Understanding the Directory Information Tree

3.2.1 Understanding the Directory Information Tree

Directory servers store information in a hierarchical namespace structure called a directory information tree (DIT). Each node in the tree is called an entry. Oracle Net Services uses both the tree structure and specific entries in the tree. DITs are commonly aligned with an existing domain structure such as a Domain Name System (DNS) structure or a geographic and organization structure.

The following figure shows a DIT structured according to DNS domain components.

Figure 3-2 DNS Domain Component DIT

Description of "Figure 3-2 DNS Domain Component DIT"

The following figure shows a DIT structured according to country, organization, and organizational units. This structure is commonly referred to as an X.500 DIT.

Figure 3-3 X.500 DIT

Description of "Figure 3-3 X.500 DIT"

For example, consider Figure 3-4. The cn=sales and cn=db1 entries represent a network service name and a database service, respectively. Additional entries under cn=sales and cn=db1 contain the connect descriptor information. These entries are not represented in the graphic. The cn=sales and cn=db1 entries enable clients to connect to the database using connect strings CONNECT username@sales and CONNECT username@db1.

Figure 3-4 Database Service and Net Service Entries in a DIT

Description of "Figure 3-4 Database Service and Net Service Entries in a DIT"

Each entry is uniquely identified by a distinguished name (DN). The DN indicates exactly where the entry resides in the directory server hierarchy. The DN for db1 is dn:cn=db1,cn=OracleContext,dc=jp,dc=example,dc=com. The DN for sales is dn:cn=sales,cn=OracleContext,dc=jp,dc=example,dc=com. The format of a DN places the lowest component of the DIT to the left, then moves progressively up the DIT.

Each DN is made up of a sequence of relative distinguished names (RDNs). The RDN consists of an attribute, such as cn, and a value, such as db1 or sales. The RDN for db1 is cn=db1, and the RDN for sales is cn=sales. The attribute and its value uniquely identify the entry.

Fully-Qualified Names for Domain Component Namespaces
Fully-Qualified Names for X.500 Namespaces
Using the Relative Name of an Entry
If a client is configured with a default realm Oracle Context, then an entry can be identified by its relative name, and the service can be referred to by its common name. A relative name can be used if the entry is in the same Oracle Context that is configured to be the default Oracle Context for the client's Oracle home.
Using the Fully-Qualified Name of an Entry

Parent topic: Using a Directory Server for Centralized Management

3.2.1.1 Fully-Qualified Names for Domain Component Namespaces

For domain component namespaces, the default directory entry defined for the client must be in one of the following formats:

dc[,dc][...]
ou,dc[,dc][...]

In the preceding syntax, [dc] represents an optional domain component, [...] represents additional domain component entries and ou represents the organizational unit entry.

The fully-qualified name used in the connect identifier by the client must be in one of the following formats:

cn.dc[.dc][...]
cn[.ou]@dc[.dc][...]

In the preceding syntax, [cn] represents the Oracle Net entry.

Example 3-1 Using a Fully-Qualified Name with an Organizational Unit

Consider a directory server that contains an entry for database object sales with a DN of cn=sales,cn=OracleContext,dc=jp,dc=example,dc=com. In this example, the client requires a connect identifier of sales.jp.example.com.

Consider a similar entry that contains database object sales with a DN of cn=sales,cn=OracleContext,ou=mktg,dc=jp,dc=example,dc=com.

Because domain components must be separated from organization units, the client must use the format cn.ou@dc.dc.dc. The client requires the connect identifier to be sales.mktg@jp.example.com.

Figure 3-5 illustrates the preceding example.

Figure 3-5 Fully-Qualified Name for Domain Component Namespaces

Description of "Figure 3-5 Fully-Qualified Name for Domain Component Namespaces"

Parent topic: Understanding the Directory Information Tree

3.2.1.2 Fully-Qualified Names for X.500 Namespaces

For X.500 namespaces, the default directory entry defined for the client must be in one of the following formats:

[ou],o
[ou],o,c

In the preceding formats, [ou] represents an optional organizational unit name, o represents the organization, and c represents the country.

The fully-qualified name the client uses as the connect identifier must be in one of the following formats:

cn[.ou].o
cn[.ou].o.c

In the preceding formats, cn represents the Oracle Net entry.

For example, if the directory contains database object sales with a DN of cn=sales,cn=OracleContext,ou=mktg,o=example,c=jp, then the client requires a connect identifier of sales.mktg.example.jp. Figure 3-6 illustrates this example.

Figure 3-6 Fully-Qualified Name for X.500 Namespaces

Description of "Figure 3-6 Fully-Qualified Name for X.500 Namespaces"

Parent topic: Understanding the Directory Information Tree

3.2.1.3 Using the Relative Name of an Entry

If a client is configured with a default realm Oracle Context, then an entry can be identified by its relative name, and the service can be referred to by its common name. A relative name can be used if the entry is in the same Oracle Context that is configured to be the default Oracle Context for the client's Oracle home.

Consider a directory server that contains an entry for a database called sales with a DN of dn:cn=sales,cn=OracleContext,o=example,c=us, as shown in Figure 3-7. If the client is configured with a default realm Oracle Context of cn=OracleContext,o=example,c=us, then the connect identifier can be sales.

Figure 3-7 Relative Naming

Description of "Figure 3-7 Relative Naming"

Note:

The JDBC OCI Driver supports both full-qualified and relative naming. The JDBC Thin Driver supports fully-qualified naming only when the complete DN is used.

Related Topics

Oracle Database JDBC Developer’s Guide

Parent topic: Understanding the Directory Information Tree

3.2.1.4 Using the Fully-Qualified Name of an Entry

Consider the same directory structure as shown in Figure 3-7, but with the client's Oracle home configured with a default realm Oracle Context of cn=OracleContext,o=example,c=jp.

Because the client is configured with a default Oracle Context that does not match the location of sales in the directory server, a connect string that uses sales does not work. Instead, the client must specifically identify the location of sales, which can be done using one of the following ways:

The entry's complete DN can be used in the connect string, for example:
```
CONNECT username@"cn=sales,cn=OracleContext,o=example,c=us"
Enter password: password
```
JDBC Thin drivers support fully-qualified naming only when the complete DN is used. However, many applications do not support the use of a DN.
The entry can be referred to by a fully-qualified DNS-style name which is mapped by the Directory Naming adapter to the full x.500 DN of the database object in the LDAP directory, for example:
```
CONNECT username@sales.example.us
Enter password: password
```

Note:

JDBC OCI Drivers support fully-qualified naming. JDBC Thin Drivers support fully-qualified naming only when the complete DN is used. See the Oracle Database JDBC Developer's Guide for additional information.

Parent topic: Understanding the Directory Information Tree