This chapter describes the new features of the Software Developer's Kit (SDK) for Oracle Identity Management—both in the current release and in previous releases. Use the links provided in each section to learn more about each feature.
This chapter includes the following sections:
Note:
As of Release 11g Release 1 (11.1.1), the recommended security API for Fusion Middleware application developers is Oracle Platform Security for Java, which is documented in the Oracle Fusion Middleware Application Security Guide. The Oracle Identity Management interfaces described in the current book are supported for developers who maintain and extend existing solutions already integrated with the SDK.Oracle Fusion Middleware 11g Release 1 (11.1.1) does not include Oracle Single Sign-On or Oracle Delegated Administration Services. Oracle Internet Directory 11g Release 1 (11.1.1), however, is compatible with Oracle Single Sign-On 10g (10.1.4.3.0) or later and Oracle Delegated Administration Services 10g (10.1.4.3.0) or later.
The 11g Release 1 (11.1.1.9.0) SDK includes the following new features:
New controls:
The Proxy Authorization control allows an LDAP operation (ldapsearch, ldapadd, ldapdelete, ldapmodify, ldapmoddn, or ldapcompare) to be performed by a proxy user on behalf of a single or multiple users without requiring the proxy user to rebind to Oracle Internet Directory server.
The Password Policy request and response controls allow an LDAP client application to request information from Oracle Internet Directory server about the current password policy state for a user entry.
The Persistent Search controls allows an LDAP client to send a persistent search request to Oracle Internet Directory server to communicate the changes made on the server.
See Using Controls.
The 11g Release 1 (11.1.1.7.0) SDK adds the following new controls:
The Virtual List View (VLV) request and response controls allow a client to specify that the server return, for a given LDAP search, a contiguous subset of a large search result set.
The Computed Attribute Value Uniqueness control allows computed attribute values to be unique across a directory.
See Using Controls.
The 11g Release 1 (11.1.1.6) SDK adds support for transactions. See Using LDAP Transactions.
The 11g Release 1 (11.1.1) SDK adds support for Internet Protocol version 6 (IPv6). The C and Java APIs now support both IPv6 and IPv4 addresses.
The 10g (10.1.4.0.1) SDK adds:
Java plug-in support.
Server plug-ins can now be written in Java and in PL/SQL. For more information, please see Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory for more information.
Paging and sorting of LDAP search results.
You can now obtain paged and sorted results from LDAP searches. For more information, please see "Sorted LDAP Search Results" and "Paged LDAP Search Results" in Chapter 3, "Extensions to the LDAP Protocol".
Added functionality for hierarchical searches.
You can now traverse the hierarchy in either direction and specify the number of levels of the hierarchy to search. For more information, please see "Performing Hierarchical Searches"in Chapter 3, "Extensions to the LDAP Protocol".
Support for all three modes of SASL Digest-MD5 authentication.
Oracle Internet Directory now supports all three modes with the Java Naming and Directory Interface (JNDI) of jdk1.4 API or with the OpenLDAP Java API. For more information, please see "SASL Authentication" in Chapter 3, "Extensions to the LDAP Protocol" and "Example: Using SASL Digest-MD5 auth-int and auth-conf Modes" in Chapter 5, "Using the Java API Extensions to JNDI".
The release 10.1.2 SDK adds:
Centralized user provisioning.
This feature enables you to provision application users into the Oracle Identity Management infrastructure. To learn more, see Chapter 12, "Oracle Directory Integration and Provisioning Java API Reference".
Dynamic password verifiers
This feature addresses the needs of applications that provide parameters for password verifiers only at runtime. To learn more, see "Creating Dynamic Password Verifiers" in Chapter 3.
Binary support for ldapmodify, ldapadd, and ldapcompare plug-ins
Directory plug-ins can now access binary attributes in the directory database. To learn more, see "Binary Support in the PL/SQLPlug-in Framework" in Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.
Plug-in support for the Oracle Directory Integration and Provisioning Server
These Java hooks enable an enterprise to incorporate its own business rules and to tailor footprint creation to its needs. To learn more, see Appendix A.
The following features made their debut in the release 9.0.4 SDK:
URL API for Oracle Delegated Administration Services
This API enables you to build administrative and self-service consoles that delegated administrators can use to perform directory operations.
PL/SQL API Enhancements:
New functions in the LDAP v3 standard. Previously available only in the C API, these functions are now available in PL/SQL.
Functions that enable proxy access to middle-tier applications.
Functions that create and manage provisioning profiles in the Oracle Directory Integration and Provisioning.
To learn more, see Chapter 7.
Plug-in support for external authentication
This feature enables administrators to use Microsoft Active Directory to store and manage security credentials for Oracle components. Chapter 12
Server discovery using DNS
This feature enables directory clients to discover the host name and port number of a directory server. It reduces the cost of maintaining directory clients in large deployments. To learn more, see "Discovering a Directory Server" in Chapter 4.
XML support for the directory SDK and directory tools
This feature enables LDAP tools to process XML and LDIF notation. Directory APIs can manipulate data in a DSML 1.0 format.
Caching for client-side referrals
This feature enables clients to cache referral information, speeding up referral processing.