Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory
11
g
Release 1 (11.1.1)
Part Number E10029-02
Home
Book List
Index
Contact Us
Next
View PDF
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Internet Directory?
New Features Introduced with Oracle Internet Directory 11
g
Release 1 (11.1.1)
New Features Introduced with Oracle Internet Directory 10g (10.1.4.1)
New Features Introduced with Oracle Internet Directory 10g Release 2 (10.1.2)
New Features Introduced with Oracle Internet Directory 10
g
(9.0.4)
About Oracle Internet Directory Release 9.2
New Features Introduced with Oracle Internet Directory Release 9.0.2
Part I Understanding Directory Services
1
Introduction to Directory Services
1.1
What Is a Directory?
1.1.1
The Expanding Role of Online Directories
1.1.2
The Problem: Too Many Special-Purpose Directories
1.2
What Is the Lightweight Directory Access Protocol (LDAP)?
1.2.1
LDAP and Simplified Directory Management
1.2.2
LDAP Version 3
1.3
What Is Oracle Internet Directory?
1.3.1
Overview of Oracle Internet Directory
1.3.2
Components of Oracle Internet Directory
1.3.3
Advantages of Oracle Internet Directory
1.3.3.1
Scalability
1.3.3.2
High Availability
1.3.3.3
Security
1.3.3.4
Integration with the Oracle Environment
1.4
How Oracle Products Use Oracle Internet Directory
1.4.1
Easier and More Cost-Effective Administration of Oracle Products
1.4.2
Tighter Security Through Centralized Security Policy Administration
1.4.3
Integration of Multiple Directories
2
Understanding Oracle Internet Directory in Oracle Fusion Middleware
2.1
WebLogic Server Domain
2.2
Oracle Internet Directory as a System Component
2.3
Oracle Internet Directory Deployment Options
2.4
Middleware Home
2.5
WebLogic Server Home
2.6
Oracle Common Home
2.7
Oracle Home
2.8
Oracle Instance
2.9
Oracle Enterprise Manager Fusion Middleware Control
2.10
Logging, Auditing, and Diagnostics
2.11
MBeans and the WebLogic Scripting Tool
3
Understanding Oracle Internet Directory Concepts and Architecture
3.1
Oracle Internet Directory Architecture
3.1.1
An Oracle Internet Directory Node
3.1.2
An Oracle Directory Server Instance
3.1.3
Oracle Internet Directory Ports
3.1.4
Directory Metadata
3.2
How Oracle Internet Directory Processes a Search Request
3.3
Directory Entries
3.3.1
Distinguished Names (DNs) and Directory Information Trees (DITs)
3.3.2
Entry Caching
3.4
Attributes
3.4.1
Kinds of Attribute Information
3.4.2
Single-Valued and Multivalued Attributes
3.4.3
Common LDAP Attributes
3.4.4
Attribute Syntax
3.4.5
Attribute Matching Rules
3.4.6
Attribute Options
3.5
Object Classes
3.5.1
Subclasses, Superclasses, and Inheritance
3.5.2
Object Class Types
3.5.2.1
Structural Object Classes
3.5.2.2
Auxiliary Object Classes
3.5.2.3
Abstract Object Classes
3.6
Naming Contexts
3.7
Security
3.8
Globalization Support
3.9
Distributed Directories
3.9.1
Directory Replication
3.9.2
Directory Partitioning
3.10
Knowledge References and Referrals
3.11
Oracle Delegated Administration Services and the Oracle Internet Directory Self-Service Console
3.12
The Service Registry and Service to Service Authentication
3.13
Oracle Directory Integration Platform
3.14
Oracle Internet Directory and Identity Management
3.14.1
About Identity Management
3.14.2
Oracle Identity Management Products
3.14.3
Identity Management Realms
3.14.3.1
Default Identity Management Realm
3.14.3.2
Identity Management Policies
3.15
Resource Information
3.15.1
Resource Type Information
3.15.2
Resource Access Information
3.15.3
Location of Resource Information in the DIT
4
Understanding Process Control of Oracle Internet Directory Components
4.1
Oracle Internet Directory Process Control Architecture
4.2
The ODS_PROCESS_STATUS Table
4.3
Starting, Stopping, and Monitoring of Oracle Internet Directory Processes
4.3.1
Oracle Internet Directory Snippet in opmn.xml
4.3.2
OPMN Starting Oracle Internet Directory
4.3.3
OPMN Stopping of Oracle Internet Directory
4.3.4
Process Monitoring
4.4
Oracle Internet Directory Process Control–Best Practices
5
Understanding Oracle Internet Directory Organization
5.1
The Directory Information Tree
5.2
Planning the Overall Directory Structure
5.3
Planning the Names and Organization of Users and Groups
5.3.1
Organizing Users
5.3.2
Organizing Groups
5.4
Migrating a DIT from a Third-Party Directory
6
Understanding Oracle Internet Directory Replication
6.1
Why Use Replication?
6.2
Replication Concepts
6.2.1
Content to be Replicated: Full or Partial
6.2.2
Direction: One-Way, Two-Way, or Peer to Peer
6.2.3
Transport Mechanism: LDAP or Oracle Database Advanced Replication
6.2.4
Directory Replication Group (DRG) Type: Single-master, Multimaster, or Fan-out
6.2.4.1
Single-Master Replication Example
6.2.4.2
Multimaster Replication Example
6.2.4.3
Fan-out Replication Example
6.2.5
Loose Consistency Model
6.2.6
How the Replication Concepts Fit Together
6.2.7
Multimaster Replication with Fan-Out
6.3
What Kind of Replication Do You Need?
Part II Basic Administration
7
Getting Started With Oracle Internet Directory
7.1
Postinstallation Tasks and Information
7.1.1
Setting Up the Environment
7.1.2
Starting and Stopping the Oracle Stack
7.1.3
List of Default URLs and Ports
7.1.4
Tuning Oracle Internet Directory
7.1.5
Enabling Anonymous Binds
7.1.6
Enabling Oracle Internet Directory to run on Privileged Ports
7.1.7
Verify Oracle Database Time Zone
7.2
Using Fusion Middleware Control to Manage Oracle Internet Directory
7.3
Using Oracle Directory Services Manager to Manage Oracle Internet Directory
7.3.1
Invoking Oracle Directory Services Manager
7.3.2
Connecting to the Server from Oracle Directory Services Manager
7.3.2.1
Logging in to the Directory Server
7.3.2.2
Logging Into the Directory Server Using SSL
7.3.3
Configuring Oracle HTTP Server to Support an Oracle WebLogic Server Cluster
7.4
Using Command-Line Utilities to Manage Oracle Internet Directory
7.4.1
Using Standard LDAP Utilities
7.4.2
Attribute Case in ldapsearch Output
7.4.3
Using Bulk Tools
7.4.4
Using WLST
7.5
Basic Tasks for Configuring and Managing Oracle Internet Directory
8
Managing Oracle Internet Directory Instances
8.1
Introduction to Managing Oracle Internet Directory Instances
8.1.1
The Instance-Specific Configuration Entry
8.1.2
Creating the First Oracle Internet Directory Instance
8.1.3
Creating Additional Oracle Internet Directory Instances
8.1.4
Registering an Oracle Instance or Component with the WebLogic Server
8.2
Managing Oracle Internet Directory Components by Using Fusion Middleware Control
8.2.1
Viewing Active Server Information by Using Fusion Middleware Control
8.2.2
Starting the Oracle Internet Directory Server by Using Fusion Middleware Control
8.2.3
Stopping the Oracle Internet Directory Server by Using Fusion Middleware Control
8.2.4
Restarting the Oracle Internet Directory Server by Using Fusion Middleware Control
8.3
Managing Oracle Internet Directory Components by Using opmnctl
8.3.1
Creating an Oracle Internet Directory Component by Using opmnctl
8.3.2
Registering an Oracle Instance by Using opmnctl
8.3.3
Unregistering an Oracle Instance by Using opmnctl
8.3.4
Updating the Component Registration of an Oracle Instance by Using opmnctl
8.3.5
Deleting an Oracle Internet Directory Component by Using opmnctl
8.3.6
Viewing Active Server Instance Information by Using opmnctl
8.3.7
Starting the Oracle Internet Directory Server by Using opmnctl
8.3.8
Stopping the Oracle Internet Directory Server by Using opmnctl
8.3.9
Restarting the Oracle Internet Directory Server by Using opmnctl
8.3.10
Changing the Oracle Database Information in opmn.xml
8.4
Starting an Instance of the Replication Server by Using OIDCTL
9
Managing System Configuration Attributes
9.1
Introduction to Managing System Configuration Attributes
9.1.1
What are Configuration Attributes?
9.1.2
Attributes of the Instance-Specific Configuration Entry
9.1.3
Attributes of the DSA Configuration Entry
9.1.4
Attributes of the DSE
9.2
Managing System Configuration Attributes by Using Fusion Middleware Control
9.2.1
Configuring Server Properties
9.2.2
Configuring Shared Properties
9.2.3
Configuring Other Parameters
9.3
Managing System Configuration Attributes by Using WLST
9.4
Managing System Configuration Attributes by Using LDAP Tools
9.4.1
Setting System Configuration Attributes by Using ldapmodify
9.4.2
Listing Configuration Attributes with ldapsearch
9.5
Managing System Configuration Attributes by Using ODSM Data Browser
9.5.1
Navigating to the Instance-Specific Configuration Entry
9.5.2
Navigating to the DSA Configuration Entry
9.5.3
Navigating to the DSE Root
10
Managing IP Addresses
10.1
Introduction to Managing IP Addresses
10.2
Configuring an IP Address for IP V6, Cold Failover Cluster, or Virtual IP
11
Managing Naming Contexts
11.1
Introduction to Managing Naming Contexts
11.2
Searching for Published Naming Contexts
11.3
Publishing a Naming Context
12
Managing Accounts and Passwords
12.1
Introduction to Managing Accounts and Passwords
12.2
Managing Accounts and Passwords by Using Command-Line Tools
12.2.1
Enabling and Disabling Accounts by Using Command-Line Tools
12.2.2
Unlocking Accounts by Using Command-Line Tools
12.2.3
Forcing a Password Change by Using Command-Line Tools
12.3
Managing Accounts and Passwords by Using the Self-Service Console
12.3.1
Enabling and Disabling Accounts by Using the Self-Service Console
12.3.2
Unlocking Accounts by Using the Self-Service Console
12.3.3
Resetting Your Own Password by Using the Self-Service Console
12.4
Changing the Superuser Password by Using Fusion Middleware Control
12.5
Creating Another Account With Superuser Privileges
12.6
Managing the Superuser by Using ldapmodify
12.7
Changing the Oracle Internet Directory Database Password
12.8
Resetting the Superuser Password
12.9
Changing the Password for the EMD Administrator Account
12.10
Changing the Password for the ODSSM Administrator Account
13
Managing Directory Entries
13.1
Introduction to Managing Directory Entries
13.2
Managing Entries by Using Oracle Directory Services Manager
13.2.1
Displaying Entries by Using Oracle Directory Services Manager
13.2.2
Searching for Entries by Using Oracle Directory Services Manager
13.2.3
Viewing Attributes for a Specific Entry by Using Oracle Directory Services Manager
13.2.4
Adding a New Entry by Using Oracle Directory Services Manager
13.2.5
Adding an Entry by Copying an Existing Entry in Oracle Directory Services Manager
13.2.6
Modifying an Entry by Using Oracle Directory Services Manager
13.3
Managing Entries by Using LDAP Command-Line Tools
13.3.1
Listing All the Attributes in the Directory by Using ldapsearch
13.3.2
Adding a User Entry by Using ldapadd
13.3.3
Modifying a User Entry by Using ldapmodify
13.3.4
Adding an Attribute Option by Using ldapmodify
13.3.5
Deleting an Attribute Option by Using ldapmodify
13.3.6
Searching for Entries with Attribute Options by Using ldapsearch
14
Performing Bulk Operations
14.1
Introduction to Performing Bulk Operations
14.2
Changing Server Mode
14.2.1
Setting the Server Mode by Using Fusion Middleware Control
14.2.2
Setting the Server Mode by Using ldapmodify
14.3
Loading Data Into the Schema by Using bulkload
14.3.1
Importing an LDIF File by Using bulkload
14.3.2
Loading Data in Incremental or Append Mode By Using bulkload
14.3.3
Performing Index Verification By Using bulkload
14.3.4
Re-Creating Indexes By Using bulkload
14.3.5
Recovering Data After a Load Failure By Using bulkload
14.4
Modifying Attributes of a Large Number of Entries By Using bulkmodify
14.4.1
Adding a Description for All Entries Under a Specified Naming Context
14.4.2
Adding an Attribute for Entries Under a Specified Naming Context Matching a Filter
14.4.3
Replacing an Attribute for All Entries Under a Specified Naming Context
14.5
Deleting Entries or Attributes of Entries by Using bulkdelete
14.5.1
Deleting All Entries Under a Specified Naming Context by Using bulkdelete
14.5.2
Deleting Entries Under Naming Contexts and Making them Tombstone Entries
14.6
Dumping Data from Oracle Internet Directory to a File by Using ldifwrite
14.6.1
Dumping Part of a Specified Naming Context to an LDIF File
14.6.2
Dumping Entries Under a Specified Naming Context to an LDIF File
14.7
Creating and Dropping Indexes from Existing Attributes by Using catalog
14.7.1
Changing a Searchable Attribute into a Non-searchable Attribute
14.7.2
Changing a Non-searchable Attribute into a Searchable Attribute
15
Managing Dynamic and Static Groups
15.1
Introduction to Managing Dynamic and Static Groups
15.1.1
Static Groups
15.1.1.1
Schema Elements for Creating Static Groups
15.1.2
Dynamic Groups
15.1.2.1
Enhancements to and Limitations of Dynamic Groups in Oracle Internet Directory
15.1.2.2
Schema Elements for Creating a Dynamic Group
15.1.3
Hierarchies
15.1.4
Querying Group Entries
15.1.5
When to Use Each Kind of Group
15.2
Managing Group Entries by Using Oracle Directory Services Manager
15.2.1
Creating Static Group Entries by Using Oracle Directory Services Manager
15.2.2
Modifying a Static Group Entry by Using Oracle Directory Services Manager
15.2.3
Creating Dynamic Group Entries by Using Oracle Directory Services Manager
15.2.4
Modifying a Dynamic Group Entry by Using Oracle Directory Services Manager
15.3
Managing Group Entries by Using the Command Line
15.3.1
Creating a Static Group Entry by Using ldapadd
15.3.2
Modifying a Static Group by Using ldapmodify
15.3.3
Creating a Dynamic Group Entry by Using ldapadd
15.3.4
Modifying a Dynamic Group by Using ldapmodify
16
Managing Alias Entries
16.1
Introduction to Managing Alias Entries
16.2
Adding an Alias Entry
16.3
Searching the Directory with Alias Entries
16.3.1
Searching the Base with Alias Entries
16.3.2
Searching One-Level with Alias Entries
16.3.3
Searching a Subtree with Alias Entries
16.4
Modifying Alias Entries
16.5
Interpreting Messages Related to Alias Dereferencing
17
Managing Attribute Uniqueness Constraint Entries
17.1
Introduction to Managing Attribute Uniqueness Constraint Entries
17.2
Specifying Attribute Uniqueness Constraint Entries
17.2.1
Specifying Multiple Attribute Names in an Attribute Uniqueness Constraint
17.2.2
Specifying Multiple Subtrees in an Attribute Uniqueness Constraint
17.2.3
Specifying Multiple Scopes in an Attribute Uniqueness Constraint
17.2.4
Specifying Multiple Object Classes in an Attribute Uniqueness Constraint
17.2.5
Specifying Multiple Subtrees, Scopes, and Object Classes in an Attribute Uniqueness Constraint
17.3
Managing an Attribute Uniqueness Constraint Entry by Using Oracle Directory Services Manager
17.3.1
Creating an Attribute Uniqueness Constraint Entry by Using ODSM
17.3.2
Modifying an Attribute Uniqueness Constraint Entry by Using ODSM
17.3.3
Deleting an Attribute Uniqueness Constraint Entry by Using ODSM
17.4
Managing an Attribute Uniqueness Constraint Entry by Using the Command Line
17.4.1
Creating Attribute Uniqueness Across a Directory by Using Command-Line Tools
17.4.2
Creating Attribute Uniqueness Across One Subtree by Using Command-Line Tools
17.4.3
Creating Attribute Uniqueness Across One Object Class by Using Command-Line Tools
17.4.4
Modifying Attribute Uniqueness Constraint Entries by Using Command-Line Tools
17.4.5
Deleting Attribute Uniqueness Constraint Entries by Using Command-Line Tools
17.4.6
Enabling and Disabling Attribute Uniqueness by Using Command-Line Tools
18
Managing Knowledge References and Referrals
18.1
Introduction to Managing Knowledge References and Referrals
18.2
Configuring Smart Referrals
18.3
Configuring Default Referrals
19
Managing Directory Schema
19.1
Introduction to Managing Directory Schema
19.1.1
Where Schema Information is Stored in the Directory
19.1.2
Understanding Object Classes
19.1.2.1
About Adding Object Classes
19.1.2.2
About Modifying Object Classes
19.1.2.3
About Deleting Object Classes
19.1.3
Understanding Attributes
19.1.3.1
About Adding Attributes
19.1.3.2
About Modifying Attributes
19.1.3.3
About Deleting Attributes
19.1.3.4
About Indexing Attributes
19.1.4
Extending the Number of Attributes Associated with Entries
19.1.4.1
Extending the Number of Attributes before Creating Entries in the Directory
19.1.4.2
Extending the Number of Attributes for Existing Entries by Using an Auxiliary Class
19.1.4.3
Extending the Number of Attributes for Existing Entries by Using a Content Rule
19.1.4.4
Rules for Creating and Modifying Content Rules
19.1.4.5
Schema Enforcement When Using Content Rules
19.1.4.6
Searches for Object Classes Listed in Content Rules
19.1.5
Understanding Attribute Aliases
19.1.6
Object Identifier Support in LDAP Operations
19.2
Managing Directory Schema by Using Oracle Directory Services Manager
19.2.1
Searching for Object Classes by Using Oracle Directory Services Manager
19.2.2
Adding Object Classes by Using Oracle Directory Services Manager
19.2.3
Modifying Object Classes by Using Oracle Directory Services Manager
19.2.4
Deleting Object Classes by Using Oracle Directory Services Manager
19.2.5
Viewing Properties of Object Classes by Using Oracle Directory Services Manager
19.2.6
Adding a New Attribute by Using Oracle Directory Services Manager
19.2.7
Modifying an Attribute by Using Oracle Directory Services Manager
19.2.8
Deleting an Attribute by Using Oracle Directory Services Manager
19.2.9
Viewing All Directory Attributes by Using Oracle Directory Services Manager
19.2.10
Searching for Attributes by Using Oracle Directory Services Manager
19.2.11
Adding an Index to a New Attribute by Using Oracle Directory Services Manager
19.2.12
Adding an Index to an Existing Attribute by Using Oracle Directory Services Manager
19.2.13
Dropping an Index from an Attribute by Using Oracle Directory Services Manager
19.2.14
Creating a Content Rule by Using Oracle Directory Services Manager
19.2.15
Modifying a Content Rule by Using Oracle Directory Services Manager
19.2.16
Viewing Matching Rules by Using Oracle Directory Services Manager
19.2.17
Viewing Syntaxes by Using Oracle Directory Services Manager
19.3
Managing Directory Schema by Using the Command Line
19.3.1
Viewing the Schema by Using ldapsearch
19.3.2
Adding a New Object Class by Using Command-Line Tools
19.3.3
Adding a New Attribute to an Auxiliary or User-Defined Object Class
19.3.4
Modifying Object Classes by Using Command-Line Tools
19.3.5
Adding and Modifying Attributes by Using ldapmodify
19.3.6
Deleting Attributes by Using ldapmodify
19.3.7
Indexing an Attribute for Which
No
Data Exists by Using ldapmodify
19.3.8
Dropping an Index from an Attribute by Using ldapmodify
19.3.9
Indexing an Attribute for Which Data Exists by Using the Catalog Management Tool
19.3.10
Adding a New Attribute With Attribute Aliases by Using the Command Line
19.3.11
Adding or Modifying Attribute Aliases in Existing Attributes
19.3.12
Deleting Attribute Aliases by Using the Command Line
19.3.13
Using Attribute Aliases with LDAP Commands
19.3.13.1
Using Attribute Aliases with ldapsearch
19.3.13.2
Using Attribute Aliases with ldapadd
19.3.13.3
Using Attribute Aliases with ldapmodify
19.3.13.4
Using Attribute Aliases with ldapdelete
19.3.13.5
Using Attribute Aliases with ldapmoddn
19.3.14
Managing Content Rules by Using Command-Line Tools
19.3.15
Viewing Matching Rules by Using ldapsearch
19.3.16
Viewing Syntaxes by Using by Using ldapsearch
20
Configuring Referential Integrity
20.1
Introduction to Configuring Referential Integrity
20.2
Enabling Referential Integrity by Using Fusion Middleware Control
20.3
Disabling Referential Integrity by Using Fusion Middleware Control
20.4
Enabling Referential Integrity by Using the Command Line
20.5
Configuring Specific Attributes for Referential Integrity by Using the Command Line
20.6
Disabling Referential Integrity by Using the Command Line
20.7
Detecting and Correcting Referential Integrity Violations
21
Managing Auditing
21.1
Introduction to Auditing
21.1.1
Oracle Internet Directory Audit Configuration
21.1.2
Replication and Oracle Directory Integration Platform Audit Configuration
21.1.3
Audit Record Fields
21.1.4
Audit Record Storage
21.1.5
Generating Audit Reports
21.2
Managing Auditing by Using Fusion Middleware Control
21.3
Managing Auditing by Using WLST
21.4
Managing Auditing from the Command Line
21.4.1
Viewing Audit Configuration from the Command Line
21.4.2
Configuring Oracle Internet Directory Auditing from the Command Line
21.4.3
Enabling Replication and Oracle Directory Integration Platform Auditing
22
Managing Logging
22.1
Introduction to Logging
22.1.1
Features of Oracle Internet Directory Debug Logging
22.1.2
Interpreting Log Messages
22.1.2.1
Log Messages for Specified LDAP Operations
22.1.2.2
Log Messages Not Associated with Specified LDAP Operations
22.1.2.3
Example: Trace Messages in Oracle Internet Directory Server Log File
22.2
Managing Logging by Using Fusion Middleware Control
22.2.1
Viewing Log Files by Using Fusion Middleware Control
22.2.2
Configuring Logging by Using Fusion Middleware Control
22.3
Managing Logging from the Command Line
22.3.1
Viewing Log Files from the Command Line
22.3.2
Setting Debug Logging Levels by Using the Command Line
22.3.3
Setting the Debug Operation by Using the Command Line
22.3.4
Force Flushing the Trace Information to a Log File
23
Monitoring Oracle Internet Directory
23.1
Introduction to Monitoring Oracle Internet Directory Server
23.1.1
Capabilities of Oracle Internet Directory Server Manageability
23.1.2
Oracle Internet Directory Server Manageability Architecture and Components
23.1.3
Purging of Security Events and Statistics Entries
23.1.4
Account Used for Accessing Server Manageability Information
23.2
Setting Up Statistics Collection by Using Fusion Middleware Control
23.2.1
Configuring Directory Server Statistics Collection by Using Fusion Middleware Control
23.2.2
Configuring a User for Statistics Collection by Using Fusion Middleware Control
23.3
Viewing Statistics Information with Fusion Middleware Control
23.3.1
Viewing Statistics Information on the Oracle Internet Directory Home Page
23.3.2
Viewing Information on the Oracle Internet Directory Performance Page
23.4
Viewing Statistics Information from the Oracle Directory Services Manager Home Page
23.5
Setting Up Statistics Collection by Using the Command-Line
23.5.1
Configuring Health, General, and Performance Statistics Attributes
23.5.2
Configuring Security Events Tracking
23.5.3
Configuring User Statistics Collection from the Command Line
23.5.4
Configuring Event Levels from the Command Line
23.5.5
Configuring a User for Statistics Collection by Using the Command Line
23.6
Viewing Information with the OIDDIAG Tool
24
Backing Up and Restoring Oracle Internet Directory
24.1
Introduction to Backing Up and Restoring Oracle Internet Directory
24.2
Backing Up and Restoring a Small Directory or Specific Naming Context
24.3
Backing Up and Restoring a Large Directory
Part III Advanced Administration: Security
25
Configuring Secure Sockets Layer (SSL)
25.1
Introduction to Configuring Secure Sockets Layer (SSL)
25.1.1
Supported Cipher Suites
25.1.2
Supported Protocol Versions
25.1.3
SSL Authentication Modes
25.1.4
Limitations of the Use of SSL in11
g
Release 1 (11.1.1)
25.1.5
Oracle Wallets
25.1.6
Other Components and SSL
25.1.7
SSL Interoperability Mode
25.1.8
StartTLS
25.2
Configuring SSL by Using Fusion Middleware Control
25.2.1
Creating a Wallet by Using Fusion Middleware Control
25.2.2
Configuring SSL Parameters by Using Fusion Middleware Control
25.2.3
Setting SSL Parameters with Fusion Middleware Control
25.3
Configuring SSL by Using WLST
25.4
Configuring SSL by Using LDAP Commands
25.5
Testing SSL Connections by Using Oracle Directory Services Manager
25.6
Testing SSL Connections From the Command Line
25.6.1
Testing SSL With Encryption Only
25.6.2
Testing SSL With Server Authentication
25.6.3
Testing SSL With Client and Server Authentication
25.7
Configuring SSL Interoperability Mode
26
Configuring Data Privacy
26.1
Introduction to Table Space Encryption
26.2
Enabling and Disabling Table Space Encryption
26.3
Introduction to Using Database Vault With Oracle Internet Directory
26.4
Configuring Oracle Database Vault to Protect Oracle Internet Directory Data
26.4.1
Installing Oracle Database Vault
26.4.2
Adding a Database Vault Realm and Policies for Oracle Internet Directory
26.4.3
Managing Oracle Database Vault Configuration for Oracle Internet Directory
26.4.4
Deleting Database Vault Policies For Oracle Internet Directory
26.4.5
Disabling Oracle Database Vault for the Oracle Internet Directory Database
26.5
Best Practices for Using Database Vault with Oracle Internet Directory
26.6
Introduction to Sensitive Attributes
26.7
Configuring Privacy of Retrieved Sensitive Attributes
26.8
Introduction to Hashed Attributes
26.9
Configuring Hashed Attributes
26.9.1
Configuring Hashed Attributes by Using Fusion Middleware Control
26.9.2
Configuring Hashed Attributes by Using ldapmodify
27
Managing Password Policies
27.1
Introduction to Managing Password Policies
27.1.1
What a Password Policy Is
27.1.2
Steps Required to Create and Apply a Password Policy
27.1.3
Fine-Grained Password Policies
27.1.4
Default Password Policy
27.1.5
Password Policy Attributes
27.1.6
Password Policy-Related Operational Attributes
27.1.7
Directory Server Verification of Password Policy Information
27.1.8
Password Policy Error Messages
27.1.9
Releases Before 10g (10.1.4.0.1)
27.2
Managing Password Policies by Using Oracle Directory Services Manager
27.2.1
Viewing Password Policies by Using Oracle Directory Services Manager
27.2.2
Modifying Password Policies by Using Oracle Directory Services Manager
27.2.3
Creating a Password Policy and Assigning it to a Subtree by Using ODSM
27.3
Managing Password Policies by Using Command-Line Tools
27.3.1
Viewing Password Policies by Using Command-Line Tools
27.3.2
Creating a New Password Policy by Using Command-Line Tools
27.3.3
Applying a Password Policy to a Subtree by Using Command-Line Tools
27.3.4
Setting Password Policies by Using Command-Line Tools
28
Managing Directory Access Control
28.1
Introduction to Managing Directory Access Control
28.1.1
Access Control Management Constructs
28.1.1.1
Access Control Policy Points (ACPs)
28.1.1.2
The orclACI Attribute for Prescriptive Access Control
28.1.1.3
The orclEntryLevelACI Attribute for Entry-Level Access Control
28.1.1.4
Security Groups
28.1.2
Access Control Information Components
28.1.2.1
Object: To What Are You Granting Access?
28.1.2.2
Subject: To Whom Are You Granting Access?
28.1.2.3
Operations: What Access Are You Granting?
28.1.3
Access Level Requirements for LDAP Operations
28.1.4
How ACL Evaluation Works
28.1.4.1
Precedence Rules Used in ACL Evaluation
28.1.4.2
Use of More Than One ACI for the Same Object
28.1.4.3
Exclusionary Access to Directory Objects
28.1.4.4
ACL Evaluation For Groups
28.2
Managing Access Control by Using Oracle Directory Services Manager
28.2.1
Viewing an ACP by Using Oracle Directory Services Manager
28.2.2
Adding an ACP by Using Oracle Directory Services Manager
28.2.2.1
Task 1: Specify the Entry That Will Be the ACP
28.2.2.2
Task 2: Configure Structural Access Items
28.2.2.3
Task 3: Configure Content Access Items
28.2.2.4
Delete a Structural or Content Access Item
28.2.3
Modifying an ACP by Using Access Control Management in ODSM
28.2.4
Adding or Modifying an ACP by Using the Data Browser in ODSM
28.2.5
Setting or Modifying Entry-Level Access by Using the Data Browser in ODSM
28.3
Managing Access Control by Using Command-Line Tools
28.3.1
Restricting the Kind of Entry a User Can Add
28.3.2
Setting Up an Inheritable ACP by Using ldapmodify
28.3.3
Setting Up Entry-Level ACIs by Using ldapmodify
28.3.4
Using Wildcards in an LDIF File with ldapmodify
28.3.5
Selecting Entries by DN
28.3.6
Using Attribute and Subject Selectors
28.3.7
Granting Read-Only Access
28.3.8
Granting Selfwrite Access to Group Entries
28.3.9
Defining a Completely Autonomous Policy to Inhibit Overriding Policies
29
Managing Password Verifiers
29.1
Introduction to Password Verifiers for Authenticating to the Directory
29.1.1
Userpassword Verifiers and Authentication to the Directory
29.1.2
Hashing Schemes for Creating Userpassword Verifiers
29.2
Managing Hashing Schemes for Password Verifiers for Authenticating to the Directory
29.3
Introduction to Password Verifiers for Authenticating to Components
29.3.1
About Password Verifiers for Authenticating to Oracle Components
29.3.2
Attributes for Storing Password Verifiers for Authenticating to Oracle Components
29.3.3
Default Verifiers for Oracle Components
29.3.4
How Password Verification Works for an Oracle Component
29.4
Managing Password Verifier Profiles for Oracle Components by Using ODSM
29.5
Managing Password Verifier Profiles for Components by Using Command-Line Tools
29.5.1
Viewing a Password Verifier Profile by Using Command-Line Tools
29.5.2
Example: Modifying a Password Verifier Profile by Using Command-Line Tools
29.6
Introduction to Generating Verifiers by Using Dynamic Parameters
29.7
Configuring Oracle Internet Directory to Generate Dynamic Password Verifiers
30
Delegating Privileges for Oracle Identity Management
30.1
Introduction to Delegating Privileges for Oracle Identity Management
30.1.1
How Delegation Works
30.1.2
Delegation in an Oracle Fusion Middleware Environment
30.1.3
About the Default Configuration
30.1.4
Privileges for Administering the Oracle Technology Stack
30.2
Delegating Privileges for User and Group Management
30.2.1
How Privileges Are Granted for Managing User and Group Data
30.2.2
Default Privileges for Managing User Data
30.2.2.1
Creating Users for a Realm
30.2.2.2
Modifying Attributes of a User
30.2.2.3
Deleting a User
30.2.2.4
Delegating User Administration
30.2.3
Default Privileges for Managing Group Data
30.2.3.1
Creating Groups
30.2.3.2
Modifying the Attributes of Groups
30.2.3.3
Deleting Groups
30.2.3.4
Delegating Group Administration
30.3
Delegating Privileges for Deployment of Oracle Components
30.3.1
How Deployment Privileges Are Granted
30.3.2
Oracle Application Server Administrators
30.3.3
User Management Application Administrators
30.3.4
Trusted Application Administrators
30.4
Delegating Privileges for Component Run Time
30.4.1
Default Privileges for Reading and Modifying User Passwords
30.4.2
Default Privileges for Comparing User Passwords
30.4.3
Default Privileges for Comparing Password Verifiers
30.4.4
Default Privileges for Proxying on Behalf of End Users
30.4.5
Default Privileges for Managing the Oracle Context
30.4.6
Default Privileges for Reading Common User Attributes
30.4.7
Default Privileges for Reading Common Group Attributes
30.4.8
Default Privileges for Reading the Service Registry
30.4.9
Default Privileges for Administering the Service Registry
31
Managing Authentication
31.1
Introduction to Authentication
31.1.1
Direct Authentication
31.1.2
Indirect Authentication
31.1.3
External Authentication
31.1.4
Simple Authentication and Security Layer (SASL)
31.2
Configuring Certificate Authentication Method by Using Fusion Middleware Control
31.3
Configuring SASL Authentication by Using Fusion Middleware Control
31.4
Configuring Certificate Authentication Method by Using Command-Line Tools
31.5
Configuring SASL Authentication by Using the Command Line
31.6
Introduction to Anonymous Binds
31.7
Managing Anonymous Binds
31.7.1
Managing Anonymous Binds by Using Fusion Middleware Control
31.7.2
Managing Anonymous Binds by Using the Command Line
Part IV Advanced Administration: Managing Directory Deployment
32
Planning, Deploying and Managing Realms
32.1
Introduction to Planning, Deploying and Managing Realms
32.1.1
Planning the Identity Management Realm
32.1.2
Identity Management Realms in an Enterprise Deployment
32.1.2.1
Single Identity Management Realm in the Enterprise
32.1.2.2
Multiple Identity Management Realms in the Enterprise
32.1.3
Identity Management Realms in a Hosted Deployment
32.1.4
Identity Management Realm Implementation in Oracle Internet Directory
32.1.5
Default Directory Information Tree and the Identity Management Realm
32.2
Customizing the Default Identity Management Realm
32.2.1
Steps to Update the Existing User and Group Search Base
32.2.2
Set up an Additional Search Base
32.2.3
Refresh Oracle Single Sign-On
32.2.4
Reconfigure Provisioning Profiles
32.3
Creating Additional Identity Management Realms for Hosted Deployments
33
Tuning and Sizing Oracle Internet Directory
34
Managing Garbage Collection
34.1
Introduction to Managing Garbage Collection
34.1.1
Components of the Oracle Internet Directory Garbage Collection Framework
34.1.1.1
Garbage Collection Plug-in
34.1.1.2
Background Database Processes
34.1.2
How Oracle Internet Directory Garbage Collection Works
34.1.3
Garbage Collector Entries and the Oracle Internet Directory Statistics Collector Entry
34.1.4
Change Log Purging
34.2
Set Oracle Database Time Zone for Garbage Collection
34.3
Modifying Oracle Internet Directory Garbage Collectors
34.3.1
Modifying a Garbage Collector by Using Oracle Directory Services Manager
34.3.2
Modifying a Garbage Collector by Using Command-Line Tools
34.3.2.1
Example 1: Modifying a Garbage Collector
34.3.2.2
Example 2: Disabling a Garbage Collector Change Log
34.3.3
Modifying the Oracle Internet Directory Statistics Collector
34.4
Managing Logging for Oracle Internet Directory Garbage Collectors
34.4.1
Enabling Logging for Oracle Internet Directory Garbage Collectors
34.4.2
Disabling Logging for Oracle Internet Directory Garbage Collectors
34.4.3
Monitoring Garbage Collection Logging
34.5
Configuring Time-Based Change Log Purging
35
Migrating Data from Other Data Repositories
35.1
Introduction to Migrating Data from Other Data Repositories
35.2
Migrating Data from LDAP-Compliant Directories
35.2.1
Migrating LDAP Data by Using an LDIF File and bulkload
35.2.2
Migrating LDAP Data by Using syncProfileBootstrap Directly
35.2.3
Migrating LDAP Data by Using an LDIF File and syncProfileBootstrap
35.2.4
Migrating LDAP Data by Using syncProfileBootstrap, bulkload, and LDIF Files
35.2.5
Migrating LDAP Data by Using the Oracle Directory Integration Platform Server
35.3
Migrating User Data from Application-Specific Repositories
35.3.1
The Intermediate Template File
35.3.2
Reconciling Data in Application Repository with Data Already in the Directory
35.3.3
Tasks For Migrating Data from Application-Specific Repositories
35.3.3.1
Task 1: Create an Intermediate Template File
35.3.3.2
Task 2: Run the OID Migration Tool
36
Configuring Server Chaining
36.1
Introduction to Configuring Server Chaining
36.1.1
Supported External Servers
36.1.2
Integrated Oracle Products
36.1.2.1
Oracle Single Sign-On
36.1.2.2
Enterprise User Security
36.1.3
Supported Operations
36.1.4
Server Chaining with Replication
36.2
Configuring Server Chaining
36.2.1
Configuring Server Chaining by Using Oracle Directory Services Manager
36.2.2
Configuring Server Chaining from the Command Line
36.3
Creating Server Chaining Configuration Entries
36.3.1
Configuration Entry Attributes
36.3.2
Requirements for User and Group Containers
36.3.3
Attribute Mapping
36.3.4
Active Directory Example
36.3.5
Active Directory with SSL Example
36.3.6
Active Directory with New Attributes Example
36.3.7
Sun Java System Directory Server (iPlanet) Example
36.3.8
Sun Java System Directory Server (iPlanet) with SSL Example
36.3.9
eDirectory Example
36.3.10
eDirectory with SSL Example
36.4
Debugging Server Chaining
36.5
Configuring an Active Directory Plug-in for Password Change Notification
Part V Advanced Administration: Directory Replication
37
Setting Up Replication
37.1
Introduction to Setting Up Replication
37.1.1
Replication Transport Mechanisms
37.1.2
Replication Setup Methods
37.1.2.1
Replication Wizard
37.1.2.2
Command Line Tools
37.1.2.3
Database Copy Procedure
37.1.3
Bootstrap Rules
37.1.4
The Replication Agreement
37.1.5
Other Replication Configuration Attributes
37.1.6
Replication Process and Architecture
37.1.7
Rules for Configuring LDAP-Based Replication
37.1.8
Replication Security
37.1.8.1
Authentication and the Directory Replication Server
37.1.8.2
Secure Sockets Layer (SSL) and Oracle Internet Directory Replication
37.1.9
LDAP Replication Filtering for Partial Replication
37.1.9.1
Included and Excluded Naming Contexts in LDAP Replication Filtering
37.1.9.2
Attributes that Control Naming Contexts
37.1.9.3
Rules for LDAP Replication Filtering
37.1.9.4
Examples of LDAP Replication Filtering
37.1.9.5
Rules for Managing Naming Contexts and Attributes
37.1.9.6
Optimization of Partial Replication Naming Context for Better Performance
37.2
Converting an Advanced Replication-Based Agreement to an LDAP-Based Agreement
37.3
Setting Up an LDAP-Based Replication Agreement by Using the Replication Wizard
37.4
Testing Replication by Using Oracle Directory Services Manager
37.5
Setting Up an LDAP-Based Replication by Using the Command Line
37.5.1
Copying Your LDAP Data by Using ldifwrite and bulkload
37.5.2
Setting Up an LDAP-Based Replica with Customized Settings
37.5.2.1
Setting Up an LDAP-Based Replica by Using Automatic Bootstrapping
37.5.2.2
Setting Up an LDAP-Based Replica by Using the ldifwrite Tool
37.5.3
Password Policy and Fan-out Replication
37.5.4
Deleting an LDAP-Based Replica
37.5.4.1
Task 1: Stop the Directory Replication Server on the Node to be Deleted
37.5.4.2
Task 2: Delete the Replica from the Replication Group
37.6
Setting Up a Multimaster Replication Group with Fan-Out
38
Setting Up Replication Failover
38.1
Introduction to Replication Failover
38.1.1
Limitations and Warnings for Replication Failover
38.1.2
Determining Which Type of Replication Failover to Use
38.2
Performing a Stateless Replication Failover
38.2.1
Task 1: Stop all Directory Replication Server on related Nodes
38.2.2
Task 2: Break Old Replication Agreement and Set up New Agreement
38.2.3
Task 3: Save Last Change Number
38.2.4
Task 4: Compare and Reconcile New Supplier and Consumer
38.2.5
Task 5: Update Last Applied Change Number of New Agreement
38.2.6
Task 6: Clean Up Old Agreement on Old Supplier
38.2.7
Task 7: Start All Directory Replication Server on related Nodes
38.3
Performing a Time-Based Replication Failover
38.3.1
Task 1: Configure Change Log Garbage Collection Object on New Supplier
38.3.2
Task 2: Save Last Change Number from New Supplier
38.3.3
Task 3: Enable Change Log Regeneration on New Supplier
38.3.4
Task 4: Wait for the Desired Time Period to Elapse
38.3.5
Task 5: Stop all Directory Replication Servers on Related Nodes
38.3.6
Task 6: Break Old Replication Agreement and Set Up New Agreement
38.3.7
Task 7: Update Last Applied Change Number of New Agreement
38.3.8
Task 8: Clean Up Old Agreement on Old Supplier
38.3.9
Task 9: Start All Directory Replication Servers on Related Nodes
39
Managing Replication Configuration Attributes
39.1
Introduction to Replication Configuration Attributes
39.1.1
The Replication Configuration Container
39.1.2
The Replica Subentry
39.1.3
The Replication Agreement Entry
39.1.3.1
Replication Agreement Entry Attributes
39.1.3.2
Oracle Database Advanced Replication-Based Replication Agreements
39.1.3.3
LDAP Replication Agreements
39.1.3.4
Two-Way LDAP Replication Agreements
39.1.4
The Replication Naming Context Container Entry
39.1.5
The Replication Naming Context Object Entry
39.1.6
The Replication Configuration Set
39.1.7
Examples of Replication Configuration Objects in the Directory
39.2
Configuring Replication Configuration Attributes by Using Fusion Middleware Control
39.2.1
Configuring Attributes on the Shared Properties, Replication Tab
39.2.2
Configuring Replication Wizard Parameters
39.3
Managing Replication Configuration Attributes From the Command Line
40
Managing and Monitoring Replication
40.1
Introduction to Managing and Monitoring Replication
40.1.1
Modifying What Is to Be Replicated in LDAP-Based Partial Replication
40.1.2
Managing Worker Threads
40.1.3
Change Logs in Directory Replication
40.1.4
The Human Intervention Queue
40.1.4.1
Managing the Queues
40.1.4.2
Queue Statistics
40.1.4.3
The Number of Entries the Human Intervention Queue Tools Can Process
40.1.5
Pilot Mode
40.1.6
Conflict Resolution in Oracle Replication
40.1.6.1
Levels at Which Replication Conflicts Occur
40.1.6.2
Automatic Conflict Resolution
40.1.6.3
How Automated Conflict Resolution Works
40.2
Managing and Monitoring Replication by Using ODSM and Fusion Middleware Control
40.2.1
Enabling or Disabling Change Log Generation by Using Fusion Middleware Control
40.2.2
Viewing the Local Change Logs by Using Oracle Directory Services Manager
40.2.3
Viewing and Modifying Replica Naming Context Objects
40.2.4
Viewing or Modifying a Replication Setup by Using the Replication Wizard
40.2.5
Deleting an LDAP-Based Replication Agreement by Using the Replication Wizard
40.2.6
Configure Replication Attributes by Using Fusion Middleware Control
40.2.7
Activating or Inactivating a Replication Server by Using Fusion Middleware Control
40.2.8
Configuring the Replication Debug Level by Using Fusion Middleware Control
40.2.9
Configuring Replica Details by Using Fusion Middleware Control
40.2.10
Viewing Queue Statistics by Using Fusion Middleware Control
40.2.11
Managing Changelog Processing by Using Fusion Middleware Control
40.2.12
Monitoring Conflict Resolution Messages by Using Fusion Middleware Control
40.3
Managing and Monitoring Replication by Using the Command Line
40.3.1
Enabling and Disabling Change Log Generation by Using the Command Line
40.3.2
Viewing Change Logs by Using ldapsearch
40.3.3
Configuring Attributes of the Replica Subentry by Using ldapmodify
40.3.4
Specifying Pilot Mode for a Replica by Using remtool
40.3.5
Configuring Replication Agreement Attributes by Using ldapmodify
40.3.6
Modifying Replica Naming Context Object Parameters by Using ldapmodify
40.3.7
Configuring Attributes of the Replication Configuration Set by Using ldapmodify
40.3.8
Monitoring Conflict Resolution Messages by Using the Command Line
40.3.9
Managing the Human Intervention Queue
40.3.10
Viewing Queue Statistics and Verifying Replication by Using remtool
40.3.11
Managing the Number of Entries the Human Intervention Queue Tools Can Process
40.3.12
Changing the Replication Administrator's Password for Advanced Replication
40.4
Comparing and Reconciling Inconsistent Data by Using oidcmprec
40.4.1
Conflict Scenarios
40.4.2
Operations Supported by oidcmprec
40.4.3
Output from oidcmprec
40.4.4
How oidcmprec Works
40.4.5
Setting the Source and Destination Directories
40.4.6
Selecting the DIT for the Operation
40.4.7
Selecting the Attributes for the Operation
40.4.8
Controlling Change Log Generation
40.4.9
Using a Text or XML Parameter File
40.4.10
Including Directory Schema
40.4.11
Overriding Predefined Conflict Resolution Rules
40.4.12
Using the User-Defined Compare and Reconcile Operation
40.4.13
Known Limitations of the oidcmprec Tool
Part VI Advanced Administration: Directory Plug-ins
41
Developing Plug-ins for the Oracle Internet Directory Server
41.1
Introduction to Developing Plug-ins for the Oracle Internet Directory Server
41.1.1
Supported Languages for Server Plug-ins
41.1.2
Server Plug-in Prerequisites
41.1.3
Server Plug-in Benefits
41.1.4
Guidelines for Designing Plug-ins
41.1.5
The Server Plug-in Framework
41.1.6
LDAP Operations and Timings Supported by the Directory
41.1.6.1
Pre-Operation Server Plug-ins
41.1.6.2
Post-Operation Server Plug-ins
41.1.6.3
When-Operation Server Plug-ins
41.1.6.4
When_Replace-Operation Server Plug-ins
41.1.7
Using Plug-ins in a Replication Environment
41.2
Creating a Plug-in
41.3
Registering a Plug-in From the Command Line
41.3.1
Creating a Plug-in Configuration Entry
41.3.2
Adding a Plug-in Configuration Entry by Using Command-Line Tools
41.4
Managing Plug-ins by Using Oracle Directory Services Manager
41.4.1
Creating a New Plug-in by Using Oracle Directory Services Manager
41.4.2
Registering a Plug-in by Using Oracle Directory Services Manager
41.4.3
Editing a Plug-in by Using Oracle Directory Services Manager
41.4.4
Deleting a Plug-in by Using Oracle Directory Services Manager
42
Configuring a Customized Password Policy Plug-In
42.1
Introduction to Configuring a Customized Password Policy Plug-in
42.2
Installing, Configuring, and Enabling a Customized Password Policy Plug-in
42.2.1
Loading and Registering the PL/SQL Program
42.2.2
Coding the Password Policy Plug-in
42.2.3
Debugging the Password Policy Plug-in
42.2.4
Contents of Sample PL/SQL Package pluginpkg.sql
43
Configuring a Customized External Authentication Plug-in
43.1
Introduction to Configuring a Customized External Authentication Plug-in
43.2
Installing, Configuring, and Enabling the External Authentication Plug-in
43.3
Debugging the External Authentication Plug-in
43.4
Creating the PL/SQL Package oidexaup.sql
Part VII Appendixes
A
Differences Between 10
g
and 11
g
A.1
Instance Creation and Process Management
A.2
Locations of Configuration Attributes
A.3
Default Ports
A.4
Enabling Server Debugging
A.5
Command Line Tools
A.6
Path Names
A.7
Graphical User Interfaces
A.8
Audit
A.9
Referential Integrity
A.10
Server Chaining
A.11
Replication
A.12
Oracle Directory Integration Platform
A.13
Oracle Single Sign-On and Oracle Delegated Administration Services
A.14
Java Containers
B
Managing Oracle Internet Directory Instances by Using OIDCTL
B.1
Introduction to Managing Oracle Internet Directory by Using OIDCTL
B.2
Creating and Starting an Oracle Internet Directory Server Instance by Using OIDCTL
B.3
Stopping an Oracle Internet Directory Server Instance by Using OIDCTL
B.4
Starting an Oracle Internet Directory Server Instance by Using OIDCTL
B.5
Viewing Status Information by Using OIDCTL
B.6
Deleting an Oracle Internet Directory Server Instance by Using OIDCTL
C
Setting Up Oracle Database Advanced Replication-Based Replication
C.1
Introduction to Setting up Oracle Database Advanced Replication-Based Replication
C.1.1
Database Version Compatibility
C.1.2
Advanced Replication Filtering for Partial Replication
C.1.2.1
Excluded Naming Contexts
C.1.2.2
Rules for Advanced Replication Filtering.
C.2
Setting Up Advanced Replication-Based Replication
C.2.1
Rules for Setting Up Advanced Replication
C.2.2
Setting Up an Advanced Replication-Based Multimaster Replication Group
C.2.2.1
Task 1: Install Oracle Internet Directory on the Master Definition Site (MDS)
C.2.2.2
Task 2: Install the Oracle Internet Directory on the Remote Master Sites (RMS)
C.2.2.3
Task 3: Set Up Advanced Replication for a Directory Replication Group
C.2.2.4
Task 4 (Optional): Load Data into the Directory
C.2.2.5
Task 5: Ensure that Oracle Directory Server Instances are Started on All the Nodes
C.2.2.6
Task 6: Start the Replication Servers on All Nodes in the DRG
C.2.2.7
Task 7: Test Directory Replication
C.2.3
Adding a Node for Advanced Replication-Based Multimaster Replication
C.2.3.1
Prepare the Oracle Net Services Environment
C.2.3.2
Task 1: Stop the Directory Replication Server on All Nodes
C.2.3.3
Task 2: Identify a Sponsor Node and Install Oracle Internet Directory
C.2.3.4
Task 3: Switch the Sponsor Node to Read-Only Mode
C.2.3.5
Task 4: Back up the Sponsor Node by Using ldifwrite
C.2.3.6
Task 5: Perform Advanced Replication Add Node Setup
C.2.3.7
Task 6: Switch the Sponsor Node to Updatable Mode
C.2.3.8
Task 7: Start the Directory Replication Server on All Nodes Except the New Node
C.2.3.9
Task 8: Load Data into the New Node by Using bulkload
C.2.3.10
Task 9: Start the Directory Server on the New Node
C.2.3.11
Task 10: Start the Directory Replication Server on the New Node
C.2.4
Deleting a Node from a Multimaster Replication Group
C.2.4.1
Task 1: Stop the Directory Replication Server on All Nodes
C.2.4.2
Task 2: Stop All Oracle Internet Directory Processes in the Node to be Deleted
C.2.4.3
Task 3: Delete the Node from the Master Definition Site
C.2.4.4
Task 4: Start the Directory Replication Server on All Nodes
D
How Replication Works
D.1
Features of Oracle Database Advanced Replication-Based Replication
D.2
Architecture for Oracle Database Advanced Replication-Based Replication
D.3
Architecture of LDAP-Based Replication
D.4
LDAP Replica States
D.5
The Replication Process
D.5.1
How the Multimaster Replication Process Adds a New Entry to a Consumer
D.5.2
How the Multimaster Replication Process Deletes an Entry
D.5.3
How the Multimaster Replication Process Modifies an Entry
D.5.4
How the Multimaster Replication Process Modifies a Relative Distinguished Name
D.5.5
How the Multimaster Replication Process Modifies a Distinguished Name
E
Java Server Plug-in Developer's Reference
E.1
Advantages of Java Plug-ins
E.2
Setting Up a Java Plug-in
E.3
Java Plug-in API
E.3.1
Communication Between the Server and Plug-in
E.3.2
Java Plug-in Structure
E.3.3
PluginDetail
E.3.3.1
Server
E.3.3.2
LdapBaseEntry
E.3.3.3
LdapOperation
E.3.3.4
PluginFlexfield
E.3.4
PluginResult
E.3.5
ServerPlugin Interface
E.3.5.1
ServerPlugin Methods for Ldapbind
E.3.5.2
ServerPlugin Methods for Ldapcompare
E.3.5.3
ServerPlugin Methods for Ldapadd
E.3.5.4
ServerPlugin Methods for Ldapmodify
E.3.5.5
ServerPlugin Methods for Ldapmoddn
E.3.5.6
ServerPlugin Methods for Ldapsearch
E.3.5.7
ServerPlugin Methods for Ldapdelete
E.4
Java Plug-in Error and Exception Handling
E.4.1
Run-time Exception Example
E.4.2
Run-time Error Example
E.4.3
PluginException Example
E.5
Java Plug-in Debugging and Logging
E.6
Java Plug-in Examples
E.6.1
Example 1: Password Validation Plug-in
E.6.1.1
Password Validation Plug-in Configuration Entry
E.6.1.2
Password Validation Plug-in Code Example
E.6.2
Example 2: External Authentication Plug-in for Active Directory
E.6.2.1
External Authentication Plug-in Configuration Entry
E.6.2.2
External Authentication Plug-in Code
F
PL/SQL Server Plug-in Developer's Reference
F.1
Designing, Creating, and Using PL/SQL Server Plug-ins
F.1.1
PL/SQLPlug-in Caveats
F.1.1.1
Types of PL/SQL Plug-in Operations
F.1.1.2
Naming PL/SQL Plug-ins
F.1.2
Creating PL/SQLPlug-ins
F.1.2.1
Package Specifications for Plug-in Module Interfaces
F.1.3
Compiling PL/SQLPlug-ins
F.1.3.1
Dependencies
F.1.3.2
Recompiling Plug-ins
F.1.4
Managing PL/SQL Plug-ins
F.1.4.1
Modifying Plug-ins
F.1.4.2
Debugging Plug-ins
F.1.5
Enabling and Disabling PL/SQL Plug-ins
F.1.6
Exception Handling in a PL/SQL Plug-in
F.1.6.1
Error Handling
F.1.6.2
Program Control Handling between Oracle Internet Directory and Plug-ins
F.1.7
PL/SQL Plug-in LDAP API
F.1.8
PL/SQL Plug-in and Database Tools
F.1.9
PL/SQL Plug-in Security
F.1.10
PL/SQL Plug-in Debugging
F.1.11
PL/SQL Plug-in LDAP API Specifications
F.1.12
Database Limitations
F.2
Examples of PL/SQL Plug-ins
F.2.1
Example 1: Search Query Logging
F.2.2
Example 2: Synchronizing Two DITs
F.3
Binary Support in the PL/SQLPlug-in Framework
F.3.1
Binary Operations with ldapmodify
F.3.2
Binary Operations with ldapadd
F.3.3
Binary Operations with ldapcompare
F.4
Database Object Types Defined
F.5
Specifications for PL/SQL Plug-in Procedures
G
The LDAP Filter Definition
H
The Access Control Directive Format
H.1
Schema for orclACI
H.2
Schema for orclEntryLevelACI
I
Globalization Support in the Directory
I.1
About Character Sets and the Directory
I.1.1
About Unicode
I.1.2
About Oracle and UTF-8
I.1.3
Migration from UTF8 to AL32UTF8 when Upgrading Oracle Internet Directory
I.2
The NLS_LANG Environment Variable
I.3
Using Non-AL32UTF8 Databases
I.4
Using Globalization Support with LDIF Files
I.4.1
An LDIF file Containing Only ASCII Strings
I.4.2
An LDIF file Containing UTF-8 Encoded Strings
I.4.2.1
CASE 1: Native Strings (Non-UTF-8)
I.4.2.2
CASE 2: UTF-8 Strings
I.4.2.3
CASE 3: BASE64 Encoded UTF-8 Strings
I.4.2.4
CASE 4: BASE64 Encoded Native Strings
I.5
Using Globalization Support with Command-Line LDAP Tools
I.5.1
Specifying the -E Argument When Using Each Tool
I.5.2
Examples: Using the -E Argument with Command-Line LDAP Tools
I.6
Setting NLS_LANG in the Client Environment
I.7
Using Globalization Support with Bulk Tools
I.7.1
Using Globalization Support with bulkload
I.7.2
Using Globalization Support with ldifwrite
I.7.3
Using Globalization Support with bulkdelete
I.7.4
Using Globalization Support with bulkmodify
I.8
Oracle Directory Services Manager Requires ASCII Superuser Name
J
Setting up Access Controls for Creation and Search Bases for Users and Groups
J.1
Setting up Access Controls for the User Search Base and the User Creation Base
J.2
Setting up Access Controls for the Group Search Base and the Group Creation Base
K
Searching the Directory for User Certificates
K.1
Certificate Mapping
K.2
Search Types
L
Adding a Directory Node by Using the Database Copy Procedure
L.1
Definitions
L.2
Prerequisites
L.3
Sponsor Directory Site Environment
L.4
New Directory Site Environment
L.5
Addition of a Directory Node
M
Oracle Authentication Services for Operating Systems
N
RFCs Supported by Oracle Internet Directory
O
Oracle Directory Services Manager Keystore Management
O.1
ODSM's Key Store
O.2
Retrieving ODSM's Java Key Store Password
O.3
Listing the Contents of odsm.cer Java Key Store
O.4
Deleting the Trusted Certificate
O.5
Expired Certificates Management
P
Starting and Stopping the Oracle Stack
P.1
Starting the Stack
P.2
Stopping the Stack
Q
Troubleshooting Oracle Internet Directory
Q.1
Problems and Solutions
Q.1.1
Installation Errors
Q.1.2
Oracle Database Server Errors
Q.1.2.1
Oracle Database Server Connection is Down
Q.1.2.2
Oracle Database Server Error Due to Interrupted Client Connection
Q.1.2.3
Oracle Database Server Error Due to Schema Modifications
Q.1.3
Directory Server Error Messages and Causes
Q.1.3.1
Inappropriate Authentication Error
Q.1.3.2
Constraint Violation Error Due to Editing a User or Group or Creating a Realm
Q.1.3.3
Standard Error Messages Returned from Oracle Directory Server
Q.1.3.4
Additional Directory Server Error Messages
Q.1.4
Getting a Core Dump and Stack Trace When Oracle Internet Directory Crashes
Q.1.5
TCP/IP Problems
Q.1.5.1
Do Not Use TCP-Based Monitoring of Server Availability on Windows 2003 Server
Q.1.5.2
Do Not Install DaimondCS Port Explorer
Q.1.6
Troubleshooting Password Policies
Q.1.6.1
Password Policy is Not Enforced
Q.1.6.2
Password Policy Error Messages
Q.1.7
Troubleshooting Directory Performance
Q.1.7.1
Poor LDAP Search Performance
Q.1.7.2
Poor LDAP Add or Modify Performance
Q.1.7.3
Poor Oracle Database Server Performance
Q.1.8
Troubleshooting Port Configuration
Q.1.9
Troubleshooting Creating Oracle Internet Directory Component with opmnctl
Q.1.10
Troubleshooting Starting Oracle Internet Directory
Q.1.10.1
Oracle Internet Directory is Down
Q.1.10.2
Oracle Internet Directory is Read-Only
Q.1.11
Troubleshooting Starting, Stopping, and Restarting of the Directory Server
Q.1.11.1
About the Tools for Starting, Stopping, and Restarting the Directory Server Instance
Q.1.11.2
Problems Starting, Stopping, and Restarting the Directory Server
Q.1.12
Troubleshooting Oracle Internet Directory Replication
Q.1.12.1
Replication Server Does Not Start
Q.1.12.2
Repository Creation Assistant Error
Q.1.12.3
Errors in Replication Bootstrap
Q.1.12.4
Changes Are Not Replicated
Q.1.12.5
Replication Stops Working
Q.1.13
Troubleshooting Change Log Garbage Collection
Q.1.13.1
Change Logs Are Not Purged
Q.1.14
Troubleshooting Dynamic Password Verifiers
Q.1.15
Troubleshooting Oracle Internet Directory Password Wallets
Q.1.15.1
Oracle Internet Directory Server Does Not Start
Q.1.15.2
Password Not Synchronized
Q.1.16
Troubleshooting bulkload
Q.1.17
Troubleshooting bulkdelete, bulkmodify, and ldifwrite
Q.1.18
Troubleshooting catalog
Q.1.19
Troubleshooting remtool
Q.1.20
Troubleshooting Server Chaining
Q.1.21
Viewing Version Information
Q.1.22
Troubleshooting Fusion Middleware Control and WLST
Q.1.23
Troubleshooting Oracle Directory Services Manager
Q.1.23.1
Cannot Invoke ODSM from Fusion Middleware Control
Q.1.23.2
Cannot Invoke ODSM from Fusion Middleware Control in Multiple NIC and DHCP Enabled Environment
Q.1.23.3
Various Failover Issues
Q.1.23.4
ODSM Displays an Error Message
Q.1.23.5
Cursor Loses Focus
Q.2
Need More Help?
Index
Scripting on this page enhances content navigation, but does not change the content in any way.