A Sample of the Schema Extension File and the Seeding File
The Schema Extensions file (99-user.ldif) extends the OUD
schema with the Oracle Access Manager Object Classes and the Seeding file
(base.ldif) seeds OUD with the Users and Groups required by Oracle
Access Manager and Oracle Identity Governance.
This appendix includes the following topics:
Sample of the Schema Extension File
Sample of the Schema Extension File: 99-user.ldif
dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
cn: schema
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.400 NAME 'obpasswordexpirydate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.4 NAME 'obgroupdynamicfilter' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.10 NAME 'obgroupsubscriptionfilter' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.176 NAME 'oblastloginattemptdate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.11 NAME 'obgroupsubscribemessage' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.16 NAME 'obgroupsimplifiedaccesscontrol' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.254 NAME 'obYetToBeAnsweredChallenge' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.7 NAME 'obgrouptype' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.13 NAME 'obgroupsubscribenotification' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.150 NAME 'obpasswordchangeflag' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.173 NAME 'oblockouttime' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.119 NAME 'obindirectmanager' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.42 NAME 'oblocationdn' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.250 NAME 'oblastfailedlogin' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.149 NAME 'obpasswordcreationdate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.78 NAME 'obphoto' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.200 NAME 'obresponsetimeout' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.5 NAME 'vGOSharedSecretDN' DESC 'v-GO Shared Secret' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.59 NAME 'obobjectclass' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.14 NAME 'obgroupunsubscribenotification' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.12 NAME 'obgroupunsubscribemessage' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.3 NAME 'vGOConfigData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.253 NAME 'obAnsweredChallenges' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.7 NAME 'vGODepartment' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.6 NAME 'obgroupcreationdate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.2.0.1 NAME 'obuseraccountcontrol' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.175 NAME 'obresponsetries' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.249 NAME 'oblastsuccessfullogin' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.2.0.2 NAME 'oboutofofficeindicator' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.15 NAME 'obgrouppuredynamic' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.7.0.50 NAME 'obsubscriptiontypes' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.1 NAME 'vGORoleDN' DESC 'v-GO Role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.103 NAME 'obuiconfig' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.43 NAME 'oblocationname' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.151 NAME 'obpasswordhistory' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.2 NAME 'vGOConfigType' DESC 'v-GO Config Type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.39 NAME 'obid' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.152 NAME 'obpasswordexpmail' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.83 NAME 'obpsftid' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.174 NAME 'obfirstlogin' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.1 NAME 'obdirectreports' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.44 NAME 'oblocationtitle' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.85 NAME 'obrectangle' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.4 NAME 'vGORoleName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.199 NAME 'oblastresponseattemptdate' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.3 NAME 'obgroupcreator' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.9 NAME 'obgroupadministrator' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.106 NAME 'obver' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.265 NAME 'oblockedon' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.1 NAME 'obgroupsubscriptiontype' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.3.0.8 NAME 'obgroupexpandeddynamic' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.6 NAME 'vGOSecretData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.172 NAME 'oblogintrycount' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.3831.0.0.76 NAME 'obparentlocationdn' DESC 'Oracle Access Manager defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.10552.1.8 NAME 'vGoLocatorAttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.13 NAME 'oblixorgperson' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obuiconfig $ oblocationdn $ obrectangle $ obpsftid $ obdirectreports $ obindirectmanager $ obuseraccountcontrol $ obobjectclass $ obver $ oboutofofficeindicator ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.3 NAME 'oblixlocation' DESC 'Oracle Access Manager defined objectclass' SUP top STRUCTURAL MUST ( obid ) MAY ( oblocationname $ oblocationtitle $ obphoto $ obparentlocationdn $ obrectangle $ obver ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.2 NAME 'vGOSecret' SUP top STRUCTURAL MAY ( vGOSecretData $ vGOSharedSecretDN $ cn $ o $ ou ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.1 NAME 'vGOConfig' SUP top STRUCTURAL MAY ( vGOConfigData $ vGOConfigType $ vGORoleDN $ cn $ o $ ou ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.21 NAME 'oblixPersonPwdPolicy' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obpasswordcreationdate $ obpasswordhistory $ obpasswordchangeflag $ obpasswordexpmail $ oblockouttime $ oblogintrycount $ obfirstlogin $ obresponsetries $ oblastloginattemptdate $ oblastresponseattemptdate $ obresponsetimeout $ oblastsuccessfullogin $ oblastfailedlogin $ obAnsweredChallenges $ obYetToBeAnsweredChallenge $ oblockedon ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.40 NAME 'OIMPersonPwdPolicy' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obpasswordexpirydate ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.4 NAME 'vGORole' SUP top STRUCTURAL MAY ( vGORoleName $ vGODepartment $ cn $ o $ ou ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.3 NAME 'vGOUserData' SUP top STRUCTURAL MAY ( vGOSecretData $ vGORoleDN $ cn $ o $ ou ) )
objectClasses: ( 1.3.6.1.4.1.10552.2.5 NAME 'vGoLocatorClass' SUP top STRUCTURAL MUST (vGoLocatorAttribute $ cn) MAY ( o ) )
objectClasses: ( 1.3.6.1.4.1.3831.8.1.1 NAME 'oblixadvancedgroup' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obver $ obgroupsubscriptiontype $ obgroupexpandeddynamic $ obgrouppuredynamic $ obgroupadministrator $ obgroupsubscribemessage $ obgroupunsubscribemessage $ obgroupsubscriptionfilter $ obgroupsubscribenotification $ obgroupdynamicfilter $ obgroupsimplifiedaccesscontrol ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.24 NAME 'oblixAuxLocation' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( oblocationdn $ obrectangle ) )
objectClasses: ( 1.3.6.1.4.1.3831.0.1.14 NAME 'oblixgroup' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY ( obgroupcreator $ obgroupcreationdate $ obgrouptype $ obsubscriptiontypes ) )
Parent topic: Sample of the Schema Extension File and the Seeding File
Sample of the Seeding File
Sample of the Seeding File:
base.ldifdn: <LDAP_SEARCHBASE>
objectClass: domain
objectClass: orclSubscriber
objectClass: top
dc: <REGION>
aci: (targetattr="*")(version 3.0; acl "Allow OIMAdminGroup add, read and write access to all attributes"; allow(add,read,search,compare,write,delete,import,export) groupdn="ldap:///cn=<LDAP_OIGADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>";)
dn: cn=OracleContext,<LDAP_SEARCHBASE>
cn: OracleContext
objectclass: top
objectclass: orclContext
objectclass: orclContextAux82
orclVersion: 90600
aci: (targetattr="*")(version 3.0; acl "OracleContext accessible by OracleContextAdmins"; allow (all) groupdn="ldap:///cn=OracleContextAdmins,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";)
dn: cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>
cn: Groups
objectclass: top
objectclass: orclContainer
dn: cn=OracleContextAdmins,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>
cn: OracleContextAdmins
uniquemember: <LDAP_ADMIN_USER>
objectclass: top
objectclass: groupofUniqueNames
objectclass: orclGroup
displayname: Oracle Context Administrators
description: Users who can administer all entities in this Oracle Context
dn: cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
cn: Products
objectclass: top
objectclass: orclContainer
dn: cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
cn: Common
orclCommonNickNameAttribute: uid
orclCommonApplicationGuidAttribute: orclGlobalID
orclCommonUserSearchBase:<LDAP_SEARCHBASE>
orclCommonGroupSearchBase:<LDAP_SEARCHBASE>
orclVersion: 90000
objectclass: top
objectclass: orclCommonAttributes
objectClass: orclCommonAttributesV2
orclUserObjectClasses: top
orclUserObjectClasses: person
orclUserObjectClasses: inetorgperson
orclUserObjectClasses: organizationalperson
orclUserObjectClasses: orcluser
orclUserObjectClasses: orcluserv2
orclcommonnamingattribute: cn
orclCommonGroupCreateBase: <LDAP_GROUP_SEARCHBASE>
orclCommonDefaultGroupCreateBase: <LDAP_GROUP_SEARCHBASE>
orclCommonKrbPrincipalAttribute: krbPrincipalName
orclCommonWindowsPrincipalAttribute: orclSAMAccountName
dn: cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
cn: pwdPolicies
objectclass: top
objectclass: orclContainer
dn: <LDAP_USER_SEARCHBASE>
objectClass: orclContainer
objectClass: top
cn: users
aci: (targetattr="obUserAccountControl||obLoginTryCount||obLockoutTime||oblastsuccessfullogin||oblastfailedlogin||obpasswordexpirydate||obver||obLastLoginAttemptDate||oblockedon||obpsftid") (version 3.0; acl "oam userWritePrivilegeGroup acl"; allow (search,read,compare,write) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>"; allow (search,read,compare) groupdn="ldap:///cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>"; allow (search,read,compare,write) groupdn="ldap:///cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="orclguid||modifytimestamp") (version 3.0; acl "orclguid acl";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read) userdn="ldap:///anyone";)
aci: (targetfilter="(objectclass=orcluser*)")(version 3.0; acl "add orcluser aci";allow(read,add) groupdn="ldap:///cn=oracledascreateuser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";)
aci: (targetattr="displayName||preferredlanguage||orcltimezone||orcldateofbirth||orclgender||orclwirelessaccountnumber||cn||uid||homephone||telephonenumber") (version 3.0; acl "useraccount acl";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";allow (read) userdn="ldap:///anyone";)
aci: (version 3.0; acl "read aci"; allow(read) groupdn="ldap:///cn=Common User Attributes,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(read groupdn="cn=PKIAdmins,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>");)
aci: (targetattr="*") (targetfilter="(objectclass=inetorgperson)") (version 3.0; acl "inetorgperson acl";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";allow (read) userdn="ldap:///anyone";)
aci: (targetattr="orclaccountstatusevent") (version 3.0; acl "orclaccountstatusevent acl";allow (write) groupdn="ldap:///cn=verifierServices,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";)
aci: (targetattr="orclAccessibilityMode||orclColorContrast||orclFontSize||orclNumberFormat||orclCurrency||orclDateFormat||orclTimeFormat||orclEmbeddedHelp||orclFALanguage||orclFATerritory||orclTimeZone||orclDisplayNameLanguagePreference||orclImpersonationGrantee||orclImpersonationGranter") (targetfilter="(objectclass=inetorgperson)") (version 3.0; acl "orclIDXPerson attributes acl";allow (search,read,compare,write) groupdn="ldap:///cn=orclFAUserWritePrefsPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>" ;)
aci: (targetattr!="orclpasswordverifier||orclpassword||authpassword||pwdhistory||orclpwdaccountunlock||orclaccountstatusevent")(version 3.0; acl "orclPwdPolicyAttributes acl";allow (search,read,compare) groupdn="ldap:///cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>" ;allow (search,read,compare,write) groupdn="ldap:///cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>" ;)
aci: (targetattr="mail") (version 3.0; acl "orclaccountstatusevent acl";allow (write) groupdn="ldap:///cn=EmailAdminsGroup,cn=EmailServerContainer,cn=Products,cn=OracleContext";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read) userdn="ldap:///anyone";)
aci: (targetattr="orclpasswordhintanswer") (version 3.0; acl "orclpasswordhintanswer acl";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";)
aci: (targetattr="orclpasswordhint") (version 3.0; acl "orclpasswordhint acl";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";allow (read,search,write,compare) groupdn="ldap:///cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";)
aci: (targetattr="userPassword") (targetfilter="(objectclass=inetorgperson)") (version 3.0; acl "userpassword acl";allow (read,search,write,compare) groupdn="ldap:///cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,selfwrite,compare) userdn="ldap:///self";allow (compare) groupdn="ldap:///cn=authenticationServices, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (compare) groupdn="ldap:///cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="authpassword||orclpasswordverifier||orclpassword") (version 3.0; acl "orclpassword acl";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>" ;allow (search, read, compare) groupdn="ldap:///cn=verifierServices,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (search,read,write,compare) userdn="ldap:///self";)
aci: (targetattr="usercertificate||usersmimecertificate") (version 3.0; acl "usercertificate acl";allow (read, search, write, compare) groupdn="ldap:///cn=PKIAdmins,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(read, search, compare) userdn="ldap:///self";allow (read, search, compare) userdn="ldap:///anyone";)
aci: (targetfilter="(|(objectclass=person)(objectclass=orclcontainer))")(version 3.0; acl "person and orclcontainer acl";allow(search,read,add) groupdn="ldap:///cn=oracledascreateuser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,delete) groupdn="ldap:///cn=oracledasdeleteuser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,write) groupdn="ldap:///cn=oracledasedituser,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,proxy) groupdn="ldap:///cn=UserProxyPrivilege,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,proxy) userdn="ldap:///orclApplicationCommonName=DASApp,cn=DAS,cn=Products,cn=oraclecontext";allow(read,selfwrite) userdn="ldap:///self";allow(search,read) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read) groupdn="ldap:///cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,write,add,delete) groupdn="ldap:///cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="orclisenabled") (version 3.0; acl "orclisenabled acl";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasaccountadmingroup, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read) userdn="ldap:///anyone";allow (read, search, compare) groupdn="ldap:///cn=Common User Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read,search,write,compare) groupdn="ldap:///cn=oracledasedituser, cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow (read) userdn="ldap:///anyone";)
aci: (targetattr = "*")(targetfilter= "(objectclass=inetorgperson)")(targetscope = "subtree") (version 3.0; acl "iam admin changepwd"; allow (compare,search,read,selfwrite,add,write,delete) userdn = "ldap:///cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>";)
dn: <LDAP_GROUP_SEARCHBASE>
objectClass: orclContainer
objectClass: top
cn: groups
aci: (version 3.0; acl "fa acl";allow(search,read) groupdn="ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,add,delete) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetfilter="(&(objectclass=orclgroup)(!(orclisvisible=false)))")(version 3.0; acl "visible orclgroup acl";allow(read,search,add) groupdn="ldap:///cn=oracledascreategroup,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(read,search,delete) groupdn="ldap:///cn=oracledasdeletegroup,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(read,search,write) groupdn="ldap:///cn=oracledaseditgroup, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,add,delete) userattr="owner#USERDN";allow(search,read,add,delete) userattr="owner#GROUPDN";allow(search,read) groupdn="ldap:///cn=Common Group Attributes,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,add,delete) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (version 3.0; acl "orclgroup read acl";allow(search,read) groupdn="ldap:///cn=Common Group Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>" ;)
aci: (targetattr="*") (targetfilter="(&(objectclass=orclgroup)(!(orclisvisible=false)))")(version 3.0; acl "attrs for visible orclcontainer acl";allow(search,read,write,compare) userattr="owner#USERDN";allow(search,read,write,compare) userattr="owner#GROUPDN";allow(search,read,write,compare) groupdn="ldap:///cn=oracledaseditgroup,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE> || ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,compare) groupdn="ldap:///cn=Common Group Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE> || ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetfilter="(&(objectclass=orclgroup)(orclisvisible=false))")(version 3.0; acl "visible orclgroup acl";allow(search,read,add,delete) userattr="owner#USERDN";allow(search,read,add,delete) userattr="owner#GROUPDN";allow(search,read) groupdn="ldap:///cn=Common Group Attributes,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE> || ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,add,delete) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetfilter="(objectclass=orclcontainer)")(version 3.0; acl "orclcontainer add acl";allow(search,read,add) groupdn="ldap:///cn=IASAdmins,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>" ;)
aci: (targetattr="*")(version 3.0; acl "attr fa acl";allow(search,read,compare) groupdn="ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,compare,write) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetfilter="(objectclass=orclgroup*)")(version 3.0; acl "orclgroup add acl";allow(search,read,add) groupdn="ldap:///cn=oracledascreategroup,cn=groups,cn=OracleContext,<LDAP_SEARCHBASE>" ;)
aci: (targetattr="mail") (targetfilter="(objectclass=orclgroup)")(version 3.0; acl "mail attr for orclcontainer acl";allow(search,read,write,compare) userattr="owner#USERDN";allow(search,read,write,compare) userattr="owner#GROUPDN";allow(search,read,compare) groupdn="ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE> || ldap:///cn=Common Group Attributes, cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE>";allow(search,read,compare,write) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE> || ldap:///cn=EmailAdminsGroup,cn=EMailServerContainer,cn=Products,cn=OracleContext";)
aci: (targetattr="*") (targetfilter="(&(objectclass=orclgroup)(orclisvisible=false))")(version 3.0; acl "attrs for non visible orclcontainer acl";allow(search,read,write,compare) userattr="owner#USERDN";allow(search,read,write,compare) userattr="owner#GROUPDN";allow(search,read, compare) groupdn="ldap:///cn=Common Group Attributes,cn=Groups,cn=OracleContext,<LDAP_SEARCHBASE> || ldap:///cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";allow(search,read,compare,write) groupdn="ldap:///cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
dn: cn=FAPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
pwdfailurecountinterval: 0
pwdlockoutduration: 86400
objectclass: top
objectclass: pwdpolicy
objectclass: ldapSubentry
pwdmaxfailure: 10
pwdminlength: 5
cn: FAPolicy
pwdlockout: true
pwdCheckQuality: 1
pwdGraceAuthNLimit: 5
pwdexpirewarning: 604800
pwdmaxage: 0
#displayname: Password Policy for Fusion Apps
pwdAttribute: userPassword
dn: cn=orclFAUserReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAUserReadPrivilegeGroup
uniquemember: cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
dn: cn=orclFAUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAUserWritePrivilegeGroup
dn: cn=orclFAUserWritePrefsPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAUserWritePrefsPrivilegeGroup
dn: cn=orclFAGroupReadPrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAGroupReadPrivilegeGroup
uniquemember: cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
dn: cn=orclFAGroupWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: orclFAGroupWritePrivilegeGroup
dn: cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
objectClass: orclContainer
objectClass: top
cn: <LDAP_SYSTEMIDS>
ds-pwp-password-policy-dn: cn=SystemIDPolicy,cn=pwdPolicies,cn=common,cn=products,cn=OracleContext,<LDAP_SEARCHBASE>
dn: cn=<LDAP_WLSADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>
objectClass: orclGroup
objectClass: groupOfUniqueNames
objectClass: orclIDXGroup
objectClass: top
description: WLS Administrators Group for the IDM Domain in LDAP
displayName: WLS Administrators
cn: <LDAP_WLSADMIN_GRP>
uniquemember: cn=<LDAP_OAMADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>
uniquemember: cn=<LDAP_WLSADMIN_USER>,<LDAP_USER_SEARCHBASE>
uniquemember: cn=<LDAP_XELSYSADM_USER>,<LDAP_USER_SEARCHBASE>
dn: cn=<LDAP_WLSADMIN_USER>,<LDAP_USER_SEARCHBASE>
objectClass: orclUserV2
objectClass: person
objectClass: oblixorgperson
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: inetOrgPerson
objectClass: orclAppIDUser
objectClass: orclUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
givenName: <LDAP_WLSADMIN_USER>
obpasswordchangeflag: false
uid: <LDAP_WLSADMIN_USER>
orclIsEnabled: ENABLED
sn: <LDAP_WLSADMIN_USER>
userPassword: <PASSWORD>
mail: <LDAP_WLSADMIN_USER>@company.com
orclSAMAccountName: <LDAP_WLSADMIN_USER>
obpasswordexpirydate: <OUD_PWD_EXPIRY>T00:00:00Z
cn: <LDAP_WLSADMIN_USER>
oblogintrycount: 0
dn: cn=OblixAnonymous,<LDAP_SEARCHBASE>
objectClass: orcluserV2
objectClass: oblixOrgPerson
objectClass: person
objectClass: oblixPersonPwdPolicy
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: orcluser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
userPassword: <PASSWORD>
mail: OblixAnonymous@company.com
givenName: OblixAnonymous
orclSAMAccountName: OblixAnonymous
description: Anonymous user used by OAM
uid: OblixAnonymous
sn: OblixAnonymous
cn: OblixAnonymous
dn: cn=<LDAP_OAMADMIN_USER>,<LDAP_USER_SEARCHBASE>
objectClass: orclUserV2
objectClass: oblixorgperson
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: orclAppIDUser
objectClass: orclUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
givenName: <LDAP_OAMADMIN_USER>
uid: <LDAP_OAMADMIN_USER>
orclIsEnabled: ENABLED
sn: <LDAP_OAMADMIN_USER>
userPassword: <PASSWORD>
mail: <LDAP_OAMADMIN_USER>@company.com
orclSAMAccountName: <LDAP_OAMADMIN_USER>
cn: <LDAP_OAMADMIN_USER>
obpasswordchangeflag: false
obpasswordexpirydate: <OUD_PWD_EXPIRY>T00:00:00Z
ds-pwp-password-policy-dn: cn=FAPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
dn: cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
objectClass: orclUserV2
objectClass: oblixorgperson
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: orclAppIDUser
objectClass: orclUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
userPassword: <PASSWORD>
mail: oamLDAP@company.com
givenName: oamLDAP
orclSAMAccountName: oamLDAP
uid: oamLDAP
sn: oamLDAP
cn: oamLDAP
ds-privilege-name: password-reset
ds-pwp-password-policy-dn: cn=FAPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,<LDAP_SEARCHBASE>
dn: cn=<LDAP_OAMADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: <LDAP_OAMADMIN_GRP>
uniqueMember: cn=<LDAP_OAMADMIN_USER>,<LDAP_USER_SEARCHBASE>
dn: cn=OTPRestUserGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: top
objectClass: orclgroup
objectClass: groupofuniquenames
cn: OTPRestUserGroup
description: Forgotten Password Admin group
displayName: OTPRestUserGroup
uniquemember: cn=<LDAP_OAMADMIN_USER>,<LDAP_USER_SEARCHBASE>
dn: cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>
objectClass: orclGroup
objectClass: groupOfUniqueNames
objectClass: orclIDXGroup
objectClass: top
description: This is the role granted to have write permission on some User Attributes
displayName: OAM User Modify Role
cn: orclFAOAMUserWritePrivilegeGroup
uniquemember: cn=<LDAP_OAMLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
dn: ou=CO,<LDAP_SEARCHBASE>
objectClass: organizationalUnit
objectClass: top
ou: CO
aci: (targetfilter="(objectclass=*)")(version 3.0; acl "oam userWritePrivilegeGroup entry acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="*")(version 3.0; acl "<DenySSORead ACI>"; deny (read,search) (userdn!="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<AllowSSORead ACI>"; allow (read,search) (userdn="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "oam userWritePrivilegeGroup attribute acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
dn: ou=People,<LDAP_SEARCHBASE>
objectClass: organizationalUnit
objectClass: top
ou: People
aci: (targetattr="*")(version 3.0; acl "<AllowSSOAll ACI>"; allow (all) (userdn="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<DenySSORead ACI>"; deny (read,search) (userdn != "ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<AllowSSORead ACI>"; allow (read,search) (userdn="ldap:///all");)
dn: ou=vgoLocator,<LDAP_SEARCHBASE>
objectClass: organizationalUnit
objectClass: top
ou: vgoLocator
aci: (targetfilter="(objectclass=*)")(version 3.0; acl "oam userWritePrivilegeGroup entry acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="*")(version 3.0; acl "<DenySSORead ACI>"; deny (read,search) (userdn!="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<AllowSSORead ACI>"; allow (read,search) (userdn="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "oam userWritePrivilegeGroup attribute acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
dn: cn=default,ou=vgoLocator,<LDAP_SEARCHBASE>
objectClass: top
objectClass: vgoLocatorClass
vGoLocatorAttribute: <LDAP_SEARCHBASE>
cn: default
aci: (targetfilter="(objectclass=*)")(version 3.0; acl "oam userWritePrivilegeGroup entry acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
aci: (targetattr="*")(version 3.0; acl "<DenySSORead ACI>"; deny (read,search) (userdn!="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "<AllowSSORead ACI>"; allow (read,search) (userdn="ldap:///all");)
aci: (targetattr="*")(version 3.0; acl "oam userWritePrivilegeGroup attribute acl"; allow (all) groupdn="ldap:///cn=orclFAOAMUserWritePrivilegeGroup,<LDAP_GROUP_SEARCHBASE>";)
dn: cn=<LDAP_OIGLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
objectClass: orclUserV2
objectClass: oblixorgperson
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: orclAppIDUser
objectClass: orclUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
userPassword: <PASSWORD>
mail: <LDAP_OIGLDAP_USER>@company.com
givenName: <LDAP_OIGLDAP_USER>
orclSAMAccountName: <LDAP_OIGLDAP_USER>
uid: <LDAP_OIGLDAP_USER>
sn: <LDAP_OIGLDAP_USER>
cn: <LDAP_OIGLDAP_USER>
ds-privilege-name: password-reset
dn: cn=<LDAP_OIGADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>
objectClass: groupofUniqueNames
objectClass: orclIDXGroup
objectClass: top
cn: <LDAP_OIGADMIN_GRP>
uniquemember: cn=<LDAP_OIGLDAP_USER>,cn=<LDAP_SYSTEMIDS>,<LDAP_SEARCHBASE>
dn: <LDAP_RESERVE_SEARCHBASE>
objectClass: orclContainer
objectClass: top
cn: reserve
aci: (targetattr="*") (version 3.0; acl "oim admin group reserve container acl"; allow (add,read,search,compare,write,delete,import,export) groupdn="ldap:///cn=<LDAP_OIGADMIN_GRP>,<LDAP_GROUP_SEARCHBASE>" ;)
dn: cn=<LDAP_XELSYSADM_USER>,<LDAP_USER_SEARCHBASE>
objectClass: oblixorgperson
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: oblixPersonPwdPolicy
objectClass: orclAppIDUser
objectClass: orclIDXPerson
objectClass: top
objectClass: OIMPersonPwdPolicy
obpasswordchangeflag: false
givenName: <LDAP_XELSYSADM_USER>
orclIsEnabled: ENABLED
uid: <LDAP_XELSYSADM_USER>
sn: admin
userPassword: <PASSWORD>
mail: <LDAP_XELSYSADM_USER>@company.com
obuseraccountcontrol: activated
displayName: <LDAP_XELSYSADM_USER>
obpasswordexpirydate:<OUD_PWD_EXPIRY>T00:00:00Z
cn: <LDAP_XELSYSADM_USER>
oblogintrycount: 0Parent topic: Sample of the Schema Extension File and the Seeding File