7 Getting Started With Oracle Internet Directory
Note:
Before you perform the tasks in this chapter, Oracle Internet Directory must be installed and configured, as described in the About the Oracle Internet Directory Installation in Installing and Configuring Oracle Internet Directory.
This chapter includes the following sections:
7.1 Overview of Postinstallation Tasks and Information
Perform the following tasks after you complete installation and basic configuration of Oracle Internet Directory.
This section contains the following topics:
7.1.1 Setting Up the Environment
You need to set up the environment first before performing the other tasks.
Set the environment variables described at the beginning of Overview of Managing Oracle Internet Directory Using Command-Line Utilities.
7.1.2 Adding Datafiles to the OLTS_CT_STORE and OLTS_ATTRSTORE Tablespaces
You can skip this step if you have a fresh installation of Oracle Internet Directory 11g Release 1 (11.1.1.6.0) or newer. In that case your Oracle Internet Directory schemas were created by using the Release 1 (11.1.1.6.0) or newer versions of RCU and config.sh
.
If your schemas were created during installation of a version prior to 11g Release 1 (11.1.1.6.0), you must add datafiles to the OLTS_CT_STORE and OLTS_ATTRSTORE tablespaces if you intend to add more than a million entries to Oracle Internet Directory. Perform this step prior to the bulkload
or ldapadd
operation. For details, see Creating Datafiles and Adding Datafiles to a Tablespace in Oracle Database Administrator's Guide.
7.1.3 Changing Settings of Windows Services
Change the Startup type of the following Windows services from Automatic to Manual: Oracle Database and TNS Listener. This is necessary to ensure that the services start in the correct order.
7.1.4 Starting and Stopping the Oracle Stack
Understand how to start and stop the components of the Oracle stack in a specific order.
See appendix Starting and Stopping the Oracle Stack for information.
7.1.5 Default URLs and Ports
Get introduced to the default URLs and Ports from the following table.
URL or Port | Default Value |
---|---|
Oracle Directory Services Manager (ODSM) |
|
Oracle Enterprise Manager Fusion Middleware Control |
|
Oracle WebLogic Server Administrative Console |
|
Oracle Internet Directory LDAP |
|
Oracle Internet Directory LDAPS |
|
7.1.6 About Tuning Oracle Internet Directory
The default Oracle Internet Directory configuration must be tuned in almost all deployments. You must change the values of the certain configuration attributes, based on your deployment.
See Basic Tuning Considerations, especially the tables Database Parameters and LDAP Server Attributes in Tuning Performance.
For more information about tuning, see Oracle Internet Directory Performance Tuning in Tuning Performance.. For descriptions of all the attributes, see Managing System Configuration Attributes and Managing Replication Configuration Attributes.
7.1.7 Enabling Anonymous Binds
Anonymous searches, except those on the root DSE, are disabled by default. In some deployment environments, clients might need access to more than the root DSE. If you have such a deployment, set the orclanonymousbindsflag
attribute to 1.
See Also:
7.1.8 Enabling Oracle Internet Directory to run on Privileged Ports
In many operating systems, only processes running with super user privilege can use port numbers less than 1024. By default, the Installer does not assign privileged ports to Oracle Internet Directory, although you can override the default by explicitly specifying those values via Installer and WLST command inputs.
If you want to change the SSL and non-SSL ports to numbers in the privileged range after installation, proceed as follows:
As a root user, execute the following command:
ORACLE_HOME/oidRoot.sh
Note:
If you do not have access to super user privileges, have your system administrator execute that script.Reassign the port numbers in one of the following ways:
-
Change the values of
orclnonsslport
andorclsslport
in the instance-specific configuration entry by usingldapmodify
, as described in Setting System Configuration Attributes by Using ldapmodify -
Change the SSL Port and Non-SSL Port values on the General tab of the Server Properties page of Oracle Internet Directory in Oracle Enterprise Manager Fusion Middleware Control, as described in Configuring Server Properties.
Restart Oracle Internet Directory, as described in Restarting the Oracle Internet Directory Server by Using Fusion Middleware Control or Starting Oracle Internet Directory by Using WLST Command.
7.1.9 Verifying Oracle Database Time Zone
To ensure that the Oracle Internet Directory garbage collection logic works correctly, verify the Oracle Database dbtimezone
parameter.
See Setting Oracle Database Time Zone for Garbage Collection to verify the Oracle Database dbtimezone
parameter.
7.2 Overview of Using Fusion Middleware Control to Manage Oracle Internet Directory
Oracle Enterprise Manager Fusion Middleware Control is a graphical user interface that provides a comprehensive systems management platform for Oracle Fusion Middleware. Fusion Middleware Control organizes a wide variety of performance data and administrative functions into distinct, Web-based home pages for the domain, Oracle instances, middleware system components, and applications.
This section contains the following topics:
7.2.1 Managing Oracle Internet Directory Using Fusion Middleware Control
Understand how to manage Oracle Internet Directory using Fusion Middleware Control. Oracle Internet Directory is a target type in Oracle Enterprise Manager Fusion Middleware Control.
Note:
-
If you selected Configure Without a Domain when prompted for a domain while installing Oracle Internet Directory, Oracle Enterprise Manager Fusion Middleware Control will not be available.
-
Oracle Enterprise Manager Fusion Middleware Control manages Oracle Internet Directory through its SSL port. The Oracle Internet Directory SSL port must be configured for no authentication or server authentication. In addition, the ciphers configured must include one or more of the Diffie-Hellman no-auth ciphers:
-
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
-
SSL_DH_anon_WITH_RC4_128_MD5
-
SSL_DH_anon_WITH_DES_CBC_SHA
Oracle Enterprise Manager Fusion Middleware Control manages Oracle Internet Directory through its SSL port. Set
orclsslenable
to1
or2
if you use WLST or Oracle Enterprise Manager Fusion Middleware Control to configure the server. See About SSL Authentication Modes.If the Oracle Internet Directory SSL port is configured incorrectly, or if the appropriate ciphers are not configured, you will not be able to change Oracle Internet Directory parameters by using WLST or Oracle Enterprise Manager Fusion Middleware Control. See About SSL Authentication Modes.
-
-
For information about supported browsers for Fusion Middleware Control and Oracle Directory Services Manager, refer to System Requirements and Supported Platforms for Oracle Fusion Middleware 11gR1, which is linked from:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
To use the interface to Oracle Internet Directory:
7.2.2 Oracle Internet Directory Menu
You can use the Oracle Internet Directory menu to navigate to other Fusion Middleware Control pages for Oracle Internet Directory, navigate to Oracle Directory Services Manager pages for Oracle Internet Directory, and perform other tasks, as described in the following table.
Table 7-1 Using the Oracle Internet Directory Menu
Task | Select |
---|---|
Return to Home page |
Home |
View a performance summary |
Monitoring, then Performance |
Start, stop, or restart the Oracle Internet Directory component |
Control, then Start Up, Shut Down, or Restart, respectively. |
View Oracle Internet Directory logs |
Logs, then View Log Messages |
View non-SSL and SSL port information. |
Port Usage |
Manage properties that are specific to this Oracle Internet Directory component |
Administration, then Server Properties |
Manage properties that are shared by all Oracle Internet Directory components that are connected to the same Oracle Database |
Administration, then Shared Properties |
Manage Oracle Internet Directory entries by using Oracle Directory Services Manager |
Directory Services Manager, then Data Browser |
Manage the Oracle Internet Directory schema by using Oracle Directory Services Manager |
Directory Services Manager, then Schema |
Manage Oracle Internet Directory security by using Oracle Directory Services Manager |
Directory Services Manager, then Security |
Manage Oracle Internet Directory advanced features by using Oracle Directory Services Manager |
Directory Services Manager, then Advanced |
Configure auditing for Oracle Internet Directory |
Security, then Audit Policy Settings |
View target name, software version, Oracle home, Oracle instance, Oracle Enterprise Manager Fusion Middleware Control agent, and host |
General Information. |
7.3 Overview of Oracle Directory Services Manager
Oracle Directory Services Manager is a web-based interface for managing instances of Oracle Internet Directory and Oracle Virtual Directory. It is a replacement for Oracle Directory Manager, which is now deprecated.
This section contains the following topics:
-
About Configuring the Oracle HTTP Server for ODSM-SSO Integration
-
Overview of Connecting to the Server from Oracle Directory Services Manager
-
Configuring Oracle Directory Services Manager Session Timeout
See Managing Oracle Directory Services Manager's Java Key Store.
7.3.1 Understanding Oracle Directory Services Manager
Oracle Directory Services Manager is a web-based interface for managing instances of Oracle Internet Directory and Oracle Virtual Directory. It is a replacement for Oracle Directory Manager, which is now deprecated. Oracle Directory Services Manager enables you to configure the structure of the directory, define objects in the directory, add and configure users, groups, and other entries. ODSM is the interface you use to manage entries, schema, security, and other directory features.
You can also use ODSM to manage system configuration attributes, which can be useful if Fusion Middleware Control is not available or if you must modify an attribute that has no Fusion Middleware Control interface. See Managing System Configuration Attributes by Using ODSM Data Browser and Managing Entries by Using Oracle Directory Services Manager.
This section includes the following topics:
7.3.1.1 About the JAWS Screen Reader with Oracle Directory Services Manager
When you use JAWS with ODSM, whenever a new window pops up, JAWS reads "popup." To read the entire page, enter the keystrokes Insert+b.
7.3.1.2 Non-Super User Access to Oracle Directory Services Manager
Oracle Directory Services Manager allows you to connect to Oracle Internet Directory as any user with a valid DN and password in the directory. If you connect as the super user, cn=orcladmin
, or as a user who is a member of cn=DirectoryAdminGroup,cn=oracle internet directory
, you can access all the tabs in the interface. If you log in as any other user, you can access only the Home, Schema, and Data Browser tabs.
7.3.1.3 Single Sign-On Integration with Oracle Directory Services Manager
You can configure Oracle Directory Services Manager to use Single Sign-On (SSO). When configured with SSO, Oracle Directory Services Manager allows a user who has been authenticated by the SSO server to connect to an SSO-enabled directory without logging in, provided that user has privileges to manage the directory.
Oracle Directory Services Manager maintains a list of Oracle Internet Directory servers that SSO-authenticated users can manage. To validate whether an SSO-authenticated user has the required privileges to manage Oracle Internet Directory, Oracle Directory Services Manager maps the SSO-authenticated user to a DN in the Oracle Internet Directory server.
Oracle Directory Services Manager uses proxy authentication to connect to the directory. The proxy user's DN and password are stored in a secure storage framework called the Credential Store Framework (CSF).
To map an SSO-authenticated user, Oracle Directory Services Manager authenticates to the Oracle Internet Directory server using the credentials of a user with proxy privileges. Oracle Directory Services Manager then tries to map the SSO-authenticated user's unique identifier to the Oracle Internet Directory user's unique identifier.
The WLS Administrator configures the proxy user's credentials, unique identifier attribute, and the base DN under which Oracle Directory Services Manager searches for the user, which are stored in the CSF. If Oracle Directory Services Manager gets a valid DN, it maps the SSO-authenticated user to that DN. When the SSO-authenticated user is mapped to a valid DN, Oracle Directory Services Manager uses proxy authentication to connect to the Oracle Internet Directory server with the SSO-authenticated user's mapped DN.
To configure SSO integration, see Configuring ODSM for SSO Integration, Configuring the SSO Server for ODSM Integration, and About Configuring the Oracle HTTP Server for ODSM-SSO Integration.
7.3.2 Configuring ODSM for SSO Integration
To configure ODSM-SSO integration, use the ODSM Proxy Bind Configuration Screen, at http://
host
:
port
/odsm-config
. Log in as the WebLogic administrator.
On this screen, you provide Oracle Directory Services Manager with the set of directory servers that SSO users can manage. This screen lists the Single Sign-On accessible directories.
Use the View list to modify the number and order of the columns. To remove an existing directory, click Remove.
To modify an existing directory, click Modify.
To add a new Single Sign-On accessible directory, click Add.
When you click Modify or Add, the Directory Details screen appears. Proceed as follows:
7.3.3 Configuring the SSO Server for ODSM Integration
To make SSO-ODSM integration work correctly and to improve performance, you must configure specific ODSM URLs as protected, unprotected, or excluded.
The ODSM home page must be an unprotected URL. That is, all users must be able to access the ODSM home page, including those who have not gone through the SSO authentication process.
The /odsm/odsm-sso.jsp
URL must be protected by the SSO server. When a user clicks the Login link appearing on the top right corner of the home page, ODSM redirects the user to /odsm/odsm-sso.jsp
. The SSO server challenges the user for a username and password, if the user is not already authenticated. Upon successful authentication, the user is directed back to the ODSM home page.
Configure the ODSM URLs as follows:
-
Protected:
/odsm/odsm-sso.jsp
-
Unprotected:
/odsm/faces/odsm.jspx
-
Excluded:
/odsm/.../
Setting the CSS, JavaScript, and graphics (/odsm/.../
) files to excluded prevents these files from being validated by Oracle Access Manager, which can improve the performance of your deployment.
You can use either Oracle Access Manager 11g or Oracle Access Manager 10g as your SSO provider.
You must configure an Oracle Access Manager server to send the SSO-authenticated user's unique identifier through an HTTP header to Oracle Directory Services Manager. Oracle Directory Services Manager looks for the OAM_REMOTE_USER HTTP
header. The Oracle Access Manager server sets the OAM_REMOTE_USER
header by default. If this header is not available, Oracle Directory Services Manager looks for the odsm-sso-user-unique-id
HTTP header. If Oracle Directory Services Manager cannot find any of these headers, Oracle Directory Services Manager SSO integration will not work.
In addition to sending the user's unique identifier through HTTP header, you can optionally configure Oracle Access Manager to send following HTTP headers:
-
Configure the
odsm-sso-user-firstname
HTTP header to send the user's first name. -
Configure the
odsm-sso-user-lastname
HTTP header to send the user's last name.
If these headers are available, Oracle Directory Services Manager displays the user's first name and last name in the "Logged in as" section located in the top right corner of Oracle Directory Services Manager. If the first name or the last name is not available, Oracle Directory Services Manager displays the user's unique identifier in the "Logged in as" section.
To configure Oracle Access Manager 11g, see "Deploying the OAM 11g SSO Solution" chapter in Oracle Fusion Middleware Application Security Guide.
7.3.4 About Configuring the Oracle HTTP Server for ODSM-SSO Integration
If you are using Oracle HTTP Server to host the SSO server's WebGate agent and as a front end to the WebLogic server hosting ODSM, you must configure Oracle HTTP Server's mod_wl_ohs
module to forward all requests starting with /odsm
to the WebLogic server hosting ODSM. The mod_wl_ohs
module allows requests to be proxied from Oracle HTTP Server to Oracle WebLogic Server.
To configure mod_wl_ohs
, see mod_wl_ohs in Oracle Fusion Middleware Administrator's Guide for Oracle HTTP Server.
7.3.5 Invoking Oracle Directory Services Manager
You can invoke Oracle Directory Services Manager directly or from Oracle Enterprise Manager Fusion Middleware Control.
Note:
-
If you selected Configure Without a Domain when prompted for a domain while installing Oracle Internet Directory, Oracle Directory Services Manager will not be available.
-
For information about supported browsers for Fusion Middleware Control and Oracle Directory Services Manager, refer to System Requirements and Supported Platforms for Oracle Fusion Middleware, which is linked from:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
-
To invoke Oracle Directory Services Manager directly, enter the following URL into your browser's address field:
http://host:port/odsm
In the URL to access Oracle Directory Services Manager, host is the name of the admin server where Oracle Directory Services Manager is running. port is the admin server port number from the WebLogic server. You can determine the exact port number by examining the $Fusion_Middleware_Home/Oracle_Identity_Management_domain/servers/wls_ods/data/nodemanager/wls_ods1.url file, where Fusion_Middleware_Home represents the root directory where Fusion Middleware is installed.
-
To invoke Oracle Directory Services Manager from Fusion Middleware Control, select Directory Services Manager from the Oracle Internet Directory menu in the Oracle Internet Directory target, then Data Browser, Schema, Security, or Advanced. (You can connect from the Oracle Virtual Directory menu in a similar manner.)
A new browser window, containing the ODSM Welcome screen, pops up. Connect to the server as described in the next section.
7.3.6 Overview of Connecting to the Server from Oracle Directory Services Manager
When the ODSM Welcome screen appears, you can connect to either an Oracle Internet Directory server or a Oracle Virtual Directory server.
This section contains the following topics:
-
Logging into the Directory Server from Oracle Directory Services Manager
-
Understanding Logging Into the Directory Server from Oracle Directory Services Manager Using SSL
Note:
-
After you have logged into ODSM, you can connect to multiple directory instances from the same browser window.
-
Avoid using multiple windows of the same browser program to connect to different directories at the same time. Doing so can cause a
Target
unreachable
error. -
You can log in to the same ODSM instance from different browser programs, such as Internet Explorer and Firefox, and connect each to a different directory instance.
-
If you change the browser language setting, you must update the session in order to use the new setting. To update the session, either reenter the ODSM URL in the URL field and press Enter or quit and restart the browser.
7.3.6.1 Logging into the Directory Server from Oracle Directory Services Manager
You log in to a directory server's non-SSL port from Oracle Directory Services Manager as follows:
After you have logged in to an Oracle Internet Directory or Oracle Virtual Directory server, you can use the navigation tabs to select other pages.
The Oracle Directory Services Manager home pages for Oracle Internet Directory and Oracle Virtual Directory list version information about Oracle Directory Services Manager itself, as well as the directory and database. It also lists directly statistics.
7.3.6.2 Understanding Logging Into the Directory Server from Oracle Directory Services Manager Using SSL
If you are unfamiliar with SSL authentication modes, see About SSL Authentication Modes.
When you log in to the server's SSL port, you follow the procedure in Logging into the Directory Server from Oracle Directory Services Manager, except that you specify the SSL port in Step 5 and do not deselect SSL Enabled in Step 6. After you click Connect in Step 9, you might be presented with a certificate, depending on the type of SSL authentication.
This section contains the following topics:
7.3.6.2.1 SSL No Authentication
If the directory server is using SSL No Authentication mode (the default), you are not presented with a certificate. SSL No Authentication provides data confidentiality and integrity only but no authentication using X509 certificates.
7.3.6.2.2 SSL Server Only Authentication
If the directory server is using SSL Server Authentication Only Mode, when you click connect in Step 9, you are presented with the server's certificate. After manually verifying the authenticity of the server certificate, you can accept the certificate permanently, accept the certificate for the current session only, or reject the certificate. If you accept the certificate permanently, the certificate is stored in its Java Key Store (JKS). From then on, you are not prompted to accept the certificate when you connect to that server. If you accept the certificate only for the current session, you are prompted to accept or reject the certificate every time you connect to the server. If you reject the certificate, ODSM closes the connection to the server.
7.3.6.2.3 SSL Client and Server Authentication
If the server is using SSL Client and Server Authentication Mode, when you click Connect in Step 9, you are presented with a certificate. Follow the instructions in SSL Server Only Authentication.
After ODSM accepts the server's certificate, ODSM sends its own certificate to the server for authentication. The server accepts ODSM's certificate if that certificate is present in its trusted list of certificates.
If the DN of ODSM's certificate is present in the server, you do not need to provide the username and password in the connection dialog.
If the DN of ODSM's certificate is not present in the server, you must provide the user name and password.
ODSM's certificate is a self-signed certificate. You must use the keytool
command to assign a CA signed certificate to ODSM. See Managing Oracle Directory Services Manager's Java Key Store.
7.3.6.3 Connecting to an SSO-Enabled Directory as an SSO-Authenticated User
If you have already been authenticated by the single sign-on server, ODSM allows you to connect to SSO-enabled directories without logging in, provided you have an entry in that directory. When you access the ODSM Welcome page, if you have an entry in only one SSO-enabled directory, ODSM connects you to it. If you have entries in more than one SSO-enabled directory ODSM allows you to select directory you want to connect to, as follows.
Click the small arrow to the right of the label Click to connect to a directory. In this case, the dialog box contains an extra section, listing SSO-enabled directories you are authorized to connect to. Select the directory you want. ODSM connects you without requesting a username or password.
If the port you connected to is an SSL port, you still must perform the appropriate steps in SSL No Authentication, SSL Server Only Authentication, or SSL Client and Server Authentication.
7.3.7 Configuring Oracle Directory Services Manager Session Timeout
Beginning with Oracle Internet Directory 11g Release 1 (11.1.1.9.0), the default session timeout for Oracle Directory Services Manager (ODSM) is 5 minutes (300 seconds). You can set the ODSM session timeout to a different value using the WebLogic Server Administration Console. (In earlier releases, you set the timeout by editing the <session-config>
element in the web.xml
deployment descriptor.)
To configure the ODSM session timeout:
- Log in to the WebLogic Server Administration Console.
- In the Change Center, click Lock and Edit.
- In the left pane, click Deployments.
- Under Deployments, expand odsm.
- Under Modules, click /odsm.
- Select the Configuration tab.
- Set the Session Timeout (in seconds) to the required value. For example: 600 seconds.
- Click Save.
- Under Save Deployment Plan Assistant, click OK to save the change to the
Plan.xml
file. - In the Change Center, click Activate Changes.
To test your change, access ODSM, log in to a directory server, and leave the session idle for the time you specified for the session timeout (for example, 600 seconds). The session times out after the specified time, and ODSM displays the session timeout popup message.
7.3.8 Configuring Oracle HTTP Server to Support Oracle Directory Services Manager in an Oracle WebLogic Server Cluster
Perform the following steps to configure Oracle HTTP Server to route Oracle Directory Services Manager requests to multiple Oracle WebLogic Servers in a clustered Oracle WebLogic Server environment
To configure Oracle HTTP Server:
Note:
Oracle Directory Services Manager loses its connection and displays a session time-out message if the Oracle WebLogic Server in the cluster that it is connected to fails. Oracle Directory Services Manager requests are routed to the secondary Oracle WebLogic Server in the cluster that you identified in the httpd.conf file after you log back in to Oracle Directory Services Manager.
7.4 Overview of Managing Oracle Internet Directory Using Command-Line Utilities
Command-Line utilities can be used to manage Oracle Internet Directory. You need to set specific environmental variables to use most Oracle Internet Directory command-line utilities.
This section contains the following topics:
7.4.1 About Setting Environmental Variables to Use Oracle Internet Directory Command-Line Utilities
To use most Oracle Internet Directory command-line utilities and Database client utilities like sqlplus, you must set the following environmental variables.
To set the environmental variables:
-
ORACLE_HOME
- The location of non-writable files in your Oracle Identity Management installation. -
DOMAIN_HOME
- The location of writable files in your Oracle Identity Management installation. -
TNS_ADMIN
- The directory where the database connect string is defined in the tnsnames.ora file. By default it is the$DOMAIN_HOME/config/fmwconfig/components/OID/componentName/config/
directory. The database connect alias as defined intnsnames.ora
isOIDDB
by default. -
NLS_LANG
(APPROPRIATE_LANGUAGE
.AL32UTF8
) - The default language set at installation isAMERICAN_AMERICA
. -
PATH
- The following directory locations should be added to yourPATH
:$
ORACLE_HOME
/bin
$
ORACLE_HOME
/ldap/bin
$
DOMAIN_HOME
/bin
Many of the activities that you can perform at the command line can also be performed in Oracle Enterprise Manager Fusion Middleware Control or Oracle Directory Services Manager. A few functions are only available from the command line.
7.4.2 About Standard LDAP Utilities
Oracle Internet Directory supports the standard LDAP command-line utilities ldapadd
, ldapaddmt
, ldapbind
, ldapcompare
, ldapdelete
, ldapmoddn
, ldapmodify
, ldapmodifymt
, and ldapsearch
.
For example:
ldapbind -D "cn=orcladmin" -q -h "myserver.example.com" -p 3060 ldapsearch -b "cn=subschemasubentry" -s base "objectclass=*" -p 3060 \ -D "cn=orcladmin" -q
This book contains many examples of LDAP tool use.
See Also:
-
Oracle Internet Directory Data Management Tools in Reference for Oracle Identity Management for a detailed description of each tool.
For security reasons, avoid supplying a password on the command line whenever possible. A password typed on the command line is visible on your screen and might appear in log files or in the output from the ps
command.
When you supply a password at a prompt, it is not visible on the screen, in ps
output, or in log files. Use the -Q
and -q
options, respectively, instead of the -P
password
and -w
password
options. If there is no wallet password and you are using the -Q
option, when prompted for the password, hit Enter.
The LDAP
tools have been modified to disable the options -w
password
and -P
password
when the environment variable LDAP_PASSWORD_PROMPTONLY
is set to TRUE
or 1
. Use this feature whenever possible.
See Using Passwords with Command-Line Tools in Reference for Oracle Identity Management.
7.4.3 Bulk Tools
Oracle Internet Directory provides several tools to help you manage large numbers of entries.
See Performing Bulk Operations
See Also:
Oracle Internet Directory Data Management Tools in Reference for Oracle Identity Management for a detailed description of each tool.
7.4.4 About WLST
The Oracle WebLogic Scripting Tool (WLST) is a Jython-based command-line scripting environment that you can use to manage and monitor WebLogic Server domains. To use it to manage and monitor Oracle Internet Directory, you must navigate to the custom MBean tree where Oracle Internet Directory is located. Then you can list, get values, and change values of the managed beans (MBeans) that represent Oracle Internet Directory resources.
Note:
WLST manages Oracle Internet Directory through its SSL port. Set orclsslenable
to 1
or 2
if you use WLST or Oracle Enterprise Manager
Fusion Middleware Control to configure the server. See About SSL Authentication Modes.
7.5 Basic Tasks for Configuring and Managing Oracle Internet Directory
Learn about the steps that you must take to configure and manage a basic Oracle Internet Directory environment from the following table.
Table 7-2 Basic Tasks for Configuring and Managing Oracle internet Directory
Task | Reference |
---|---|
Start and stop the LDAP server |
|
Manage system configuration attributes |
|
Manage directory entries |
|
Manage directory schema |
|
Configure auditing |
|
Manage log files |
See Managing Logging |
Configure SSL |
|
Configure password policies |
|
Configure access control |
|
Get sizing and tuning recommendations for Oracle Internet Directory deployments |
See Obtaining Recommendations by Using the Tuning and Sizing Wizard in Tuning Performance. |
Set up replication |
|
Modifying an existing replication setup |
This guide describes other tasks that you might need to perform, depending on your Oracle Fusion Middleware environment.