What's New in This Guide?

This preface introduces the new and changed features of Oracle Unified Directory and Oracle Unified Directory Services Manager (OUDSM) since the previous release, and provides pointers to additional information. The information includes the following section:

• Updates in April 2024 Bundle Patch for 12c Release (12.2.1.4.0)
• Updates in October 2023 Bundle Patch for 12c Release (12.2.1.4.0)
• Updates in April 2023 Bundle Patch for 12c Release (12.2.1.4.0)
• Updates in October 2022 Bundle Patch for 12c Release (12.2.1.4.0)
• Updates in October 2021 Documentation Refresh for 12c Release (12.2.1.4.0)

• Updates in April 2021 Documentation Refresh for 12c Release (12.2.1.4.0)

• New and Changed Features for Oracle Unified Directory 12c (12.2.1.4.0)

Follow the pointers into this guide to get more information about the features and how to use them. This document is the new edition of the formerly titled Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

Updates in April 2024 Bundle Patch for 12c Release (12.2.1.4.0)

This release of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

• Support for logging the OUD instance name in server.out logs. See Logging OUD Instance Name in server.out Logs.
• Added a version attribute string to the output of the ldapsearch command with cn=monitor and cn=version,cn=monitor. See Monitoring General-Purpose Server Information and Monitoring Version Information.
• Support for customizing message template files for SMTP account status notification handlers. See Customizing Message Template Files for SMTP Account Status Notification Handlers.
• Support for sorting of multi-valued attributes for a specific backend using the dsconfig command. See Sorting Multi-Valued Attributes in a Search Response.

Updates in October 2023 Bundle Patch for 12c Release (12.2.1.4.0)

This release of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

• Introducing command-line utility, purge-backup, for automatically purging backup data files. See Purging Backup Data Files Automatically and purge-backup.
• Support for IDLE-TIME-LIMIT configuration parameter for network groups. See Creating a Resource Limit Quality of Service Policy.
• Support to configure OAM as OAuth Identity Provider in OUD. See Configuring OAM as OAuth Identity Provider in OUD.

Updates in April 2023 Bundle Patch for 12c Release (12.2.1.4.0)

This release of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

• Support for SNMP traps for monitoring. See Configuring SNMP Traps and Supported SNMP Traps OID Mapping.
• Support for Subtree Access Control Quality of Service Policy. See Creating a Subtree Access Control Quality of Service Policy.

Updates in October 2022 Bundle Patch for 12c Release (12.2.1.4.0)

This release of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

• Support for logging TLS version and negotiated cipher suite in access log for secure connections. See Logging Additional Connection Details.
• Ability to transform remote LDAP server’s Global Unique Identifier value. See Overview of Transforming Remote LDAP Server’s Global Unique Identifier Value.
• Support for ignoring LDAP controls by the proxy server. See Modifying the Advanced Properties of an LDAP Server Extension.
• Support for configuring log level and log location for server commands. See Managing CLI Log Configuration for Server Commands.

Updates in October 2021 Documentation Refresh for 12c Release (12.2.1.4.0)

This revision of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

• Improving OUD Performance

  To improve the OUD performance, some changes are made in the default OUD configuration parameters. Some log publishers are now disabled by default to increase OUD performance by reducing disk I/O. This will affect only new instances. The disabled log publishers can be enabled again using the dsconfig command after you set up the instances. To enable a log publisher, refer Enabling a Log Publisher.

• Listen Address for Replication Server

  In this release, a new configurable attribute is introduced to configure replication listen address. Currently only replication listen port is available for configuration. The default listen address is 0.0.0.0. Now the replication listen address is configurable to support multiple replication server with the same replication port in a single cluster node with multiple logical IPs. For more information, refer Enabling Replication Between Two Servers With dsreplication.

• Maintain Same Timezone

  In this release, a new configurable attribute namely, last-login-time-zone is introduced to maintain same timezone across all the OUD instances for attribute value last-login-time. For more information, refer Default Password Policy Properties.

• Multi-Value Attribute

  In RDBMS workflow element, when certain table structures contained multiple rows for the same entity (including joins in some cases), it returned duplicate records in the LDAP search results. This has now been fixed and all attribute values are merged together and returned as part of the LDAP entry. For more information, refer Accessing Remote Data Sources.

• AES-GCM based Attribute Encryption

  Oracle Unified Directory now supports stronger AES GCM based attribute encryption algorithms. AES-256-GCM is the default attribute encryption algorithm starting this release. For re-encryption of existing data, OUD now supports data reencryption using scheduled task. For more information, refer Understanding Data Encryption in Oracle Unified Directory.

• Customizing Self Signed Certificate Generation Options

  Oracle Unified Directory now uses RSA key algorithm with 3072 bits key and SHA256 with RSA signing algorithm for any new self-signed certificates it generates. During OUD setup, you can now customize the key algorithm, key bit size and signature algorithm for the self-signed certificate. For more information, refer Configuring Security Between Clients and Servers.

• Support for Custom Password Storage Scheme

  Oracle Unified Directory now supports User-defined password storage scheme. User-defined password storage scheme provides the ability to implement and deploy custom password hashing schemes into the server. For more information, refer Managing Password Policies.

Updates in April 2021 Documentation Refresh for 12c Release (12.2.1.4.0)

This revision of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

• Keystore and Truststore Enhancement

  From this release onward, the PIN needed to access a truststore or keystore is stored in an encrypted format inside the key-store-pin or trust-store-pin attribute of the corresponding configuration entry within Oracle Unified Directory.

  In earlier releases, PIN files contained passwords in cleartext format. The mechanism of providing password is no longer supported. In addition, keystore or truststore configuration attributes such as trust-store-pin-file, trust-store-pin-property, and trust-store-pin-environment-variable, key-store-pin-file, key-store-pin-property, and key-store-pin-environment varliable are no longer referred while getting pin value.

  If your environment contains configuration attributes such as trust-store-pin-file, trust-store-pin-property, or trust-store-pin-environment-variable, then after you upgrade to the latest bundle patch, the PIN value determined from these configuration attributes is automatically moved to the trust-store-pin configuration attribute and stored in an encrypted format.

  If your environment contains configuration attributes such as key-store-pin-file, key-store-pin-property, or key-store-pin-environment-variable, then after you upgrade to the latest bundle patch, the PIN value determined from these configuration attributes is automatically moved to the key-store-pin configuration attribute and stored in an encrypted format.

  All relevant references to PIN files and the above-unsupported configuration attributes have been removed from this guide.

• Support for Retriveing Keystore or Trustore Password Using the dsconfig Utility

  The dsconfig utility has been enhanced to include a new argument --showKeystorePassword to retrieve the password for the keystore or trustore. When you run the dsconfig utility by passing the --showKeystorePassword argument, the password is decrypted and is displayed in clear text on the terminal. You can no longer obtain the password directly from the PIN file. For information about the --showKeystorePassword argument, see dsconfig.

New and Changed Features for Oracle Unified Directory 12c (12.2.1.4.0)

Oracle Unified Directory 12c (12.2.1.4.0) includes the following new and changed features:

• Oracle Unified Directory supports System for Cross-domain Identity Management (SCIM), which is a standard protocol for accessing identity information (users, groups, etc) over HTTP(S). See Managing OUD Directory Data with SCIM REST API.

• Oracle Unified Directory allows the users to perform administration and configuration through REST APIs. See Administering Oracle Unified Directory Using REST API.

• Data Management REST API to manage directory data in Oracle Unified Directory. See Managing Directory Data Using Data Management REST API and Rest API for Oracle Unified Directory Data Management.

• Enhanced loggers to include details about BindDN, ClientIP, and Protocol based on the configuration parameter, log-connection-details.
• Loggers for REST/SCIM HTTP(S) Connections to print logs in *http* files in the instance logs directory. Such loggers can be configured through "Log Publishers" configuration using dsconfig.