Table of Contents
- List of Examples
- List of Figures
- List of Tables
- Title and Copyright Information
- Preface
- What's New in Oracle Internet Directory?
-
Part I Understanding Directory Services
-
1
Introduction to Directory Services
- 1.1 What is a Directory?
- 1.2 Understanding Directory and its Role
- 1.3 What is Lightweight Directory Access Protocol (LDAP)?
- 1.4 Understanding Oracle Internet Directory
- 1.5 How Oracle Products Use Oracle Internet Directory
-
2
Understanding Oracle Internet Directory in Oracle Fusion Middleware
- 2.1 Understanding WebLogic Server Domain
- 2.2 Oracle Internet Directory as a System Component
- 2.3 Oracle Internet Directory Deployment Options
- 2.4 Middleware Home
- 2.5 WebLogic Server Home
- 2.6 Oracle Common Home
- 2.7 Oracle Home
- 2.8 Oracle Instance in 12c Release 2
- 2.9 Oracle Enterprise Manager Fusion Middleware Control
- 2.10 Known Limitations of Oracle Enterprise Manager for Oracle Internet Directory
- 2.11 Logging, Auditing and Diagnostics Using Fusion Middleware Control
- 2.12 MBeans and the WebLogic Scripting Tool
-
3
Understanding the Concepts and Architecture of Oracle Internet Directory
- 3.1 Understanding the Architecture of Oracle Internet Directory
- 3.2 Understanding How Oracle Internet Directory Processes a Search Request
- 3.3 Understanding Directory Entries in Oracle Internet Directory
- 3.4 Understanding the Concept of Attributes in Oracle Internet Directory
- 3.5 Understanding Object Classes in Oracle Internet Directory
- 3.6 Directory Naming Contexts
- 3.7 Security Features in Oracle Internet Directory
- 3.8 Globalization Support
- 3.9 Understanding Distributed Directories
- 3.10 Knowledge References and Referrals
- 3.11 Service Registry and Service to Service Authentication
- 3.12 Oracle Directory Integration Platform
- 3.13 Understanding the Role of Identity Management in Oracle Internet Directory
- 3.14 TCP Keep-Alive Mechanism
- 3.15 Understanding the Concept of Resource Information
-
4
Understanding Process Control of Oracle Internet Directory Components
- 4.1 Oracle Internet Directory Process Control Architecture
- 4.2 The ODS_PROCESS_STATUS Table in Oracle Internet Directory
- 4.3 Starting, Stopping, and Monitoring of Oracle Internet Directory Processes
- 4.4 Oracle Internet Directory Replication-Server Control and Failover
- 4.5 Oracle Internet Directory Process Control: Best Practices
- 5 Understanding Oracle Internet Directory Organization
-
6
Understanding Oracle Internet Directory Replication
- 6.1 What is Oracle Internet Directory Replication?
- 6.2 Why Use Oracle Internet Directory Replication?
-
6.3
Understanding Basic Concepts of Internet Directory Replication
- 6.3.1 How to Decide Full or Partial Content Replication?
- 6.3.2 Replication Direction: One-Way, Two-Way, or Peer to Peer
- 6.3.3 Transport Mechanism: LDAP
- 6.3.4 Directory Replication Group (DRG) Type: Single-master, Multimaster, or Fan-out
- 6.3.5 Example for Single-master, Multimaster, or Fan-out Directory Replication Group Type
- 6.3.6 Loose Consistency Model in Directory Replication Architecture
- 6.3.7 Multimaster Replication with Fan-Out
- 6.4 What Kind of Replication Do You Need?
-
1
Introduction to Directory Services
-
Part II Basic Administration
-
7
Getting Started With Oracle Internet Directory
-
7.1
Overview of Postinstallation Tasks and Information
- 7.1.1 Setting Up the Environment
- 7.1.2 Adding Datafiles to the OLTS_CT_STORE and OLTS_ATTRSTORE Tablespaces
- 7.1.3 Changing Settings of Windows Services
- 7.1.4 Starting and Stopping the Oracle Stack
- 7.1.5 Default URLs and Ports
- 7.1.6 About Tuning Oracle Internet Directory
- 7.1.7 Enabling Anonymous Binds
- 7.1.8 Enabling Oracle Internet Directory to run on Privileged Ports
- 7.1.9 Verifying Oracle Database Time Zone
- 7.2 Overview of Using Fusion Middleware Control to Manage Oracle Internet Directory
-
7.3
Overview of Oracle Directory Services Manager
- 7.3.1 Understanding Oracle Directory Services Manager
- 7.3.2 Configuring ODSM for SSO Integration
- 7.3.3 Configuring the SSO Server for ODSM Integration
- 7.3.4 About Configuring the Oracle HTTP Server for ODSM-SSO Integration
- 7.3.5 Invoking Oracle Directory Services Manager
- 7.3.6 Overview of Connecting to the Server from Oracle Directory Services Manager
- 7.3.7 Configuring Oracle Directory Services Manager Session Timeout
- 7.3.8 Configuring Oracle HTTP Server to Support Oracle Directory Services Manager in an Oracle WebLogic Server Cluster
- 7.4 Overview of Managing Oracle Internet Directory Using Command-Line Utilities
- 7.5 Basic Tasks for Configuring and Managing Oracle Internet Directory
-
7.1
Overview of Postinstallation Tasks and Information
-
8
Managing Oracle Internet Directory Instances
- 8.1 Overview of Managing Oracle Internet Directory Instances
-
8.2
Overview of Oracle Internet Directory Components Management by Using Fusion Middleware Control
- 8.2.1 Viewing Active Server Information by Using Fusion Middleware Control
- 8.2.2 Starting the Oracle Internet Directory Server by Using Fusion Middleware Control
- 8.2.3 Stopping the Oracle Internet Directory Server by Using Fusion Middleware Control
- 8.2.4 Restarting the Oracle Internet Directory Server by Using Fusion Middleware Control
-
8.3
Managing Oracle Internet Directory Components by Using WLST Commands
- 8.3.1 Creating an Oracle Internet Directory Component by Using WLST Command — oid_createInstance
- 8.3.2 Deleting an Oracle Internet Directory Component by Using WLST Command — oid_deleteInstance()
- 8.3.3 Viewing Active Server Instance Information by Using WLST Command — oid_instanceStatus()
- 8.3.4 Starting the Oracle Internet Directory Server by Using WLST Command — start()
- 8.3.5 Stopping the Oracle Internet Directory Server by Using WLST Command — shutdown()
- 8.3.6 Updating Credential Required by Enterprise Manager to manage OID - oid_setProperties()
- 8.3.7 Fetching Enterprise Manager Properties Used to Manage OID - oid_getProperties()
- 8.3.8 Creating a Realm in Oracle Internet Directory - oid_createRealm()
- 8.3.9 Listing all Oracle Internet Directory Instance Names - oid_listInstances()
- 8.3.10 Updating Orcladmin Password - oid_setAdminPassword()
- 8.4 Starting an Instance of the Replication Server by Using OIDCTL
-
9
Managing System Configuration Attributes
- 9.1 Managing System Configuration Attributes
- 9.2 Managing System Configuration Attributes by Using Fusion Middleware Control
- 9.3 Managing System Configuration Attributes by Using WLST
- 9.4 Managing System Configuration Attributes by Using LDAP Tools
- 9.5 Managing System Configuration Attributes by Using ODSM Data Browser
- 10 Managing IP Addresses in Oracle Internet Directory
- 11 Managing Naming Contexts in Oracle Internet Directory
-
12
Managing Accounts and Passwords in Oracle Internet Directory
- 12.1 Introduction to Managing Accounts and Passwords
- 12.2 Managing Accounts and Passwords by Using Command-Line Tools
- 12.3 Managing Accounts and Passwords by Using the Self-Service Console
- 12.4 Unlocking Locked Accounts by Using Oracle Directory Services Manager
- 12.5 Changing the Superuser Password by Using Fusion Middleware Control
- 12.6 Creating Another Account With Superuser Privileges
- 12.7 Managing the Superuser Password by Using ldapmodify
- 12.8 Changing the Oracle Internet Directory Database Password
- 12.9 Resetting the Superuser Password
- 12.10 Changing the Password for the EMD Administrator Account
- 12.11 Changing the Password for the ODSSM Administrator Account
- 12.12 Updating the New ODSSM Password for Data Source
-
13
Managing Directory Entries in Oracle Internet Directory
- 13.1 Introduction to Managing Directory Entries
-
13.2
Managing Entries by Using Oracle Directory Services Manager
- 13.2.1 Displaying Entries by Using Oracle Directory Services Manager
- 13.2.2 Searching for Entries by Using Oracle Directory Services Manager
- 13.2.3 Importing Entries from an LDIF File by Using Oracle Directory Services Manager
- 13.2.4 Exporting Entries to an LDIF File by Using Oracle Directory Services Manager
- 13.2.5 Viewing Attributes for a Specific Entry by Using Oracle Directory Services Manager
- 13.2.6 Adding a New Entry by Using Oracle Directory Services Manager
- 13.2.7 Deleting an Entry or Subtree by Using Oracle Directory Services Manager
- 13.2.8 Adding an Entry by Copying an Existing Entry in Oracle Directory Services Manager
- 13.2.9 Modifying an Entry by Using Oracle Directory Services Manager
-
13.3
Managing Entries by Using LDAP Command-Line Tools
- 13.3.1 Listing All the Attributes in the Directory by Using ldapsearch
- 13.3.2 Listing Operational Attributes by Using ldapsearch
- 13.3.3 Changing the Attribute Case in ldapsearch Output
- 13.3.4 Adding a User Entry by Using ldapadd
- 13.3.5 Modifying a User Entry by Using ldapmodify
- 13.3.6 Adding an Attribute Option by Using ldapmodify
- 13.3.7 Deleting an Attribute Option by Using ldapmodify
- 13.3.8 Searching for Entries with Attribute Options by Using ldapsearch
-
14
Managing Dynamic and Static Groups in Oracle Internet Directory
-
14.1
Understanding Dynamic and Static Groups
- 14.1.1 Defining Static Groups
-
14.1.2
Defining Dynamic Groups
- 14.1.2.1 Dynamic Group
- 14.1.2.2 Cached and Uncached Dynamic Groups
- 14.1.2.3 Enhancements of Dynamic Groups in Oracle Internet Directory
- 14.1.2.4 Limitations of Dynamic Groups in Oracle Internet Directory
- 14.1.2.5 Schema Elements for Creating a Dynamic Group
- 14.1.2.6 About labeledURI Attribute
- 14.1.2.7 About CONNECT BY Assertion
- 14.1.2.8 Example of a Dynamic Group Entry Using the labeledURI Attribute
- 14.1.2.9 Example of a Dynamic List Entry Using the labeledURI Attribute
- 14.1.2.10 Example of a Dynamic Group Entry Using the CONNECT BY Assertion
- 14.1.3 About Hierarchies of Group Entries
- 14.1.4 About Querying Group Entries
- 14.1.5 Understanding the orclMemberOf Attribute
- 14.1.6 Considerations for Using Static and Dynamic Group
-
14.2
Managing Group Entries by Using Oracle Directory Services Manager
- 14.2.1 Creating Static Group Entries by Using Oracle Directory Services Manager
- 14.2.2 Adding an Owner or Member to a Static Group Entry
- 14.2.3 Modifying an Attribute of a Static Group Entry
- 14.2.4 Creating Dynamic Group Entries by Using Oracle Directory Services Manager
- 14.2.5 Adding an Owner or Member to a Dynamic Group Entry
- 14.2.6 Modifying an Attribute of a Dynamic Group Entry
- 14.2.7 Modifying a Dynamic Group Entry by Using Oracle Directory Services Manager
- 14.3 Managing Group Entries by Using the Command Line
-
14.1
Understanding Dynamic and Static Groups
-
15
Performing Bulk Operations
- 15.1 Introduction to Performing Bulk Operations
- 15.2 Setting Environment Variables Before Using Command-line Tools
- 15.3 Changing the Server Mode
-
15.4
Loading Data Into the Schema by Using bulkload
- 15.4.1 Different Phases of Loading Data
- 15.4.2 Output File Locations for bulkload Tool
- 15.4.3 Running the bulkload Tool
- 15.4.4 Importing an LDIF File by Using bulkload
- 15.4.5 Loading Data in Incremental or Append Mode By Using bulkload
- 15.4.6 Performing Index Verification By Using bulkload
- 15.4.7 Re-Creating Indexes By Using bulkload
- 15.4.8 Recovering Data After a Load Failure By Using bulkload
-
15.5
Modifying Attributes By Using bulkmodify
- 15.5.1 Attributes Excluded from bulkmodify Operations
- 15.5.2 Log File Location for bulkmodify Tool
- 15.5.3 Running the bulkmodify Tool
- 15.5.4 Adding a Description for All Entries Under a Specified Naming Context
- 15.5.5 Adding an Attribute for Specific Entries Under a Specified Naming Context
- 15.5.6 Replacing an Attribute for All Entries Under a Specified Naming Context
-
15.6
Deleting Entries by Using bulkdelete
- 15.6.1 Log File Location for bulkdelete Tool
- 15.6.2 Running the bulkdelete Tool
- 15.6.3 Deleting All Entries Under a Specified Naming Context by Using bulkdelete
- 15.6.4 Deleting Entries Under a Naming Context and Making them Tombstone Entries
- 15.6.5 Deleting All Entries Under a Specified Subtree by Applying the Filter Option
- 15.7 Dumping Data from Oracle Internet Directory to a File by Using ldifwrite
- 15.8 Creating and Dropping Indexes from Existing Attributes by Using catalog
-
16
Managing Collective Attributes
-
16.1
Introduction to Collective Attributes
- 16.1.1 RFC Definition and Oracle Extensions
- 16.1.2 Defining the Collective Attribute Subentry
- 16.1.3 Using subtreeSpecification Attribute
- 16.1.4 Overriding a Collective Attribute
- 16.2 Managing Collective Attributes by Using the Command Line
-
16.1
Introduction to Collective Attributes
-
17
Managing Computed Attributes
- 17.1 Introduction to Computed Attributes
- 17.2 Configuring Computed Attributes
-
17.3
Examples of Computed Attributes Using LDAP Command-Line Tools
- 17.3.1 Returning an Attribute Value as Uppercase
- 17.3.2 Returning the Substring of an Attribute Value
- 17.3.3 Replacing an Attribute Value
- 17.3.4 Specifying a URI-Based Configuration
- 17.3.5 Using a Combination of Different Rules
- 17.3.6 Using an OR (|) Operator
- 17.3.7 Using the connectBy Interface
- 17.3.8 Creating Hierarchical Groups Using connectBy
-
18
Managing Alias Entries
- 18.1 Introduction to Alias Entries
- 18.2 Adding an Alias Entry
- 18.3 Searching the Directory with Alias Entries
- 18.4 Modifying Alias Entries
- 18.5 Messages Related to Alias Dereferencing
-
19
Managing Attribute Uniqueness Constraint Entries
- 19.1 Introduction to Managing Attribute Uniqueness Constraint Entries
- 19.2 Duplicate Attribute Values
- 19.3 Cleaning Up Duplicate Attribute Values
-
19.4
Specifying Attribute Uniqueness Constraint Entries
- 19.4.1 Specifying Multiple Attribute Names in an Attribute Uniqueness Constraint
- 19.4.2 Specifying Multiple Subtrees in an Attribute Uniqueness Constraint
- 19.4.3 Specifying Multiple Scopes in an Attribute Uniqueness Constraint
- 19.4.4 Specifying Multiple Object Classes in an Attribute Uniqueness Constraint
- 19.4.5 Specifying Multiple Subtrees, Scopes, and Object Classes in an Attribute Uniqueness Constraint
- 19.5 Managing an Attribute Uniqueness Constraint Entry by Using ODSM
-
19.6
Managing Attribute Uniqueness Constraint Entries by Using the Command Line
- 19.6.1 Creating Attribute Uniqueness Across a Directory by Using Command-Line
- 19.6.2 Specifying Uniqueness Constraint for an Attribute by Using Command-Line
- 19.6.3 Creating Attribute Uniqueness Across One Subtree by Using Command-Line
- 19.6.4 Creating Attribute Uniqueness Across One Object Class by Using Command-Line
- 19.6.5 Modifying Attribute Uniqueness Constraint Entries by Using Command-Line
- 19.6.6 Deleting Attribute Uniqueness Constraint Entries by Using Command-Line
- 19.6.7 Enabling and Disabling Attribute Uniqueness by Using Command-Line
- 20 Managing Knowledge References and Referrals
-
21
Managing Directory Schema
-
21.1
Introduction to Managing Directory Schema
- 21.1.1 Understanding Directory Schema Management
- 21.1.2 Storage Location of Schema Information in the Directory
- 21.1.3 Understanding Object Classes
- 21.1.4 Understanding Attributes
-
21.1.5
Methods to Extend the Number of Attributes Associated with Entries
- 21.1.5.1 Extending the Number of Attributes Associated with Entries
- 21.1.5.2 Extending the Number of Attributes before Creating Entries in the Directory
- 21.1.5.3 Specifications to Extend the Number of Attributes for Existing Entries by Creating an Auxiliary Object Class
- 21.1.5.4 Specifications to Extend the Number of Attributes for Existing Entries by Creating a Content Rule
- 21.1.5.5 Rules for Creating and Modifying Content Rules
- 21.1.5.6 Schema Enforcement When Using Content Rules
- 21.1.5.7 Searches for Object Classes Listed in Content Rules
- 21.1.6 Understanding Attribute Aliases
- 21.1.7 Object Identifier Support in LDAP Operations
-
21.2
Managing Directory Schema by Using Oracle Directory Services Manager
- 21.2.1 Searching for Object Classes by Using Oracle Directory Services Manager
- 21.2.2 Adding Object Classes by Using Oracle Directory Services Manager
- 21.2.3 Modifying Object Classes by Using Oracle Directory Services Manager
- 21.2.4 Deleting Object Classes by Using Oracle Directory Services Manager
- 21.2.5 Viewing Properties of Object Classes by Using Oracle Directory Services Manager
- 21.2.6 Adding a New Attribute by Using Oracle Directory Services Manager
- 21.2.7 Modifying an Attribute by Using Oracle Directory Services Manager
- 21.2.8 Deleting an Attribute by Using Oracle Directory Services Manager
- 21.2.9 Viewing All Directory Attributes by Using Oracle Directory Services Manager
- 21.2.10 Searching for Attributes by Using Oracle Directory Services Manager
- 21.2.11 Adding an Index to a New Attribute by Using Oracle Directory Services Manager
- 21.2.12 Adding an Index to an Existing Attribute by Using Oracle Directory Services Manager
- 21.2.13 Dropping an Index from an Attribute by Using Oracle Directory Services Manager
- 21.2.14 Creating a Content Rule by Using Oracle Directory Services Manager
- 21.2.15 Modifying a Content Rule by Using Oracle Directory Services Manager
- 21.2.16 Viewing Matching Rules by Using Oracle Directory Services Manager
- 21.2.17 Viewing Syntaxes by Using Oracle Directory Services Manager
-
21.3
Managing Directory Schema by Using the Command Line
- 21.3.1 Viewing the Schema by Using ldapsearch
- 21.3.2 Adding a New Object Class by Using Command-Line Tools
- 21.3.3 Adding a New Attribute to an Auxiliary or User-Defined Object Class by Using Command-Line Tools
- 21.3.4 Modifying Object Classes by Using Command-Line Tools
- 21.3.5 Adding and Modifying Attributes by Using ldapmodify
- 21.3.6 Deleting Attributes by Using ldapmodify
- 21.3.7 Indexing an Attribute by Using ldapmodify
- 21.3.8 Dropping an Index from an Attribute by Using ldapmodify
- 21.3.9 Indexing an Attribute by Using the Catalog Management Tool
- 21.3.10 Adding a New Attribute With Attribute Aliases by Using the Command Line
- 21.3.11 Adding or Modifying Attribute Aliases in Existing Attributes by Using the Command Line
- 21.3.12 Deleting Attribute Aliases by Using the Command Line
- 21.3.13 Using Attribute Aliases with LDAP Commands
- 21.3.14 Managing Content Rules by Using Command-Line Tools
- 21.3.15 Viewing Matching Rules by Using ldapsearch
- 21.3.16 Viewing Syntaxes by Using ldapsearch
-
21.1
Introduction to Managing Directory Schema
-
22
Configuring Referential Integrity
- 22.1 Introduction to Configuring Referential Integrity
- 22.2 Enabling Referential Integrity Using Fusion Middleware Control
- 22.3 Disabling Referential Integrity Using Fusion Middleware Control
- 22.4 Enabling Referential Integrity Using the Command Line
- 22.5 Configuring Specific Attributes for Referential Integrity by Using the Command Line
- 22.6 Disabling Referential Integrity by Using the Command Line
- 22.7 Detecting and Correcting Referential Integrity Violations
- 23 Managing Auditing
- 24 Managing Logging
-
25
Monitoring Oracle Internet Directory
- 25.1 Introduction to Monitoring Oracle Internet Directory Server
- 25.2 Overview of Statistics Collection Using Fusion Middleware Control
- 25.3 Overview of Statistics Information Viewable from Fusion Middleware Control
- 25.4 Overview of Statistics Collection Using Metrics REST API
- 25.5 Statistics Information Accessible from the Oracle Directory Services Manager Home Page
-
25.6
Understanding Statistics Collection Using the Command-Line
- 25.6.1 Configuring Health, General, and Performance Statistics Attributes
- 25.6.2 Configuring Security Events Tracking
- 25.6.3 Configuring User Statistics Collection from the Command Line
- 25.6.4 Configuring Event Levels from the Command Line
- 25.6.5 Configuring a User for Statistics Collection Using the Command Line
- 25.7 Viewing Information with the OIDDIAG Tool
- 25.8 Monitoring Oracle Internet Directory Server Using LDAP
- 26 Backing Up and Restoring Oracle Internet Directory
-
27
Managing Quality of Service Configuration
- 27.1 Understanding Quality of Service in Oracle Internet Directory
- 27.2 Configuring QoS to Restrict the Number of User Operations
- 27.3 Restricting the Number of Connections from one DN
- 27.4 Restricting the Number of Operations per Minute for a DN
- 27.5 Restricting the Number of Add Operations for a User
- 27.6 Restricting All Operations Using allop
- 27.7 Restricting the Number of Operations on a DSA Config Entry
-
7
Getting Started With Oracle Internet Directory
-
Part III Advanced Administration: Security
-
28
Configuring Secure Sockets Layer (SSL)
- 28.1 Overview of Configuring Secure Sockets Layer (SSL)
- 28.2 Overview of Configuring SSL by Using Fusion Middleware Control
- 28.3 Overview of Configuring SSL by Using LDAP Commands
- 28.4 Configuring SSL in Oracle Internet Directory
- 28.5 Configuring ODSM Connection with SSL Enabled
- 28.6 Testing SSL Connections by Using Oracle Directory Services Manager
- 28.7 Overview of Testing SSL Connections From the Command Line
-
28.8
Configuring SSL between Database and Oracle Internet Directory
- 28.8.1 Stopping an Instance of Oracle Internet Directory
- 28.8.2 Stopping Node Manager
- 28.8.3 Stopping Administration Server
- 28.8.4 Modifying the sqlnet.ora and listener.ora Files on the Database Server
- 28.8.5 Modifying the tnsnames.ora and sqlnet.ora configuration files on the OID Server
- 28.8.6 Setting the JAVA_OPTIONS Environment Variable on the Administration Server
- 28.8.7 Setting the JAVA_OPTIONS Environment Variable on the Node Manager
- 28.8.8 Restarting an Instance of Oracle Internet Directory
-
29
Configuring Data Privacy
- 29.1 Introduction to Table Space Encryption
- 29.2 Enabling and Disabling Table Space Encryption
- 29.3 Introduction to Using Database Vault With Oracle Internet Directory
-
29.4
Configuring Oracle Database Vault to Protect Oracle Internet Directory Data
- 29.4.1 Registering Oracle Database Vault with Oracle Internet Directory for First Time
- 29.4.2 Knowing Whether Oracle Database Vault is Registered with Oracle Database
- 29.4.3 Installing Bug Patches for Existing Oracle Database Vault Registration
- 29.4.4 Adding Database Vault Realm to Apply Policies
- 29.4.5 Enabling SQL*Plus Access to the Oracle Internet Directory Database
- 29.4.6 Blocking SQL*Plus Access to the Oracle Internet Directory Database
- 29.4.7 Database Vault Rules Defined for Oracle Internet Directory
- 29.4.8 Deleting Database Vault Policies For Oracle Internet Directory
- 29.4.9 Disabling Oracle Database Vault for the Oracle Internet Directory Database
- 29.5 Best Practices for Using Database Vault with Oracle Internet Directory
- 29.6 Introduction to Sensitive Attributes
- 29.7 Enabling Privacy Mode of Sensitive Attributes
- 29.8 Knowing Privacy Mode Status of Sensitive Attributes
- 29.9 Introduction to Hashed Attributes
- 29.10 Configuring Hashed Attributes
-
30
Managing Password Policies
-
30.1
Overview of Managing Password Policies
- 30.1.1 Introduction to Password Policy Rules
- 30.1.2 Creating and Applying a Password Policy
- 30.1.3 About Fine-Grained Password Policies
- 30.1.4 About Default Password Policy
- 30.1.5 Attributes for Password Policy
- 30.1.6 Operational Attributes of User Entry
- 30.1.7 About Directory Server Verification of Password Policy Information
- 30.1.8 About Password Policy Error Messages
- 30.2 Managing Password Policies by Using Oracle Directory Services Manager
-
30.3
Managing Password Policies by Using Command-Line Tools
- 30.3.1 Viewing Password Policies by Using Command-Line Tools
- 30.3.2 Creating a New Password Policy by Using Command-Line Tools
- 30.3.3 Applying a Password Policy to a Subtree by Using Command-Line Tools
- 30.3.4 Setting Password Policies by Using Command-Line Tools
- 30.3.5 Making a Password Policy Entry Specific by Using Command-Line Tools
- 30.3.6 Determining Expired Users in Oracle Internet Directory by Using Command-Line Tools
-
30.1
Overview of Managing Password Policies
-
31
Managing Directory Access Control
-
31.1
Overview of Directory Access Control
- 31.1.1 About Access Control Information
- 31.1.2 Introduction to Access Control Features
- 31.1.3 About Access Control Management Constructs
- 31.1.4 About Access Control Information Components
- 31.1.5 Access Level Requirements for LDAP Operations
- 31.1.6 ACL Evaluation
-
31.2
Managing Access Control by Using Oracle Directory Services Manager
- 31.2.1 Viewing an ACP by Using Oracle Directory Services Manager
- 31.2.2 Adding an ACP by Using Oracle Directory Services Manager
- 31.2.3 Modifying an ACP by Using Access Control Management in ODSM
- 31.2.4 Adding or Modifying an ACP by Using the Data Browser in ODSM
- 31.2.5 Setting or Modifying Entry-Level Access by Using the Data Browser in ODSM
-
31.3
Managing Access Control by Using Command-Line Tools
- 31.3.1 Restricting the Kind of Entry a User Can Add
- 31.3.2 Setting Up an Inheritable ACP by Using ldapmodify
- 31.3.3 Setting Up Entry-Level ACIs by Using ldapmodify
- 31.3.4 Using Wildcards in an LDIF File with ldapmodify
- 31.3.5 Selecting Entries by DN
- 31.3.6 Using Attribute and Subject Selectors
- 31.3.7 Granting Read-Only Access
- 31.3.8 Granting Selfwrite Access to Group Entries
- 31.3.9 Defining a Completely Autonomous Policy to Inhibit Overriding Policies
-
31.1
Overview of Directory Access Control
-
32
Managing Password Verifiers
- 32.1 Password Verifiers for Directory Authentication
- 32.2 Managing Hashing Schemes for Password Verifiers for Directory Authentication
- 32.3 Password Verifiers for Components Authentication
- 32.4 Managing Password Verifier Profiles for Oracle Components by Using ODSM
- 32.5 Managing Password Verifier Profiles for Components by Using Command-Line Tools
- 32.6 Introduction to Verifiers Generation by Using Dynamic Parameters
- 32.7 Configuring Oracle Internet Directory to Generate Dynamic Password Verifiers
-
33
Delegating Privileges for Oracle Identity Management
- 33.1 Oracle Identity Management Privileges
- 33.2 User and Group Management Privileges
- 33.3 Privileges for Deployment of Oracle Components
-
33.4
Delegating Privileges for Component Run Time
- 33.4.1 Authenticating Oracle Single Sign-On Server
- 33.4.2 Default Privileges for Reading and Modifying User Passwords
- 33.4.3 Default Privileges for Comparing User Passwords
- 33.4.4 Default Privileges for Comparing Password Verifiers
- 33.4.5 Default Privileges for Proxying on Behalf of End Users
- 33.4.6 Default Privileges for Managing the Oracle Context
- 33.4.7 Default Privileges for Reading Common User Attributes
- 33.4.8 Default Privileges for Reading Common Group Attributes
- 33.4.9 Default Privileges for Reading the Service Registry
- 33.4.10 Default Privileges for Administering the Service Registry
-
34
Managing Authentication
- 34.1 Introduction to Authentication
- 34.2 About Certificate Authentication Method by Using Fusion Middleware Control
- 34.3 Configuring SASL Authentication by Using Oracle Enterprise Manager Fusion Middleware Control
- 34.4 Configuring Certificate Authentication Method by Using Command-Line Tools
- 34.5 SASL Authentication by Using the Command Line
- 34.6 Anonymous Binds
- 34.7 Managing Anonymous Binds
- 34.8 Restricting Users from Binding to Oracle Internet Directory Server
- 34.9 Managing Unauthenticated Binds
-
28
Configuring Secure Sockets Layer (SSL)
-
Part IV Advanced Administration: Managing Directory Deployment
-
35
Planning, Deploying and Managing Realms
- 35.1 Understanding Identity Management Realms
-
35.2
Customizing the Default Identity Management Realm
- 35.2.1 Default Identity Management Realm Customization
- 35.2.2 Understanding the Use Cases for Default Identity Management Realm Customization
- 35.2.3 Updating the Existing User and Group Search Base
- 35.2.4 Setting Up an Additional Search Base
- 35.2.5 Refreshing the Oracle Single Sign-On
- 35.2.6 Reconfiguring the Provisioning Profiles
- 35.3 About Additional Identity Management Realms for Hosted Deployments
- 35.4 Creating a DIT View
- 36 Tuning and Sizing Oracle Internet Directory
-
37
Managing Garbage Collection
- 37.1 Understanding Garbage Collection Management
- 37.2 Setting Oracle Database Time Zone for Garbage Collection
- 37.3 Modifying the Oracle Internet Directory Garbage Collectors
- 37.4 Managing Oracle Internet Directory Garbage Collectors Logging
- 37.5 Configuring Time-Based Change Log Purging
-
38
Migrating Data from Other Data Repositories
- 38.1 Understanding Data Migration from Other Data Repositories
-
38.2
Migrating Data from LDAP-Compliant Directories
- 38.2.1 Understanding Data Migration Tools
- 38.2.2 Migrating LDAP Data Using LDIF File and Bulk Loader
- 38.2.3 Migrating LDAP Data Using Directory Integration Assistant Directly
- 38.2.4 Migrating LDAP Data Using LDIF File and Directory Integration Assistant
- 38.2.5 Migrating LDAP Data Using Directory Integration Assistant, Bulk Loader, and LDIF Files
- 38.2.6 Migrating LDAP Data Using the Oracle Directory Integration Platform Server
- 38.3 Migrating User Data from Application-Specific Repositories
-
39
Configuring Directory Server Chaining
- 39.1 Understanding Directory Server Chaining Configuration
- 39.2 Configuring Server Chaining
-
39.3
Creating Server Chaining Configuration Entries
- 39.3.1 Server Chaining Configuration Entry Attributes
- 39.3.2 Naming Conventions for User and Group Containers
- 39.3.3 Mapping of Oracle Internet Directory Attributes to External Directory Attributes
- 39.3.4 Example of Configuring an Active Directory for Server Chaining
- 39.3.5 Configuring an Active Directory for Server Chaining
- 39.3.6 Example of Configuring an Active Directory for Server Chaining with SSL
- 39.3.7 Configuring an Active Directory for Server Chaining with SSL
- 39.3.8 Adding New Attributes to an Existing Active Directory Server Chaining Entry
- 39.3.9 Example of Configuring Sun Java System Directory Server (iPlanet) for Server Chaining
- 39.3.10 Configuring Sun Java System Directory Server (iPlanet) for Server Chaining
- 39.3.11 Example of Configuring Sun Java System Directory Server (iPlanet) for Server Chaining with SSL
- 39.3.12 Configuring Oracle Directory Server Enterprise Edition and Sun Java System Directory Server (iPlanet) for Server Chaining with SSL
- 39.3.13 Example of Configuring an eDirectory for Server Chaining
- 39.3.14 Example of Configuring an eDirectory for Server Chaining with SSL
- 39.4 Debugging Server Chaining
- 39.5 Configuring an Active Directory Plug-in for Password Change Notification
- 40 Managing DIT Masking
-
35
Planning, Deploying and Managing Realms
-
Part V Advanced Administration: Directory Replication
-
41
Setting Up Replication
-
41.1
Introduction to Setting Up Replication
- 41.1.1 Replication Transport Mechanisms
- 41.1.2 Replication Setup Methods
- 41.1.3 Bootstrap Rules for Replication
- 41.1.4 The Replication Agreement
- 41.1.5 Other Replication Configuration Attributes
- 41.1.6 Replication Process and Architecture
- 41.1.7 Rules for Configuring LDAP-Based Replication
- 41.1.8 Replication Procedure for a Mixed Deployment of 10g and 11gR1 Nodes
- 41.1.9 Replication Security
-
41.1.10
LDAP Replication Filtering for Partial Replication
- 41.1.10.1 Filtering of Naming Contexts in LDAP Replication
- 41.1.10.2 Attributes that Control Naming Contexts
- 41.1.10.3 Filtering Rules for Naming Contexts in LDAP Replication
- 41.1.10.4 Scenarios of Filtering Naming Context in LDAP Replication
- 41.1.10.5 Rules for Including or Excluding Naming Contexts and Attributes
- 41.1.10.6 Optimization of Partial Replication Naming Context for Better Performance
- 41.2 Testing Replication by Using Oracle Directory Services Manager
-
41.3
Setting Up a LDAP-Based Replication by Using the Command Line
- 41.3.1 Copying Your LDAP Data by Using ldifwrite and bulkload
-
41.3.2
Setting Up an LDAP-Based Replica with Customized Settings
- 41.3.2.1 Data Migration Using ldifwrite/bulkload versus Automatic Bootstrapping
-
41.3.2.2
Setting Up an LDAP-Based Replica by Using Automatic Bootstrapping
- 41.3.2.2.1 Identifying and Starting the Directory Server on the Supplier Node
- 41.3.2.2.2 Creating the New Consumer Node by Installing Oracle Internet Directory
- 41.3.2.2.3 Backing Up Metadata from the New Consumer Node
- 41.3.2.2.4 Adding a LDAP-Based Replica by Using the Replication Environment Management Tool
- 41.3.2.2.5 Configuring the Consumer Replica for Automatic Bootstrapping
- 41.3.2.2.6 Changing Default Replication Parameters
- 41.3.2.2.7 Ensuring the Directory Replication Servers are Started
-
41.3.2.3
Setting Up an LDAP-Based Replica by Using the ldifwrite Tool
- 41.3.2.3.1 Starting the Directory Server on Both the Supplier and the Consumer Nodes
- 41.3.2.3.2 Backing Up Metadata from the New Consumer Node
- 41.3.2.3.3 Changing the Directory Server at the Supplier to Read-Only Mode
- 41.3.2.3.4 Adding a LDAP-Based Replica by Using the Replication Environment Management Tool
- 41.3.2.3.5 Backing Up the Naming Contexts to Be Replicated
- 41.3.2.3.6 Changing the Directory Server at the Supplier to Read/Write Mode
- 41.3.2.3.7 Loading the Data on the New Consumer
- 41.3.2.3.8 Changing Default Replication Parameters
- 41.3.2.3.9 Ensuring the Directory Replication Servers are Started
- 41.3.3 Deleting an LDAP-Based Replica
-
41.4
Scenario: Setting Up a Multimaster Replication Group with Fan-Out
- 41.4.1 Understanding Multimaster Replication
- 41.4.2 Setting Up the Multimaster Replication Group for Node1 and Node2
- 41.4.3 Configuring the Replication Agreement
- 41.4.4 Starting the Replication Servers on Node1 and Node2
- 41.4.5 Testing the Directory Replication Between Node1 and Node2
- 41.4.6 Installing and Configuring Node3 as a Partial Replica of Node2
- 41.4.7 Customizing the Partial Replication Agreement
- 41.4.8 Starting the Replication Servers on All Nodes in the DRG
- 41.4.9 Installing and Configuring Node4 as a Full Replica of Node2
- 41.4.10 Testing the Replication from Node2 to Node4
- 41.4.11 Installing and Configuring Node5 as a Two-Way Replica of Node1
- 41.4.12 Testing the Two-Way Replication Between Node1 and Node5
-
41.1
Introduction to Setting Up Replication
-
42
Setting Up Replication Failover
- 42.1 Introduction to Replication Failover
-
42.2
Performing a Stateless Replication Failover
- 42.2.1 Stopping all Directory Replication Server on Related Nodes
- 42.2.2 Breaking Old Replication Agreement and Setting up New Agreement
- 42.2.3 Saving Last Change Number
- 42.2.4 Comparing and Reconciling New Supplier and Consumer
- 42.2.5 Updating Last Applied Change Number of New Agreement
- 42.2.6 Cleaning Up Old Agreement on Old Supplier
- 42.2.7 Starting All Directory Replication Server on Related Nodes
-
42.3
Performing a Time-Based Replication Failover
- 42.3.1 Configuring Change Log Garbage Collection Object on New Supplier
- 42.3.2 Saving Last Change Number from New Supplier
- 42.3.3 Enabling Change Log Regeneration on New Supplier
- 42.3.4 Waiting for the Desired Time Period to Elapse
- 42.3.5 Stopping all Directory Replication Servers on Related Nodes
- 42.3.6 Breaking Old Replication Agreement and Setting Up New Agreement
- 42.3.7 Updating Last Applied Change Number of the New Agreement
- 42.3.8 Cleaning Up Old Agreement on Old Supplier
- 42.3.9 Starting All Directory Replication Servers on Related Nodes
-
43
Managing Replication Configuration Attributes
-
43.1
Understanding Replication Configuration Attributes
- 43.1.1 Replication Configuration Container
- 43.1.2 Understanding Replica Subentry
- 43.1.3 Understanding Replication Agreement Entry
- 43.1.4 Replication Naming Context Container Entry
- 43.1.5 Understanding Replication Naming Context Object Entry
- 43.1.6 Understanding Replication Configuration Set
- 43.1.7 Examples of Replication Configuration Objects in a Directory
- 43.2 Managing Replication Configuration Attributes Using the Command Line
-
43.1
Understanding Replication Configuration Attributes
-
44
Managing and Monitoring Replication
-
44.1
Introduction to Managing and Monitoring Replication
- 44.1.1 Implications of LDAP-Based Partial Replication
- 44.1.2 About Managing Worker Threads
- 44.1.3 Change Logs in Directory Replication
- 44.1.4 Overview of Change Log Partitioning in Directory Replication
- 44.1.5 The Human Intervention Queue
- 44.1.6 About Pilot Mode
- 44.1.7 Overview of Conflict Resolution in Oracle Replication
- 44.2 Managing and Monitoring Replication by Using ODSM
-
44.3
Overview of Managing and Monitoring Replication Using the Command Line
- 44.3.1 Enabling and Disabling Change Log Generation Using the Command Line
- 44.3.2 Overview of Viewing Change Logs Using ldapsearch
- 44.3.3 Overview of Configuring Attributes of the Replica Subentry Using ldapmodify
- 44.3.4 Specifying Pilot Mode for a Replica by Using remtool
- 44.3.5 Overview of Configuring Replication Agreement Attributes by Using ldapmodify
-
44.3.6
Overview of Modifying Replica Naming Context Object Parameters Using ldapmodify
- 44.3.6.1 Modifying Replica Naming Context Object Parameters Using ldapmodify
- 44.3.6.2 Adding a Naming Context Object for an LDAP-Based Replica
- 44.3.6.3 Deleting a Naming Context Object
- 44.3.6.4 Modifying the orclIncludedNamingContexts Attribute for a Replica Naming Context Object
- 44.3.6.5 Modifying the orclExcludedNamingContexts Attribute for a Replica Naming Context Object
- 44.3.6.6 Modifying the orclExcludedAttributes Attribute for a Replica Naming Context Object
- 44.3.7 Overview of Configuring Attributes of the Replication Configuration Set by Using ldapmodify
- 44.3.8 Overview of Monitoring Conflict Resolution Messages Using the Command Line
- 44.3.9 Managing the Human Intervention Queue
- 44.3.10 Monitoring Replication Progress in a Directory Replication Group Using remtool -pthput
- 44.3.11 About Viewing Queue Statistics and Verifying Replication Using remtool
- 44.3.12 Managing the Number of Entries the Human Intervention Queue Tools Can Process
- 44.3.13 Configuring Replication Filtering Using the orclEntryExclusionFilter Attribute
-
44.4
Overview of Comparing and Reconciling Inconsistent Data Using oidcmprec
- 44.4.1 Comparing and Reconciling Inconsistent Data Using oidcmprec
- 44.4.2 Conflict Scenarios
- 44.4.3 Operations Supported by oidcmprec
- 44.4.4 Output from oidcmprec
- 44.4.5 How oidcmprec Works
- 44.4.6 Source and Destination Directories Setup
- 44.4.7 DIT for the oidcmprec Operation
- 44.4.8 Attributes Selection for the Operation
- 44.4.9 Control of Change Log Generation
- 44.4.10 oidcmprec Command-Line Arguments Specification in a Text or XML Parameter File
- 44.4.11 Directory Schema Inclusion in oidcmprec
- 44.4.12 Override of Predefined Conflict Resolution Rules
- 44.4.13 User-Defined Compare and Reconcile Operation
- 44.4.14 Known Limitations of the oidcmprec Tool
-
44.1
Introduction to Managing and Monitoring Replication
-
41
Setting Up Replication
-
Part VI Advanced Administration: Directory Plug-ins
- 45 Configuring a Customized Password Policy Plug-In
-
46
Developing Plug-ins for the Oracle Internet Directory Server
-
46.1
Overview of Oracle Internet Directory Server Plug-in Framework
- 46.1.1 Supported Languages for Server Plug-ins
- 46.1.2 Prerequisites to Develop Server Plug-ins
- 46.1.3 Benefits of Using Server Plug-ins
- 46.1.4 Guidelines for Designing Server Plug-ins
- 46.1.5 Using the Server Plug-in Framework
- 46.1.6 LDAP Operations Supported by Oracle Internet Directory
- 46.1.7 Understanding LDAP Timings Supported by Oracle Internet Directory
- 46.1.8 Using Plug-ins in a Replication Environment
- 46.1.9 Modifying JVM Options for Server Plug-ins
- 46.2 Creating a Plug-in
- 46.3 Registering a Plug-in From the Command Line
-
46.4
Managing Plug-ins by Using Oracle Directory Services Manager and Oracle Enterprise Manager Fusion Middleware Control
- 46.4.1 Creating a Plug-in by Using Oracle Directory Services Manager
- 46.4.2 Registering a Plug-in by Using Oracle Directory Services Manager
- 46.4.3 Editing a Plug-in by Using Oracle Directory Services Manager
- 46.4.4 Deleting a Plug-in by Using Oracle Directory Services Manager
- 46.4.5 Managing JVM Options by Using Oracle Enterprise Manager Fusion Middleware Control
-
46.1
Overview of Oracle Internet Directory Server Plug-in Framework
- 47 Configuring a Customized External Authentication Plug-in
-
A
Appendixes
-
A.1
Differences Between 11g and 12c
- A.1.1 Overview of Instance Creation and Process Management
- A.1.2 About Assigning SSL and non-SSL Ports
- A.1.3 Changed Path Names in 12c Configuration and Log Files
- A.1.4 About Configuring Audit Framework Using Oracle Enterprise Manager Fusion Middleware Control
- A.1.5 Updated Server Chaining
- A.1.6 About Setting Up and Managing LDAP-Based Replication
- A.1.7 About Java Containers
-
A.2
Managing Oracle Internet Directory Instances by Using OIDCTL
- A.2.1 About Managing Oracle Internet Directory by Using OIDCTL
- A.2.2 Creating and Starting an Oracle Internet Directory Server Instance by Using OIDCTL
- A.2.3 About Stopping an Oracle Internet Directory Server Instance by Using OIDCTL
- A.2.4 About Starting an Oracle Internet Directory Server Instance by Using OIDCTL
- A.2.5 Viewing Status Information by Using OIDCTL
- A.2.6 Deleting an Oracle Internet Directory Server Instance by Using OIDCTL
-
A.3
How Replication Works
- A.3.1 Architecture of LDAP-Based Replication
- A.3.2 LDAP Replica States
-
A.3.3
Managing an Entry Using Multimaster Replication Process
- A.3.3.1 How the Multimaster Replication Process Adds a New Entry to a Consumer
- A.3.3.2 How the Multimaster Replication Process Deletes an Entry
- A.3.3.3 How the Multimaster Replication Process Modifies an Entry
- A.3.3.4 How the Multimaster Replication Process Modifies a Relative Distinguished Name
- A.3.3.5 How the Multimaster Replication Process Modifies a Distinguished Name
-
A.4
Java Server Plug-in Developer's Reference
- A.4.1 Advantages of Java Plug-ins
- A.4.2 Setting Up a Java Plug-in
- A.4.3 orclPluginName Value
-
A.4.4
Overview of Java Plug-in API
- A.4.4.1 Communication Between the Server and Plug-in
- A.4.4.2 Java Plug-in Structure
- A.4.4.3 Overview of PluginDetail
- A.4.4.4 PluginResult
-
A.4.4.5
ServerPlugin Interface Methods for LDAP Operations
- A.4.4.5.1 ServerPlugin Methods for Ldapbind
- A.4.4.5.2 ServerPlugin Methods for Ldapcompare
- A.4.4.5.3 ServerPlugin Methods for Ldapadd
- A.4.4.5.4 ServerPlugin Methods for Ldapmodify
- A.4.4.5.5 ServerPlugin Methods for Ldapmoddn
- A.4.4.5.6 ServerPlugin Methods for Ldapsearch
- A.4.4.5.7 ServerPlugin Methods for Ldapdelete
- A.4.5 Java Plug-in Error and Exception Handling Examples
- A.4.6 Java Plug-in Debugging and Logging
- A.4.7 Java Plug-in Examples
-
A.5
PL/SQL Server Plug-in Developer's Reference
-
A.5.1
Designing, Creating, and Using PL/SQL Server Plug-ins
- A.5.1.1 PL/SQLPlug-in Caveats
- A.5.1.2 Specifications for PL/SQL Plug-in Package Names and Procedures
- A.5.1.3 Compiling PL/SQLPlug-ins
- A.5.1.4 Managing PL/SQL Plug-ins
- A.5.1.5 Enabling and Disabling PL/SQL Plug-ins
- A.5.1.6 Exception Handling in a PL/SQL Plug-in
- A.5.1.7 PL/SQL Plug-in LDAP API
- A.5.1.8 PL/SQL Plug-in and Database Tools
- A.5.1.9 Ensuring Security in PL/SQL Plug-ins
- A.5.1.10 PL/SQL Plug-in Debugging
- A.5.1.11 Specifications for PL/SQL Plug-in LDAP API
- A.5.2 Using PL/SQL Plug-ins
- A.5.3 Performing Binary Operations by using PL/SQLPlug-ins
- A.5.4 Object Type Definitions in the LDAP API Plug-in
- A.5.5 Specifications for PL/SQL Plug-in Procedures
-
A.5.1
Designing, Creating, and Using PL/SQL Server Plug-ins
-
A.6
The LDAP Filter Definition
- A.6.1 Status of The String Representation of LDAP Search Filters
- A.6.2 IESG Note on The String Representation of LDAP Search Filters
- A.6.3 The String Representation of LDAP Search Filters Abstract
- A.6.4 LDAP Search Filter Definition
- A.6.5 String Search Filter Definition
- A.6.6 Using String Search Filters
- A.6.7 Security Considerations in The String Representation of LDAP Search Filters
- A.6.8 References for The String Representation of LDAP Search Filters
- A.6.9 Address of The String Representation of LDAP Search Filters Author
- A.6.10 Copyright Notice in The String Representation of LDAP Search Filters
- A.7 The Access Control Directive Format
-
A.8
Globalization Support in the Directory
- A.8.1 About Character Sets and the Directory
- A.8.2 Components of the NLS_LANG Parameter
- A.8.3 Setting NLS_LANG Parameter from the Command Line
- A.8.4 Limitation of using Non-AL32UTF8 Databases
- A.8.5 Using Globalization Support with LDIF Files
- A.8.6 Using Globalization Support with Command-Line LDAP Tools
- A.8.7 Setting NLS_LANG in the Client Environment
- A.8.8 Using Globalization Support with Bulk Tools
- A.9 Setting up Access Controls for Creation and Search Bases for Users and Groups
- A.10 Searching the Directory for User Certificates
-
A.11
Adding a Directory Node by Using the Database Copy Procedure
- A.11.1 Definition of Sponsor Site and New Site in Database Copy Procedure
- A.11.2 Prerequisites for Database Copy Procedure
- A.11.3 Sponsor Directory Site Environment for Database Copy Procedure
- A.11.4 New Directory Site Environment for Database Copy Procedure
-
A.11.5
Adding a Directory Node by using Database Copy Procedure
-
A.11.5.1
Setting Up Sponsor Node
- A.11.5.1.1 Installing Identity Management with Oracle Internet Directory on Sponsor Node
- A.11.5.1.2 Checking the Status of Oracle Internet Directory
- A.11.5.1.3 Stopping Oracle Internet Directory
- A.11.5.1.4 Shutting Down Database and Oracle Net Services Listener on Sponsor Node
- A.11.5.1.5 Renaming Trace File to newdb.sql
- A.11.5.1.6 Editing newdb.sql File on the Sponsor Node
- A.11.5.1.7 Creating and Copying Initialization Parameter File
- A.11.5.1.8 Editing the Initialization Parameter File on the Sponsor Node
- A.11.5.1.9 Including Connection Details for the New Node in tnsnames.ora File
- A.11.5.1.10 Creating a Compressed Archive File of All Data Files
-
A.11.5.2
Setting Up New Node
- A.11.5.2.1 Installing Oracle Database on New Node
- A.11.5.2.2 Creating Data File, Dump, and Trace File Directories in New Node
- A.11.5.2.3 Copying Archived File from Sponsor Node to New Node
- A.11.5.2.4 Copying Initialization Parameter File from Sponsor Node to New Node
- A.11.5.2.5 Ensuring Non-existence of spfileNLDAP.ora and spfile.ora Files
- A.11.5.2.6 Copying newdb.sql File From Sponsor Node To New Node
- A.11.5.2.7 Setting Environment Variables on New Node
- A.11.5.2.8 Running newdb.sql on the New Node by Using SQL*Plus
- A.11.5.2.9 Starting the Database and Listener on the New Node
- A.11.5.2.10 Changing the Global Database Name on the New Node
- A.11.5.2.11 Adding Temporary File to the Tablespace on the New Node
- A.11.5.2.12 Configuring Oracle Internet Directory on the New Node
- A.11.5.2.13 Stopping Oracle Internet Directory
- A.11.5.2.14 Deleting Wallet Files and Resetting ODS Password at the New Node
- A.11.5.2.15 Resetting Oracle Internet Directory Password on the New Node
- A.11.5.2.16 Starting Oracle Internet Directory Processes on the New Node
- A.11.5.2.17 Resetting Replica ID of the New Node
- A.11.5.2.18 Recreating Relative Replica Entries for New Node
- A.11.5.2.19 Changing Attributes of Replica Subentry
- A.11.5.2.20 Stopping Oracle Internet Directory Processes
- A.11.5.2.21 Cleaning Up Change Log Tables at New Node
- A.11.5.3 Running LDAP-Based Replication
-
A.11.5.1
Setting Up Sponsor Node
- A.12 RFCs Supported by Oracle Internet Directory
- A.13 Managing Oracle Directory Services Manager's Java Key Store
- A.14 Starting and Stopping the Oracle Stack
- A.15 Performing a Rolling Upgrade
-
A.16
Troubleshooting Oracle Internet Directory
-
A.16.1
Problems and Solutions
- A.16.1.1 Installation Errors
- A.16.1.2 Oracle Database Server Errors
- A.16.1.3 Directory Server Error Messages and Causes
- A.16.1.4 Core Dump and Stack Trace Occurs When Oracle Internet Directory Crashes
- A.16.1.5 TCP/IP Problems
- A.16.1.6 Troubleshooting Password Policies
- A.16.1.7 Troubleshooting Directory Performance
- A.16.1.8 Troubleshooting Port Configuration
- A.16.1.9 Troubleshooting Starting Oracle Internet Directory
- A.16.1.10 Oracle Internet Directory Error Due to Interrupted Client Connection
- A.16.1.11 Troubleshooting Starting, Stopping, and Restarting of the Directory Server
- A.16.1.12 Troubleshooting Oracle Internet Directory Replication
- A.16.1.13 Troubleshooting Change Log Garbage Collection
- A.16.1.14 Troubleshooting Dynamic Password Verifiers
- A.16.1.15 Troubleshooting Oracle Internet Directory Password Wallets
- A.16.1.16 Troubleshooting bulkload Errors
- A.16.1.17 Troubleshooting bulkdelete, bulkmodify, and ldifwrite Errors
- A.16.1.18 Troubleshooting catalog Errors
- A.16.1.19 Troubleshooting remtool Errors
- A.16.1.20 Troubleshooting Server Chaining Error
- A.16.1.21 View Version Information
- A.16.1.22 Troubleshooting Oracle Enterprise Manager Fusion Middleware Control and WLST
-
A.16.1.23
Troubleshooting Oracle Directory Services Manager
- A.16.1.23.1 Cannot Invoke ODSM from Fusion Middleware Control
- A.16.1.23.2 Invoking ODSM from Fusion Middleware Control in Multiple NIC and DHCP Enabled Environment Fails
- A.16.1.23.3 Resolving Failover Issues
- A.16.1.23.4 ODSM Displays an Error Message
- A.16.1.23.5 Cursor Loses Focus
- A.16.1.23.6 Second popup of ODSM displays an Unresolvable Error
- A.16.1.24 Troubleshooting a Locked User Account
- A.16.1.25 Troubleshooting Policy Store Migration
- A.16.2 Need More Help?
-
A.16.1
Problems and Solutions
-
A.1
Differences Between 11g and 12c