Skip Headers

Oracle® Internet Directory Administrator's Guide
10g (9.0.4)
Part Number B12118-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to beginning of chapter Go to next page

Oracle Internet Directory Schema Elements, 4 of 7

Proprietary Schema Elements of Oracle Internet Directory

Oracle Internet Directory's proprietary schema includes attributes and object classes in these categories:

In addition, Oracle Internet Directory installation includes schema elements that enable specific Oracle products to use Oracle Internet Directory. For information about these schema elements, see the documentation for the specific Oracle product.

Access Control Schema Elements

Table B-2  Access Control Schema Elements
Object Class Attributes

orclPrivilegeGroup

orclEntryLevelACI, orclACI

Audit Log Schema Elements

Table B-3  Audit Log Schema Elements
Object Class Attributes

OrclAuditOC

orclServerEvent, orcleventtype, orclauditattribute, orclauditmessage, orcleventtime, orcluserdn, orclSequence, orclAuditLevel, orclOpResult

Attribute Uniqueness Schema Elements

Table B-4  Attribute Uniqueness Constraint Entry
Attribute Name Mandatory? Valid Value Default Value Default Effect

orcluniqueattrname

Yes

Any string

N/A

N/A

orcluniquescope

No

One of the following:

  • base--Searches the root entry only

  • onelevel--Searches one level only

  • sub--Searches the entire directory

sub

Searches the entire directory

orcluniqueenable

No

Either 0 (disable) or 1 (enable)

0

Disables attribute uniqueness

orcluniquesubtree

No

Any string

" "

Searches the entire directory

orcluniqueobjectclass

No

Any string

" "

Searches all object classes

See Also:

"Enabling and Disabling Attribute Uniqueness by Using Command-Line Tools"

Configuration Set Entry Schema Elements

The following table lists and describes the entire set of configuration set entry attributes that are used to configure an instance of a directory server.

Table B-5  Configuration Set Entry Attributes
Attribute Description

orcldebugflag

Debug level associated with this instance of the server. The default for configset0 is 0. The range is 0 to 67108863.

orclmaxcc

Maximum number of concurrent database connections. The default for configset0 is 10. You cannot use a negative value for this attribute.

orclserverprocs

Number of server processes to start. The default for configset0 is 1. You cannot use a negative value for this attribute.

orclsslport

SSL mode default port (default 636). When you run the directory in the secure mode, it listens at default port 636 and accepts only SSL-based TCP/IP connections. (When you run the directory in the normal mode, it listens at default port 389, accepting normal TCP/IP connections.) You might want to change this port when you add multiple LDAP server instances.

orclnonsslport

Non-SSL mode default port (default 389).

orclsslenable

Flag for enabling or disabling SSL. You would want to use this flag when you use different instances of the same server for either SSL or non-SSL. You may use one of the following values:

  • 0--for non-secure operation only

  • 1--for SSL authentication only

  • 2-- for both non-secure operation and SSL authentication

The default is 0.

orclsslauthentication

Flag, with values of 1, 32, or 64, for specifying the type of authentication you elect to use for each instance of the Oracle directory server. The default value, 1, specifies no authentication. You can run different values concurrently for different instances. Values of one-way and two-way authentication require wallets. You may use one of the following three values:

  • 1 = Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. If you selected the SSL Enabled check box on the Credentials tab, and choose this option, then only SSL encryption/decryption will be used.

  • 32 = One-way authentication. Only the directory server authenticates itself to the client by sending its certificate to the client.

  • 64 = Two-way authentication. Both client and server send certificates to each other.

orclsslwalleturl

Sets the location of the Oracle wallet. You initially set this value when you create the wallet. If you elect to change the location of the Oracle wallet, you must change this parameter. You must set the wallet location on both the client and the server. For example, on UNIX, you could set this parameter as follows: 

file:/home/my_dir/my_wallet

On Windows NT, you could set this parameter as follows: 

file:C:\my_dir\my_wallet

orclsslversion

SSL version. The default is 3.

Debug Logging Schema Elements

Table B-6  Debug Logging Schema Elements
Attribute Description

orcldebugforceflush

Specifies whether debug messages are to be written to the log file when a message is logged by the directory server. To enable it, set its value to 1. To disable it set it to 0, which is its default value.

See Also: "Force Flushing the Trace Information to a Log File"

orcldebugop

To make logging more focused, limits logged information to particular directory server operations by specifying the debug dimension to those operations.

See Also: "Setting the Operation Debug Dimension"

Dynamic Groups Schema Elements

Table B-7 lists and describes the attributes of the orclDynamicGroup object class

.
Table B-7  orclDynamicGroup Attributes for "Connect By" Assertions
Attribute Description

orclConnectByAttribute

The attribute that you want to use as the filter for the query--for example, manager

orclConnectByStartingValue

The DN of the attribute you specified in the orclConnectByAttribute attribute--for example, Anne Smith

See Also:

"Dynamic Groups" for information about dynamic groups and "connect by" assertions

Garbage Collection Schema Elements

Table B-8  Garbage Collection Configuration Parameters
Attribute Description Mandatory? Default Value

orclPurgeBase

The base DN of DIT where the garbage collection task is applied

Yes

RDN of garbage collector configuration entry DN

orclpurgestart

Time in seconds when the garbage collector starts to run. If the garbage collector is enabled, and the value for this attribute is 0, then the garbage collector is enabled immediately.

The format is yyyymmddhhmmss.

No

NULL

orclpurgetargetage

Age of the target objects in hours. All objects older than the age specified by this attribute are purged.

No

12 (or 10 days old if the attribute value not specified)

orclPurgeInterval

Time interval in hours that the garbage collection job is executed again. This can be measured from either the point in time specified in the orclpurgestart attribute or from the last time it was run

No

24

orclpurgetransize

Number of objects to be purged in one commit transaction.

No

1000

orclpurgerun

Indicator that the submitted job is to be executed immediately whenever this attribute is added or modified

No

N/A

orclPurgeEnable

Flag to enable or disable garbage collectors

No

1

orclPurgeDebug

Flag to enable or disable collection of debugging messages

No

0

orclpurgefilename

Name of file that stores garbage collection logging messages

No

oidgc001

orclpurgefileloc

Absolute file directory where the log file is saved

No

. (period)

Schema Elements for Predefined Garbage Collectors

Oracle Internet Directory provides several predefined garbage collectors that, together, clean up all unwanted data in the directory server. These predefined garbage collectors are:

Audit Log Garbage Collector

Audit log garbage collector cleans up unwanted entries created for auditing the directory server.

Table B-9  Attributes for the Audit Log Garbage Collector
Attribute Description Default Value

orclPurgeBase

The base DN of the naming context to which the garbage collection task is to be applied.

cn=auditlog

orclpurgestart

Time in seconds when the garbage collector starts to run. If the garbage collector is enabled, and the value for this attribute is 0, then the garbage collector is enabled immediately.

The format is yyyymmddhhmmss.

NULL (12:00 a.m. of the day Oracle Internet Directory is installed)

orclpurgetargetage

The age of the target objects in hours. All the objects older than the age specified by this attribute are purged.

12 hours

orclPurgeInterval

Time interval in hours that the garbage collection job is executed again. This can be measured from either the point in time specified in the orclpurgestart attribute or from the last time it was run

NULL (24 hours)

orclpurgetransize

The number of objects to be purged in one commit transaction.

1000

orclpurgerun

Every time this attribute is added or modified, then the submitted job is executed immediately.

N/A

orclPurgeEnable

Flag to enable/disable garbage collectors

1

orclPurgeDebug

Flag to enable/disable debugging messages collecting

0

orclpurgefilename

File name that saves garbage collection logging messages

oidgc001.log

orclpurgefileloc

Absolute file directory where the log file is saved.

. (period)
Change Log Garbage Collector

Change log garbage collector cleans up the consumed change log entries in the directory.

Table B-10  Attributes of the Change Log Garbage Collector
Attribute Description Default Value

orclPurgeBase

The base DN of the naming context to which the garbage collection task is to be applied.

cn=changelog

orclpurgestart

Time in seconds when the garbage collector starts to run. If the garbage collector is enabled, and the value for this attribute is 0, then the garbage collector is enabled immediately.

The format is yyyymmddhhmmss.

NULL (12:00 a.m. of the day Oracle Internet Directory is installed)

orclpurgetargetage

The age of the target objects in hours. All the objects older than the age specified by this attribute are purged.

12 hours

orclPurgeInterval

Time interval in hours that the garbage collection job is executed again. This can be measured from either the point in time specified in the orclpurgestart attribute or from the last time it was run

NULL (24 hours)

orclpurgetransize

The number of objects to be purged in one commit transaction.

1000

orclpurgerun

Every time this attribute is added or modified, then the submitted job is executed immediately.

N/A

orclPurgeEnable

Flag to enable/disable garbage collectors

1

orclPurgeDebug

Flag to enable/disable debugging messages collecting

0

orclpurgefilename

File name that saves garbage collection logging messages

oidgc001.log

orclpurgefileloc

Absolute file directory where the log file is saved.

. (period)
General Statistics Garbage Collector

The General Statistics garbage collector cleans up unwanted general statistical entries created for the directory server.

Table B-11  Attributes of the General Statistics Garbage Collector
Attribute Description Default Value

orclPurgeBase

The base DN of the naming context to which the garbage collection task is to be applied.

cn=
orclgeneralstats,cn=orclsm

orclpurgestart

Time in seconds when the garbage collector starts to run. If the garbage collector is enabled, and the value for this attribute is 0, then the garbage collector is enabled immediately.

The format is yyyymmddhhmmss.

NULL (12:00 a.m. of the day Oracle Internet Directory is installed)

orclpurgetargetage

The age of the target objects in hours. All the objects older than the age specified by this attribute are purged.

12 hours

orclPurgeInterval

Time interval in hours that the garbage collection job is executed again. This can be measured from either the point in time specified in the orclpurgestart attribute or from the last time it was run

NULL (24 hours)

orclpurgetransize

The number of objects to be purged in one commit transaction.

1000

orclpurgerun

Every time this attribute is added or modified, then the submitted job is executed immediately.

N/A

orclPurgeEnable

Flag to enable/disable garbage collectors

1

orclPurgeDebug

Flag to enable/disable debugging messages collecting

0

orclpurgefilename

File name that saves garbage collection logging messages

oidgc001.log

orclpurgefileloc

Absolute file directory where the log file is saved.

. (period)
Health Statistics Garbage Collector

The Health Statistics garbage collector cleans up unwanted health statistics entries created for the directory server.

Table B-12  Attributes of the Health Statistics Garbage Collector
Attribute Description Default Value

orclPurgeBase

The base DN of the naming context to which the garbage collection task is to be applied.

cn=orclhealthstats,
cn=orclsm

orclpurgestart

Time in seconds when the garbage collector starts to run. If the garbage collector is enabled, and the value for this attribute is 0, then the garbage collector is enabled immediately.

The format is yyyymmddhhmmss.

NULL (12:00 a.m. of the day Oracle Internet Directory is installed)

orclpurgetargetage

The age of the target objects in hours. All the objects older than the age specified by this attribute are purged.

12 hours

orclPurgeInterval

Time interval in hours that the garbage collection job is executed again. This can be measured from either the point in time specified in the orclpurgestart attribute or from the last time it was run.

NULL (24 hours)

orclpurgetransize

The number of objects to be purged in one commit transaction.

1000

orclpurgerun

Every time this attribute is added or modified, then the submitted job is executed immediately.

N/A

orclPurgeEnable

Flag to enable/disable garbage collectors

1

orclPurgeDebug

Flag to enable/disable debugging messages collecting

0

orclpurgefilename

File name that saves garbage collection logging messages

oidgc001.log

orclpurgefileloc

Absolute file directory where the log file is saved.

. (period)
Security and Refresh Events Garbage Collector

The Security and Refresh Events garbage collector cleans up the unwanted entries created for monitoring the security and refresh events of the directory server.

Table B-13  Attributes of the Security and Refresh Events Garbage Collector
Attribute Description Default Value

orclPurgeBase

The base DN of the naming context to which the garbage collection task is to be applied.

cn=
orclsecrefreshevents,cn=orclsm

orclpurgestart

Time in seconds when the garbage collector starts to run. If the garbage collector is enabled, and the value for this attribute is 0, then the garbage collector is enabled immediately.

The format is yyyymmddhhmmss.

NULL (12:00 a.m. of the day Oracle Internet Directory is installed)

orclpurgetargetage

The age of the target objects in hours. All the objects older than the age specified by this attribute are purged.

12 hours

orclPurgeInterval

Time interval in hours that the garbage collection job is executed again. This can be measured from either the point in time specified in the orclpurgestart attribute or from the last time it was run.

NULL (24 hours)

orclpurgetransize

The number of objects to be purged in one commit transaction.

1000

orclpurgerun

Every time this attribute is added or modified, then the submitted job is executed immediately.

N/A

orclPurgeEnable

Flag to enable/disable garbage collectors

1

orclPurgeDebug

Flag to enable/disable debugging messages collecting

0

orclpurgefilename

File name that saves garbage collection logging messages

oidgc001.log

orclpurgefileloc

Absolute file directory where the log file is saved.

. (period)
System Resource Events Garbage Collector

The System Resource Events garbage collector cleans up unwanted entries created for monitoring system resources events of the directory server.

Table B-14  Attributes of the System Resource Events Garbage Collector
Attribute Description Default Value

orclPurgeBase

The base DN of the naming context to which the garbage collection task is to be applied.

cn=orclsysresourceevents, cn=orclsm

orclpurgestart

Time in seconds when the garbage collector starts to run. If the garbage collector is enabled, and the value for this attribute is 0, then the garbage collector is enabled immediately.

The format is yyyymmddhhmmss.

NULL (12:00 a.m. of the day Oracle Internet Directory is installed)

orclpurgetargetage

The age of the target objects in hours. All the objects older than the age specified by this attribute are purged.

12 hours

orclPurgeInterval

Time interval in hours that the garbage collection job is executed again. This can be measured from either the point in time specified in the orclpurgestart attribute or from the last time it was run.

NULL (24 hours)

orclpurgetransize

The number of objects to be purged in one commit transaction.

1000

orclpurgerun

Every time this attribute is added or modified, then the submitted job is executed immediately.

N/A

orclPurgeEnable

Flag to enable/disable garbage collectors

1

orclPurgeDebug

Flag to enable/disable debugging messages collecting

0

orclpurgefilename

File name that saves garbage collection logging messages

oidgc001.log

orclpurgefileloc

Absolute file directory where the log file is saved.

. (period)
Tombstone Garbage Collector

The Tombstone garbage collector cleans up unwanted entries marked as deleted.

Table B-15  Attributes of the Tombstone Garbage Collector
Attribute Description Default Value

orclPurgeBase

The base DN of the naming context to which the garbage collection task is to be applied.

cn=tombstone

orclpurgestart

Time in seconds when the garbage collector starts to run. If the garbage collector is enabled, and the value for this attribute is 0, then the garbage collector is enabled immediately.

The format is yyyymmddhhmmss.

NULL (12:00 a.m. of the day Oracle Internet Directory is installed)

orclpurgetargetage

The age of the target objects in hours. All the objects older than the age specified by this attribute are purged.

12 hours

orclPurgeInterval

Time interval in hours that the garbage collection job is executed again. This can be measured from either the point in time specified in the orclpurgestart attribute or from the last time it was run.

NULL (24 hours)

orclpurgetransize

The number of objects to be purged in one commit transaction.

1000

orclpurgerun

Every time this attribute is added or modified, then the submitted job is executed immediately.

N/A

orclPurgeEnable

Flag to enable/disable garbage collectors

1

orclPurgeDebug

Flag to enable/disable debugging messages collecting

0

orclpurgefilename

File name that saves garbage collection logging messages

oidgc001.log

orclpurgefileloc

Absolute file directory where the log file is saved.

. (period)

Oracle Internet Directory Plug-In for Garbage Collection

The garbage collection framework relies on the Oracle Internet Directory plug-in framework to trigger the garbage collection engine. This section tells you the attribute value pairs that the garbage collection plug-in uses for various operations.

Attributes for Creating a Garbage Collector

To create a garbage collector, the garbage collection plug-in uses the attribute value pairs listed in Table B-16.

Table B-16  Attribute Value Pairs for Creating a Garbage Collector
Attribute Value

orclpluginname

PurgeAdmin

orclplugintype

operational

orclplugintiming

post

orclpluginldapoperation

ldapadd

orclpluginsubscriberdnlist

cn=purgeconfig,cn=subconfigsubentry
Attributes for Modifying a Garbage Collector

To modify a garbage collector, the garbage collection plug-in uses the attribute value pairs listed in Table B-17.

Table B-17  Attribute Value Pairs for Modifying a Garbage Collector
Attribute Value

orclpluginname

PurgeAdmin

orclplugintype

operational

orclplugintiming

post

orclpluginldapoperation

ldapmodify

orclpluginsubscriberdnlist

cn=purgeconfig,cn=subconfigsubentry
Attributes for Deleting a Garbage Collector

To delete a garbage collector, the garbage collection plug-in uses the attribute value pairs listed in Table B-18.

Table B-18  Attribute Value Pairs for Deleting a Garbage Collector
Attribute Value

orclpluginname

PurgeAdmin

orclplugintype

operational

orclplugintiming

post

orclpluginldapoperation

ldapdelete

orclpluginsubscriberdnlist

cn=purgeconfig,cn=subconfigsubentry

Optional Attributes of the orclUserV2 Object Class

The following are optional attributes from the orclUserV2 object class:

Table B-19  Attributes in the orclUserV2 Object Class
Attribute Description

OrclPassword

Identifies an Oracle-specific password for custom authentication schemes like O3Logon for the database server

OrclHireDate

Specifies the date on which an employee starts working for a company

OrclDefaultProfileGroup

Holds the name (DN) of the group to designate a default group for a user such that a default profile can be built for the user based on this attribute value.

OrclPasswordHint

Specifies the question set by a user for administering password on behalf of a user

OrclPasswordHintAnswer

Specifies the answer set for orclPasswordHint

OrclTimeZone

Indicates the geographical time zone of a user based on his office location.Valid values are the three letter time zone values--for example, EST, PST, GMT

OrclIsVisisble

Specifies whether the user entry should be displayed in people search applications

OrclDisplayPersonalInfo

Specifies if the user personal information should be displayed in white pages queries

OrclWorkflowNotificationPref

Specifies the preferred notification mechanism for Oracle Workflow.

OrclMaidenName

Specifies the maiden name of an individual

OrclDateOfBirth

Specifies the date on which an individual was born

orclActiveStartDate

Specifies the date on which the user can successfully begin to authenticate to the Oracle Application Server Single Sign-On server. Values are represented in Universal Time format.

orclActiveEnddate

Specifies the date after which the user can no longer authenticate to the Oracle Application Server Single Sign-On server. Values are represented in Universal Time format.

Oracle Directory Integration and Provisioning Platform Schema Elements

Table B-20  Attributes in Integration Profiles for Third-Party Directories
Attribute Description

General Information

-

Profile Name (orclodipAgentName)

Name of the profile for the particular third-party directory you are integrating with. This attribute is mandatory.

Synchronization Mode
(orclodipSynchronizationMode)

Direction of synchronization between Oracle Internet Directory and the connected directory.

    IMPORT indicates importing changes from the third-party directory to Oracle Internet Directory.

    EXPORT indicates exporting changes from Oracle Internet Directory to the third-party directory.

ProfileStatus (orclOdipAgentControl)

Indicator whether the profile is enabled or disabled. The default is DISABLE. You must set this value to ENABLE.

Profile Password (orclodipProfilePassword)

The password used by the profile to bind to Oracle Internet Directory. In case of import, the changes are made with the profile name as the identity. The default value is welcome.

Note: For security reasons, change this password.

Scheduling Interval
(orclODIPSchedulingInterval)

Time interval in seconds after which a connected directory is synchronized with Oracle Internet Directory. The default is 600.

This attribute can be modified.

Maximum Number of Retries
(orclodipSyncRetryCount)

Maximum number of times Oracle directory integration and provisioning server tries to run the third-party directory connector in the event of a failure. The default is 5.

Profile Version

Version of the Oracle Directory Integration and Provisioning platform with which this profile was created.The default value is 1.0. This value cannot be modified.

Debug Level

(orclodipdebuglevel)

Identifier indicating the level of debugging required for any profile.

Set this attribute to 63 for the maximum debug level.

See Also: "Setting Debug Logging Levels"

Execution Information

-

Agent Execution Command (orclodipAgentExeCommand)

Connector executable name and argument list used by the directory integration and provisioning server. It can be passed as a command-line argument when the connector is invoked.

See Also: Chapter 39, "Synchronization with Oracle Human Resources" for typical usage of passing it in the command-line

Connected Directory Account (orclodipConDirAccessAccount)

Valid user account in the connected directory to be used by the connector for synchronization. The value is specific to the connected directory with which you are integrating. For instance, for the SunONE synchronization connector, it is the valid bind DN in the SunONE Directory Server. For the Human Resources Connector, it is a valid user identifier in the Oracle Human Resources database. For other connectors, it can be passed as a command-line argument when the connector is invoked.

See Also: Chapter 39, "Synchronization with Oracle Human Resources" for typical usage of passing it in the command-line

Connected Directory Account Password (orclodipConDirAccessPassword)

Password to be used by the user specified in the orclOdipConDirAccessAccount attribute to connect to the connected directory. The value is specific to the third-party directory with which you are integrating. For instance, for the SunONE synchronization connector, it is the valid bind password in the SunONE Directory Server. For the Human Resources Agent, it is the Oracle Human Resources database password.

Additional Config Info (orclodipAgentConfigInfo)

Any configuration information that you want the connector to store in Oracle Internet Directory. It is passed by the directory integration and provisioning server to the connector at time of connector invocation. The information is stored as an attribute and the directory integration and provisioning server does not have any knowledge of its content. When the connector is scheduled for execution, the value of the attribute is stored in the file,
$ORACLE_HOME/
ldap/odi/conf/profile_name.cfg that can be processed by the connector.

Upload the file by using either the Directory Integration and Provisioning Assistant or the ldapuploadagentfile.sh tool. Do this for both import and export agents.

See Also:

Connected Directory URL
(orclOdipConDirURL)

Connect details required to connect to the connected directory. This parameter refers to the host name and port number as host:port:sslmode.

To connect by using SSL, enter host:port:1.

Make sure the certificate to connect to the directory is stored in the wallet, the location of which is specified in the file odi.properties.

Note: To connect to SunONE Directory Server by using SSL, the server certificate needs to be loaded into the wallet.

See Also: The chapter on Oracle Wallet Manager in Oracle Advanced Security Administrator's Guide

Interface Type (orclodipInterfaceType)

The data format or protocol used in synchronization. Supported values are:

  • LDIF--Import or export from a LDIF File

  • Tagged--Import or export from a tagged file--a proprietary format supported by the Oracle directory integration and provisioning server, similar to LDIF format

  • LDAP--Import from or export to an LDAP-compliant directory

  • DB --Import from or export to an Oracle9i Database Server directory

Mapping Information

-

Mapping Rules
(orclodipAttributeMappingRules)

Attribute for storing the mapping rules. Store the mapping rules in a file by using the Directory Integration and Provisioning Assistant or the ldapuploadagentfile.sh tool.

See Also:

Connected Directory Matching Filter
(orclodipConDirMatchingFilter)

This attribute specifies the filter to apply to the third-party directory change log. It is used in the import profile. The filter must be set in the import profile when both the import and export integration profiles are enabled, as follows:

Modifiersname != connected_directory_account

This prevents the same change from being exchanged between the two directories indefinitely.

To avoid confusion, make this account specific to synchronization.

OID Matching Filter (orclOdipOIDMatchingFilter)

In export profiles, this attribute specifies the filter to apply to the Oracle Internet Directory change log container. It is used in the export profile. It must be set in the export profile when both the import and export integration profiles are enabled, as in the following example:

Modifiersname != orclodipagentname=iPlanetImport,
cn=subscriber profile,cn=
changelog subscriber,cn=oracle internet directory

This prevents the same change from being exchanged between the two directories indefinitely.

In import profiles, this attribute specifies a key for mapping entries between Oracle Internet Directory and the connected directory. This is useful when the DN cannot be used as the key.

Status Information

-

OID Last Applied Change Number (orclLastAppliedChangeNumber)

For export operations, the last change from Oracle Internet Directory that was applied to the connected directory. The default value is 0. Set this to the value of the lastchangenumber attribute of Oracle Internet Directory. If you have used the Directory Integration and Provisioning Assistant for bootstrapping using LDAP, then this is set automatically at the end of the bootstrapping process.

This is valid only in the export profile.

Last Execution Time (orclodipLastExecutionTime)

Status attribute set to the last time the integration profile was executed successfully by the Oracle directory integration and provisioning server. Its format is dd-mon-yyyy hh:mm:ss, where hh is the time of day in 24-hour format. This attribute is initialized during profile creation.

Last Successful Execution Time (orclodipLastSuccessfulExecution
Time)

Status attribute set to the last time the integration profile was executed successfully by the Oracle directory integration and provisioning server. The format is dd-mon-yyyy hh:mm:ss, where hh is the hour in 24-hour format.

Synchronization Status

Synchronization status of the last execution: Success or failure.
(orclodipSynchronizationStatus) Initially, this attribute has the value Yet to be executed. It is a read-only attribute

Synchronization Errors
(orclodipSynchronizationErrors)

Messages explaining errors if the last execution failed. This parameter is updated by Oracle directory integration and provisioning server. It is a read-only attribute.

Last Applied Change Number
(orclodipConDirLastAppliedChgNum)

For import operations, the last change from the connected directory that was applied to Oracle Internet Directory. The default value is 0. Set this to the value of the lastchangenumber attribute of Oracle Internet Directory. If you have used the Directory Integration and Provisioning Assistant for bootstrapping using LDAP, then this is set automatically at then end of the bootstrapping process.

This is valid only in the import profile.

See Also:

"Updating the Default Parameters" for instructions specific to integration with SunONE Directory Server

Oracle Internet Directory Configuration Schema Elements

Table B-21  Oracle Internet Directory Configuration Parameters
Object Classes Attributes

subconfig, orclConfigSet, orclLDAPSubConfig, orclREPLSubConfig, orclcontainerOC, subregistry, orclLDAPInstance, orclREPLInstance, orclIndexOC, orcleventLog, orclEvents

orcldebugflag, orclMaxCC, orclDBType, orclSuffix, orclDITRoot, orclSuName, orclSuPassword, orclSizeLimit, orclTimeLimit, orclGuName, orclGuPassword, orclServerProcs, orclconfigsetnumber, orclhostname, orclIndexedAttribute, orclCatalogEntryDN, orclServerMode, orclPrName, orclPrPassword, orclUseEncrypt, orclDirectoryVersion

Oracle Internet Directory Server Manageability Schema Elements

Table B-22  Attributes for Oracle Internet Directory Server Manageability
Attribute Description

orclStatsFlag

Indicate whether you want to enable or disable the Oracle Internet Directory Server Manageability framework. To enable, set this to 1. To disable, set it to 0.

orclStatsPeriodicity

Specify how often you want to gather sample statistics--that is, the number of minutes in the interval. Set this to 1 or more minutes.

If OrclStatsLevel is enabled--that is, user statistics are turned on--and there are few users, then provide a greater value for this attribute. Conversely, if there are many users, then provide a lesser value.

OrclEventLevel

Specify critical events related to security and system resources that you want recorded. The default is 0--that is, no critical events are recorded.

For events other than super user, proxy user, and replication login, set the value of the orclStatsFlag attribute 1.

See Also: "Configuring Critical Events" for a list of critical events that can be monitored

OrclStatsLevel

Specify the level of statistics collection for users. There is only one valid value in this release, namely, 1. Specifying this value collects the number of bind and compare operations against the directory and the user who performed each one.

OrclMaxTcpIdleConnTime

Specifies maximum TCP connection time in minutes for an idle connection to be recorded as idle. Its default value is 120 minutes (2 hours). Please note that the value of this attribute should be less than that of the DSA Configuration Set attribute orclLDAPconnTimeOut.

Password Policy Schema Elements

The pwdPolicy object class is an auxiliary object class containing the password policy information for a set of users in a given DIT. It contains attributes that define the password policy information for the entire directory.

Table B-23 lists and describes the attributes of the pwdPolicy object class. The default value for each of these attributes is 0 (zero). These attributes are single-valued, except orclpwdIllegalValues, which is multi-valued.

Table B-23  Attributes of the pwdPolicy Object Class
Attribute Policy Description

orclpwdAlphaNumeric

Number of Numeric Characters in Password

Number of numeric characters required in a password. By default, one numeric character is required. That is, the default value is 1.

orclpwdencryptionenable

Enable reversible user password encryption

If the value is TRUE, then the user password is stored in reversible encrypted form.

orclpwdIllegalValues

Illegal Values

Multivalued attribute containing the common words and attribute types whose values cannot be used as a valid password. By default, all words are acceptable password values.

orclpwdipmaxfailure

IP Lockout Maximum Failure

Specify the maximum number of falied logins from a specific IP address after which the account is locked.

orclpwdToggle

Old Password Can Be New Password

Specification for whether a user's old password can become the new one. By default, it can. The default value is 1.

orlcpwdiplockout

IP Lockout

Specify whether you want to enforce account lockout for a specific IP address. A value of TRUE enforces the lockout. The default is FALSE.

pwdAllowUserChange

User-defined Passwords

Indicator of whether users can change their own passwords. If allowed, then users can change their passwords by using ldapmodify. If not allowed, then the directory server verifies that the user has privileges to change the password. If the user does not have the appropriate privileges, then the directory server sends the client an error message.

By default, user-defined passwords are allowed.

pwdCheckSyntax

Check Password Syntax

Indicator of whether syntax checking is enforced. If 1, then syntax checking is enforced. The default value is 1.

By default, password syntax checking is turned on, and user passwords must contain one numeric character.

orclpwdpolicyenable

Enable/disable Password Policy

Enalbed=1

Disabled=0

pwdExpireWarning

Password Expiration Warning

The number of seconds before password expiration that the directory server sends the user a warning. If password expiration is enabled, then, by default, the directory server sends a warning before the password expires.

The directory server sends the warning at each logon. If the user does not modify the password before it expires, the user is locked out until the password is changed by the administrator.

For this feature to work, the client application must support it.

The default is 0, which means no warnings are sent.

Example: If pwdMaxAge is 7200. and pwdExpireWarning is 3600, then your password expires after 2 hours. If you bind during the last hour, then you receive a warning that your password is about to expire.

pwdFailureCountInterval

Password Failure Count Interval

The number of seconds after which the password failure times are purged from the user entry. If this attribute is not present, or if it has a value of 0, then failure times are never purged. The default is 0.

pwdGraceLoginLimit

Number of Grace Logins after Password Expiration

Maximum number of grace logins allowed after a password expires. By default, no grace logins.are allowed. The default value is 3.

pwdInHistory

Number of Password History

How many of a user's previous passwords the directory server is to store. If a user attempts to reuse one of the passwords the directory server has stored, then the password is rejected. The directory server does not maintain a password history by default.

pwdLockout

Password Lockout

Specification for whether users are locked out of the directory after the number of consecutive failed bind attempts specified by pwdmaxFailure. If the value of this policy attribute is 1, then users are locked out. If this attribute is not present, or if the value is 0, then users are not locked out and the value of pwdMaxFailure is ignored. By default, account lockout is enforced. The account is locked after three consecutive login failures.

pwdLockoutDuration

Lockout Duration

The number of seconds a user is locked out of the directory if both of the following are true:

  • Account lockout is enabled

  • The user has been unable to bind successfully to the directory for at least the number of times specified by pwdMaxFailure

You can set user lockout for a specific duration, or until the administrator resets the user's password. A default value of 0 (zero) means that the user is locked out forever.

pwdMaxAge

Password Expiry Time

The maximum length of time, in seconds, that a given password is valid. If this attribute is not present, or if the value is 0 (zero), then the password does not expire. By default, the passwords expire in 60 days.

pwdMaxFailure

Password Maximum Failure

The number of consecutive failed bind attempts after which a user account is locked. If this attribute is not present, or if the value is 0 (zero), then the account is not locked due to failed bind attempts, and the value of the password lockout policy is ignored. The default is 4.

pwdMinLength

Minimum Number of Characters of Password

The minimum number of characters required in a password. By default, the minimum length is 5; however, the value for this attribute must be at least 1.

pwdMustChange

Password Change after Reset

Indicator of whether users must change their passwords after the first login, or after the password is reset by the administrator. Enabling this option requires users to change their passwords even if user-defined passwords are disabled. By default, users need not change their passwords after reset.

See Also:

"Overview: Establishing a Password Policy for an Identity Management Realm"

In addition to the pwdpolicysubentry mentioned earlier, the object class top contains these operational attributes to maintain the user-password state information for each user entry.

Table B-24  Password Policy Operational Attributes of the Top Object Class
Attribute Description

orclrevpwd

Reversible encrypted value of the user password. This attribute is generated only if the attribute orclpwdencryptionenable in the password policy entry is set to TRUE. The orclrevpwd attribute can be queried only by using the SSL one-way and two-way authentication mechanisms. This attribute cannot be queried over non-SSL sessions.

See Also: "Storing and Managing Password Verifiers for Authenticating to Oracle Internet Directory"

orclpwdipaccountlockedtime

The time at which a user was locked out of a specific IP address

orclpwdlastlogintime

The timestamp of the last login by the user

pwdAccountLockedTime

The time at which the user account was locked

pwdChangedtime

The timestamp of the user password creation or modification

pwdExpirationWarned

The time at which the first password expiration warning is been sent to the user

pwdFailuretime

The timestamp of consecutive failed login attempts by the user

pwdGraceUseTime

The time stamps of each grace login by the user

pwdHistory

A history of user's previously used passwords

pwdReset

Indicator that the password has been reset and must be changed by the user on first authentication

See Also:

"Overview: Establishing a Password Policy for an Identity Management Realm"

Password Verifier Schema Elements

Both the directory and Oracle components store the user password in the user entry, but in different attributes. Whereas the directory stores user passwords in the userPassword attribute, Oracle components store user password verifiers in the authPassword, orclPasswordVerifier, or orclpassword attribute. Table B-25 describes each of the attributes used by Oracle components.

Table B-25  Attributes for Storing Password Verifiers in User Entries
Attribute Description

authPassword

Attribute for storing a password to an Oracle component when that password is the same as that used to authenticate the user to the directory, namely, userpassword. The value in this attribute is synchronized with that in the userpassword attribute.

Several different applications can require the user to enter the same clear text password used for the directory, but each application may hash it with a different algorithm. In this case, the same clear text password can become the source of several different password verifiers.

This attribute is multivalued and can contain all the other verifiers that different applications use for this user's clear text password. If the userpassword attribute is modified, then the authpasswords for all applications are regenerated.

orclPasswordVerifier

Attribute for storing a password to an Oracle component when that password is different from that used to authenticate the user to the directory, namely, userpassword. The value in this attribute is not synchronized with that in the userpassword attribute.

Like authPassword, this attribute is multivalued and can contain all the other verifiers that different applications use for this user's clear text password.

orclPassword

Attribute for storing only the 03LOGON verifier for enterprise users. The 03LOGON verifier is synchronized with the userpassword attribute, and it is generated by default for all user entries associated with the orcluserv2 object class.

When Oracle Internet Directory is installed, a database security profile entry is created by default in the Root Oracle Context. The presence of this entry triggers the generation of 03LOGON verifiers for user entries associated with the orcluserv2 object class.

Each of these attribute types has appID as an attribute subtype. This attribute subtype uniquely identifies a particular application. For example, the appID can be the ORCLGUID of the application entry. This attribute subtype is generated during application installation.

Plug-in Schema Elements

The orclPluginConfig object class is a structural object class that must be associated with all plug-in entries. Its superclass is top. Table B-26 lists and describes its attributes.

Table B-26  Plug-in Attribute Names and Values
Attribute Name Attribute Value Mandatory?

Cn

Plug-in entry name

Yes

orclPluginAttributeList

A semicolon-separated attribute name list that controls whether the plug-in takes effect. If the target attribute is included in the list, the plug-in is invoked.

No

orclPluginEnable

0 = disable (default)

1 = enable

No

orclPluginEntryProperties

An ldap search filter type value need to be specified here. For example, if we specify orclPluginEntryProperties:(&(objectclass=inetorgperson)(sn=Cezanne)), then plug-in will not be invoked if the target entry has objectclass equal to inetorgperson and sn equal to Cezanne.

No

orclPluginIsReplace

For WHEN timing plug-in only

    0 = disable (default)

    1 = enable

No

orclPluginKind

PL/SQL

No

orclPluginLDAPOperation

One of the following values: 

ldapcompare
ldapmodify
ldapbind
ldapadd
ldapdelete
ldapsearch

Yes

orclPluginName

Plug-in package name

Yes

orclPluginRequestGroup

A semicolon-separated group list that controls if the plug-in takes effect. You can use this group to specify who can actually invoke the plug-in.

For example, if you specify orclpluginrequestgroup:cn=security,cn=groups,dc=oracle,dc=com, when you register the plug-in, then the plug-in will not be invoked unless the ldap request comes from the person who belongs to the group cn=security,cn=groups,dc=oracle,dc=com.

No

orclPluginRequestNegGroup

A semicolon-separated group list that controls if the plug-in takes effect. You can use this group to specify who can NOT invoke the plug-in. For example, if you specify orclpluginrequestgroup: cn=security,cn=groups,dc=oracle,dc=com, when you register the plug-in, then the plug-in will not be invoked if the ldap request comes from the person who belongs to the group cn=security,cn=groups,dc=oracle,dc=com.

No

orclPluginResultCode

An integer value to specify the ldap result code. If this value is specified, then plug-in will be invoked only if the ldap operation is in that result code scenario.

This is only for the POST plug-in type.

No

orclPluginShareLibLocation

File location of the dynamic linking library. If this value is not present, then Oracle Internet Directory server assumes the plug-in language is PL/SQL.

No

orclPluginSubscriberDNList

A semicolon-separated DN list that controls if the plug-in takes effect. For example: 

orclPluginSubscriberDNList=
dc=COM,c=us;
dc=us,dc=oracle,dc=com;
dc=org,dc=us;

o=IMC,c=US

If the target DN of an LDAP operation is included in the list, then the plug-in is invoked.

No

orclPluginTiming

One of the following values: 

pre
when
post

See Also: "About Directory Server Plug-ins" for explanations of these values

No

orclPluginType

One of the following values: 

operational
attribute
password_policy
syntax
matchingrule

See Also: The chapter about the Oracle Internet Directory server plug-in framework in Oracle Internet Directory Application Developer's Guide

Yes

orclPluginVersion

Supported plug-in version number

No

Resource Information Schema Elements

This section lists and describes the attributes for:

The resource access descriptor object contains the attributes listed and described in.

Table B-27  Resource Access Descriptor (RAD) Attributes
Attribute Description

orclResourceName

Specifies the name of the resource for which the connection information is being maintained.

orclOwnerGlobalID

Specifies the user or a group for which the preferences are being stored. The value of the attribute is same as the GUID (orclGlobalID) attribute value in the user or group entry. This attribute helps in abstracting the self-administrative access policies as a generic policy and also for querying the preferences given a user's GUID.

For example, suppose that user John Doe from Acme Corporation needs to store his extended preferences. His actual user entry contains mostly white-pages information about the user and his authentication credentials. The user entry additionally has orclGUID as one of the attributes to uniquely identify him. The same orclGUID attribute value is used to populate orclOwnerGlobalID attribute while storing his resource access information. At runtime, all applications know the global identifier of John Doe, and they can easily query the directory for all his preference values.

orclApplicationGUID

Specifies the global identifier of the application entity for which the user-preferences are being stored. The value of the attribute is same as the GUID (orclGUID) attribute value for the application entity. This attribute is useful when application-specific resource access information for a user is stored under the user's container object as shown in Figure 2-10.

orclResourceTypeName

Specifies the name of the resource--for example, database, XMLPDS, JDBCPDS

displayName

Specifies the display name associated with the resource

description

Specifies the description associated with orclResourceTypeName.

orclUserIDAttribute

Specifies the user identifier value to access the resource.

orclPasswordAttribute

Specifies the password value to access the resource.

orclFlexAttribute1

Specifies the additional information if required by the resource type.

orclFlexAttribute2

Specifies the additional information if required by the resource type.

orclFlexAttribute3

Specifies the additional information if required by the resource type.

OrclUserModifiable

Specifies if the data is modifiable by the user that this RAD entry is created for
Table B-28  Attributes for Resource Type Information
Attribute Description

orclResourceTypeName

Specifies the name of the resource--for example, database, XMLPDS, JDBCPDS

displayName

Specifies the display name associated with the orclResourceTypeName

description

Specifies the description associated with orclResourceTypeName

javaClassName

Specifies the fully qualified class name used by the product to perform user authentication--DBAuth, XMLPDSAuth, JDBCPDSAuth

orclUserIDAttribute

Specifies the user identifier attribute in the encoded resource access data.

orclPasswordAttribute

Specifies the password attribute in the encoded resource access data.

orclConnectionFormat

Specifies the format used to construct the connect string associated with the resource.

OrclFlexAttribute1

Specifies the GUL label for storing extra information if required for a particular resource type.

OrclFlexAttribute2

Specifies the GUL label for storing extra information if required for a particular resource type.

OrclFlexAttribute3

Specifies the GUL label for storing extra information if required for a particular resource type.

Replication Schema Elements

Table B-29  Replication Schema Elements
Object Classes Attributes

changeLogEntry, changeStatusEntry, orclReplAgreementEntry

orclGUID, changeNumber changeType, changes, orclParentGUID,server, changeLog, changeStatus, orclChangeRetryCount, orclAgreementId,orclReplicationProtocol, orclUpdateSchedule,targetDN, orclIncludedNamingcontexts, orclExcludedNamingcontexts, orclDirReplGroupDSAs, orclExcludedAttributes, orclreplicaDN

Note:

In this release, you cannot use the targetDN attribute as a filter. If you do, the operation will fail.

Replication Server Configuration Parameters

Table B-30 lists and describes the attributes of the replication server configuration set entry, which has the following DN: cn=configset0,cn=osdrepld,cn=subconfigsubentry.

Table B-30  Directory Replication Server Configuration Parameters
Parameter Name Description Default Values Modifiable?

modifyTimestamp

Time of entry creation or modification

No

modifiersName

Name of person creating or modifying the entry

No

orclChangeRetryCount

Single-valued attribute. The number of processing retry attempts for a change-entry before being moved to the human intervention queue. The value for this parameter must be equal to or greater than 1 (one).

10

Yes

orclThreadsPerSupplier

Number of worker threads directory replication server provides for each supplier for change log processing. The value for this parameter must be equal to or greater than 1 (one).

5

Yes

See Also:

"Viewing and Modifying Directory Replication Server Configuration Parameters"

Replica Subentry Attributes

Table B-31  Attributes of the Replica Subentry
Attribute Description

OrclReplicaID

Naming attribute for the replica subentry. Its value is unique to each directory server node that is initialized at installation. The value of this attribute, assigned during installation, is unique to each directory node, and matches that of the orclreplicaID attribute at the root DSE. You cannot modify this value.

orclReplicaURI

Contains information in ldapURI format that can be used to open a connection to this replica.

orclReplicaSecondaryURI

Contains the set of ldapURI format addresses that can be used if the orclReplicaURI values cannot be used.

orclReplicaType

Defines the type of replica such as read-only or read/write.

Possible values:

  • 0 (Read/Write)

  • 1 (Read-Only)

orclReplicaState

Defines the state of the replica such as bootstrap, online, and so on. Possible values:

  • 0 (Boot Strapping)

  • 1 (On-line)

  • 2 (Off-line)

OrclReplicaVersion

Oracle Internet Directory version of the replica.

See Also:

"The Replica Subentry"

Replication Agreement Entry Attributes

Table B-32  Attributes of the Replication Agreement Entry
Attribute Description

orclagreementID

Naming attribute for the replication agreement entry. You cannot modify this attribute.

OrclReplicaDN

For LDAP-based replication only. It is required to specify the DN of the replica to identify a consumer in the replication agreement. You cannot modify this attribute.

OrclReplicationPortocol

Define the replication protocol for change propagation to replica. Values:

  • ODS_ASR_1.0 (Oracle9i Advanced Replication-based protocol)

  • ODS_LDAP_1.0 (LDAP-based replication)

You cannot modify this attribute.

OrclDirReplGroupDSAs

For Oracle9i Advanced Replication-based groups, the orclreplicaid values of all the nodes in this replication group. This list must be identical on all nodes in the group. You can modify this attribute.

This attribute is not applicable for LDAP-based agreement.

OrclUpdateSchedule

Replication update interval for new changes and those being retried. The value is in minutes. You can modify this attribute.

OrclHIQSchedule

The interval, in minutes, at which the directory replication server repeats the change application process. You can modify this attribute.

OrclLDAPConnKeepAlive

Attribute determining whether the connections from the directory replication server to the directory server is kept active or established every time the changelog processing is done based on various schedules. You can modify this field.

Orcllastappliedchangenumber

This attribute indicates the status of the consumer replica with respect to the supplier in an LDAP-based replication agreement. This attribute is not applicable to Oracle9i Advanced Replication-based agreements.

You cannot modify this attribute.

orclexcludednamingcontexts

For Oracle9i Advanced Replication-based agreements, the value for this multivalued attribute specifies one or more subtrees to be excluded from replication.

You can modify this attribute.

See Also:

"The Replication Agreement Entry"

Replication Naming Context Objects

The container for replication naming context objects is an entry with the RDN cn=replication namecontext. It is created below the orclagreementID entry at installation. The cn=replication namecontext entry has the attributes listed and described in Table B-33.

Table B-33  Attributes of the Replication Naming Context Entry
Attribute Description

orclincludednamingcontexts

The naming context included in a partial replica.

This is a single valued attribute. For each naming context object, you can specify only one unique subtree.

In partial replication, except for subtrees listed in the orclexcluednamingcontexts attribute, all subtrees in the specified included naming context are replicated.

Note: Only LDAP-based replication agreements respect this attribute to define one or more partial replicas. If this attribute contains any values in an Oracle9i Advanced Replication-based replication agreement, then it is ignored.

You can modify this attribute.

orclexcludednamingcontexts

In LDAP-based replication, the value for this attribute specifies the root of a subtree, located within the included naming context, to be excluded from replication.

This is a multivalued attribute. From within the naming context specified in the orclincludednamingcontexts attribute, you can specify one or more subtrees to be excluded from the partial replication.

You can modify this attribute.

orclexcludedattributes

Within the included naming context, an attribute to be excluded from replication.

This is a multivalued attribute.

Note: This attribute is for partial replication only.

SSL Schema Elements

Note:

These attribute values are stored as part of configuration entries.

The SSL attributes are: orclsslAuthentication, orclsslEnable, orclsslWalletURL, orclsslPort, orclsslVersion

See Also:

System Operational Attributes

The following system operational attributes are modifiable.

Table B-34  Modifiable System Operational Attributes
Attribute Description

namingContexts

Topmost DNs for the naming contexts contained in this server. You must have super user privileges to publish a DN as a naming context.

There is no default.

orclCryptoScheme

Hash algorithm for encrypting the password. Options are:

  • MD4

  • MD5

  • No encryption

  • SHA

  • SSHA

  • UNIX Crypt

The default is MD4.

orclSizeLimit

Maximum number of entries to be returned by a search

orclServerMode

Specification as to whether data can be written to the server. Valid values are read-only and read-write. The default is read-write.

orclTimeLimit

Maximum amount of time, in seconds, allowed for a search to be completed. The default is 3600.

orclecacheenabled

Specification as to whether entry caching, described in "Entry Caching", is enabled. The value for enabled is 1; the value for disabled is 0. The default is 1.

orclecachemaxentrysize

Maximum size in bytes of the entry that can be cached in the entry cache. Any entry with size greater than orclecachemaxentrysize is not cached. If you have an entry with many binary attributes, or member or uniquemember attributes, and need to cache, then increase orclecachemaxentrysize to the appropriate value.

The default is 1 MB

This attribute is in the entry cn=dsaconfig,cn=configsets,cn=oracle internet directory.

To change this value: 

ldapmodify -p port -D cn=orcladmin -w adminpassword << EOF
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclecachemaxentrysize
orclecachemaxentrysize: new_integer_value
EOF

orclecachemaxsize

Maximum number of bytes of RAM that the entry cache can use. The default is 100M.

orclecachemaxentries

Maximum number of entries that can be present in the entry cache. The default is 25,000.

orclDIPRepository

Used by the directory replication server, and indicates whether change logs are to be generated in the consumer node for the Oracle directory integration and provisioning server to consume.

The default is FALSE.

orclEnableGroupCache

The cache of privilege groups and ACL groups in the directory server. Using this cache improves the performance of access control evaluation for users when privilege and ACP groups are used in ACI.

Use the group cache when a privilege group membership does not change frequently. If a privilege group membership does change frequently, then it is best to turn off the group cache. This is because, in such a case, computing a group cache increases overhead.

The default is 1.

orclMatchDNEnabled

If the base DN of a search request is not found, then the directory server returns the nearest DN that matches the specified base DN. Whether the directory server tries to find the nearest match DN is controlled by this attribute. If set to 1, then match DN processing is enabled. If set to 0, then match DN processing is disabled. The default is 1.

Orclanonymousbindsflag

Specification as to whether anonymous binds are allowed or not. If set to 1, then anonymous binds are allowed. If set to 0 (zero), then they are not allowed. The default is 1.

orclStatsPeriodicity

Specification as to how often you want to gather sample statistics--that is, the number of minutes in the interval. Set this to 1 or more minutes. The default is 60.

orclStatsFlag

Indicates whether you want to enable or disable the Oracle Internet Directory Server Manageability framework. To enable, set this to 1. To disable, set it to 0. The default is 0.

orclLDAPconnTimeOut

Specifies maximum connection time in minutes for an idle LDAP connection to be closed by the directory server. This is a DSA configuration set (DN: "cn=dsaconfig,cn=configsets,cn=oracle internet directory") attribute and its value can be set by using ldapmodify. The default is 0.

OrclEventLevel

Specifies critical events related to security and system resources that you want recorded. The default is 0--that is, no critical events are recorded

Please note that for events other than super user, proxy and replication login, the value of the orclStatsFlag attribute also must be set to 1 for enabling this feature.

See Also: "Configuring Critical Events" for a list of critical events that can be monitored

Note:

If you have multiple directory server instances connecting to the same database, or multiple server processes in the same directory server instance, then entry caching is automatically disabled. This is irrespective of the value of the orclecacheenabled attribute.

See Also:

"Setting System Operational Attributes"

Go to previous page Go to beginning of chapter Go to next page
Oracle
Copyright © 1999, 2003 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index