A Sample of the Schema Extension File and the Seeding File
The Schema Extensions file (99-user.ldif
) extends the OUD
schema with the Oracle Access Manager Object Classes and the Seeding file
(base.ldif
) seeds OUD with the Users and Groups required by Oracle
Access Manager and Oracle Identity Governance.
This appendix includes the following topics:
Sample of the Schema Extension File
Sample of the Schema Extension File: 99-user.ldif
dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
cn: schema
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.400 NAME 'obpasswordexpirydate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.4 NAME 'obgroupdynamicfilter' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.10 NAME 'obgroupsubscriptionfilter' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.176 NAME 'oblastloginattemptdate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.11 NAME 'obgroupsubscribemessage' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.16 NAME 'obgroupsimplifiedaccesscontrol' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.254 NAME 'obYetToBeAnsweredChallenge' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.7 NAME 'obgrouptype' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.13 NAME 'obgroupsubscribenotification' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.150 NAME 'obpasswordchangeflag' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.173 NAME 'oblockouttime' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.119 NAME 'obindirectmanager' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.42 NAME 'oblocationdn' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.250 NAME 'oblastfailedlogin' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.149 NAME 'obpasswordcreationdate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.78 NAME 'obphoto' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.200 NAME 'obresponsetimeout' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.5 NAME 'vGOSharedSecretDN' DESC 'v-GO Shared Secret' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.59 NAME 'obobjectclass' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.14 NAME 'obgroupunsubscribenotification' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.12 NAME 'obgroupunsubscribemessage' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.3 NAME 'vGOConfigData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.253 NAME 'obAnsweredChallenges' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.7 NAME 'vGODepartment' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.6 NAME 'obgroupcreationdate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.2.0.1 NAME 'obuseraccountcontrol' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.175 NAME 'obresponsetries' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.249 NAME 'oblastsuccessfullogin' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.2.0.2 NAME 'oboutofofficeindicator' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.15 NAME 'obgrouppuredynamic' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.7.0.50 NAME 'obsubscriptiontypes' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.1 NAME 'vGORoleDN' DESC 'v-GO Role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.103 NAME 'obuiconfig' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.43 NAME 'oblocationname' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.151 NAME 'obpasswordhistory' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.2 NAME 'vGOConfigType' DESC 'v-GO Config Type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.39 NAME 'obid' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.152 NAME 'obpasswordexpmail' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.83 NAME 'obpsftid' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.174 NAME 'obfirstlogin' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.1 NAME 'obdirectreports' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.44 NAME 'oblocationtitle' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.85 NAME 'obrectangle' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.4 NAME 'vGORoleName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.199 NAME 'oblastresponseattemptdate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.3 NAME 'obgroupcreator' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.9 NAME 'obgroupadministrator' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.106 NAME 'obver' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.265 NAME 'oblockedon' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.1 NAME 'obgroupsubscriptiontype' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.8 NAME 'obgroupexpandeddynamic' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.6 NAME 'vGOSecretData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.172 NAME 'oblogintrycount' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.76 NAME 'obparentlocationdn' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.8 NAME 'vGoLocatorAttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.13 NAME 'oblixorgperson' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obuiconfig $ oblocationdn $ obrectangle $ obpsftid $ obdirectreports $ obindirectmanager $ obuseraccountcontrol $ obobjectclass $ obver $ oboutofofficeindicator ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.3 NAME 'oblixlocation' DESC 'Oracle Access Manager defined objectclass' SUP top STRUCTURAL MUST ( obid ) MAY ( oblocationname $ oblocationtitle $ obphoto $ obparentlocationdn $ obrectangle $ obver ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.2 NAME 'vGOSecret' SUP top STRUCTURAL MAY ( vGOSecretData $ vGOSharedSecretDN $ cn $ o $ ou ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.1 NAME 'vGOConfig' SUP top STRUCTURAL MAY ( vGOConfigData $ vGOConfigType $ vGORoleDN $ cn $ o $ ou ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.21 NAME 'oblixPersonPwdPolicy' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obpasswordcreationdate $ obpasswordhistory $ obpasswordchangeflag $ obpasswordexpmail $ oblockouttime $ oblogintrycount $ obfirstlogin $ obresponsetries $ oblastloginattemptdate $ oblastresponseattemptdate $ obresponsetimeout $ oblastsuccessfullogin $ oblastfailedlogin $ obAnsweredChallenges $ obYetToBeAnsweredChallenge $ oblockedon ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.40 NAME 'OIMPersonPwdPolicy' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obpasswordexpirydate ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.4 NAME 'vGORole' SUP top STRUCTURAL MAY ( vGORoleName $ vGODepartment $ cn $ o $ ou ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.3 NAME 'vGOUserData' SUP top STRUCTURAL MAY ( vGOSecretData $ vGORoleDN $ cn $ o $ ou ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.5 NAME 'vGoLocatorClass' SUP top STRUCTURAL MUST (vGoLocatorAttribute $ cn) MAY ( o ) )
objectClasses: ( 1.3.6.1.4.1.3831.8.1.1 NAME 'oblixadvancedgroup' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obver $ obgroupsubscriptiontype $ obgroupexpandeddynamic $ obgrouppuredynamic $ obgroupadministrator $ obgroupsubscribemessage $ obgroupunsubscribemessage $ obgroupsubscriptionfilter $ obgroupsubscribenotification $ obgroupdynamicfilter $ obgroupsimplifiedaccesscontrol ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.24 NAME 'oblixAuxLocation' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( oblocationdn $ obrectangle ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.14 NAME 'oblixgroup' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obgroupcreator $ obgroupcreationdate $ obgrouptype $ obsubscriptiontypes ) )
Parent topic: Sample of the Schema Extension File and the Seeding File
Sample of the Seeding File
Sample of the Seeding File:
base.ldif
dn: <LDAP_SEARCHBASE>
objectClass: domain
objectClass: orclSubscriber
objectClass: top
dc: <REGION>
aci: (targetattr="*")(version 3.0; acl "Allow OIMAdminGroup add, read and write access to all attributes"; allow(add,read,search,compare,write,delete,import,export) groupdn="ldap:///cn=<LDAP_OIGADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>";)
dn: cn=OracleContext,<LDAP_SEARCHBASE>
cn: OracleContext
objectclass: top
objectclass: orclContext
objectclass: orclContextAux82
orclVersion: 90600
aci: (targetattr="*")(version 3.0; acl "OracleContext accessible by OracleContextAdmins"; allow (all) groupdn="ldap:///cn=OracleContextAdmins,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";)
dn: cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>
cn: Groups
objectclass: top
objectclass: orclContainer
dn: cn=OracleContextAdmins,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>
cn: OracleContextAdmins
uniquemember: <LDAP_ADMIN_USER>
objectclass: top
objectclass: groupofUniqueNames
objectclass: orclGroup
displayname: Oracle Context Administrators
description: Users who can administer all entities in this Oracle Context
dn: cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
cn: Products
objectclass: top
objectclass: orclContainer
dn: cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
cn: Common
orclCommonNickNameAttribute: uid
orclCommonApplicationGuidAttribute: orclGlobalID
orclCommonUserSearchBase:<LDAP_SEARCHBASE>
orclCommonGroupSearchBase:<LDAP_SEARCHBASE>
orclVersion: 90000
objectclass: top
objectclass: orclCommonAttributes
objectClass: orclCommonAttributesV2
orclUserObjectClasses: top
orclUserObjectClasses: person
orclUserObjectClasses: inetorgperson
orclUserObjectClasses: organizationalperson
orclUserObjectClasses: orcluser
orclUserObjectClasses: orcluserv2
orclcommonnamingattribute: cn
orclCommonGroupCreateBase: <LDAP_GROUP_SEARCHBASE>
orclCommonDefaultGroupCreateBase: <LDAP_GROUP_SEARCHBASE>
orclCommonKrbPrincipalAttribute: krbPrincipalName
orclCommonWindowsPrincipalAttribute: orclSAMAccountName
dn: cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
cn: pwdPolicies
objectclass: top
objectclass: orclContainer
dn: <LDAP_USER_SEARCHBASE>
objectClass: orclContainer
objectClass: top
cn: users
aci: (targetattr="obUserAccountControl||obLoginTryCount||obLockoutTime||oblastsuccessfullogin||oblastfailedlogin||obpasswordexpirydate||obver||obLastLoginAttemptDate||oblockedon||obpsftid") (version 3.0; acl "oam userWritePrivilegeGroup acl"; allow (search,read,compare,write) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>"; allow (search,read,compare) groupdn="ldap:///cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>"; allow (search,read,compare,write) groupdn="ldap:///cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="orclguid||modifytimestamp") (version 3.0; acl "orclguid acl";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read) userdn="ldap:///anyone";)
aci: (targetfilter="(objectclass=orcluser*)")(version 3.0; acl "add orcluser aci";allow(read,add) groupdn="ldap:///cn=oracledascreateuser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";)
aci: (targetattr="displayName||preferredlanguage||orcltimezone||orcldateofbirth||orclgender||orclwirelessaccountnumber||cn||uid||homephone||telephonenumber") (version 3.0; acl "useraccount acl";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";allow (read) userdn="ldap:///anyone";)
aci: (version 3.0; acl "read aci"; allow(read) groupdn="ldap:///cn=Common User Attributes,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(read groupdn="cn=PKIAdmins,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>");)
aci: (targetattr="*") (targetfilter="(objectclass=inetorgperson)") (version 3.0; acl "inetorgperson acl";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";allow (read) userdn="ldap:///anyone";)
aci: (targetattr="orclaccountstatusevent") (version 3.0; acl "orclaccountstatusevent acl";allow (write) groupdn="ldap:///cn=verifierServices,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";)
aci: (targetattr="orclAccessibilityMode||orclColorContrast||orclFontSize||orclNumberFormat||orclCurrency||orclDateFormat||orclTimeFormat||orclEmbeddedHelp||orclFALanguage||orclFATerritory||orclTimeZone||orclDisplayNameLanguagePreference||orclImpersonationGrantee||orclImpersonationGranter") (targetfilter="(objectclass=inetorgperson)") (version 3.0; acl "orclIDXPerson attributes acl";allow (search,read,compare,write) groupdn="ldap:///cn=orclFAUserWritePrefsPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>" ;)
aci: (targetattr!="orclpasswordverifier||orclpassword||authpassword||pwdhistory||orclpwdaccountunlock||orclaccountstatusevent")(version 3.0; acl "orclPwdPolicyAttributes acl";allow (search,read,compare) groupdn="ldap:///cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>" ;allow (search,read,compare,write) groupdn="ldap:///cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>" ;)
aci: (targetattr="mail") (version 3.0; acl "orclaccountstatusevent acl";allow (write) groupdn="ldap:///cn=EmailAdminsGroup,cn=EmailServerContainer,cn=Products,cn=OracleContext";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read) userdn="ldap:///anyone";)
aci: (targetattr="orclpasswordhintanswer") (version 3.0; acl "orclpasswordhintanswer acl";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";)
aci: (targetattr="orclpasswordhint") (version 3.0; acl "orclpasswordhint acl";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";allow (read,search,write,compare) groupdn="ldap:///cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";)
aci: (targetattr="userPassword") (targetfilter="(objectclass=inetorgperson)") (version 3.0; acl "userpassword acl";allow (read,search,write,compare) groupdn="ldap:///cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";allow (compare) groupdn="ldap:///cn=authenticationServices, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (compare) groupdn="ldap:///cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="authpassword||orclpasswordverifier||orclpassword") (version 3.0; acl "orclpassword acl";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>" ;allow (search, read, compare) groupdn="ldap:///cn=verifierServices,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (search,read,write,compare) userdn="ldap:///self";)
aci: (targetattr="usercertificate||usersmimecertificate") (version 3.0; acl "usercertificate acl";allow (read, search, write, compare) groupdn="ldap:///cn=PKIAdmins,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(read, search, compare) userdn="ldap:///self";allow (read, search, compare) userdn="ldap:///anyone";)
aci: (targetfilter="(|(objectclass=person)(objectclass=orclcontainer))")(version 3.0; acl "person and orclcontainer acl";allow(search,read,add) groupdn="ldap:///cn=oracledascreateuser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,delete) groupdn="ldap:///cn=oracledasdeleteuser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,write) groupdn="ldap:///cn=oracledasedituser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,proxy) groupdn="ldap:///cn=UserProxyPrivilege,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,proxy) userdn="ldap:///orclApplicationCommonName=DASApp,cn=DAS,cn=Products,cn=oraclecontext";allow(read,selfwrite) userdn="ldap:///self";allow(search,read) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read) groupdn="ldap:///cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,write,add,delete) groupdn="ldap:///cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="orclisenabled") (version 3.0; acl "orclisenabled acl";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasaccountadmingroup, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read) userdn="ldap:///anyone";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read) userdn="ldap:///anyone";)
aci: (targetattr = "*")(targetfilter= "(objectclass=inetorgperson)")(targetscope = "subtree") (version 3.0; acl "iam admin changepwd"; allow (compare,search,read,selfwrite,add,write,delete) userdn = "ldap:///cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>";)
dn: <LDAP_GROUP_SEARCHBASE>
objectClass: orclContainer
objectClass: top
cn: groups
aci: (version 3.0; acl "fa acl";allow(search,read) groupdn="ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,add,delete) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetfilter="(&(objectclass=orclgroup)(!(orclisvisible=false)))")(version 3.0; acl "visible orclgroup acl";allow(read,search,add) groupdn="ldap:///cn=oracledascreategroup,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(read,search,delete) groupdn="ldap:///cn=oracledasdeletegroup,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(read,search,write) groupdn="ldap:///cn=oracledaseditgroup, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,add,delete) userattr="owner#USERDN";allow(search,read,add,delete) userattr="owner#GROUPDN";allow(search,read) groupdn="ldap:///cn=Common Group Attributes,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,add,delete) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (version 3.0; acl "orclgroup read acl";allow(search,read) groupdn="ldap:///cn=Common Group Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>" ;)
aci: (targetattr="*") (targetfilter="(&(objectclass=orclgroup)(!(orclisvisible=false)))")(version 3.0; acl "attrs for visible orclcontainer acl";allow(search,read,write,compare) userattr="owner#USERDN";allow(search,read,write,compare) userattr="owner#GROUPDN";allow(search,read,write,compare) groupdn="ldap:///cn=oracledaseditgroup,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE> || ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,compare) groupdn="ldap:///cn=Common Group Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE> || ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetfilter="(&(objectclass=orclgroup)(orclisvisible=false))")(version 3.0; acl "visible orclgroup acl";allow(search,read,add,delete) userattr="owner#USERDN";allow(search,read,add,delete) userattr="owner#GROUPDN";allow(search,read) groupdn="ldap:///cn=Common Group Attributes,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE> || ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,add,delete) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetfilter="(objectclass=orclcontainer)")(version 3.0; acl "orclcontainer add acl";allow(search,read,add) groupdn="ldap:///cn=IASAdmins,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>" ;)
aci: (targetattr="*")(version 3.0; acl "attr fa acl";allow(search,read,compare) groupdn="ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,compare,write) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetfilter="(objectclass=orclgroup*)")(version 3.0; acl "orclgroup add acl";allow(search,read,add) groupdn="ldap:///cn=oracledascreategroup,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>" ;)
aci: (targetattr="mail") (targetfilter="(objectclass=orclgroup)")(version 3.0; acl "mail attr for orclcontainer acl";allow(search,read,write,compare) userattr="owner#USERDN";allow(search,read,write,compare) userattr="owner#GROUPDN";allow(search,read,compare) groupdn="ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE> || ldap:///cn=Common Group Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,compare,write) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE> || ldap:///cn=EmailAdminsGroup,cn=EMailServerContainer,cn=Products,cn=OracleContext";)
aci: (targetattr="*") (targetfilter="(&(objectclass=orclgroup)(orclisvisible=false))")(version 3.0; acl "attrs for non visible orclcontainer acl";allow(search,read,write,compare) userattr="owner#USERDN";allow(search,read,write,compare) userattr="owner#GROUPDN";allow(search,read, compare) groupdn="ldap:///cn=Common Group Attributes,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE> || ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,compare,write) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
dn: cn=FAPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
pwdfailurecountinterval: 0
pwdlockoutduration: 86400
objectclass: top
objectclass: pwdpolicy
objectclass: ldapSubentry
pwdmaxfailure: 10
pwdminlength: 5
cn: FAPolicy
pwdlockout: true
pwdCheckQuality: 1
pwdGraceAuthNLimit: 5
pwdexpirewarning: 604800
pwdmaxage: 0
#displayname: Password Policy for Fusion Apps
pwdAttribute: userPassword
dn: cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAUserReadPrivilegeGroup
uniquemember: cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
dn: cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAUserWritePrivilegeGroup
dn: cn=orclFAUserWritePrefsPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAUserWritePrefsPrivilegeGroup
dn: cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAGroupReadPrivilegeGroup
uniquemember: cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
dn: cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAGroupWritePrivilegeGroup
dn: cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
objectClass: orclContainer
objectClass: top
cn: <LDAP_SYSTEMIDS>
ds-pwp-password-policy-dn: cn=SystemIDPolicy,cn=pwdPolicies,cn=common,cn=products,cn=OracleContext,<LDAP_SEARCHBASE>
dn: cn=<LDAP_WLSADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>
objectClass: orclGroup
objectClass: groupOfUniqueNames
objectClass: orclIDXGroup
objectClass: top
description: WLS Administrators Group for the IDM Domain in LDAP
displayName: WLS Administrators
cn: <LDAP_WLSADMIN_GRP>
uniquemember: cn=<LDAP_OAMADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>
uniquemember: cn=<LDAP_WLSADMIN_USER>,<LDAP_USER_SEARCHBASE>
uniquemember: cn=<LDAP_XELSYSADM_USER>,<LDAP_USER_SEARCHBASE>
dn: cn=<LDAP_WLSADMIN_USER>,<LDAP_USER_SEARCHBASE>
objectClass: orclUserV2
objectClass: person
objectClass: oblixorgperson
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: inetOrgPerson
objectClass: orclAppIDUser
objectClass: orclUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
givenName: <LDAP_WLSADMIN_USER>
obpasswordchangeflag: false
uid: <LDAP_WLSADMIN_USER>
orclIsEnabled: ENABLED
sn: <LDAP_WLSADMIN_USER>
userPassword: <PASSWORD>
mail: <LDAP_WLSADMIN_USER>@company.com
orclSAMAccountName: <LDAP_WLSADMIN_USER>
obpasswordexpirydate: <OUD_PWD_EXPIRY>T00:00:00Z
cn: <LDAP_WLSADMIN_USER>
oblogintrycount: 0
dn: cn=OblixAnonymous,<LDAP_SEARCHBASE>
objectClass: orcluserV2
objectClass: oblixOrgPerson
objectClass: person
objectClass: oblixPersonPwdPolicy
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: orcluser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
userPassword: <PASSWORD>
mail: OblixAnonymous@company.com
givenName: OblixAnonymous
orclSAMAccountName: OblixAnonymous
description: Anonymous user used by OAM
uid: OblixAnonymous
sn: OblixAnonymous
cn: OblixAnonymous
dn: cn=<LDAP_OAMADMIN_USER>,<LDAP_USER_SEARCHBASE>
objectClass: orclUserV2
objectClass: oblixorgperson
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: orclAppIDUser
objectClass: orclUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
givenName: <LDAP_OAMADMIN_USER>
uid: <LDAP_OAMADMIN_USER>
orclIsEnabled: ENABLED
sn: <LDAP_OAMADMIN_USER>
userPassword: <PASSWORD>
mail: <LDAP_OAMADMIN_USER>@company.com
orclSAMAccountName: <LDAP_OAMADMIN_USER>
cn: <LDAP_OAMADMIN_USER>
obpasswordchangeflag: false
obpasswordexpirydate: <OUD_PWD_EXPIRY>T00:00:00Z
ds-pwp-password-policy-dn: cn=FAPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
dn: cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
objectClass: orclUserV2
objectClass: oblixorgperson
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: orclAppIDUser
objectClass: orclUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
userPassword: <PASSWORD>
mail: oamLDAP@company.com
givenName: oamLDAP
orclSAMAccountName: oamLDAP
uid: oamLDAP
sn: oamLDAP
cn: oamLDAP
ds-privilege-name: password-reset
ds-pwp-password-policy-dn: cn=FAPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
dn: cn=<LDAP_OAMADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: <LDAP_OAMADMIN_GRP>
uniqueMember: cn=<LDAP_OAMADMIN_USER>,<LDAP_USER_SEARCHBASE>
dn: cn=OTPRestUserGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: top
objectClass: orclgroup
objectClass: groupofuniquenames
cn: OTPRestUserGroup
description: Forgotten Password Admin group
displayName: OTPRestUserGroup
uniquemember: cn=<LDAP_OAMADMIN_USER>,<LDAP_USER_SEARCHBASE>
dn: cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: orclGroup
objectClass: groupOfUniqueNames
objectClass: orclIDXGroup
objectClass: top
description: This is the role granted to have write permission on some User Attributes
displayName: OAM User Modify Role
cn: orclFAOAMUserWritePrivilegeGroup
uniquemember: cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
dn: ou=CO,<LDAP_SEARCHBASE>
objectClass: organizationalUnit
objectClass: top
ou: CO
aci: (targetfilter="(objectclass=*)")(version 3.0; acl "oam userWritePrivilegeGroup entry acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="*")(version 3.0; acl "<DenySSORead ACI>"; deny (read,search) (userdn!="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<AllowSSORead ACI>"; allow (read,search) (userdn="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "oam userWritePrivilegeGroup attribute acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
dn: ou=People,<LDAP_SEARCHBASE>
objectClass: organizationalUnit
objectClass: top
ou: People
aci: (targetattr="*")(version 3.0; acl "<AllowSSOAll ACI>"; allow (all) (userdn="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<DenySSORead ACI>"; deny (read,search) (userdn != "ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<AllowSSORead ACI>"; allow (read,search) (userdn="ldap:///all");)
dn: ou=vgoLocator,<LDAP_SEARCHBASE>
objectClass: organizationalUnit
objectClass: top
ou: vgoLocator
aci: (targetfilter="(objectclass=*)")(version 3.0; acl "oam userWritePrivilegeGroup entry acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="*")(version 3.0; acl "<DenySSORead ACI>"; deny (read,search) (userdn!="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<AllowSSORead ACI>"; allow (read,search) (userdn="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "oam userWritePrivilegeGroup attribute acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
dn: cn=default,ou=vgoLocator,<LDAP_SEARCHBASE>
objectClass: top
objectClass: vgoLocatorClass
vGoLocatorAttribute: <LDAP_SEARCHBASE>
cn: default
aci: (targetfilter="(objectclass=*)")(version 3.0; acl "oam userWritePrivilegeGroup entry acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="*")(version 3.0; acl "<DenySSORead ACI>"; deny (read,search) (userdn!="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<AllowSSORead ACI>"; allow (read,search) (userdn="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "oam userWritePrivilegeGroup attribute acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
dn: cn=<LDAP_OIGLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
objectClass: orclUserV2
objectClass: oblixorgperson
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: orclAppIDUser
objectClass: orclUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
userPassword: <PASSWORD>
mail: <LDAP_OIGLDAP_USER>@company.com
givenName: <LDAP_OIGLDAP_USER>
orclSAMAccountName: <LDAP_OIGLDAP_USER>
uid: <LDAP_OIGLDAP_USER>
sn: <LDAP_OIGLDAP_USER>
cn: <LDAP_OIGLDAP_USER>
ds-privilege-name: password-reset
dn: cn=<LDAP_OIGADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: <LDAP_OIGADMIN_GRP>
uniquemember: cn=<LDAP_OIGLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
dn: <LDAP_RESERVE_SEARCHBASE>
objectClass: orclContainer
objectClass: top
cn: reserve
aci: (targetattr="*") (version 3.0; acl "oim admin group reserve container acl"; allow (add,read,search,compare,write,delete,import,export) groupdn="ldap:///cn=<LDAP_OIGADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>" ;)
dn: cn=<LDAP_XELSYSADM_USER>,<LDAP_USER_SEARCHBASE>
objectClass: oblixorgperson
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: oblixPersonPwdPolicy
objectClass: orclAppIDUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
obpasswordchangeflag: false
givenName: <LDAP_XELSYSADM_USER>
orclIsEnabled: ENABLED
uid: <LDAP_XELSYSADM_USER>
sn: admin
userPassword: <PASSWORD>
mail: <LDAP_XELSYSADM_USER>@company.com
obuseraccountcontrol: activated
displayName: <LDAP_XELSYSADM_USER>
obpasswordexpirydate:<OUD_PWD_EXPIRY>T00:00:00Z
cn: <LDAP_XELSYSADM_USER>
oblogintrycount: 0
Parent topic: Sample of the Schema Extension File and the Seeding File