9.2 Create User Identity Store
This page provides fields where you enter details for your store and default settings that you can edit for your environment. Click Create under OAM ID Stores to access this page.
The Create User Identity Store page is arranged in the following sections:
-
Location and Credentials
-
Users and Groups
-
Connection Details
-
Password Management
The following table describes the elements in the Create User Identity Store page:
Element | Description |
---|---|
Store Name |
Type a unique name for this registration, you can type up to 30 characters. |
Store Type |
Choose from the list of all supported LDAP providers. |
Description |
Type a short description for this Store Name. |
Enable SSL |
Select this box to enable SSL between the directory server and OAM Server. |
Use Native ID Store Settings |
Select this box to enable getting the authentication code for natively locked/disabled/pw_must_changecode in the LDAP authentication module. |
Prefetched Attributes |
List of comma-separated user attributes. For Example: e-mail, phone, mobile. Note:
|
Location and Credentials
The following table describes the elements in the Location and Credentials section of the Create User Identity Store page:
Element | Description |
---|---|
Location |
Provide the URL for the LDAP host, including the port number. Enter one (or more) LDAP URIs in Note: The number of characters a supported URL can have is based on the browser version. Ensure that your applications do not use URIs that exceed the length that Oracle Access Management and the browser can handle. |
Bind DN |
Provide the user DN for the connection pool over which all other BINDs occur. Oracle recommends a non administrator user with appropriate Read and Search privileges for the user and group base DNs. For Example:
|
Password |
Type a password for the Principal, this is encrypted for security. |
Users and Groups
The following table describes the elements in the Users and Groups section of the Create User Identity Store page:
Element | Description |
---|---|
Login ID Attribute |
Enter the attribute that identifies the login ID (user name). For Example: |
User Password Attribute |
Enter the attribute in the user identity store (LDAP directory) which stores the user's password. This is made configurable for added flexibility. |
User Search Base |
Provide the node in the directory information tree (DIT) under which user data is stored, this is the highest possible base for all user data searches. For example: |
User Filter Object Classes |
Enter the object classes to be included in search results for users, in a comma separated list of user object class names. For example: |
Group Name Attribute |
Enter the attribute that identifies the group name. Default: cn. |
Group Search Base |
Provide the node in the directory information tree (DIT) under which group data is stored, this is the highest possible base for all group data searches. For Example: |
Group Filter Classes |
Enter the object classes to be included in the search results for groups, in a comma-separated list of group object classes. For Example: groups, groupOfNames. |
Enable Group Membership Cache |
Check this box to set the value for group cache to true. Do not check to set the value for group cache to false. Default:true. |
Group Membership Cache Maximum Size |
Enter a integer for the group cache size. Default:10000 |
Group Membership Cache Time to Live (in seconds) |
Enter a integer (in seconds) for Time to Live for group cache elements. Default: 0 |
Connection Details
The following table describes the elements in the Connection Details section of the Create User Identity Store page:
Element | Description |
---|---|
Minimum Pool Size |
Set the smallest size for the connection pool. Default: 10 |
Maximum Pool Size |
Set the greatest size for the connection pool. Default: 50 |
Wait Timeout (in seconds) |
Set the number (in seconds) that connection requests can wait before timing out in the event of a fully utilized pool. Default: 120 |
Inactivity Timeout (in seconds) |
Set the number (in seconds) that connection requests can be inactive before timing out in the event of a fully utilized pool. |
Results time limit (in seconds) |
Set the time limit (in seconds) for LDAP searches and bind operations on the connection pool. Default: 0 |
Retry Count |
Enter a integer to set the number of times the connection can be retried when there is a connection failure. Default: 3 |
Referral Policy |
Choose from the following options in the drop-down menu:
|
Password Management
The following table describes the elements in the Password Management section of the Create User Identity Store page:
Element | Description |
---|---|
Enable Password Management |
Select to enable password policy enforcement against the attribute values. The corresponding options in the password policy must be configured as well. |
Use Oblix User Schema |
Select to enable the use of OBLIX schema instead of standard Oracle schema. |
Global Common ID Attribute |
Specify the User ID attribute name, this attribute will be used as part of the password policy to check that the user ID is not part of the password. |
First Name Attribute |
Specify the First Name attribute, this attribute will be used as part of the password policy to check that the user's first name is not part of the password. |
Last Name Attribute |
Specify the Last Name attribute, this attribute will be used as part of the password policy to check that the user's last name is not part of the password. |
Email Address Attribute |
Currently not supported. |
Test Connection |
Click to confirm connectivity, then close the confirmation window. |
Apply |
Click Apply to submit the registration. |
Related Topics
Managing Data Sources in Administrator's Guide for Oracle Access Management.