This preface introduces the new and changed features of Oracle Unified Directory and Oracle Directory Services Manager (ODSM) since the previous release, and provides pointers to additional information. The information includes the following sections:
What's New in Oracle Unified Directory 11g Release 2 PS1 (11.1.2.1.0)
What's New in Oracle Unified Directory 11g Release 2 (11.1.2)
This section provides a concise summary of the new features in this release, and contains the following topics:
What's New in Oracle Unified Directory 11g Release 2 PS1 (11.1.2.1.0)
What's New in Oracle Directory Services Manager 11g Release 2 PS1 (11.1.2.1.0)
This section provides a concise summary of the new features in this release of Oracle Unified Directory, and covers the following topics:
Oracle Unified Directory now supports macro expressions to represent a DN in the target section of the ACI, in the bind rule section, or in both.
For more information, see Section 8.6, "Using Macro ACIs for Advanced Access Control."
nsuniqueid
Virtual AttributeOracle Unified Directory introduces nsuniqueid
operational virtual attribute that is assigned to each entry in the directory server to resolve naming conflicts while migrating legacy applications using Oracle Directory Server Enterprise Edition as an LDAP database to Oracle Unified Directory.
For more information, see Section 17.10, "Configuring Virtual Attributes."
You can now configure criticality at the workflow level by setting the criticality flag.
For more information, see Section 15.1.4.6, "Configuring Criticality in Workflows."
Oracle Unified Directory enables you to log administration operations into a separate log file that provides logging information associated with administration traffic.
For more information, see Section 29.3.3, "Logging Operations to Access Log Publishers."
Oracle Unified Directory supports transformation through creation of an instance of workflow element.
For more information, see Section 11.6, "Understanding the Transformation Framework."
Oracle Unified Directory provides additional properties, ecl-include-del-only
and ecl-blacklist
to configure attributes for external change log (ECL).
For more information, see Section 26.5.5, "Specifying the Attributes to be Included in the External Change Log" and Section 26.5.6, "Specifying the Attributes to be Excluded in the External Change Log."
Oracle Unified Directory supports the following external directories:
Microsoft Active Directory
Novell eDirectory
Oracle Directory Server Enterprise Edition
For more information, see Section 25.4, "Integrating with Enterprise User Security and an External LDAP Directory."
Oracle Unified Directory allows you to relocate Root DSE, which is a special entry that provides information about the server's name, version, naming contexts, and supported features.
For more information, see Section 14.1.6.5, "Relocating the Root DSE Entry for a Network Group."
Oracle Unified Directory enables you to rename or replace RDN values from the source directory to Oracle Unified Directory using the RDNChanging
configuration.
For more information, see Section 11.5, "RDN Changing."
Oracle Unified Directory supports Directory plug-in API as a means to extend the existing Directory Server functionality.
For more information, see Oracle® Fusion Middleware Developer's Guide for Oracle Unified Directory.
This section provides a summary of the new features in this release of Oracle Directory Services Manager (ODSM), and covers the following topics:
You can install and configure IBM WebSphere Application Server - Network Deployment (ND) to work with Oracle Unified Directory. This is possible only if you are already managing Oracle Unified Directory using the graphical Oracle Directory Service Manager interface. For more information, see "Configuring IBM WebSphere for Oracle Directory Services Manager" in the Oracle Fusion Middleware Installation Guide for Oracle Unified Directory.
ODSM supports a new parameter to log administration operations in the access logs.
For more information, see Section 29.3.3.2, "Configuring Logged Operations in Access Log Publishers Using ODSM."
ODSM supports macro expressions to represent a DN in the target section of the ACI, in the bind rule section, or in both.
For more information, see Section 22.4, "Managing Macro ACIs With Oracle Directory Services Manager."
ODSM supports a new parameter, the criticality flag to configure workflows.
For more information, see Section 15.2.3, "Configuring Criticality in Workflows With ODSM."
ODSM allows you to configure virtual attributes.
For more information, see Section 17.14, "Managing Virtual Attributes With Oracle Directory Services Manager."
ODSM allows you to define transformations through the creation of transformation workflow element.
For more information, see Section 15.2.4, "Configuring Transformations With ODSM."
ODSM now allows you to create the following workflow elements:
Kerberos Authentication Provider Workflow Element
RDN Changing Workflow Element
Transformations Workflow Element
For more information, see Section 14.2.4, "Configuring Workflow Elements With ODSM."
ODSM supports the ability to configure Enterprise User Security.
For more information, see Section 14.2.7, "Configuring Network Groups With ODSM."
ODSM allows you to configure the RDN Changing workflow element.
For more information, see Section 14.2.4, "Configuring Workflow Elements With ODSM."
This section provides a concise summary of the new features in this release, and contains the following topics:
What's New in Oracle Unified Directory 11g Release 2 (11.1.2)
What's New in Oracle Directory Services Manager 11g Release 2 (11.1.2)
This section provides a concise summary of the new features in this release of Oracle Unified Directory, and covers the following topics:
It is imperative to define the order in which identity mappers are evaluated in the network group to avoid conflicts. You can now define priorities for the conflicting identity mappers.
For more information, see Section 12.6, "Ordering Identity Mappers."
When a server is unable to handle a client's request, it sends a list of referrals to the client, which point the client to other servers in the topology. The client then performs the operation again on one of the remote servers in the referral list.
For more information, see Section 17.13, "Configuring Referrals."
You can now configure proxy LDAP workflow elements with two additional parameters, such as the never-bind
parameter, use-proxy-auth
parameter, and the include and exclude lists to tweak the behavior of the server.
For more information, see Section 15.1.2, "Configuring the Bind Mode."
Oracle Unified Directory now supports Active Directory range retrieval by providing support for Microsoft Active Directory paging.
For more information, see Section 15.1.8, "Configuring Microsoft Active Directory Paging."
Oracle Unified Directory now implements criticality configuration, which permits the Oracle Unified Directory proxy server to return partial data to a client if a search operation fails, due to a host error.
For more information, see Section 15.1.4.7, "Configuring Criticality in Workflow Elements."
Integrating Oracle Unified Directory with EUS enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.
In this release, support for EUS is limited to password authentication (certificate authentication and integration with Kerberos are not supported at this stage).
For more information, see Chapter 25, "Integrating With Oracle's Enterprise User Security."
Social networking applications are now supported with two new controls, the Join control and the Proximity control.
For more information, see Section 17.5.3.2, "Searching Using the Join Search Control" and Section 17.5.3.3, "Searching Using the Proximity Search Control."
The External Change Log (ECL) functionality allows you to publish all changes that have occurred in a directory server database and is particularly useful for synchronizing the LDAP directory with other subsystems.
You now have a user-friendly CLI to configure external changelog using the dsreplication
command.
For more information, see Section 26.5, "Using the External Change Log."
You can now install, configure, customize, and validate Oracle Unified Directory in a test environment. Once the system performs as expected, you can create the production environment by moving a copy of the server and its configuration from the test environment, instead of redoing all the changes that were incorporated into the test environment.
For more information, see Chapter 28, "Moving From a Test to a Production Environment."
Some commands had an option where the password was provided in a clear text format on the CLI. This resulted in security exposure, because one could retrieve the password using the ps
command on a UNIX machine.
The clear text format is deprecated now and the commands are modified to use the file-based option to store the password by introducing the following option:
-j, --bindPasswordFile
For more information, see Appendix A, "Oracle Unified Directory Command Line Interface."
Oracle Unified Directory allows you to configure ADS trust store pin to determine whether to trust a certificate that is presented to it.
For more information, see Section 20.3, "Configuring Trust Manager Providers."
This section provides a concise summary of the new features in this release of Oracle Directory Services Manager (ODSM), and covers the following topics:
ODSM enables you to create and configure suffixes to work with Oracle Enterprise User Security (EUS).
For more information, see Section 14.2.3, "Configuring Suffixes With ODSM."
ODSM now provides a new user interface (UI) to configure root users.
For more information, see Section 19.2.2, "Configuring Root Users by Using ODSM."
You can now configure key manager providers and trust manager providers by using ODSM.
For more information, see Section 20.2.6, "Configuring Key Managers With ODSM" and Section 20.3.5, "Configuring Trust Managers With ODSM".
ODSM now implements an auto-suggest feature in different tabs that helps streamline configuration and operations.
For more information, see Section 17.15, "Managing Data With Oracle Directory Services Manager."
OSDM now enables you to create dynamic groups whose membership is determined by search criteria using an LDAP URL.
For more information, see Section 19.3.2, "Defining Dynamic Groups."
ODSM enables you to create virtual static groups, where each entry behaves like a static group entry by using virtual attributes.
For more information, see Section 19.3.4, "Defining Nested Groups."
The default view of the configuration tree in the Configuration tab has been simplified to provide a user-friendly view of the naming context (or suffix) configuration. In addition, presence of a contextual menu to launch all the relevant operations for a selected node simplifies user interaction.
For more information, see Section 14.2, "Managing the Server Configuration With Oracle Directory Services Manager."