Ofm Admin Oid
788
Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) E10029-01 May 2009
Transcript of Ofm Admin Oid
Oracle Fusion MiddlewareAdministrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1)E10029-01
May 2009
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, 11g Release 1 (11.1.1) E10029-01 Copyright 1999, 2009, Oracle and/or its affiliates. All rights reserved. Primary Author: Ellen Desmond
Contributors: Olfat Aly, Krishna Chander, Giriraj Chauhan, Margaret Chou, Quan Dinh, Ajay Keni, Buddhika Kottahachchi, Stephen Lee, Paul Li, David Lin, Venkat Medam, Vishal Parashar, Karthi Purushothaman, Lakshmi Ramadoss, Loganathan Ramasamy, Ramaprakash Sathyanarayan, Amit Sharma, Daniel Shih, Jerry Smith, Olaf Stullich, Dipankar Thakuria, Baogang Song, Arun Theebaprakasam, Vinay Thulasidas, Satishkumar Venkatasamy, Shawn Vincent, Frances Wu This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065. This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
RSA and RC4 are trademarks of RSA Data Security. Portions of Oracle Internet Directory have been licensed by Oracle Corporation from RSA Data Security. This product contains SSLPlus Integration SuiteTM version 1.2, from Consensus Development Corporation. Sun Java System Directory Server and iPlanet are registered trademarks of Sun Microsystems, Inc.
ContentsPreface ........................................................................................................................................................... xxxixAudience................................................................................................................................................. xxxix Documentation Accessibility ............................................................................................................... xxxix Related Documents ..................................................................................................................................... xl Conventions ................................................................................................................................................ xli
What's New in Oracle Internet Directory?................................................................................... xliiiNew Features Introduced with Oracle Internet Directory 11g Release 1 (11.1.1) ........................... xliii New Features Introduced with Oracle Internet Directory 10g (10.1.4.1) .......................................... xlv New Features Introduced with Oracle Internet Directory 10g Release 2 (10.1.2).......................... xlvii New Features Introduced with Oracle Internet Directory 10g (9.0.4) ............................................ xlviii About Oracle Internet Directory Release 9.2 ........................................................................................... lii New Features Introduced with Oracle Internet Directory Release 9.0.2............................................ liii
Part I
Understanding Directory Services
1 Introduction to Directory ServicesWhat Is a Directory? ................................................................................................................................. The Expanding Role of Online Directories..................................................................................... The Problem: Too Many Special-Purpose Directories .................................................................. What Is the Lightweight Directory Access Protocol (LDAP)? ......................................................... LDAP and Simplified Directory Management .............................................................................. LDAP Version 3.................................................................................................................................. What Is Oracle Internet Directory? ....................................................................................................... Overview of Oracle Internet Directory ........................................................................................... Components of Oracle Internet Directory ...................................................................................... Advantages of Oracle Internet Directory ....................................................................................... Scalability ..................................................................................................................................... High Availability ........................................................................................................................ Security ......................................................................................................................................... Integration with the Oracle Environment ............................................................................... How Oracle Products Use Oracle Internet Directory ........................................................................ Easier and More Cost-Effective Administration of Oracle Products.......................................... Tighter Security Through Centralized Security Policy Administration .................................... Integration of Multiple Directories.................................................................................................. 1-1 1-1 1-2 1-3 1-3 1-3 1-4 1-4 1-5 1-6 1-6 1-6 1-6 1-6 1-7 1-7 1-7 1-8
vii
2 Understanding Oracle Internet Directory in Oracle Fusion MiddlewareOracle WebLogic Server Domain .......................................................................................................... Oracle Internet Directory as a System Component ........................................................................... Oracle Internet Directory Deployment Options ................................................................................ Oracle Fusion Middleware Home ......................................................................................................... Oracle WebLogic Server Home .............................................................................................................. Oracle Home ............................................................................................................................................. Oracle Instance ......................................................................................................................................... Oracle Enterprise Manager Fusion Middleware Control ................................................................. Logging, Auditing, and Diagnostics ..................................................................................................... MBeans and the WebLogic Scripting Tool .......................................................................................... 2-1 2-1 2-2 2-3 2-3 2-3 2-3 2-4 2-4 2-4
3
Understanding Oracle Internet Directory Concepts and ArchitectureOracle Internet Directory Architecture ................................................................................................ 3-1 An Oracle Internet Directory Node ................................................................................................. 3-2 An Oracle Directory Server Instance............................................................................................... 3-3 Oracle Internet Directory Ports ........................................................................................................ 3-4 Directory Metadata ............................................................................................................................ 3-5 How Oracle Internet Directory Processes a Search Request............................................................ 3-6 Directory Entries ....................................................................................................................................... 3-7 Distinguished Names (DNs) and Directory Information Trees (DITs)...................................... 3-7 Entry Caching ..................................................................................................................................... 3-8 Attributes ................................................................................................................................................... 3-8 Kinds of Attribute Information ........................................................................................................ 3-9 Single-Valued and Multivalued Attributes................................................................................. 3-10 Common LDAP Attributes ............................................................................................................ 3-10 Attribute Syntax .............................................................................................................................. 3-11 Attribute Matching Rules............................................................................................................... 3-11 Attribute Options ............................................................................................................................ 3-12 Object Classes ........................................................................................................................................ 3-12 Subclasses, Superclasses, and Inheritance................................................................................... 3-13 Object Class Types .......................................................................................................................... 3-13 Structural Object Classes......................................................................................................... 3-13 Auxiliary Object Classes ......................................................................................................... 3-13 Abstract Object Classes ........................................................................................................... 3-14 Naming Contexts ................................................................................................................................... 3-14 Security .................................................................................................................................................... 3-15 Globalization Support .......................................................................................................................... 3-16 Distributed Directories ........................................................................................................................ 3-17 Directory Replication...................................................................................................................... 3-17 Directory Partitioning..................................................................................................................... 3-17 Knowledge References and Referrals ............................................................................................... 3-19 Oracle Delegated Administration Services and the Oracle Internet Directory Self-Service Console .................................................................................................................................................... 3-20 The Service Registry and Service to Service Authentication ...................................................... 3-21 Oracle Directory Integration Platform .............................................................................................. 3-21 Oracle Internet Directory and Identity Management .................................................................... 3-22
viii
About Identity Management ......................................................................................................... Oracle Identity Management Products ....................................................................................... Identity Management Realms ....................................................................................................... Default Identity Management Realm.................................................................................... Identity Management Policies................................................................................................ Resource Information ........................................................................................................................... Resource Type Information ........................................................................................................... Resource Access Information ........................................................................................................ Location of Resource Information in the DIT .............................................................................
3-22 3-22 3-24 3-24 3-24 3-25 3-25 3-25 3-26
4 Understanding Process Control of Oracle Internet Directory ComponentsOracle Internet Directory Process Control Architecture ................................................................... The ODS_PROCESS_STATUS Table ................................................................................................... Starting, Stopping, and Monitoring of Oracle Internet Directory Processes ............................... Oracle Internet Directory Snippet in opmn.xml ............................................................................ OPMN Starting Oracle Internet Directory...................................................................................... OPMN Stopping of Oracle Internet Directory ............................................................................... Process Monitoring ............................................................................................................................ Oracle Internet Directory Process ControlBest Practices................................................................ 4-1 4-2 4-3 4-3 4-4 4-4 4-5 4-5
5 Understanding Oracle Internet Directory OrganizationThe Directory Information Tree ............................................................................................................ Planning the Overall Directory Structure ........................................................................................... Planning the Names and Organization of Users and Groups ......................................................... Organizing Users................................................................................................................................ Organizing Groups ............................................................................................................................ Migrating a DIT from a Third-Party Directory .................................................................................. 5-1 5-2 5-3 5-3 5-4 5-5
6
Understanding Oracle Internet Directory ReplicationWhy Use Replication? ............................................................................................................................. Replication Concepts ............................................................................................................................... Content to be Replicated: Full or Partial......................................................................................... Direction: One-Way, Two-Way, or Peer to Peer............................................................................ Transport Mechanism: LDAP or Oracle Database Advanced Replication................................ Directory Replication Group (DRG) Type: Single-master, Multimaster, or Fan-out ............... Single-Master Replication Example ......................................................................................... Multimaster Replication Example ............................................................................................ Fan-out Replication Example .................................................................................................... Loose Consistency Model ................................................................................................................. How the Replication Concepts Fit Together .................................................................................. Multimaster Replication with Fan-Out........................................................................................... What Kind of Replication Do You Need? ............................................................................................ 6-2 6-2 6-2 6-3 6-4 6-4 6-5 6-5 6-6 6-7 6-7 6-7 6-8
Part II
Basic Administration
ix
7 Getting Started With Oracle Internet DirectoryPostinstallation Tasks and Information ............................................................................................... Setting Up the Environment ............................................................................................................. Starting and Stopping the Oracle Stack .......................................................................................... List of Default URLs and Ports ........................................................................................................ Tuning Oracle Internet Directory .................................................................................................... Enabling Anonymous Binds............................................................................................................. Enable Oracle Internet Directory to run on Privileged Ports ...................................................... Using Oracle Enterprise Manager Fusion Middleware Control to Manage Oracle Internet Directory .................................................................................................................................................... Using Oracle Directory Services Manager to Manage Oracle Internet Directory ....................... Invoking Oracle Directory Services Manager ................................................................................ Connecting to the Server from Oracle Directory Services Manager........................................... Logging in to the Directory Server from Oracle Directory Services Manager................... Logging Into the Directory Server from Oracle Directory Services Manager Using SSL................................................................................................................................................. Configuring Oracle HTTP Server to Support Oracle Directory Services Manager in an Oracle WebLogic Server Cluster ...................................................................................................... Using Command-Line Utilities to Manage Oracle Internet Directory .......................................... Using Standard LDAP Utilities ........................................................................................................ Using Bulk Tools ................................................................................................................................ Using WLST ........................................................................................................................................ Basic Tasks for Configuring and Managing Oracle Internet Directory ........................................ 7-1 7-1 7-1 7-1 7-2 7-2 7-2 7-3 7-4 7-5 7-5 7-6 7-7 7-8 7-8 7-9 7-9 7-9 7-9
8 Managing Oracle Internet Directory InstancesIntroduction to Managing Oracle Internet Directory Instances .................................................... The Instance-Specific Configuration Entry .................................................................................... Creating the First Oracle Internet Directory Instance................................................................... Creating Additional Oracle Internet Directory Instances ............................................................ Registering an Oracle Instance or Component with the WebLogic Server ............................... Managing Oracle Internet Directory Components by Using Fusion Middleware Control ..... Viewing Active Server Information by Using Oracle Enterprise Manager Fusion Middleware Control ......................................................................................................................... Starting the Oracle Internet Directory Server by Using Oracle Enterprise Manager Fusion Middleware Control Stopping the Oracle Internet Directory Server by Using Oracle Enterprise Manager Fusion Middleware Control .......................................................................................................................... Restarting the Oracle Internet Directory Server by Using Oracle Enterprise Manager Fusion Middleware Control ............................................................................................................. Managing Oracle Internet Directory Components by Using opmnctl .......................................... Creating an Oracle Internet Directory Component by Using opmnctl ..................................... Registering an Oracle Instance by Using opmnctl ........................................................................ Unregistering an Oracle Instance by Using opmnctl .................................................................... Updating the Component Registration of an Oracle Instance by Using opmnctl.................... Deleting an Oracle Internet Directory Component by Using opmnctl ...................................... Viewing Active Server Instance Information by Using opmnctl ................................................ Starting the Oracle Internet Directory Server by Using opmnctl................................................ 8-1 8-1 8-2 8-3 8-4 8-4 8-5 8-5 8-5 8-5 8-6 8-6 8-7 8-7 8-8 8-9 8-9 8-9
x
Stopping the Oracle Internet Directory Server by Using opmnctl........................................... Restarting the Oracle Internet Directory Server by Using opmnctl......................................... Changing the Oracle Database Information in opmn.xml ........................................................ Starting an Instance of the Replication Server by Using OIDCTL .............................................
8-10 8-10 8-10 8-10
9 Managing System Configuration AttributesIntroduction to Managing System Configuration Attributes.......................................................... 9-1 What are Configuration Attributes?................................................................................................ 9-1 Attributes of the Instance-Specific Configuration Entry ............................................................. 9-2 Attributes of the DSA Configuration Entry ................................................................................... 9-7 Attributes of the DSE ......................................................................................................................... 9-9 Managing System Configuration Attributes by Using Oracle Enterprise Manager Fusion Middleware Control ................................................................................................................................ 9-9 Configuring Server Properties ......................................................................................................... 9-9 Configuring Shared Properties ..................................................................................................... 9-10 Configuring Other Parameters...................................................................................................... 9-11 Managing System Configuration Attributes by Using WLST ..................................................... 9-11 Managing System Configuration Attributes by Using LDAP Tools........................................... 9-14 Setting System Configuration Attributes by Using ldapmodify ............................................. 9-14 Listing Configuration Attributes with ldapsearch..................................................................... 9-15 Managing System Configuration Attributes by Using Oracle Directory Services Manager Data Browser .......................................................................................................................................... 9-15 Navigating to the Instance-Specific Configuration Entry ......................................................... 9-16 Navigating to the DSA Configuration Entry .............................................................................. 9-16 Navigating to the DSE Root........................................................................................................... 9-16
10 Managing IP AddressesIntroduction to Managing IP Addresses ........................................................................................... 10-1 Configuring the IP Address for Internet Protocol Version 6, Cold Failover Cluster, or Virtual IP ................................................................................................................................................. 10-1
11 Managing Naming ContextsIntroduction to Managing Naming Contexts ................................................................................... 11-1 Searching for Published Naming Contexts ...................................................................................... 11-1 Publishing a Naming Context............................................................................................................. 11-1
12 Managing Accounts and PasswordsIntroduction to Managing Accounts and Passwords ..................................................................... Managing Accounts and Passwords by Using Command-Line Tools ........................................ Enabling and Disabling Accounts by Using Command-Line Tools........................................ Unlocking Accounts by Using Command-Line Tools ............................................................... Forcing a Password Change by Using Command-Line Tools.................................................. Managing Accounts and Passwords by Using the Self-Service Console ................................... Enabling and Disabling Accounts by Using the Oracle Internet Directory Self-Service Console ............................................................................................................................................. 12-1 12-2 12-2 12-3 12-3 12-3 12-4
xi
Unlocking Accounts by Using the Oracle Internet Directory Self-Service Console.............. Resetting Your Own Password by Using the Oracle Internet Directory Self-Service Console ............................................................................................................................................. Changing the Superuser Password by Using Fusion Middleware Control .............................. Creating Another Account With Superuser Privileges .................................................................. Managing the Superuser by Using ldapmodify .............................................................................. Changing the Oracle Internet Directory Database Password ....................................................... Resetting the Superuser Password..................................................................................................... Changing the Password for the EMD Administrator Account..................................................... Changing the Password for the ODSSM Administrator Account ...............................................
12-4 12-4 12-4 12-5 12-5 12-5 12-6 12-6 12-7
13 Managing Directory EntriesIntroduction to Managing Directory Entries ................................................................................... Managing Entries by Using Oracle Directory Services Manager ................................................ Displaying Entries by Using Oracle Directory Services Manager ........................................... Searching for Entries by Using Oracle Directory Services Manager ....................................... Viewing Attributes for a Specific Entry by Using Oracle Directory Services Manager ....... Adding a New Entry by Using Oracle Directory Services Manager ....................................... Adding an Entry by Copying an Existing Entry in Oracle Directory Services Manager ..... Modifying an Entry by Using Oracle Directory Services Manager ......................................... Managing Entries by Using LDAP Command-Line Tools .......................................................... Listing All the Attributes in the Directory by Using ldapsearch ........................................... Adding a User Entry by Using ldapadd .................................................................................... Modifying a User Entry by Using ldapmodify......................................................................... Adding an Attribute Option by Using ldapmodify ................................................................. Deleting an Attribute Option by Using ldapmodify................................................................ Searching for Entries with Attribute Options by Using ldapsearch...................................... 13-1 13-1 13-2 13-3 13-5 13-5 13-7 13-8 13-10 13-10 13-10 13-11 13-11 13-11 13-11
14 Performing Bulk OperationsIntroduction to Performing Bulk Operations .................................................................................. Changing Server Mode ........................................................................................................................ Setting the Server Mode by Using Fusion Middleware Control.............................................. Setting the Server Mode by Using ldapmodify .......................................................................... Loading Data Into the Schema by Using bulkload ........................................................................ Importing an LDIF File by Using bulkload ................................................................................. Loading Data in Incremental or Append Mode By Using bulkload ....................................... Performing Index Verification By Using bulkload..................................................................... Re-Creating Indexes By Using bulkload...................................................................................... Recovering Data After a Load Failure By Using bulkload ...................................................... Modifying Attributes of a Large Number of Entries By Using bulkmodify ............................. Adding a Description for All Entries Under a Specified Naming Context by Using bulkmodify....................................................................................................................................... Adding an Attribute for All Entries Under a Specified Naming Context Matching a Specific Filter by Using bulkmodify............................................................................................. Replacing an Attribute for All Entries Under a Specified Naming Context by Using bulkmodify....................................................................................................................................... Deleting Entries or Attributes of Entries by Using bulkdelete..................................................xii
14-1 14-2 14-3 14-3 14-3 14-6 14-7 14-8 14-8 14-8 14-8 14-9 14-9 14-9 14-10
Deleting All Entries Under a Specified Naming Context by Using bulkdelete ................... Deleting Entries Under a Naming Context and Making them Tombstone Entries by Using bulkdelete ........................................................................................................................... Deleting Entries Under Specified Naming Contexts Given in File and Make them Tombstone Entries by Using bulkdelete.................................................................................... Dumping Data from Oracle Internet Directory to a File by Using ldifwrite .......................... Dumping Part of a Specified Naming Context to an LDIF File by Using ldifwrite ............ Dumping Entries Under a Specified Naming Context to an LDIF File by Using ldifwrite .......................................................................................................................................... Creating and Dropping Indexes from Existing Attributes by Using catalog .......................... Changing a Searchable Attribute into a Non-searchable Attribute by Using catalog ........ Changing a Non-searchable Attribute into a Searchable Attribute by Using catalog ........
14-10 14-10 14-10 14-11 14-11 14-11 14-12 14-12 14-12
15
Managing Dynamic and Static GroupsIntroduction to Managing Dynamic and Static Groups ................................................................ Static Groups.................................................................................................................................... Schema Elements for Creating Static Groups ...................................................................... Dynamic Groups ............................................................................................................................. Enhancements to and Limitations of Dynamic Groups in Oracle Internet Directory .. Schema Elements for Creating a Dynamic Group .............................................................. Hierarchies ....................................................................................................................................... Querying Group Entries................................................................................................................. When to Use Each Kind of Group ................................................................................................ Managing Static and Dynamic Group Entries by Using Oracle Directory Services Manager ................................................................................................................................................... Creating Static Group Entries by Using Oracle Directory Services Manager ........................ Modifying a Static Group Entry by Using Oracle Directory Services Manager .................... Creating Dynamic Group Entries by Using Oracle Directory Services Manager.................. Modifying a Dynamic Group Entry by Using Oracle Directory Services Manager............ Managing Static and Dynamic Group Entries by Using the Command Line ......................... Creating a Static Group Entry by Using ldapadd .................................................................... Modifying a Static Group by Using ldapmodify...................................................................... Creating a Dynamic Group Entry by Using ldapadd.............................................................. Modifying a Dynamic Group by Using ldapmodify ............................................................... 15-1 15-1 15-2 15-2 15-3 15-3 15-5 15-6 15-6 15-7 15-7 15-8 15-9 15-11 15-12 15-12 15-12 15-13 15-14
16
Managing Alias EntriesIntroduction to Managing Alias Entries ........................................................................................... Adding an Alias Entry .......................................................................................................................... Searching the Directory with Alias Entries ...................................................................................... Searching the Base with Alias Entries ......................................................................................... Searching One-Level with Alias Entries ...................................................................................... Searching a Subtree with Alias Entries ....................................................................................... Modifying Alias Entries ...................................................................................................................... Interpreting Messages Related to Alias Dereferencing ................................................................. 16-1 16-2 16-3 16-3 16-4 16-5 16-6 16-6
xiii
17 Managing Attribute Uniqueness Constraint EntriesIntroduction to Managing Attribute Uniqueness Constraint Entries ........................................ 17-1 Specifying Attribute Uniqueness Constraint Entries .................................................................... 17-3 Specifying Multiple Attribute Names in an Attribute Uniqueness Constraint ..................... 17-4 Specifying Multiple Subtrees in an Attribute Uniqueness Constraint .................................... 17-4 Specifying Multiple Scopes in an Attribute Uniqueness Constraint ....................................... 17-5 Specifying Multiple Object Classes in an Attribute Uniqueness Constraint.......................... 17-5 Specifying Multiple Subtrees, Scopes, and Object Classes in an Attribute Uniqueness Constraint ......................................................................................................................................... 17-6 Managing an Attribute Uniqueness Constraint Entry by Using Oracle Directory Services Manager ................................................................................................................................................... 17-6 Creating an Attribute Uniqueness Constraint Entry by Using Oracle Directory Services Manager............................................................................................................................................ 17-6 Modifying an Attribute Uniqueness Constraint Entry by Using Oracle Directory Services Manager............................................................................................................................................ 17-7 Deleting an Attribute Uniqueness Constraint Entry by Using Oracle Directory Services Manager............................................................................................................................................ 17-7 Managing an Attribute Uniqueness Constraint Entry by Using the Command Line ............. 17-8 Creating Attribute Uniqueness Across an Entire Directory by Using Command-Line Tools .................................................................................................................................................. 17-8 Creating Attribute Uniqueness Across One Subtree by Using Command-Line Tools......... 17-8 Creating Attribute Uniqueness Across One Object Class by Using Command-Line Tools .................................................................................................................................................. 17-9 Modifying Attribute Uniqueness Constraint Entries by Using Command-Line Tools ........ 17-9 Deleting Attribute Uniqueness Constraint Entries by Using Command-Line Tools............ 17-9 Enabling and Disabling Attribute Uniqueness by Using Command-Line Tools ................ 17-10
18 Managing Knowledge References and ReferralsIntroduction to Managing Knowledge References and Referrals ............................................... 18-1 Configuring Smart Referrals ............................................................................................................... 18-3 Configuring Default Referrals............................................................................................................ 18-4
19
Managing Directory SchemaIntroduction to Managing Directory Schema .................................................................................. Where Schema Information is Stored in the Directory.............................................................. Understanding Object Classes....................................................................................................... About Adding Object Classes ................................................................................................ About Modifying Object Classes ........................................................................................... About Deleting Object Classes............................................................................................... Understanding Attributes ............................................................................................................. About Adding Attributes........................................................................................................ About Modifying Attributes .................................................................................................. About Deleting Attributes ...................................................................................................... About Indexing Attributes .................................................................................................... Extending the Number of Attributes Associated with Entries................................................. Extending the Number of Attributes before Creating Entries in the Directory ............. Extending the Number of Attributes for Existing Entries by Creating an Auxiliary 19-1 19-2 19-2 19-3 19-4 19-4 19-4 19-5 19-5 19-5 19-5 19-6 19-7
xiv
Object Class............................................................................................................................... Extending the Number of Attributes for Existing Entries by Creating a Content Rule ............................................................................................................................................ Rules for Creating and Modifying Content Rules .............................................................. Schema Enforcement When Using Content Rules .............................................................. Searches for Object Classes Listed in Content Rules .......................................................... Understanding Attribute Aliases ................................................................................................. Object Identifier Support in LDAP Operations ........................................................................ Managing Directory Schema by Using Oracle Directory Services Manager .......................... Searching for Object Classes by Using Oracle Directory Services Manager ........................ Adding Object Classes by Using Oracle Directory Services Manager .................................. Modifying Object Classes by Using Oracle Directory Services Manager ............................. Deleting Object Classes by Using Oracle Directory Services Manager................................. Viewing Properties of Object Classes by Using Oracle Directory Services Manager ......... Adding a New Attribute by Using Oracle Directory Services Manager .............................. Modifying an Attribute by Using Oracle Directory Services Manager................................. Deleting an Attribute by Using Oracle Directory Services Manager .................................... Viewing All Directory Attributes by Using Oracle Directory Services Manager................ Searching for Attributes by Using Oracle Directory Services Manager................................ Adding an Index to a New Attribute by Using Oracle Directory Services Manager.......... Adding an Index to an Existing Attribute by Using Oracle Directory Services Manager.......................................................................................................................................... Dropping an Index from an Attribute by Using Oracle Directory Services Manager ........ Creating a Content Rule by Using Oracle Directory Services Manager ............................... Modifying a Content Rule by Using Oracle Directory Services Manager............................ Viewing Matching Rules by Using Oracle Directory Services Manager .............................. Viewing Syntaxes by Using Oracle Directory Services Manager .......................................... Managing Directory Schema by Using the Command Line ....................................................... Viewing the Schema by Using ldapsearch ................................................................................ Adding a New Object Class by Using Command-Line Tools ................................................ Adding a New Attribute to an Auxiliary or User-Defined Object Class by Using Command-Line Tools ................................................................................................................... Modifying Object Classes by Using Command-Line Tools.................................................... Adding and Modifying Attributes by Using ldapmodify ...................................................... Deleting Attributes by Using ldapmodify................................................................................. Indexing an Attribute for Which No Data Exists by Using ldapmodify ............................... Dropping an Index from an Attribute by Using ldapmodify................................................. Indexing an Attribute for Which Data Exists by Using the Catalog Management Tool .... Adding a New Attribute With Attribute Aliases by Using the Command Line ................. Adding or Modifying Attribute Aliases in Existing Attributes by Using the Command Line.................................................................................................................................................. Deleting Attribute Aliases by Using the Command Line ....................................................... Using Attribute Aliases with LDAP Commands ..................................................................... Using Attribute Aliases with ldapsearch ........................................................................... Using Attribute Aliases with ldapadd................................................................................ Using Attribute Aliases with ldapmodify.......................................................................... Using Attribute Aliases with ldapdelete ............................................................................
19-7 19-7 19-8 19-8 19-9 19-9 19-10 19-10 19-11 19-11 19-11 19-12 19-13 19-13 19-14 19-14 19-14 19-14 19-15 19-15 19-15 19-15 19-16 19-16 19-17 19-17 19-18 19-18 19-18 19-19 19-19 19-19 19-20 19-20 19-21 19-21 19-21 19-22 19-22 19-23 19-23 19-24 19-24
xv
Using Attribute Aliases with ldapmoddn.......................................................................... Managing Content Rules by Using Command-Line Tools..................................................... Viewing Matching Rules by Using ldapsearch......................................................................... Viewing Syntaxes by Using by Using ldapsearch....................................................................
19-24 19-25 19-26 19-26
20 Configuring Referential IntegrityIntroduction to Configuring Referential Integrity ......................................................................... Enabling Referential Integrity by Using Fusion Middleware Control ..................................... Disabling Referential Integrity by Using Fusion Middleware Control ..................................... Enabling Referential Integrity by Using the Command Line ...................................................... Configuring Specific Attributes for Referential Integrity by Using the Command Line ...... Disabling Referential Integrity by Using the Command Line..................................................... Detecting and Correcting Referential Integrity Violations........................................................... 20-1 20-2 20-2 20-2 20-3 20-3 20-3
21 Managing AuditingIntroduction to Auditing...................................................................................................................... Oracle Internet Directory Audit Configuration.......................................................................... Replication and Oracle Directory Integration Platform Audit Configuration....................... Audit Record Fields ........................................................................................................................ Audit Record Storage ..................................................................................................................... Generating Audit Reports.............................................................................................................. Managing Auditing by Using Fusion Middleware Control ......................................................... Managing Auditing by Using WLST ................................................................................................ Managing Auditing from the Command Line................................................................................. Viewing Audit Configuration from the Command Line .......................................................... Configuring Oracle Internet Directory Auditing from the Command Line .......................... Enabling Replication and Oracle Directory Integration Platform Auditing from the Command Line ................................................................................................................................ 21-1 21-2 21-3 21-3 21-3 21-3 21-4 21-4 21-5 21-5 21-5 21-6
22 Managing LoggingIntroduction to Logging ....................................................................................................................... Features of Oracle Internet Directory Debug Logging .............................................................. Interpreting Log Messages............................................................................................................. Log Messages for Specified LDAP Operations.................................................................... Log Messages Not Associated with Specified LDAP Operations .................................... Example: Trace Messages in Oracle Internet Directory Server Log File.......................... Managing Logging by Using Fusion Middleware Control ........................................................... Viewing Log Files by Using Fusion Middleware Control ........................................................ Configuring Logging by Using Fusion Middleware Control................................................... Managing Logging from the Command Line .................................................................................. Viewing Log Files from the Command Line............................................................................... Setting Debug Logging Levels by Using the Command Line .................................................. Setting the Debug Operation by Using the Command Line..................................................... Force Flushing the Trace Information to a Log File ................................................................... 22-1 22-2 22-2 22-3 22-3 22-3 22-4 22-5 22-5 22-6 22-6 22-6 22-7 22-8
xvi
23 Monitoring Oracle Internet DirectoryIntroduction to Monitoring Oracle Internet Directory Server ..................................................... Capabilities of Oracle Internet Directory Server Manageability.............................................. Oracle Internet Directory Server Manageability Architecture and Components.................. Purging of Security Events and Statistics Entries....................................................................... Account Used for Accessing Server Manageability Information............................................. Setting Up Statistics Collection by Using Fusion Middleware Control .................................... Configuring Oracle Internet Directory Server Statistics Collection by Using Fusion Middleware Control ....................................................................................................................... Configuring a User for Statistics Collection by Using Fusion Middleware Control ............ Viewing Statistics Information with Fusion Middleware Control ............................................. Viewing Statistics Information on the Oracle Internet Directory Home Page....................... Viewing Information on the Oracle Internet Directory Performance Page............................ Viewing Statistics Information from the Oracle Directory Services Manager Home Page.... Setting Up Statistics Collection by Using the Command-Line .................................................... Configuring General Statistics Attributes from the Command Line....................................... Configuring User Statistics Collection from the Command Line ............................................ Configuring Event Levels from the Command Line ................................................................ Configuring a User for Statistics Collection by Using the Command Line............................ Viewing Information with the OIDDIAG Tool ............................................................................ 23-1 23-1 23-2 23-3 23-3 23-4 23-4 23-5 23-5 23-5 23-6 23-7 23-7 23-7 23-9 23-9 23-9 23-10
24 Backing Up and Restoring Oracle Internet DirectoryIntroduction to Backing Up and Restoring Oracle Internet Directory ....................................... 24-1 Backing Up and Restoring a Small Directory or Specific Naming Context .............................. 24-1 Backing Up and Restoring a Large Directory .................................................................................. 24-2
Part III
Advanced Administration: Security
25 Configuring Secure Sockets Layer (SSL)Introduction to Configuring Secure Sockets Layer (SSL) ............................................................ Supported Cipher Suites ................................................................................................................ Supported Protocol Versions......................................................................................................... SSL Authentication Modes ............................................................................................................ Limitations of the Use of SSL in11g Release 1 (11.1.1) ............................................................... Oracle Wallets.................................................................................................................................. Other Components and SSL ......................................................................................................... SSL Interoperability Mode............................................................................................................. StartTLS ............................................................................................................................................ Configuring SSL by Using Fusion Middleware Control .............................................................. Creating a Wallet by Using Fusion Middleware Control ......................................................... Configuring SSL Parameters by Using Fusion Middleware Control ..................................... Setting SSL Parameters with Fusion Middleware Control ....................................................... Configuring SSL by Using WLST ...................................................................................................... Configuring SSL by Using LDAP Commands .............................................................................. Testing SSL Connections by Using Oracle Directory Services Manager ................................. Testing SSL Connections From the Command Line ..................................................................... 25-1 25-2 25-2 25-3 25-4 25-4 25-4 25-5 25-5 25-5 25-5 25-6 25-8 25-8 25-10 25-11 25-11
xvii
Testing SSL With Encryption Only............................................................................................. Testing SSL With Server Authentication ................................................................................... Testing SSL With Client and Server Authentication................................................................ Configuring SSL Interoperability Mode ........................................................................................
25-12 25-12 25-12 25-12
26 Configuring Data PrivacyIntroduction to Table Space Encryption ........................................................................................... Enabling and Disabling Table Space Encryption ........................................................................... Introduction to Using Database Vault With Oracle Internet Directory ...................................... Configuring Oracle Database Vault to Protect Oracle Internet Directory Data ........................ Installing Oracle Database Vault .................................................................................................. Adding a Database Vault Realm and Policies for Oracle Internet Directory ......................... Managing Oracle Database Vault Configuration for Oracle Internet Directory ................... Deleting Database Vault Policies For Oracle Internet Directory.............................................. Disabling Oracle Database Vault for the Oracle Internet Directory Database....................... Best Practices for Using Database Vault with Oracle Internet Directory ................................... Introduction to Sensitive Attributes .................................................................................................. Configuring Privacy of Retrieved Sensitive Attributes................................................................. 26-1 26-1 26-3 26-3 26-3 26-4 26-4 26-5 26-5 26-5 26-5 26-6
27 Managing Password PoliciesIntroduction to Managing Password Policies .................................................................................. What a Password Policy Is............................................................................................................. Steps Required to Create and Apply a Password Policy........................................................... Fine-Grained Password Policies ................................................................................................... Default Password Policy ................................................................................................................ Password Policy Attributes ........................................................................................................... Directory Server Verification of Password Policy Information................................................ Password Policy Error Messages .................................................................................................. Releases Before 10g (10.1.4.0.1) ..................................................................................................... Managing Password Policies by Using Oracle Directory Services Manager ............................ Viewing Password Policies by Using Oracle Directory Services Manager ............................ Modifying Password Policies by Using Oracle Directory Services Manager ........................ Creating a Password Policy and Assigning it to a Subtree by Using Oracle Directory Services Manager ............................................................................................................................ Managing Password Policies by Using Command-Line Tools .................................................. Viewing Password Policies by Using Command-Line Tools ................................................. Creating a New Password Policy by Using Command-Line Tools....................................... Applying a Password Policy to a Subtree by Using Command-Line Tools......................... Setting Password Policies by Using Command-Line Tools.................................................... 27-1 27-1 27-2 27-2 27-4 27-5 27-7 27-7 27-8 27-8 27-8 27-9 27-9 27-10 27-10 27-10 27-11 27-11
28 Managing Directory Access ControlIntroduction to Managing Directory Access Control .................................................................... Access Control Management Constructs..................................................................................... Access Control Policy Points (ACPs) .................................................................................... The orclACI Attribute for Prescriptive Access Control...................................................... The orclEntryLevelACI Attribute for Entry-Level Access Control .................................. 28-1 28-2 28-3 28-3 28-3
xviii
Security Groups........................................................................................................................ Access Control Information Components ................................................................................... Object: To What Are You Granting Access? ........................................................................ Subject: To Whom Are You Granting Access?..................................................................... Operations: What Access Are You Granting?.................................................................... Access Level Requirements for LDAP Operations .................................................................. How ACL Evaluation Works ...................................................................................................... Precedence Rules Used in ACL Evaluation ....................................................................... Use of More Than One ACI for the Same Object .............................................................. Exclusionary Access to Directory Objects .......................................................................... ACL Evaluation For Groups ................................................................................................ Managing Access Control by Using Oracle Directory Services Manager ................................ Viewing an ACP by Using Oracle Directory Services Manager ............................................ Adding an ACP by Using Oracle Directory Services Manager.............................................. Task 1: Specify the Entry That Will Be the ACP ................................................................ Task 2: Configure Structural Access Items......................................................................... Task 3: Configure Content Access Items ............................................................................ Delete a Structural or Content Access Item ....................................................................... Modifying an ACP by Using Access Control Management in Oracle Directory Services Manager.......................................................................................................................................... Adding or Modifying an ACP by Using the Data Browser in Oracle Directory Services Manager.......................................................................................................................................... Setting or Modifying Entry-Level Access by Using the Data Browser in Oracle Directory Services Manager .......................................................................................................................... Managing Access Control by Using Command-Line Tools ........................................................ Restricting the Kind of Entry a User Can Add ......................................................................... Setting Up an Inheritable ACP by Using ldapmodify ............................................................. Setting Up Entry-Level ACIs by Using ldapmodify ................................................................ Using Wildcards in an LDIF File with ldapmodify ................................................................. Selecting Entries by DN ............................................................................................................... Using Attribute and Subject Selectors........................................................................................ Granting Read-Only Access ........................................................................................................ Granting Selfwrite Access to Group Entries ............................................................................ Defining a Completely Autonomous Policy to Inhibit Overriding Policies.........................
28-4 28-7 28-7 28-8 28-10 28-11 28-11 28-12 28-13 28-14 28-14 28-15 28-15 28-15 28-16 28-16 28-17 28-19 28-19 28-20 28-21 28-21 28-22 28-22 28-23 28-23 28-23 28-24 28-25 28-25 28-25
29 Managing Password VerifiersIntroduction to Storing and Managing Password Verifiers for Authenticating to Oracle Internet Directory.................................................................................................................................................. 29-1 Userpassword Verifiers and Authentication to the Directory.................................................. 29-2 Hashing Schemes for Creating Userpassword Verifiers ........................................................... 29-2 Managing Password Hashing Schemes for Creating Password Verifiers for Authenticating to Oracle Internet Directory by Using ldapmodify ........................................................................ 29-3 Introduction to Storing and Managing Password Verifiers for Authenticating to Oracle Components............................................................................................................................................ 29-3 About Password Verifiers for Authenticating to Oracle Components ................................... 29-4 Attributes for Storing Password Verifiers for Authenticating to Oracle Components......... 29-5 Default Verifiers for Oracle Components.................................................................................... 29-7
xix
How Password Verification Works for an Oracle Component ................................................ Managing Password Verifier Profiles for Oracle Components by Using Oracle Directory Services Manager................................................................................................................................... Managing Password Verifier Profiles for Oracle Components by Using Command-Line Tools ....................................................................................................................................................... Viewing a Password Verifier Profile by Using Command-Line Tools ................................. Example: Modifying a Password Verifier Profile by Using Command-Line Tools ............ Introduction to Generating Verifiers by Using Dynamic Parameters ..................................... Configuring Oracle Internet Directory to Generate Dynamic Password Verifiers ................
29-8 29-9 29-10 29-10 29-10 29-10 29-11
30 Delegating Privileges for Oracle Identity ManagementIntroduction to Delegating Privileges for Oracle Identity Management ................................. How Delegation Works.................................................................................................................. Delegation in an Oracle Fusion Middleware Environment...................................................... About the Default Configuration.................................................................................................. Privileges for Administering the Oracle Technology Stack...................................................... Delegating Privileges for User and Group Management .............................................................. How Privileges Are Granted for Managing User and Group Data ........................................ Default Privileges for Managing User Data ................................................................................ Creating Users for a Realm..................................................................................................... Modifying Attributes of a User.............................................................................................. Deleting a User ......................................................................................................................... Delegating User Administration............................................................................................ Default Privileges for Managing Group Data............................................................................. Creating Groups....................................................................................................................... Modifying the Attributes of Groups ..................................................................................... Deleting Groups ....................................................................................................................... Delegating Group Administration ........................................................................................ Delegating Privileges for Deployment of Oracle Components ................................................... How Deployment Privileges Are Granted .................................................................................. Oracle Application Server Administrators.................................................................................. User Management Application Administrators ....................................................................... Trusted Application Administrators.......................................................................................... Delegating Privileges for Component Run Time ......................................................................... Default Privileges for Reading and Modifying User Passwords ........................................... Default Privileges for Comparing User Passwords ................................................................. Default Privileges for Comparing Password Verifiers ............................................................ Default Privileges for Proxying on Behalf of End Users ......................................................... Default Privileges for Managing the Oracle Context............................................................... Default Privileges for Reading Common User Attributes ...................................................... Default Privileges for Reading Common Group Attributes ................................................... Default Privileges for Reading the Service Registry ................................................................ Default Privileges for Administering the Service Registry..................................................... 30-1 30-1 30-2 30-3 30-3 30-4 30-4 30-5 30-5 30-5 30-6 30-6 30-7 30-7 30-7 30-7 30-8 30-8 30-9 30-9 30-10 30-10 30-10 30-11 30-12 30-12 30-13 30-13 30-13 30-14 30-14 30-14
31 Managing AuthenticationIntroduction to Authentication .......................................................................................................... 31-1 Direct Authentication ..................................................................................................................... 31-1xx
Indirect Authentication .................................................................................................................. External Authentication ................................................................................................................. Simple Authentication and Security Layer (SASL) ................................................................... Configuring Certificate Authentication Method by Using Fusion Middleware Control ...... Configuring SASL Authentication by Using Fusion Middleware Control ............................... Configuring Certificate Authentication Method by Using Command-Line Tools .................. Configuring SASL Authentication by Using the Command Line............................................... Introduction to Anonymous Binds .................................................................................................... Managing Anonymous Binds ............................................................................................................. Managing Anonymous Binds by Using Fusion Middleware Control ................................... Managing Anonymous Binds by Using the Command Line ...................................................
31-3 31-4 31-5 31-6 31-6 31-6 31-7 31-8 31-8 31-8 31-8
Part IV 32
Advanced Administration: Managing Directory Deployment
Planning, Deploying and Managing RealmsIntroduction to Planning, Deploying and Managing Realms ...................................................... Planning the Identity Management Realm.................................................................................. Identity Management Realms in an Enterprise Deployment ................................................... Single Identity Management Realm in the Enterprise........................................................ Multiple Identity Management Realms in the Enterprise ................................................. Identity Management Realms in a Hosted Deployment ........................................................... Identity Management Realm Implementation in Oracle Internet Directory.......................... Default Directory Information Tree and the Identity Management Realm............................ Customizing the Default Identity Management Realm ................................................................ Steps to Update the Existing User and Group Search Base .................................................... Set up an Additional Search Base ............................................................................................... Refresh Oracle Single Sign-On .................................................................................................... Reconfigure Provisioning Profiles .............................................................................................. Creating Additional Identity Management Realms for Hosted Deployments ....................... 32-1 32-1 32-3 32-3 32-4 32-5 32-5 32-6 32-8 32-10 32-11 32-12 32-12 32-14
33 Tuning and Sizing Oracle Internet DirectoryIntroduction to Tuning Oracle Internet Directory .......................................................................... Basic Tuning Recommendations................................................................................................... Tuning Recommendations for Database Parameters ......................................................... Tuning Recommendations for LDAP Server Attributes .................................................... Tuning Recommendations for Database Statistics.............................................................. Tuning Recommendations for Advanced Configurations........................................................ Tuning Recommendations for LDAP Server Instance with Replication or Oracle Directory Integration Platform .............................................................................................. Tuning Recommendations for Replication Server Configuration .................................... Tuning Recommendations for Garbage Collection Configuration .................................. Tuning Recommendations for Oracle Internet Directory with Real Application Clusters Database..................................................................................................................... Tuning Recommendations for Password Policies and Verifier Profiles .......................... Tuning Recommendations for Server Entry Cache ............................................................ Tuning Recommendations for Tuning Security Event Tracking ...................................... 33-1 33-2 33-2 33-2 33-4 33-4 33-5 33-5 33-6 33-6 33-7 33-7 33-8
xxi
Low-Priority Tuning Recommendations..................................................................................... 33-9 Tuning Recommendations for the Number of Entries to be Returned by a Search....... 33-9 Tuning Recommendations for Enabling the Group Cache.............................................. 33-10 Tuning Recommendations for the Timeout for Write Operations ................................. 33-10 Additional Tuning Recommendations for Specific Use Cases ............................................... 33-10 Tuning Recommendations for Bulk Load Operation ....................................................... 33-10 Tuning Recommendations for Bulk Delete Operation .................................................... 33-10 Tuning Recommendations for High LDAP Write Operations Load ............................. 33-10 Tuning Recommendations for Oracle Identity Federation.............................................. 33-11 Optimizing Searches ..................................................................................................................... 33-12 Optimizing Searches for Large Group Entries .................................................................. 33-12 Optimizing Searches for Skewed Attributes...................................................................... 33-12 Optimizing Performance of Complex Search Filters ....................................................... 33-13 Evaluating Performance on UNIX and Windows Systems ......................................................... 33-15 Obtaining Recommendations by Using the Tuning and Sizing Wizard .................................. 33-16 Updating Database Statistics by Using oidstats.sql ..................................................................... 33-18 Setting Performance-Related Replication Configuration Attributes........................................ 33-18 Modifying Performance-Related System Configuration Attributes ......................................... 33-19 Modifying Performance Attributes in the Instance-Specific Configuration Entry by Using Fusion Middleware Control............................................................................................. 33-19 Modifying Shared Performance Attributes by Using Fusion Middleware Control............ 33-20 Modifying Performance-Related System Configuration Attributes by Using ldapmodify..................................................................................................................................... 33-20 Modifying Performance-Related Instance-Specific Configuration Entry Attributes... 33-20 Modifying Performance-Related Shared System Configuration Attributes in the DSA Configuration Entry............................................................................................................... 33-21 Setting Garbage Collection Configuration Attributes ................................................................. 33-21 Modifying Changelog Purging Configuration Entry Attributes by Using ldapmodify..... 33-21 Navigating to the Changelog Purging Configuration Entry in Oracle Directory Services Manager 33-22
34 Managing Garbage CollectionIntroduction to Managing Garbage Collection ............................................................................... Components of the Oracle Internet Directory Garbage Collection Framework .................... Garbage Collection Plug-in .................................................................................................... Background Database Processes............................................................................................ How Oracle Internet Directory Garbage Collection Works...................................................... Garbage Collector Entries and the Oracle Internet Directory Statistics Collector Entry ...... Change Log Purging....................................................................................................................... Modifying Oracle Internet Directory Garbage Collectors ............................................................ Modifying a Garbage Collector by Using Oracle Directory Services Manager ..................... Modifying a Garbage Collector by Using Command-Line Tools ............................................ Example 1: Modifying a Garbage Collector ......................................................................... Example 2: Disabling a Garbage Collector Change Log .................................................... Modifying the Oracle Internet Directory Statistics Collector ................................................... Enabling, Disabling, and Monitoring Logging for Oracle Internet Directory Garbage Collectors ................................................................................................................................................ 34-1 34-1 34-1 34-2 34-4 34-5 34-6 34-6 34-7 34-7 34-7 34-7 34-7 34-8
xxii
Enabling Logging for Oracle Internet Directory Garbage Collectors...................................... Disabling Logging for Oracle Internet Directory Garbage Collectors..................................... Monitoring Garbage Collection Logging..................................................................................... Configuring Time-Based Change Log Purging ...............................................................................
34-8 34-8 34-9 34-9
35 Migrating Data from Other Data RepositoriesIntroduction to Migrating Data from Other Data Repositories .................................................. Migrating Data from LDAP-Compliant Directories ...................................................................... Migrating Third-party LDAP Data by Using an LDIF File and bulkload .............................. Migrating Third-party LDAP Data by Using syncProfileBootstrap Directly......................... Migrating Third-party LDAP Data by Using an LDIF File and syncProfileBootstrap ......... Migrating Third-party LDAP Data by Using syncProfileBootstrap, bulkload, and LDIF Files.................................................................................................................................................... Migrating Third-party LDAP Data by Using the Oracle Directory Integration Platform Server ................................................................................................................................................ Migrating User Data from Application-Specific Repositories ..................................................... The Intermediate Template File .................................................................................................... Reconciling Data in Application Repository with Data Already in Oracle Internet Directory........................................................................................................................................... Tasks For Migrating Data from Application-Specific Repositories ......................................... Task 1: Create an Intermediate Template File ..................................................................... Task 2: Run the OID Migration Tool..................................................................................... 35-1 35-1 35-2 35-4 35-5 35-5 35-6 35-6 35-7 35-7 35-7 35-7 35-9
36 Configuring Server ChainingIntroduction to Configuring Server Chaining ................................................................................. Supported External Servers ........................................................................................................... Integrated Oracle Products ............................................................................................................ Oracle Single Sign-On ............................................................................................................. Enterprise User Security ......................................................................................................... Supported Operations .................................................................................................................... Server Chaining with Replication ................................................................................................ Configuring Server Chaining ............................................................................................................. Configuring Server Chaining by Using Oracle Directory Services Manager......................... Configuring Server Chaining from the Command Line ........................................................... Creating Server Chaining Configuration Entries ........................................................................... Configuration Entry Attributes..................................................................................................... Requirements for User and Group Containers........................................................................... Attribute Mapping .......................................................................................................................... Active Directory Example.............................................................................................................. Active Directory with SSL Example ........................................................................................... Active Directory with New Attributes Example ...................................................................... Sun Java System Directory Server (iPlanet) Example.............................................................. Sun Java System Directory Server (iPlanet) with SSL Example ............................................. eDirectory Example ...................................................................................................................... eDirectory with SSL Example ..................................................................................................... Debugging Server Chaining ............................................................................................................. 36-1 36-2 36-2 36-2 36-2 36-2 36-3 36-3 36-4 36-4 36-5 36-5 36-7 36-8 36-9 36-10 36-11 36-11 36-12 36-13 36-13 36-13
xxiii
Configuring an
