
Task 5: Stop all Directory Replication Servers on Related Nodes
41.3.6
Task 6: Break Old Replication Agreement and Set Up New Agreement
41.3.7
Task 7: Update Last Applied Change Number of New Agreement
41.3.8
Task 8: Clean Up Old Agreement on Old Supplier
41.3.9
Task 9: Start All Directory Replication Servers on Related Nodes
42
Managing Replication Configuration Attributes
42.1
Introduction to Replication Configuration Attributes
42.1.1
The Replication Configuration Container
42.1.2
The Replica Subentry
42.1.3
The Replication Agreement Entry
42.1.3.1
Replication Agreement Entry Attributes
42.1.3.2
Oracle Database Advanced Replication-Based Replication Agreements
42.1.3.3
LDAP Replication Agreements
42.1.3.4
Two-Way LDAP Replication Agreements
42.1.4
The Replication Naming Context Container Entry
42.1.5
The Replication Naming Context Object Entry
42.1.6
The Replication Configuration Set
42.1.7
Examples of Replication Configuration Objects in the Directory
42.2
Configuring Replication Configuration Attributes by Using Fusion Middleware Control
42.2.1
Configuring Attributes on the Shared Properties, Replication Tab
42.2.2
Configuring Replication Wizard Parameters
42.3
Managing Replication Configuration Attributes From the Command Line
43
Managing and Monitoring Replication
43.1
Introduction to Managing and Monitoring Replication
43.1.1
Modifying What Is to Be Replicated in LDAP-Based Partial Replication
43.1.2
Managing Worker Threads
43.1.3
Change Logs in Directory Replication
43.1.4
The Human Intervention Queue
43.1.4.1
Managing the Queues
43.1.4.2
Queue Statistics
43.1.4.3
The Number of Entries the Human Intervention Queue Tools Can Process
43.1.5
Pilot Mode
43.1.6
Conflict Resolution in Oracle Replication
43.1.6.1
Levels at Which Replication Conflicts Occur
43.1.6.2
Automatic Conflict Resolution
43.1.6.3
How Automated Conflict Resolution Works
43.2
Managing and Monitoring Replication by Using ODSM and Fusion Middleware Control
43.2.1
Enabling or Disabling Change Log Generation by Using Fusion Middleware Control
43.2.2
Viewing the Local Change Logs by Using Oracle Directory Services Manager
43.2.3
Viewing and Modifying Replica Naming Context Objects
43.2.4
Viewing or Modifying a Replication Setup by Using the Replication Wizard
43.2.5
Deleting an LDAP-Based Replication Agreement by Using the Replication Wizard
43.2.6
Configure Replication Attributes by Using Fusion Middleware Control
43.2.7
Activating or Inactivating a Replication Server by Using Fusion Middleware Control
43.2.8
Configuring the Replication Debug Level by Using Fusion Middleware Control
43.2.9
Configuring Replica Details by Using Fusion Middleware Control
43.2.10
Viewing Queue Statistics by Using Fusion Middleware Control
43.2.11
Managing Changelog Processing by Using Fusion Middleware Control
43.2.12
Monitoring Conflict Resolution Messages by Using Fusion Middleware Control
43.3
Managing and Monitoring Replication by Using the Command Line
43.3.1
Enabling and Disabling Change Log Generation by Using the Command Line
43.3.2
Viewing Change Logs by Using ldapsearch
43.3.3
Configuring Attributes of the Replica Subentry by Using ldapmodify
43.3.4
Specifying Pilot Mode for a Replica by Using remtool
43.3.5
Configuring Replication Agreement Attributes by Using ldapmodify
43.3.6
Modifying Replica Naming Context Object Parameters by Using ldapmodify
43.3.7
Configuring Attributes of the Replication Configuration Set by Using ldapmodify
43.3.8
Monitoring Conflict Resolution Messages by Using the Command Line
43.3.9
Managing the Human Intervention Queue
43.3.10
Monitoring Replication Progress in a Directory Replication Group by Using remtool -pthput
43.3.11
Viewing Queue Statistics and Verifying Replication by Using remtool
43.3.12
Managing the Number of Entries the Human Intervention Queue Tools Can Process
43.3.13
Changing the Replication Administrator's Password for Advanced Replication
43.4
Comparing and Reconciling Inconsistent Data by Using oidcmprec
43.4.1
Conflict Scenarios
43.4.2
Operations Supported by oidcmprec
43.4.3
Output from oidcmprec
43.4.4
How oidcmprec Works
43.4.5
Setting the Source and Destination Directories
43.4.6
Selecting the DIT for the Operation
43.4.7
Selecting the Attributes for the Operation
43.4.8
Controlling Change Log Generation
43.4.9
Using a Text or XML Parameter File
43.4.10
Including Directory Schema
43.4.11
Overriding Predefined Conflict Resolution Rules
43.4.12
Using the User-Defined Compare and Reconcile Operation
43.4.13
Known Limitations of the oidcmprec Tool
Part VI Advanced Administration: Directory Plug-ins
44
Configuring a Customized Password Policy Plug-In
44.1
Introduction to Configuring a Customized Password Policy Plug-in
44.2
Installing, Configuring, and Enabling a Customized Password Policy Plug-in
44.2.1
Loading and Registering the PL/SQL Program
44.2.2
Coding the Password Policy Plug-in
44.2.3
Debugging the Password Policy Plug-in
44.2.4
Contents of Sample PL/SQL Package pluginpkg.sql
45
Developing Plug-ins for the Oracle Internet Directory Server
45.1
Introduction to Developing Plug-ins for the Oracle Internet Directory Server
45.1.1
Passing Options to the JVM
45.1.2
Supported Languages for Server Plug-ins
45.1.3
Server Plug-in Prerequisites
45.1.4
Server Plug-in Benefits
45.1.5
Guidelines for Designing Plug-ins
45.1.6
The Server Plug-in Framework
45.1.7
LDAP Operations and Timings Supported by the Directory
45.1.7.1
Pre-Operation Server Plug-ins
45.1.7.2
Post-Operation Server Plug-ins
45.1.7.3
When-Operation Server Plug-ins
45.1.7.4
When_Replace-Operation Server Plug-ins
45.1.8
Using Plug-ins in a Replication Environment
45.2
Creating a Plug-in
45.3
Registering a Plug-in From the Command Line
45.3.1
Creating a Plug-in Configuration Entry
45.3.2
Adding a Plug-in Configuration Entry by Using Command-Line Tools
45.4
Managing Plug-ins by Using Oracle Directory Services Manager and Oracle Enterprise Manager Fusion Middleware Control
45.4.1
Creating a New Plug-in by Using Oracle Directory Services Manager
45.4.2
Registering a Plug-in by Using Oracle Directory Services Manager
45.4.3
Editing a Plug-in by Using Oracle Directory Services Manager
45.4.4
Deleting a Plug-in by Using Oracle Directory Services Manager
45.4.5
Managing JVM Options by Using Oracle Enterprise Manager Fusion Middleware Control
46
Configuring a Customized External Authentication Plug-in
46.1
Introduction to Configuring a Customized External Authentication Plug-in
46.2
Installing, Configuring, and Enabling the External Authentication Plug-in
46.3
Debugging the External Authentication Plug-in
46.4
Creating the PL/SQL Package oidexaup.sql
Part VII Appendixes
A
Differences Between 10
g
and 11
g
A.1
Instance Creation and Process Management
A.2
Locations of Configuration Attributes
A.3
Default Ports
A.4
Enabling Server Debugging
A.5
Command Line Tools
A.6
Path Names
A.7
Graphical User Interfaces
A.8
Audit
A.9
Referential Integrity
A.10
Server Chaining
A.11
Replication
A.12
Oracle Directory Integration Platform
A.13
Oracle Single Sign-On and Oracle Delegated Administration Services
A.14
Java Containers
B
Managing Oracle Internet Directory Instances by Using OIDCTL
B.1
Introduction to Managing Oracle Internet Directory by Using OIDCTL
B.2
Creating and Starting an Oracle Internet Directory Server Instance by Using OIDCTL
B.3
Stopping an Oracle Internet Directory Server Instance by Using OIDCTL
B.4
Starting an Oracle Internet Directory Server Instance by Using OIDCTL
B.5
Viewing Status Information by Using OIDCTL
B.6
Deleting an Oracle Internet Directory Server Instance by Using OIDCTL
C
Setting Up Oracle Database Advanced Replication-Based Replication
C.1
Introduction to Setting up Oracle Database Advanced Replication-Based Replication
C.1.1
Database Version Compatibility
C.1.2
Advanced Replication Filtering for Partial Replication
C.1.2.1
Excluded Naming Contexts
C.1.2.2
Rules for Advanced Replication Filtering.
C.2
Setting Up Advanced Replication-Based Replication
C.2.1
Rules for Setting Up Advanced Replication
C.2.2
Setting Up an Advanced Replication-Based Multimaster Replication Group
C.2.2.1
Task 1: Install Oracle Internet Directory on the Master Definition Site (MDS)
C.2.2.2
Task 2: Install the Oracle Internet Directory on the Remote Master Sites (RMS)
C.2.2.3
Task 3: Set Up Advanced Replication for a Directory Replication Group
C.2.2.4
Task 4 (Optional): Load Data into the Directory
C.2.2.5
Task 5: Ensure that Oracle Directory Server Instances are Started on All the Nodes
C.2.2.6
Task 6: Start the Replication Servers on All Nodes in the DRG
C.2.2.7
Task 7: Test Directory Replication
C.2.3
Adding a Node for Advanced Replication-Based Multimaster Replication
C.2.3.1
Prepare the Oracle Net Services Environment
C.2.3.2
Task 1: Stop the Directory Replication Server on All Nodes
C.2.3.3
Task 2: Identify a Sponsor Node and Install Oracle Internet Directory
C.2.3.4
Task 3: Switch the Sponsor Node to Read-Only Mode
C.2.3.5
Task 4: Back up the Sponsor Node by Using ldifwrite
C.2.3.6
Task 5: Perform Advanced Replication Add Node Setup
C.2.3.7
Task 6: Switch the Sponsor Node to Updatable Mode
C.2.3.8
Task 7: Start the Directory Replication Server on All Nodes Except the New Node
C.2.3.9
Task 8: Load Data into the New Node by Using bulkload
C.2.3.10
Task 9: Start the Directory Server on the New Node
C.2.3.11
Task 10: Start the Directory Replication Server on the New Node
C.2.4
Deleting a Node from a Multimaster Replication Group
C.2.4.1
Task 1: Stop the Directory Replication Server on All Nodes
C.2.4.2
Task 2: Stop All Oracle Internet Directory Processes in the Node to be Deleted
C.2.4.3
Task 3: Delete the Node from the Master Definition Site
C.2.4.4
Task 4: Start the Directory Replication Server on All Nodes
D
How Replication Works
D.1
Features of Oracle Database Advanced Replication-Based Replication
D.2
Architecture for Oracle Database Advanced Replication-Based Replication
D.3
Architecture of LDAP-Based Replication
D.4
LDAP Replica States
D.5
The Replication Process
D.5.1
How the Multimaster Replication Process Adds a New Entry to a Consumer
D.5.2
How the Multimaster Replication Process Deletes an Entry
D.5.3
How the Multimaster Replication Process Modifies an Entry
D.5.4
How the Multimaster Replication Process Modifies a Relative Distinguished Name
D.5.5
How the Multimaster Replication Process Modifies a Distinguished Name
E
Java Server Plug-in Developer's Reference
E.1
Advantages of Java Plug-ins
E.2
Setting Up a Java Plug-in
E.3
Java Plug-in API
E.3.1
Communication Between the Server and Plug-in
E.3.2
Java Plug-in Structure
E.3.3
PluginDetail
E.3.3.1
Server
E.3.3.2
LdapBaseEntry
E.3.3.3
LdapOperation
E.3.3.4
PluginFlexfield
E.3.4
PluginResult
E.3.5
ServerPlugin Interface
E.3.5.1
ServerPlugin Methods for Ldapbind
E.3.5.2
ServerPlugin Methods for Ldapcompare
E.3.5.3
ServerPlugin Methods for Ldapadd
E.3.5.4
ServerPlugin Methods for Ldapmodify
E.3.5.5
ServerPlugin Methods for Ldapmoddn
E.3.5.6
ServerPlugin Methods for Ldapsearch
E.3.5.7
ServerPlugin Methods for Ldapdelete
E.4
Java Plug-in Error and Exception Handling
E.4.1
Run-time Exception Example
E.4.2
Run-time Error Example
E.4.3
PluginException Example
E.5
Java Plug-in Debugging and Logging
E.6
Java Plug-in Examples
E.6.1
Example 1: Password Validation Plug-in
E.6.1.1
Password Validation Plug-in Configuration Entry
E.6.1.2
Password Validation Plug-in Code Example
E.6.2
Example 2: External Authentication Plug-in for Active Directory
E.6.2.1
External Authentication Plug-in Configuration Entry
E.6.2.2
External Authentication Plug-in Code
F
PL/SQL Server Plug-in Developer's Reference
F.1
Designing, Creating, and Using PL/SQL Server Plug-ins
F.1.1
PL/SQLPlug-in Caveats
F.1.1.1
Types of PL/SQL Plug-in Operations
F.1.1.2
Naming PL/SQL Plug-ins
F.1.2
Creating PL/SQLPlug-ins
F.1.2.1
Package Specifications for Plug-in Module Interfaces
F.1.3
Compiling PL/SQLPlug-ins
F.1.3.1
Dependencies
F.1.3.2
Recompiling Plug-ins
F.1.4
Managing PL/SQL Plug-ins
F.1.4.1
Modifying Plug-ins
F.1.4.2
Debugging Plug-ins
F.1.5
Enabling and Disabling PL/SQL Plug-ins
F.1.6
Exception Handling in a PL/SQL Plug-in
F.1.6.1
Error Handling
F.1.6.2
Program Control Handling between Oracle Internet Directory and Plug-ins
F.1.7
PL/SQL Plug-in LDAP API
F.1.8
PL/SQL Plug-in and Database Tools
F.1.9
PL/SQL Plug-in Security
F.1.10
PL/SQL Plug-in Debugging
F.1.11
PL/SQL Plug-in LDAP API Specifications
F.1.12
Database Limitations
F.2
Examples of PL/SQL Plug-ins
F.2.1
Example 1: Search Query Logging
F.2.2
Example 2: Synchronizing Two DITs
F.3
Binary Support in the PL/SQLPlug-in Framework
F.3.1
Binary Operations with ldapmodify
F.3.2
Binary Operations with ldapadd
F.3.3
Binary Operations with ldapcompare
F.4
Database Object Types Defined
F.5
Specifications for PL/SQL Plug-in Procedures
G
The LDAP Filter Definition
H
The Access Control Directive Format
H.1
Schema for orclACI
H.2
Schema for orclEntryLevelACI
I
Globalization Support in the Directory
I.1
About Character Sets and the Directory
I.1.1
About Unicode
I.1.2
About Oracle and UTF-8
I.1.3
Migration from UTF8 to AL32UTF8 when Upgrading Oracle Internet Directory
I.2
The NLS_LANG Environment Variable
I.3
Using Non-AL32UTF8 Databases
I.4
Using Globalization Support with LDIF Files
I.4.1
An LDIF file Containing Only ASCII Strings
I.4.2
An LDIF file Containing UTF-8 Encoded Strings
I.4.2.1
CASE 1: Native Strings (Non-UTF-8)
I.4.2.2
CASE 2: UTF-8 Strings
I.4.2.3
CASE 3: BASE64 Encoded UTF-8 Strings
I.4.2.4
CASE 4: BASE64 Encoded Native Strings
I.5
Using Globalization Support with Command-Line LDAP Tools
I.5.1
Specifying the -E Argument When Using Each Tool
I.5.2
Examples: Using the -E Argument with Command-Line LDAP Tools
I.6
Setting NLS_LANG in the Client Environment
I.7
Using Globalization Support with Bulk Tools
I.7.1
Using Globalization Support with bulkload
I.7.2
Using Globalization Support with ldifwrite
I.7.3
Using Globalization Support with bulkdelete
I.7.4
Using Globalization Support with bulkmodify
J
Setting up Access Controls for Creation and Search Bases for Users and Groups
J.1
Setting up Access Controls for the User Search Base and the User Creation Base
J.2
Setting up Access Controls for the Group Search Base and the Group Creation Base
K
Searching the Directory for User Certificates
K.1
Certificate Mapping
K.2
Search Types
L
Adding a Directory Node by Using the Database Copy Procedure
L.1
Definitions
L.2
Prerequisites
L.3
Sponsor Directory Site Environment
L.4
New Directory Site Environment
L.5
Addition of a Directory Node
M
Oracle Authentication Services for Operating Systems
N
RFCs Supported by Oracle Internet Directory
O
Managing Oracle Directory Services Manager's Java Key Store
O.1
Introduction to Managing ODSM's Java Key Store
O.2
Retrieving ODSM's Java Key Store Password
O.2.1
Using Enterprise Manager Fusion Middleware Control
O.2.2
Using a Python Script
O.3
Listing the Contents of odsm.cer Java Key Store
O.4
Deleting Expired Certificates
O.4.1
Determining the Expiration Date of a Certificate
O.4.2
Deleting a Certificate
P
Starting and Stopping the Oracle Stack
P.1
Starting the Stack
P.2
Stopping the Stack
Q
Performing a Rolling Upgrade
Q.1
Prerequisites for Rolling Upgrade
Q.2
Rolling Upgrade Instructions
Q.3
Rolling Upgrade Example
R
Using the Oracle Internet Directory VM Template
R.1
Installing Operating System, Oracle Database, and Oracle Internet Directory
R.2
Installing Oracle Internet Directory Template with an Existing Oracle VM that has Oracle Database
R.3
Registering Oracle Internet Directory for Oracle Enterprise Manager Fusion Middleware Control and ODSM Management
R.4
Using the Oracle Internet Directory OVM image in a Non-OVM Environment
R.5
Default Values
S
Troubleshooting Oracle Internet Directory
S.1
Problems and Solutions
S.1.1
Installation Errors
S.1.2
Oracle Database Server Errors
S.1.2.1
Oracle Database Server Connection is Down
S.1.2.2
Oracle Database Server Error Due to Interrupted Client Connection
S.1.2.3
Oracle Database Server Error Due to Schema Modifications
S.1.3
Directory Server Error Messages and Causes
S.1.3.1
Inappropriate Authentication Error
S.1.3.2
Constraint Violation Error Due to Editing a User or Group or Creating a Realm
S.1.3.3
Standard Error Messages Returned from Oracle Directory Server
S.1.3.4
Additional Directory Server Error Messages
S.1.4
Getting a Core Dump and Stack Trace When Oracle Internet Directory Crashes
S.1.5
TCP/IP Problems
S.1.5.1
Do Not Use TCP-Based Monitoring of Server Availability on Windows 2003 Server
S.1.5.2
Do Not Install DaimondCS Port Explorer
S.1.6
Troubleshooting Password Policies
S.1.6.1
Password Policy is Not Enforced
S.1.6.2
Password Policy Error Messages
S.1.7
Troubleshooting Directory Performance
S.1.7.1
Poor LDAP Search Performance
S.1.7.2
Poor LDAP Add or Modify Performance
S.1.7.3
Poor Oracle Database Server Performance
S.1.8
Troubleshooting Port Configuration
S.1.9
Troubleshooting Creating Oracle Internet Directory Component with opmnctl
S.1.10
Troubleshooting Starting Oracle Internet Directory
S.1.10.1
Oracle Internet Directory is Down
S.1.10.2
Oracle Internet Directory is Read-Only
S.1.11
Troubleshooting Starting, Stopping, and Restarting of the Directory Server
S.1.11.1
About the Tools for Starting, Stopping, and Restarting the Directory Server Instance
S.1.11.2
Problems Starting, Stopping, and Restarting the Directory Server
S.1.12
Troubleshooting Oracle Internet Directory Replication
S.1.12.1
Replication Server Does Not Start
S.1.12.2
Repository Creation Assistant Error
S.1.12.3
Errors in Replication Bootstrap
S.1.12.4
Changes Are Not Replicated
S.1.12.5
Replication Stops Working
S.1.13
Troubleshooting Change Log Garbage Collection
S.1.14
Troubleshooting Dynamic Password Verifiers
S.1.15
Troubleshooting Oracle Internet Directory Password Wallets
S.1.15.1
Oracle Internet Directory Server Does Not Start
S.1.15.2
Password Not Synchronized
S.1.16
Troubleshooting bulkload
S.1.17
Troubleshooting bulkdelete, bulkmodify, and ldifwrite
S.1.18
Troubleshooting catalog
S.1.19
Troubleshooting remtool
S.1.20
Troubleshooting Server Chaining
S.1.21
Viewing Version Information
S.1.22
Troubleshooting Fusion Middleware Control and WLST
S.1.23
Troubleshooting Oracle Directory Services Manager
S.1.23.1
Cannot Invoke ODSM from Fusion Middleware Control
S.1.23.2
Cannot Invoke ODSM from Fusion Middleware Control in Multiple NIC and DHCP Enabled Environment
S.1.23.3
Various Failover Issues
S.1.23.4
ODSM Displays an Error Message
S.1.23.5
Cursor Loses Focus
S.1.24
Performance Tuning When Oracle Internet Directory is the Policy Store
S.2
Need More Help?
Index
Scripting on this page enhances content navigation, but does not change the content in any way.