LDAP Attribute Reference

Attribute Name	Specification
aliasedObjectName	RFC 2256
applicationEntity	RFC 2256
associatedDomain	RFC 1274
associatedName	RFC 1274
audio	RFC 1274
authorityRevocationList	RFC 2256
authPassword	RFC 3112
bootFile	RFC 2307
bootParameter	RFC 2307
businessCategory	RFC 2256
c	RFC 2256
caCertificate	RFC 2256
carLicense	RFC 2798
certificateRevocationList	RFC 2256
cn	RFC 2256
co	RFC 1274
crossCertificatePair	RFC 2256
dc	RFC 2247
deltaRevocationList	RFC 2256
departmentNumber	RFC 2798
description	RFC 2256
destinationIndicator	RFC 2256
displayName	RFC 2798
dITRedirect	RFC 1274
dmdName	RFC 2256
dNSRecord	RFC 1274
drink	RFC 1274
dSAQuality	RFC 1274
employeeNumber	RFC 2798
employeeType	RFC 2798
facsimileTelephoneNumber	RFC 2256
gecos	RFC 2307
gidNumber	RFC 2307
givenName	RFC 2798
homeDirectory	RFC 2307
homePhone	RFC 1274
homePostalAddress	RFC 1274
host	RFC 1274
initials	RFC 2256
internationalISDNNumber	RFC 2256
ipHostNumber	RFC 2307
ipNetmaskNumber	RFC 2307
ipNetworkNumber	RFC 2307
ipProtocolNumber	RFC 2307
ipServicePort	RFC 2307
ipServiceProtocol	RFC 2307
javaClassName	RFC 2713
javaClassNames	RFC 2307
javaCodebase	RFC 2307
javaDoc	RFC 2307
javaFactory	RFC 2307
javaReferenceAddress	RFC 2713
javaSerializedData	RFC 2713
janetMailbox	RFC 1274
jpegPhoto	RFC 1488
knowledgeInformation	RFC 2256
l	RFC 2256
labeledURI	RFC 2079
lastModifiedBy	RFC 1274
lastModifiedTime	RFC 1274
loginShell	RFC 2307
macAddress	RFC 2307
mail	RFC 2798
mailAlternateAddress	RFC 2256
mailHost	RFC 2256
mailPreferenceOption	RFC 1274
mailRoutingAddress	RFC 2256
manager	RFC 1274
member	RFC 2256
memberNisNetgroup	RFC 2307
memberUid	RFC 2307
mobile	RFC 1274
nisDomain	RFC 2307
nisMapEntry	RFC 2307
nisMapName	RFC 2307
nisNetgroupTriple	RFC 2307
nisPublicKey	RFC 2307
nisSecretKey	RFC 2307
o	RFC 2256
oncRpcNumber	RFC 2307
organizationalStatus	RFC 1274
otherMailbox	RFC 1274
ou	RFC 2256
owner	RFC 2256
pager	RFC 1274
personalSignature	RFC 1274
personalTitle	RFC 1274
photo	RFC 1274
physicalDeliveryOfficeName	RFC 2256
postalAddress	RFC 2256
postalCode	RFC 2256
postOfficeBox	RFC 2256
preferredDeliveryMethod	RFC 2256
preferredDeliveryMethod	RFC 2377
preferredLanguage	RFC 2798
presentationAddress	RFC 2256
protocolInformation	RFC 2256
ref	RFC 3296
registeredAddress	RFC 2256
roleOccupant	RFC 2256
roomNumber	RFC 1274
searchGuide	RFC 2256
secretary	RFC 1274
seeAlso	RFC 2256
serialNumber	RFC 2256
shadowExpire	RFC 2307
shadowFlag	RFC 2307
shadowInactive	RFC 2307
shadowLastChange	RFC 2307
shadowMax	RFC 2307
shadowMin	RFC 2307
shadowWarning	RFC 2307
sn	RFC 2256
st	RFC 2256
street	RFC 2256
subtreeMaximumQuality	RFC 1274
subtreeMinimumQuality	RFC 1274
supportedApplicationContext	RFC 2256
telephoneNumber	RFC 2256
teletexTerminalIdentifier	RFC 2256
telexNumber	RFC 2256
textEncodedORaddress	RFC 2377
title	RFC 2256
uid	RFC 2253
uidNumber	RFC 2307
uniqueIdentifier	RFC 1274
uniqueMember	RFC 2256
userCertificate;binary	RFC 2256
userClass	RFC 1274
userPassword	RFC 2256
userPKCS12	RFC 2798
userSMIMECertificate	RFC 2798
x121Address	RFC 2256
x500UniqueIdentifier	RFC 2256

The value in this attribute is synchronized with that in the userPassword attribute.

Several different applications can require the user to enter the same clear text password used for the directory, but each application may hash it with a different algorithm. In this case, the same clear text password can become the source of several different password verifiers.

This attribute is multivalued and can contain all the other verifiers that different applications use for this user's clear text password. If the userpassword attribute is modified, then the authpassword values for all applications are regenerated.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

1.3.6.1.4.1.4203.1.3.4

8.2.5 bindAuthPriv

bindAuthPriv allows Oracle Internet Directory server to restrict users who can bind to it.

The administrator creates an LDAP group entry where only members of the group can bind to the server. Each user entry of users who are allowed to bind to the server must contain an bindAuthPriv attribute that points to the group. If a user is not a member of the group, bind requests are rejected. Several other considerations are:

The bindAuthPriv attribute can be a collective attribute that allows specific users to inherit it.
The LDAP group can be a nested group.
The administrator must ensure the proper ACL for the bindAuthPriv attribute, so that the attribute can be added to a user entry only by an administrator.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.641

Other

Single-valued attribute.

8.2.6 bindTimeLimit

bindTimeLimit is the maximum time in seconds a POSIX directory user agent (DUA) should allow for a search to complete.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.11.1.3.1.1.4

Other

Single-valued attribute.

8.2.7 c

c specifies the country associated with a user's address.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.5.4.6

Other

Single-valued attribute.

8.2.8 changeloginfo

changeloginfo is the attribute that provides additional change log information, such as the value of the client IP address.

For example:

changeloginfo=clientip=::ffff:10.229.116.104

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.510

Other

Single-valued attribute.

8.2.9 changestatus

changestatus is the last change number transported by the replication server.

Syntax

DN

Matching Rule

DistinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.22

8.2.10 cn

cn is the common name (nickname) attribute which contains the name of an object. If the object corresponds to a user, it is typically the user's full name. A cn (common name) isn't unique, whereas a dn (distinguished name) is unique.

For example, if ABC corp employs two people with the name John Smith, one in HR and one in Finance then they both would have a cn=John Smith, but they would have unique DNs because the DN would take the form:

cn=John Smith, ou=HR, o=ABC or
cn=John Smith, ou=Finance, 0=ABC

Where ou= organizational unit, and o=organization

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

credentialLevel identifies the type of credentials a POSIX directory user agent (DUA) should use when binding to the directory server.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseIgnoreIA5Match

Object ID

1.3.6.1.4.1.11.1.3.1.1.10

Other

Single-valued attribute.

8.2.15 defaultSearchBase

defaultSearchBase is the default base DN used by a POSIX directory user agent (DUA).

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

1.3.6.1.4.1.11.1.3.1.1.1

Other

Single-valued attribute.

8.2.16 defaultSearchScope

defaultSearchScope is the user defined search scope used by a POSIX directory user agent (DUA).

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.11.1.3.1.1.12

Other

Single-valued attribute.

8.2.17 defaultServerList

defaultServerList is the IP addresses of the default servers that a directory user agent (DUA) should use in a space separated list.

After the servers in preferredServerList are tried, those default servers on the client's subnet are tried, followed by the remaining default servers, until a connection is made. At least one server must be specified in either preferredServerList or defaultServerList. This attribute has no default value.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseIgnoreIA5Match

Object ID

1.3.6.1.4.1.11.1.3.1.1.0

Other

jpegPhoto is a photograph file in JPEG format.

Syntax

1.3.6.1.4.1.1466.115.121.1.28 (Binary)

Matching Rule

octetStringMatch

Object ID

0.9.2342.19200300.100.1.60

8.2.23 krbPrincipalName

krbPrincipalName contains the Kerberos principal name.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

1.3.18.0.2.4.1091

Other

Single-valued attribute.

8.2.24 labeledURI

labeledURI is a Uniform Resource Locator (URL).

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

1.3.6.1.4.1.250.1.57

8.2.25 ldapSyntaxes

ldapSyntaxes identifies the LDAP syntaxes implemented in the directory schema.

Syntax

1.3.6.1.4.1.1466.115.121.1.54 (LDAP Syntax Description)

Matching Rule

objectIdentifierFirstComponentMatch

Object ID

1.3.6.1.4.1.1466.101.120.16

Other

Directory operational attribute.

8.2.26 mail

This attribute is defined in RFC 1274. Identifies a user's primary e-mail address (the e-mail address retrieved and displayed by "white-pages" lookup applications).

For example: mail: user.name@example.com

Syntax

1.3.6.1.4.1.1466.115.121.1.26{256} (IA5 String, 256 character maximum)

Matching Rule

caseIgnoreIA5Match

Object ID

0.9.2342.19200300.100.1.3

8.2.27 matchingRules

matchingRules identifies the matching rules implemented in the directory schema.

Syntax

1.3.6.1.4.1.1466.115.121.1.30 (Matching Rule Description)

Matching Rule

objectIdentifierFirstComponentMatch

Object ID

namingContexts is the top-level DNs for the naming contexts contained in this server. You must have superuser privileges to publish a DN as a naming context. There is no default value.

This attribute is part of the root DSE (DSA-Specific Entry). The root DSE contains a number of attributes that store information about the directory server itself.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.1466.101.120.5

Other

DSA operational attribute.

8.2.32 objectClass

objectClass is the list of object classes from which this object class is derived.

Syntax

1.3.6.1.4.1.1466.115.121.1.38 (Object Identifier)

Matching Rule

objectIdentifierMatch

Object ID

2.5.4.0

8.2.33 objectClasses

objectClasses defines the object classes which are in force within a subschema.

Syntax

1.3.6.1.4.1.1466.115.121.1.37 (Object Class Description)

Matching Rule

objectIdentifierFirstComponentMatch

Object ID

2.5.21.6

Other

Directory operational attribute.

8.2.34 objectClassMap

objectClassMap is a mapping from an object class defined by a directory user agent (DUA) to an object class in an alternative schema used in the directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.11.1.3.1.1.11

8.2.35 orclACI

Access control instructions are stored in the directory as attributes of entries. The orclACI attribute is an operational attribute; it is available for use on every entry in the directory, regardless of whether it is defined for the object class of the entry. It is used by the directory server to evaluate what rights are granted or denied when it receives an LDAP request from a client.

Syntax

1.3.6.1.4.1.1466.115.121.1.1 (Access Control Item)

Matching Rule

accessDirectiveMatch

Object ID

2.16.840.1.113894.1.1.42

8.2.36 orclACLResultsLatency

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.129

Other

orclagreementtype is the replication agreement type.

Replication agreement type: '0-OneWay 1-TwoWay, 2-LDAP Multimaster, 3-ASR Multimaster.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.511

8.2.44 orclAnonymousBindsFlag

orclAnonymousBindsFlag specifies whether anonymous binds to the directory are allowed or not.

If set to 2, anonymous binds are allowed, but only search operations on root DSE entry are allowed for anonymous users. If set to 1, then anonymous binds are allowed. If set to 0 (zero), then anonymous binds are not allowed. The default is 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.299

Other

Single-valued attribute.

8.2.45 orclAppFullName

orclAppFullName is the full name of an application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.320

8.2.46 orclAppId

orclAppId is the unique identifier of an application entry associated with a password verifier.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 characters maximum)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.207

Other

Single-valued attribute.

8.2.47 orclApplicationAddress

orclApplicationAddress is the address of the application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.318

8.2.48 orclApplicationCommonName

orclApplicationCommonName is the common name (cn) of the application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.319

8.2.49 orclApplicationType

orclApplicationType identifies the application type, such as Oracle Portal.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.280

Other

Single-valued attribute.

8.2.50 orclAssocDB

orclAssocDB identifies the associated Oracle Database instance with the application or service.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.1007

8.2.51 orclAssocIasInstance

orclAssocIasInstance identifies the associated Oracle Application Server instance with the application or service.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.1006

8.2.52 orclAttrACLEvalLatency

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.138

Other

Single-valued attribute.

8.2.53 orclAudCustEvents

orclAudCustEvents is a comma-separated list of events and category names to be audited. Custom events are only applicable when orclAudFilterPreset is Custom.

Examples include:

Authentication.SUCCESSESONLY,
Authorization(Permission -eq 'CSFPerfmission")

Syntax

IA5 String

Matching Rule

caseExactIAI5Match

Object ID

2.16.840.1.113894.1.1.373

8.2.54 orclAudFilterPreset

orclAudFilterPreset replaces the audit levels used in 10g (10.1.4.0.1) and earlier releases.

Values are None, Low, Medium, All, and Custom.

Syntax

IA5 String

Matching Rule

caseExactIAI5Match

Object ID

2.16.840.1.113894.1.1.372

8.2.55 orclAuditAttribute

orclAuditAttribute identifies the audit attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.58

8.2.56 orclAuditMessage

orclAuditMessage stores an audit message.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.59

8.2.57 orclAudSplUsers

orclAudSplUsers is a comma separated list of users for whom auditing is always enabled, even if orclAudFilterPreset is None.

For example:

cn=orcladmin.

Syntax

IA5 String

Matching Rule

caseExactIAI5Match

Object ID

2.16.840.1.113894.1.1.374

8.2.58 orclBERgenLatency

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.139

Other

Single-valued attribute.

8.2.59 orclBlockDNIP

orclBlockDNIP is an IP address that causes Oracle Internet Directory server to reject any new connections and close any existing connections from that IP address.

Note:

You need to use the subtype property along with this attribute to configure DN or IP address that needs to be blocked. Use the following subtype:

For DN: dn

For IP address: ip

Consider the following examples:

orclblockdnip;dn: cn=jdoe,ou=abc,c=us
orclblockdnip;ip: ffff:11.234.56.789

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.382

Other

Single-valued attribute.

8.2.60 orclcachenotifyip

orclcachenotifyip is a configuration attribute that associates a port number with an IP address in order to allow Oracle Internet Directory servers to communicate with each other in a cluster environment when cached data is changed.

The servers communicate with each other using the LDAP protocol. For example, the following LDIF file, which you can load using the ldapmodify command, associates port number 5678 with IP address 10.10.10.4 for the oid1 instance:

dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
add: orclcachenotifyip;5678
orclcachenotifyip;5678: 10.10.10.4

When orclcachenotifyip is configured for an Oracle Internet Directory instance, the IP address must be local to the node where the instance is running.

Syntax

1.3.6.1.4.1.1466.115.121.1.44

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.640

8.2.61 orclCatalogEntryDN

orclCatalogEntryDN contains the DN of the catalog entry.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.50

Other

This is a special catalog attribute used for certificate matching. The value of this attribute is computed by calculating a hash of the user certificate when it is added to Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.184

Other

Single-valued attribute.

Not user modifiable.

8.2.66 orclCertificateMatch

This is a special catalog attribute used for certificate matching. The value of this attribute contains the correct matching value to use for a user certificate based on the orclPKIMatchingRule setting.

Refer orclPKIMatchingRule setting

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.183

Other

Single-valued attribute.

Not user modifiable.

orclCommonAutoRegEnabled specifies if auto-registration is enabled or disabled. Allowed values are 0 (disabled) or 1 (enabled).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.567

Other

Single-valued attribute.

8.2.71 orclCommonContextMap

orclCommonContextMap stores the common context map.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.904

Other

Single-valued attribute.

8.2.72 orclCommonDefaultUserCreateBase

orclCommonDefaultUserCreateBase identifies the default user creation base where users are created.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.908

Other

Single-valued attribute.

8.2.73 orclCommonGroupCreateBase

orclCommonGroupCreateBase identifies the group creation base under which Oracle Delegated Administration Services creates groups.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

orclCommonUserSearchBase identifies the branch that contains user entries.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.7.1.10

8.2.78 orclCommonVerifierEnable

If this attribute is enabled then the common verifier is used for all related applications. If this attribute is disabled then each application must setup their own verifier profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.214

Other

Single-valued attribute.

8.2.79 orclCommonVerifierEnable

If this attribute is enabled then the common verifier is used for all related applications. If this attribute is disabled then each application must setup their own verifier profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.214

Other

Single-valued attribute.

8.2.80 orclCompatibleVersion

orclCompatibleVersion is the Oracle Internet Directory version. Do not modify this attribute. It must be present for Oracle Internet Directory 11.1.1.6.0 or later to work with the schema.

Values can be:

orclcompatibleversion 11.1.1.6.0
orclcompatibleversion 11.1.1.7.0

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.1302

Other

Multi-valued attribute.

8.2.81 orclComputedAttribute

Attribute that allows a configurable attribute and its value to be dynamically computed based on one or more specific rules.

See Also Managing Computed Attributes in Administering Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.44

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.628

Other

orclDASAttrDispOrder specifies the display order of an attribute in Oracle Delegated Administration Services.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

The list of values to display to users in the UI when the orclDASUIType =Predefined List.

See orclDASUIType

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreSubStringsMatch

Object ID

orclDASUIType specifies the UI field type for an attribute when displayed in Oracle Delegated Administration Services.

Options are:

Single Line Text
Multi Line Text
Predefined List
Date
Browse and Select
Number

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.327

Other

Single-valued attribute.

8.2.105 orclDASURL

The corresponding URL of an Oracle Delegated Administration Services unit.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

orclDBSchemaIdentifier is the DN of the DB registration entry in OID that an application entity uses.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.347

8.2.114 orclDBType

orclDBType indicates the type of database used. This attribute is part of the root DSE (DSA-Specific Entry). The root DSE contains a number of attributes that store information about the directory server itself.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.5

Other

Single-valued attribute.

8.2.115 orclDebugFlag

orclDebugFlag is the debug level associated with a server instance. The default is 0 (zero). The valid range is 0 to 402653184.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.97

Other

Single-valued attribute.

8.2.116 orclDebugForceFlush

orclDebugForceFlush specifies whether debug messages are to be written to the log file when a message is logged by the directory server. To enable it, set its value to 1. To disable it set it to 0, which is its default value.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.193

Other

Single-valued attribute.

8.2.117 orcldebuglevel

orcldebuglevel specifies the Replication server debug level.

Values are additive:

0: No Debug Log, 2097152: Replication Performance Log, 4194304: Replication Debug Log, 8388608: Function Call Trace, 16777216: Heavy Trace Log

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.3

8.2.118 orclDebugOp

To make logging more focused, orclDebugOp limits logged information to particular directory server operations by specifying the debug dimension to those operations.

Values for operations are:

1 - ldapbind
2 - ldapunbind
4 - ldapadd
8 - ldapdelete
16 - ldapmodify
32 - ldapmodrdn
64 - ldapcompare
128 - ldapsearch
264 - ldapabandon
511 - all operations

To log more than one operation, add the values of their dimensions. For example, if you want to trace ldapbind (1), ldapadd (4) and ldapmodify (16) operations, then the value would be 21 (1 + 4 + 16 = 21).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.601

Other

Single-valued attribute.

8.2.119 orclDefaultProfileGroup

orclDefaultProfileGroup holds the DN of the group to designate the default group for a user, such that a default profile can be built for the user based on this attribute value.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.309

Other

OrclDispThreads is the number of dispatcher threads per server process.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.613

8.2.127 orclDITRoot

orclDITRoot is the root of the directory information tree (DIT). This attribute is part of the root DSE (DSA-Specific Entry). The root DSE contains a number of attributes that store information about the directory server itself.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.7

Other

Single-valued attribute.

8.2.128 orclDNSUnavailable

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.161

Other

Single-valued attribute.

8.2.129 orclcachemaxsize

orclcachemaxsize specifies the size in bytes of the result set cache or the metadata cache, depending on the subtype.

The available subtypes are:

rs: Result set cache. Default and minimum cache size is 64 MB.
md: Metadata cache. Default and minimum cache size is 128 MB.

Specify the size as M or G, indicating megabytes or gigabytes, respectively. To set a subtype, specify:

orclcachemaxsize; subtypename: value

For example:

orclcachemaxsize; md: 256M

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.642

Other

Single-valued attribute.

8.2.130 orclEcacheEnabled

orclEcacheEnabled specifies whether to enable or disable the Entry Cache or Result Set Cache.

Values can be:

0: Disable both the Entry Cache and Result Set Cache.
1: Enable the Entry Cache only (default value).
2: Enable both the Entry Cache and Result Set Cache.

If you change the attribute value, restart the Oracle Internet Directory server instance for the new value to take effect.

Note:

A new subtype groups is available for orclEcacheEnabled attribute. This specifies whether to cache group entries or not. It's disabled by default out of the box.

Values can be:

0 (default): Not to cache group entries
1: Cache group entries

Example, orclEcacheEnabled;groups:1

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.400

Other

Single-valued attribute.

8.2.131 orclEcacheHitRatio

orclEcacheHitRatio stores the cache hit ratio.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.170

Other

Single-valued attribute.

8.2.132 orclEcacheMaxEntries

orclEcacheMaxEntries holds the maximum number of entries that can be present in the entry cache. The default is 25,000.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.402

Other

Single-valued attribute.

8.2.133 orclEcacheMaxSize

orclEcacheMaxSize is the size of shared memory that can be used for the entry cache. The default is 100 MB.

Specify the size as M or G, indicating megabytes or gigabytes, respectively.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.401

Other

Single-valued attribute.

8.2.134 orclEcacheNumEntries

orclEcacheNumEntries is the number of entries currently in the entry cache.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.171

Other

Single-valued attribute.

8.2.135 orclEcacheSize

orclEcacheSize specifies the current size of the entry cache.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.172

Other

Single-valued attribute.

8.2.136 orclEnabled

orclEnabled determines whether an application is enabled or disabled for use.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.1008

Other

Single-valued attribute.

8.2.137 orclEnableGroupCache

orclEnableGroupCache specifies whether to cache privilege groups and ACL groups. Using this cache improves the performance of access control evaluation for users.

Use the group cache when a privilege group membership does not change frequently. If a privilege group membership does change frequently, then it is best to turn off the group cache. This is because, in such a case, computing a group cache increases overhead. The default is 1 (enabled). Change to 0 (zero) to disable.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.403

Other

Single-valued attribute.

8.2.138 orclencryptedattributes

orclencryptedattributes specifies the list of attributes to be stored in an encrypted form.

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.419

8.2.139 orclEntryACLEvalLatency

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.136

Other

Single-valued attribute.

8.2.140 orclEntryLevelACI

orclEntryLevelACI specifies the ACI that holds object level ACL.

Syntax

1.3.6.1.4.1.1466.115.121.1.1 (Access Control Item)

Matching Rule

accessDirectiveMatch

Object ID

2.16.840.1.113894.1.1.43

8.2.141 orclEventLevel

orclEventLevel specifies critical events related to security and system resources to be recorded for server manageability statistics.

The default value is 0. Table 8-2 lists the level values.

Table 8-2 Event Levels

Level Value	Critical Event	Information It Provides
1	Superuser login	Super uses bind (successes or failures)
2	Proxy user login	Proxy user bind (failures)
4	Replication login	Replication bind (failures)
8	Add access	Add access violation
16	Delete access	Delete access violation
32	Write access	Write access violation
64	ORA 3113 error	Loss of connection to database
128	ORA 3114 error	Loss of connection to database
256	ORA 28 error	ORA-28 Error
512	ORA error	ORA errors other an expected 1, 100, or 1403
1024	Oracle Internet Directory server termination count
2047	All critical events

For events other than superuser, proxy user, and replication login, set the value of the orclStatsFlag attribute to 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.195

Other

Single-valued attribute.

8.2.142 orclEventTime

orclEventTime is the time when a logged directory event occurred.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

orclFlexAttribute1 is an additional attribute for storing more information about a resource, service, or component.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.355

8.2.148 orclFlexAttribute2

orclFlexAttribute2 is an additional attribute for storing more information about a resource, service, or component.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

orclgeneratechangelog enables change log generation.

The options are:

1- Generate change log
0- Do not generate change log

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.617

8.2.153 orclGenObjLatency

orclGenObjLatency stores the general object latency.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.133

Other

Single-valued attribute.

8.2.154 orclGetNearACLLatency

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.135

Other

Single-valued attribute.

8.2.155 orclGlobalID

orclGlobalID specifies the attribute that is used to identify the global ID of a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.7.1.8

Other

Single-valued attribute.

8.2.156 orclGUID

This is the global unique identifier for an entry within Oracle Internet Directory. The value for this attribute is automatically generated when an entry is created and remains constant, even if an entry is moved.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.37

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.157 orclGUPassword

orclGUPassword is the password for the guest user account in Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.12

Other

Single-valued attribute.

8.2.158 orclHashedAttributes

orclHashedAttributes is the list of attributes whose values are hashed, using the crypto scheme set in the root DSE attribute orclcryptoscheme.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (caseIgnoreSubstringsMatch)

Matching Rule

caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.376

Other

Multi-valued attribute

Note:

Never include the same attribute in both orclhashedattributes and orclencryptedattributes.
Only single-valued attributes can be hashed attributes.

8.2.159 orclHIQSchedule

orclHIQSchedule is the interval, in seconds, at which the directory replication server repeats the change application process.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

N/A

Object ID

2.16.840.1.113894.1.1.98

Other

Single-valued attribute.

DSA operational attribute.

8.2.160 orclHireDate

orclHireDate specifies the date on which a user was hired by the organization.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

2.16.840.1.113894.1.1.308

Other

Single-valued attribute.

8.2.161 orclHostedCreditCardExpireDate

orclHostedCreditCardExpireDate indicates the credit card expiration date for a subscriber.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.338

Other

Single-valued attribute.

8.2.162 orclHostedCreditCardNumber

orclHostedCreditCardNumber indicates the credit card number for a subscriber.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.337

Other

Single-valued attribute.

8.2.163 orclHostedCreditCardType

orclHostedCreditCardType indicates the credit card type for a subscriber.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.336

Other

Single-valued attribute.

8.2.164 orclHostedDunsNumber

The DUNS number of a business subscriber. DUNS (Data Universal Numbering System) is a unique nine character company identification number issued by Dun and Bradstreet Corporation used to identify a US corporate entity.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.334

Other

Single-valued attribute.

8.2.165 orclHostedPaymentTerm

orclHostedPaymentTerm specifies the payment terms for a subscriber account.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.335

Other

Single-valued attribute.

8.2.166 orclHostname

orclHostname indicates the host name of the Oracle Internet Directory server.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.41

Other

Single-valued attribute.

8.2.167 orclIdleConn

The number of open connections that are currently inactive. Oracle Internet Directory tracks the idle connections for server manageability statistics.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.151

Other

Single-valued attribute.

8.2.168 orclIdleThreads

The number of Oracle Internet Directory server process threads that are currently inactive. Oracle Internet Directory tracks the idle threads for server manageability statistics.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.141

Other

Single-valued attribute.

8.2.169 orclIncludedNamingContexts

orclIncludedNamingContexts is the naming context included in a partial replica. For each naming context object, you can specify only one unique subtree.

In partial replication, all subtrees in the specified included naming context are replicated.

Only LDAP-based replication agreements respect this attribute to define one or more partial replicas. If this attribute contains any values in an Oracle Database Advanced Replication-based replication agreement, then it is ignored.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

N/A

Object ID

2.16.840.1.113894.1.1.819

Other

Single-valued attribute.

orclInterval is the time interval in seconds between executions of Oracle Directory Integration and Provisioning profiles.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

orclMaidenName indicates the maiden name of a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.306

8.2.184 orclMappedDN

orclMappedDN holds the required information for generating the mapped identity.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.704

Other

Single-valued attribute.

8.2.185 orclMaskFilter

orclMaskFilter indicates LDAP filter specifying entries to be exposed. Others are masked.

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.427

Other

Multivalued, User-modifiable

8.2.186 orclMaskRealm

orclMaskRealm indicates the list of DIT subtrees that are exposed or hidden.

They are as follows:

orclMaskRealm contains the DIT subtrees that are exposed in an instance. This attribute is configured in the instance level. The DN configured and its children are visible in the instance. Other entries in the DIT are masked (hidden) for all LDAP operations.
orclMaskRealm;disallowed contains the DIT subtrees that are hidden in a container for an entire directory for all LDAP operations. This attribute is configured in the DSA configuration entry.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (DN)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.426

Other

Multivalued, User-modifiable.

8.2.187 orclMasterNode

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.1010

Other

Single-valued attribute.

8.2.188 orclMatchDnEnabled

If the base DN of a search request is not found, then the directory server returns the nearest DN that matches the specified base DN. Whether the directory server tries to find the nearest match DN is controlled by this attribute. If set to 1, then match DN processing is enabled. If set to 0, then match DN processing is disabled. The default is 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.404

Other

Single-valued attribute.

8.2.189 orclMaxCC

orclMaxCC indicates the number of connections established by the Oracle Internet Directory server to its backend data base. The default value is 2.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.4

Other

Single-valued attribute.

8.2.190 orclMaxConnInCache

orclMaxConnInCache is the number of connection DNs whose privileged groups can be cached is controlled by orclMaxConnInCache in the instance-specific configuration entry. The default value is 100000 identities (connection DNs). Increase the value of orclMaxConnInCache if your installation has more than 25000 users.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.605

Other

Single-valued attribute.

8.2.191 orclmaxLatencyLog

orclmaxLatencyLog indicates the time in micro seconds after which any Oracle Internet Directory server operations that exceed this time are logged to the alert log. Default is 500 micro seconds, and the minimum value is 10 micro seconds.

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.643

Other

Single-valued attribute.

8.2.192 orclMaxTcpIdleConnTime

orclMaxTcpIdleConnTime indicates the frequency in minutes at which the Oracle Internet Directory server calls OCIPing() to send keep alive messages to the Oracle Database. Setting this attribute to a value less than the timeout value of the firewall between Oracle Internet Directory server and its Database (typically 30 minutes) prevents the Database connection from being dropped.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.196

Other

Single-valued attribute.

8.2.193 orclMaxFDLimitReached

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.156

Other

orclmaxpsearchconns indicates the maximum number of connections allowed for LDAP persistent search operations. Because persistent search operations keep connections from an LDAP client to the Oracle Internet Server server alive, this attribute can prevent the LDAP connection limit from being reached. Default is 0 (disabled).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.383

Other

Single-valued attribute.

8.2.199 orclMaxProcessLimitReached

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.164

Other

Single-valued attribute.

8.2.200 orclMaxServerRespTime

orclMaxServerRespTime indicates the maximum time in seconds for Server process to respond back to Dispatcher process.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.620

8.2.201 orclMemAllocError

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.162

Other

Single-valued attribute.

8.2.202 orclMemberOf

This attribute contains the groups to which the entry belongs. This includes static groups and dynamic groups of objectclass orclDynamicGroup, using labeleduri attribute, which are cached. The membership includes both direct groups and nested groups. The attribute values are computed during search and are not stored. As of Oracle Internet Directory 11g Release 1 (11.1.1.7.0), this attribute can be used in search filters.

orclMemberOf is an operational attribute and is returned by a search only when explicitly requested in the required attributes list.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.424

Other

Directory operational attribute.

Not user modifiable.

Aliases: memberof, ismemberof.

8.2.203 orclNetDescName

orclNetDescName indicates the DN of an Oracle Net Service description entry. Oracle Net directory naming allows net service names to be stored in and retrieved from Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.3.1.12

Other

Single-valued attribute.

8.2.204 orclNetDescString

orclNetDescString indicates the description string for an Oracle Net Service.

The For example:

(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP) (HOST = hostname)(PORT =1521))) (CONNECT_DATA = (SID = ORCL)))

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.3.1.13

Other

Single-valued attribute.

8.2.205 orclNonSSLPort

orclNonSSLPort indicates the non-SSL LDAP listening port for Oracle Internet Directory server.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.102

Other

Single-valued attribute.

8.2.206 orclNormDN

orclNormDN identifies the normalized DN of an entry.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.1000

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.207 orclNWCongested

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.160

Other

Single-valued attribute.

8.2.208 orclNwrwTimeout

orclNwrwTimeout stores the network read/write time out. When an LDAP client initiates an operation, then does not respond to the server for a configured number of seconds, the server closes the connection. The number of seconds is controlled by the attribute orclnwrwtimeout in the DSA configuration entry. The default is 300 seconds.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.603

Other

Single-valued attribute.

8.2.209 orclNwUnavailable

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.159

Other

Single-valued attribute.

8.2.210 orclObjectGUID

orclObjectGUID stores Microsoft Active Directory's OBJECTGUID attribute value for users and groups migrated to Oracle Internet Directory from Active Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.901

Other

Single-valued attribute.

8.2.211 orclObjectSID

orclObjectSID stores Microsoft Active Directory's OBJECTSID attribute value for users and groups migrated to Oracle Internet Directory from Active Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.902

Other

Single-valued attribute.

8.2.212 orclODIPAgent

orclODIPAgent specifies the DN of a provisioning profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.9.1.6

8.2.213 orclODIPAgentConfigInfo

orclODIPAgentConfigInfo is any configuration information that you want the connector to store in Oracle Internet Directory.

It is passed by the Directory Integration Platform server to the connector at time of connector invocation. The information is stored as an attribute and the Directory Integration Platform server does not have any knowledge of its content. When the connector is scheduled for execution, the value of the attribute is stored in the file, ORACLE_HOME/ldap/odi/conf/profile_name.cfg that can be processed by the connector.

Upload the file by using:

manageSyncProfiles update -h host -p port -D WLS_userid -profile profile_name -params "odip.profile.configfile ORACLE_HOME/ldap/odi/conf/profile_name.cfg"

or

manageSyncProfiles update -h host -p port -D WLS_userid -profile profile_name -file properties_file

where properties_file specifies odip.profile.configfile=ORACLE_HOME/ldap/odi/conf/profile_name.cfg.

Do this for both import and export agents.

See Oracle Directory Integration Platform Tools and the Managing Directory Synchronization Profiles in Administering Oracle Directory Integration Platform for more information

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.24

8.2.214 orclODIPAgentControl

orclODIPAgentControl indicates whether a synchronization profile is enabled or disabled. Valid values are ENABLE or DISABLE. The default is DISABLE.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.3

Other

Single-valued attribute.

8.2.215 orclODIPAgentExeCommand

orclODIPAgentExeCommand is the executable name and argument list used by the Directory Integration Platform server to invoke a connector. It can be passed as a command-line argument when the connector is invoked.

For example, here is a command to invoke the Oracle HR connector:

odihragent OracleHRAgent connect=hrdb login=%orclodipConDirAccessAccount pass=%orclodipConDirAccessPassword date=%orclODIPLastSuccessfulExecutionTime

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.21

Other

Single-valued attribute.

8.2.216 orclODIPAgentHostName

orclODIPAgentHostName is the host name of the Oracle Directory Integration and Provisioning server where the synchronization profile is run.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.5

Other

Single-valued attribute.

8.2.217 orclODIPAgentName

orclODIPAgentName indicates the name of a third-party synchronization profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.1

Other

Single-valued attribute.

8.2.218 orclODIPAgentPassword

orclODIPAgentPassword specifies the password that the synchronization profile uses to bind to the directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.4

Other

Single-valued attribute.

8.2.219 orclODIPApplicationName

orclODIPApplicationName is the name of an application to which a provisioning subscription belongs.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.9.1.7

8.2.220 orclODIPApplicationsLocation

orclODIPApplicationsLocation specifies the DN of the application to which a provisioning subscription belongs.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.918

Other

Single-valued attribute.

8.2.221 orclODIPAttributeMappingRules

orclODIPAttributeMappingRules is the attribute for storing the mapping rules used by a synchronization profile. Store the mapping rules in a file by using the Directory Integration Platform Assistant.

See Oracle Directory Integration Platform Tools and the Supported Attribute Mapping Rules and Examples in Administering Oracle Directory Integration Platform for more information about mapping rules.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.41

8.2.222 orclODIPBootStrapStatus

orclODIPBootStrapStatus is the bootstrap status of a synchronization profile (the initial migration of data between a connected directory and Oracle Internet Directory).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.101

Other

Single-valued attribute.

8.2.223 orclODIPCommand

orclODIPCommand is the command to invoke a provisioning profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.9.1.5

8.2.224 orclODIPConDirAccessAccount

orclODIPConDirAccessAccount is the valid user account in the connected directory to be used by the connector for synchronization.

The value is specific to the connected directory with which you are integrating. For instance, for the SunONE synchronization connector, it is the valid bind DN in the SunONE Directory Server. For the Human Resources Connector, it is a valid user identifier in the Oracle Human Resources database. For other connectors, it can be passed as a command-line argument when the connector is invoked.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.22

Other

Single-valued attribute.

8.2.225 orclODIPConDirAccessPassword

orclODIPConDirAccessPassword is the password to be used by the user specified in the orclODIPConDirAccessAccount attribute to connect to the connected directory.

See orclODIPConDirAccessAccount. The value is specific to the third-party directory with which you are integrating. For instance, for the SunONE synchronization connector, it is the valid bind password in the SunONE Directory Server. For the Human Resources Agent, it is the Oracle Human Resources database password.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.23

8.2.226 orclODIPConDirLastAppliedChgNum

For Oracle Directory Integration and Provisioning import operations, orclODIPConDirLastAppliedChgNum is the last change from the connected directory that was applied to Oracle Internet Directory. The default value is 0. If you have used the Directory Integration Platform Assistant to bootstrap the connected directory, then this value is set automatically.

See Oracle Directory Integration Platform Tools and the Bootstrapping a Directory in Oracle Directory Integration Platform in Administering Oracle Directory Integration Platform for more information about the bootstrap operation. This is valid only in the import profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.65

Other

Single-valued attribute.

8.2.227 orclODIPConDirMatchingFilter

This attribute specifies the filter to apply to the third-party directory change log. It is used in the Oracle Directory Integration and Provisioning import profile.

The filter must be set in the import profile when both the import and export integration profiles are enabled, as follows:

Modifiersname != connected_directory_account

This prevents the same change from being exchanged between the two directories indefinitely. To avoid confusion, make this account specific to synchronization.

See Also: Note 280474.1, "Setting Up Filtering in a DIP Synchronization Profile" available at My Oracle Support (formerly MetaLink).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.42

8.2.228 orclODIPConDirURL

orclODIPConDirURL is the connection string required to connect to the third-party connected directory. This value refers to the host name and port number as host:port:[sslmode].

To connect by using SSL, enter host:port:1.

Make sure the certificate to connect to the directory is stored in the wallet, the location of which is specified in the file odi.properties.

Note: To connect to SunONE Directory Server by using SSL, the server certificate needs to be loaded into the wallet.

See Also: The chapter on Oracle Wallet Manager in Oracle Database Advanced Security Administrator's Guide.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.25

Other

Single-valued attribute.

8.2.229 orclODIPConfigDNs

orclODIPConfigDNs stores the DNs of integration profiles for a particular configuration set in Oracle Directory Integration and Provisioning.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.72

8.2.230 orclODIPConfigRefreshFlag

orclODIPConfigRefreshFlag stores a flag which indicates whether any integration profiles have been added, deleted, or modified. It is used in association with a configuration set.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.71

Other

Single-valued attribute.

8.2.231 orclODIPDbConnectInfo

orclODIPDbConnectInfo is the connection string for the database of a provisioning profile subscriber. The format of the string is host:port:sid:username:password.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.9.1.2

8.2.232 orclODIPEncryptedAttrKey

orclODIPEncryptedAttrKey stores a key which is used to encrypt and decrypt sensitive data that is transmitted by the Oracle directory integration platform server to other applications.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.215

Other

Single-valued attribute.

8.2.233 orclODIPEventFilter

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

orclODIPInterfaceType signifies the data format or protocol used in synchronization with a third-party directory.

Supported values are:

LDIF—Import or export from a LDIF File.
Tagged—Import or export from a tagged file—a proprietary format supported by the Oracle Directory Integration Platform server, similar to LDIF format.
LDAP—Import from or export to an LDAP-compliant directory.
DB —Import from or export to an Oracle Database directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.28

Other

Single-valued attribute.

8.2.239 orclODIPLastExecutionTime

orclODIPLastExecutionTime is the status attribute set to the last time the integration profile was executed by the Oracle Directory Integration and Provisioning server. Its format is dd-mon-yyyy hh:mm:ss, where hh is the time of day in 24-hour format. This attribute is initialized during profile creation.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.61

Other

Single-valued attribute.

8.2.240 orclODIPLastSuccessfulExecutionTime

orclODIPLastSuccessfulExecutionTime is the status attribute set to the last time the integration profile was executed successfully by the Oracle Directory Integration and Provisioning server. Its format is dd-mon-yyyy hh:mm:ss, where hh is the time of day in 24-hour format. This attribute is initialized during profile creation.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.62

Other

Single-valued attribute.

8.2.241 orclODIPMustAttrCriteria

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.603

Other

Single-valued attribute.

8.2.242 orclODIPObjectCriteria

orclODIPObjectCriteria is used in an object definition to identify and classify a particular type of object.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.602

8.2.243 orclODIPObjectDefnLocation

orclODIPObjectDefnLocation identifies the location of the various object definitions used by the Oracle directory integration platform server.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.917

Other

Single-valued attribute.

8.2.244 orclODIPObjectEvents

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.432

8.2.245 orclODIPObjectName

orclODIPObjectName is used in an object definition to store the name of an object.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.601

Other

Single-valued attribute.

8.2.246 orclODIPObjectSyncBase

orclODIPObjectSyncBase is the search base in the directory for an object associated with an Oracle Directory Integration and Provisioning synchronization profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.431

8.2.247 orclODIPOIDMatchingFilter

In export profiles, this attribute specifies the filter to apply to the Oracle Internet Directory change log container.

It is used in the export profile. It must be set in the export profile when both the import and export integration profiles are enabled, as in the following example:

Modifiersname !=orclodipagentname=iPlanetImport,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory

This prevents the same change from being exchanged between the two directories indefinitely.

In import profiles, this attribute specifies a key for mapping entries between Oracle Internet Directory and the connected directory. This is useful when the DN cannot be used as the key.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

orclODIPProfileDebugLevel is the debugging level for an Oracle Directory Integration and Provisioning synchronization profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.251

Other

Single-valued attribute.

Note:

To log all information for a synchronization profile, including entries that are synchronized, set the orclODIPProfileDebugLevel to a value of 63 for 10g and to a value of 64 for 11g.

The orclodipprofiledebuglevel attribute corresponds to the odip.profile.debuglevel configuration property. The odip.profile.debuglevel property refers to the following log levels, which you can set in the Oracle Enterprise Manager Fusion Middleware Control by editing the Log Level under the Advanced tab:

Off = 0
Error = 8
Info = 16
Trace = 32
All = 64 (recommended for most sync/profile mapping troubleshooting)

8.2.257 orclODIPProfileExecGroupID

orclODIPProfileExecGroupID associates a group number with a particular provisioning profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.250

Other

orclODIPProfileProcessingErrors contains errors raised during event propagation by the Oracle directory integration platform server for a particular provisioning-integrated application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.231

8.2.272 orclODIPProfileProcessingStatus

orclODIPProfileProcessingStatus contains the Oracle directory integration platform server's event propagation status for a particular provisioning-integrated application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.230

Other

orclODIPProvEventCriteria is used with version 2.0 provisioning profiles to convert a change in Oracle Internet Directory to an event before propagating it to a provisioning-integrated application. This attribute is used to identify a particular type of event.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

orclODIPProvInterfaceFilter is used with version 3.0 provisioning profiles to identify and classify an object based on the entry's object class. This attribute is used in the object definitions stored in Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.609

8.2.282 orclODIPProvInterfaceProcessor

orclODIPProvInterfaceProcessor is used by the Oracle directory integration platform server to identify the Java classes to use for reading and writing events from and to provisioning-integration applications and for processing event propagation results. The default configurations in this attribute should not be changed.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.608

Other

Single-valued attribute.

8.2.283 orclODIPProvisioningAppGUID

orclODIPProvisioningAppGUID is the global unique identifier for the application entry associated with a provisioning profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.402

Other

Single-valued attribute.

8.2.284 orclODIPProvisioningAppName

orclODIPProvisioningAppName is the distinguished name (DN) of the application to which the provisioning subscription belongs. The combination of the application name and organization name uniquely identifies a provisioning profile, for example, Email.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.401

Other

Single-valued attribute.

8.2.285 orclODIPProvisioningEventMappingRules

The event mapping rule maps the object type received from the application (using an optional filter condition) to a domain in Oracle Internet Directory. An inbound provisioning profile can have multiple mapping rules defined.

The following example shows a sample mapping rule value. The rule shows that a user object (USER) whose locality attribute equals US (l=US) should be mapped to the domain l=US,cn=users,dc=company,dc=com.

USER:l=US:l=US,cn=users,dc=company,dc=com

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.406

8.2.286 orclODIPProvisioningEventPermittedOperations

orclODIPProvisioningEventPermittedOperations defines the types of events that the application is allowed to send to the Oracle Directory Integration and Provisioning service. An inbound provisioning profile can have multiple permitted operations defined.

For example, if you wanted to permit the application to send events whenever a user object was added or deleted, or when certain attributes were modified, you would have three permitted operation values such as this:

USER:dc=mycompany,dc=com:ADD(*)
USER:dc=mycompany,dc=com:MODIFY(cn,sn,mail,password)
USER:dc=mycompany,dc=com:DELETE(*)

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.407

8.2.287 orclODIPProvisioningEventSubscription

orclODIPProvisioningEventSubscription defines the types of events that the Oracle Directory Integration and Provisioning service should send to the application. An outbound provisioning profile can have multiple event subscriptions defined.

For example, if you wanted the directory integration server to send events to the application whenever a user or group object was added or deleted, you would have four event subscription values such as this:

GROUP:dc=mycompany,dc=com:ADD(*)
GROUP:dc=mycompany,dc=com:DELETE(*)
USER:dc=mycompany,dc=com:ADD(*)
USER:dc=mycompany,dc=com:DELETE(*)

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.405

8.2.288 orclODIPProvisioningOrgGUID

orclODIPProvisioningOrgGUID is the global unique identifier for the organization entry associated with a provisioning profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.404

Other

Single-valued attribute.

8.2.289 orclODIPProvisioningOrgName

orclODIPProvisioningOrgName is the distinguished name (DN) of the organization to which the provisioning subscription belongs, for example dc=company,dc=com. The combination of the application DN and organization DN uniquely identifies a provisioning profile. Defaults value is the DN of the default identity management realm.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.403

Other

Single-valued attribute.

8.2.290 orclODIPProvProfileLocation

orclODIPProvProfileLocation contains the DN of the directory container that stores provisioning profiles.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.916

Other

Single-valued attribute.

8.2.291 orclODIPRootLocation

orclODIPRootLocation refers to the root location in the directory tree where the Oracle Directory Integration and Provisioning configuration is stored.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.912

Other

Single-valued attribute.

8.2.292 orclODIPSchedulingInterval

orclODIPSchedulingInterval denotes the time interval in seconds after which a connected directory is synchronized with Oracle Internet Directory. The default is 60.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.6

Other

Single-valued attribute.

8.2.293 orclODIPSchemaVersion

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.911

Other

Single-valued attribute.

8.2.294 orclODIPSearchCountLimit

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.511

Other

Single-valued attribute.

8.2.295 orclODIPSearchTimeLimit

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.512

Other

Single-valued attribute.

8.2.296 orclODIPServerCommitSize

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.515

Other

Single-valued attribute.

8.2.297 orclODIPServerConfigLocation

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.919

Other

Single-valued attribute.

8.2.298 orclODIPServerDebugLevel

orclODIPServerDebugLevel is the number that corresponds to the debugging level for the Oracle Directory Integration and Provisioning server.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.516

Other

Single-valued attribute.

8.2.299 orclODIPServerRefreshIntvl

orclODIPServerRefreshIntvl denotes the number of minutes between server refreshes for any changes in Oracle Directory Integration Platform profiles. If not specified, the default of 2 is used.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.514

Other

Single-valued attribute.

8.2.300 orclODIPServerSSLMode

orclODIPServerSSLMode is the number of the corresponding SSL mode. The default is 0.

The modes are as follows:

0 — SSL is not used.
1 — SSL is used for encryption only, not for authentication.
2 — SSL is used for one-way authentication. With this mode you must also specify the complete path and file name of the server's Oracle Wallet.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.513

Other

Single-valued attribute.

8.2.301 orclODIPServerWalletLoc

orclODIPServerWalletLoc denotes the complete path and file name of the Oracle Directory Integration and Provisioning server's Oracle Wallet.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.517

Other

orclOidComponentName indicates the name of OID component where replication server is started.

Syntax

Directory String

Matching Rule

caseIgnoreMatch

Object ID

orclOpResult stores the operation result.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.64

8.2.317 orclOpSucceeded

orclOpSucceeded specifies the number of successful LDAP operations.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.189

Other

Single-valued attribute.

8.2.318 orclOpTimedOut

orclOpTimedOut specifies the number of LDAP search operations that timed out.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.169

Other

Single-valued attribute.

8.2.319 orcloptracklevel

orcloptracklevel is the security event tracking level.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.180

8.2.320 orcloptrackmaxtotalsize

orcloptrackmaxtotalsize indicates the maximum number of bytes of RAM that security events tracking can use for each type of operation.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.178

orclOwnerGUID is the global unique identifier of the user who owns an application or resource.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

orclPasswordHintAnswer is the answer related to the password hint question stored in orclPasswordHint.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.315

Other

Single-valued attribute.

Note:

orclPasswordHintAnswer is hashed using the SHA-1 algorithm. The hexadecimal value of this is Base64 encoded.

Oracle Internet Directory hashes the value only if it is provided as plaintext. Prehashed values are not hashed again.

8.2.331 orclPasswordVerifier

orclPasswordVerifier is the attribute for storing a password to an Oracle component when that password is different from that used to authenticate the user to the directory, namely, userPassword.

The value in this attribute is not synchronized with that in the userPassword attribute.

Like authPassword, this attribute is multivalued and can contain all the other verifiers that different applications use for this user's clear text password.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.210

8.2.332 orclPilotMode

orclPilotMode allows to choose whether to BEGIN or END pilot mode for a replica.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch, equality integermatch

Object ID

2.16.840.1.113894.1.1.824

Other

Single-valued attribute.

8.2.333 orclPKCS12Hint

orclPKCS12Hint contains the password hint for the user's PKCS12 private key store.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.7.1.11

8.2.334 orclPKIMatchingRule

This is used to specify the matching rule for mapping a user's PKI certificate DN to the user's entry DN in Oracle Internet Directory.

The following matching rule values are allowed:

0 - Exact match. The PKI certificate DN must match the user entry DN.
1 - Certificate search. Check to see if the user has a PKI certificate provisioned into Oracle Internet Directory.
2 - A combination of exact match and certificate search. If the exact match fails, then a certificate search is performed.
3 - Mapping rule only. Use a mapping rule to map user PKI certificate DNs to Oracle Internet Directory DNs.
4 - Try in order: 1 (mapping rule), 2 (certificate search), 3 (exact match).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.703

Other

Single-valued attribute.

8.2.335 orclPKINextUpdate

orclPKINextUpdate indicates the universal time when the certificate revocation list (CRL) should be updated.

Syntax

1.3.6.1.4.1.1466.115.121.1.53 (UTC Time)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.2.1.300.1

8.2.336 orclPKIValMecAttr

orclPKIValMecAttr contains the certificate validation mechanism supported. Currently, only validation with crls is supported, hence the value of this attribute is CRL.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.2.1.300.2

8.2.337 orclPluginAttributeList

orclPluginAttributeList contains a semicolon-separated attribute name list that controls whether the plug-in takes effect. If the target attribute is included in the list, the plug-in is invoked.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.563

Other

Single-valued attribute.

8.2.338 orclPluginCheckEntryExist

orclPluginCheckEntryExist, if enabled, indicates that the Plug-in is invoked when the base entry does not exist. This only applies to search operation with scope base.

Allowed values are 0 (disabled) or 1 (enabled).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.569

Other

Single-valued attribute.

8.2.339 orclPluginEnable

orclPluginEnable indicates whether a plug-in is enabled or disabled. Allowed values are 0 (disabled) or 1 (enabled). The default is 0 (disabled).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.554

Other

Single-valued attribute.

8.2.340 orclPluginEntryProperties

orclPluginEntryProperties is an LDAP search filter that specifies entry criteria that will cause the plug-in to not be invoked.

For example, if the following filter is used, the plug-in will not be invoked if the target entry has objectclass equal to inetorgperson and sn equal to Cezanne.

(&(objectclass=inetorgperson)(sn=Cezanne))

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.568

Other

Single-valued attribute.

8.2.341 orclPluginIsReplace

orclPluginIsReplace is used for plug-ins that use WHEN timing only. 0 is disabled (default). 1 is enabled.

This attribute can be set to enabled only if the orclPluginLDAPOperation attribute value is ldapbind, ldapcompare, or ldapmodify.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.559

Other

Single-valued attribute.

8.2.342 orclPluginBinaryFlexfield

orclPluginBinaryFlexfield contains Custom binary information (Java only).

Syntax

1.3.6.1.4.1.1466.115.121.1.5

Object ID

2.16.840.1.113894.1.1.574

Other

Single-valued attribute.

8.2.343 orclPluginFlexfield

orclPluginFlexfield contains Custom text information (Java only).

To indicate a subtype, specify orclPluginFlexfield; subtypename, for example, orclPluginFlexfield; minPwdLength: 8

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.573

Other

Single-Valued attribute.

8.2.344 orclPluginSecuredFlexfield

orclPluginSecuredFlexfield contains Custom text information (Java only).

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.577

Other

Single-Valued attribute.

8.2.345 orclPluginKind

orclPluginKind indicates the kind of plug-in. PL/SQL is the only allowed value.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.562

Other

Single-valued attribute.

8.2.346 orclPluginLDAPOperation

orclPluginLDAPOperation indicates the LDAP operation that this plug-in supplements.

The Allowed values are:

ldapcompare
ldapmodify
ldapbind
ldapadd
ldapdelete
ldapsearch

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.557

Other

Single-valued attribute.

8.2.347 orclPluginName

orclPluginName indicates the plug-in package name.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.552

Other

Single-valued attribute.

orclPluginSASLCallBack controls the type of bind used when the LDAP_PLUGIN package connects back to the same Oracle Internet Directory server.

Allowed values are:

1= SASL bind (default).
0= Simple bind.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.572

Other

Single-valued attribute.

8.2.353 orclPluginSearchNotFound

This only applies if the value for the orclPluginTiming attribute is POST. It brings in the external entries if the entry is not found in Oracle Internet Directory. It provides additional plug-in invocation checking and ensures that the plug-in will only be invoked when the entry is not present in Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.570

Other

Single-valued attribute.

8.2.354 orclPluginShareLibLocation

orclPluginShareLibLocation contains the file location of the program libraries for the plug-in. If this value is not present, then the Oracle Internet Directory server assumes the plug-in language is PL/SQL.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.556

Other

Single-valued attribute.

8.2.355 orclPluginSubscriberDNList

orclPluginSubscriberDNList is a semicolon-separated DN list that controls if the plug-in takes effect.

For example:

dc=COM,c=us;dc=us,dc=oracle,dc=com;dc=org,dc=us;o=IMC,c=US

If the target DN of an LDAP operation is included in the list, then the plug-in is invoked.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.561

Other

Single-valued attribute.

8.2.356 orclPluginTiming

orclPluginTiming specifies when the plug-in is to be invoked in relation to the LDAP operation it supplements.

The following values are allowed:

PRE
WHEN
POST

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.558

Other

Single-valued attribute.

8.2.357 orclPluginType

The valid value of this attribute is operational — Operational plug-ins augment existing LDAP operations. The work they perform depends on whether they execute before, after, or in addition to normal directory server operations.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.553

Other

Single-valued attribute.

8.2.358 orclPluginVersion

orclPluginVersion indicates the supported version number of the plug-in.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.555

Other

Single-valued attribute.

8.2.359 OrclPluginWorkers

OrclPluginWorkers specifies the number of plug-in threads per server process.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.612

8.2.360 orclPrName

orclPrName stores a process name.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.55

Other

orclPurgeInterval is the time interval in hours that the garbage collection job is executed again.

This can be measured from either the point in time specified in the orclPurgeStart attribute or from the last time it was run. Default value is 24.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.801

Other

Single-valued attribute.

8.2.370 orclPurgeNow

Every time this attribute is added or modified to a garbage collection entry, then the submitted job is executed immediately.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.809

Other

Single-valued attribute.

8.2.371 orclPurgePackage

orclPurgePackage specifies the package name for purging directory objects.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.804

Other

Single-valued attribute.

8.2.372 orclPurgeSchedule

orclPurgeSchedule specifies the schedule for purging directory objects.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integermatch

Object ID

2.16.840.1.113894.1.1.24

Other

Single-valued attribute.

DSA operational attribute.

8.2.373 orclPurgeStart

orclPurgeStart is the time when the garbage collector starts to run. The format is yyyymmddhhmmss. Default value is 12:00 a.m. of the day Oracle Internet Directory is installed.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.813

Other

Single-valued attribute.

8.2.374 orclPurgeTargetAge

This attribute enables time-based purging of change log records. Set this to the number of hours after which old change logs are purged. Time-based purging respects the change status of replication, but not the change status of other consumers. When time-based purging is enabled, the change log garbage collector purges all change logs that are not needed by replication and that are at least the specified number of hours old.

The default behavior is change number-based purging, meaning this attribute is NULL or set to a value less than zero. Change number-based purging respects the change status of all change log consumers. That is, it does not purge change logs unless they have been consumed by all consumers. In addition, it does not purge change logs until they are 10 days old.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.800

Other

Single-valued attribute.

8.2.375 orclPurgeTranSize

orclPurgeTranSize is the number of objects to be purged in one commit transaction. The default value is 1000.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.802

Other

Single-valued attribute.

8.2.376 orclPwdAccountUnlock

orclPwdAccountUnlock allows a user with the appropriate administration rights and privileges to unlock an already locked account. However, it doesn't necessarily imply that the user affected (that is, who's account was locked) can unlock it by changing this attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.203

Other

Single-valued attribute.

8.2.377 orclPwdAllowHashCompare

orclPwdAllowHashCompare determines whether to allow password validations by comparing the hash values of encrypted passwords. The Allowed values are TRUE or FALSE.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.218

Other

Single-valued attribute.

8.2.378 orclPwdAlphaNumeric

orclPwdAlphaNumeric indicates number of numeric characters required in a password. The default value is 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.205

Other

Single-valued attribute.

8.2.379 orclPwdEncryptionEnable

orclPwdEncryptionEnable takes values 1 and 0. If the value is 1, then the user password is stored in reversible encrypted form. If the value is 0, then the user password is stored in plain text.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.215

orclPwdIPLockout decides whether to enable account lockouts for a specific IP address. The value can be 1 (for true) or 0 (for false).

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.200

Other

Single-valued attribute.

8.2.384 orclPwdIPLockoutDuration

orclPwdIPLockoutDuration indicates the number of seconds you want to enforce account lockout for a specific IP address. A user account stays locked even after the lockout duration has passed unless the user binds with the correct password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.201

Other

Single-valued attribute.

8.2.385 orclPwdIPMaxFailure

orclPwdIPMaxFailure indicates the maximum number of failed logins from a specific IP address after which the account is locked.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.202

Other

Single-valued attribute.

8.2.386 orclpwdmaxinactivitytime

orclpwdmaxinactivitytime indicates the maximum period of time in seconds after which an inactive account is automatically locked.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.379

Other

Single-valued attribute.

8.2.387 orclPwdMaxRptchars

orclPwdMaxRptchars indicates the maximum number of times a single character type can be repeated in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.415

Other

Single-valued attribute.

8.2.388 orclPwdMinAlphachars

orclPwdMinAlphachars indicates the minimum number of alphabetic characters required in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.411

Other

Single-valued attribute.

8.2.389 orclPwdMinSpecialchars

orclPwdMinSpecialchars indicates minimum number of non-alphanumeric characters required in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.412

Other

Single-valued attribute.

8.2.390 orclPwdMinUppercase

orclPwdMinUppercase indicates the minimum number of uppercase characters required in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.413

Other

Single-valued attribute.

8.2.391 orclpwdminlowercase

orclpwdminlowercase indicates the minimum number of lowercase characters required in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.414

Other

Single-valued attribute.

8.2.392 orclPwdPolicyEnable

orclPwdPolicyEnable determines whether to enable or disable the password policy. The value can be are 1 (for enable) or 0 (for disable).

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.213

Other

Single-valued attribute.

8.2.393 orclPwdTrackLogin

orclPwdTrackLogin enables or disables tracking of user's last login time; 1 for enabling and 0 for disabling (default).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.377

Other

Single-valued attribute

8.2.394 orclPwdVerifierParams

orclPwdVerifierParams contains the values of different password verifier types.

For example:

orclpwdverifierparams;authpassword: crypto:SASL/MDS $ realm:dc=com

orclpwdverifierparams;orclpasswordverifier: crypto:ORCLLM

orclpwdverifierparams;authpassword: crypto:ORCLWEBDAV $ realm:dc=com

Syntax

1.3.6.1.4.1.1466.115.121.1.15{256} (Directory String, 256 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.209

8.2.395 orclQosConfig

Mechanism to dynamically configure throttling polices.

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.920

Other

Multi-valued attribute

8.2.396 orclQueueDepth

orclQueueDepth indicates the queue depth.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.144

Other

Single-valued attribute.

8.2.397 orclQueueLatency

orclQueueLatency defines the queue latency.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.145

Other

Single-valued attribute.

8.2.398 orclReadWaitThreads

orclReadWaitThreads specifies the number of Oracle Internet Directory server threads waiting to read from the network.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.142

Other

Single-valued attribute.

8.2.399 orclReqAttrCase

orclReqAttrCase disables or enables preserving the letter case of required attributes in search result. Allowed values are 0 (disable) or 1 (enable). The default value is 0.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.423

Other

Single-valued attribute

8.2.400 orclrefreshdgrmems

orclrefreshdgrmems refreshes Dynamic Group Memberships.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch (Integer)

Object ID

2.16.840.1.113894.1.1.416

Other

Single-valued attribute

8.2.401 orclReplAgreements

orclReplAgreements indicates the DNs of the replication agreement entries.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.105

8.2.402 orclReplAttrConfl

orclReplAttrConfl specifies whether timestamp or attribute version should be honored first during attribute level conflict resolution. 0 (default): timestamp first, 1: version number first

Syntax

1.3.6.1.4.1.1466.115.121.1.27(Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.899

Other

Single valued attribute

8.2.403 orclreplautotune

orclreplautotune is used to dynamically vary the number of threads assigned to transport and apply tasks based on load.

The value 0 indicates Off and 1 indicates On. If you set the server to auto tune, you must specify the number of maximum number of threads to be shared between these tasks. Restart server after changing.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.827

8.2.404 orclReplicaDN

orclReplicaDN is the DN of the consumer replica in the replication agreement. This applies for LDAP-based replication only.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.817

8.2.405 orclReplicaID

orclReplicaID is the naming attribute for the replica subentry.

Its value is unique to each directory server node that is initialized at installation. The value of this attribute, assigned during installation, is unique to each directory node, and matches that of the orclreplicaID attribute at the root DSE. You cannot modify this value.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.106

Other

Single-valued attribute.

8.2.406 orclReplicaSecondaryURI

orclReplicaSecondaryURI contains the set of ldapURI formatted addresses that can be used if the orclReplicaURI values cannot be used.

See orclReplicaURI.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

2.16.840.1.113894.1.1.815

8.2.407 orclReplicaState

orclReplicaState defines the state of the replica.

Possible values are:

0 (boot strapping)
1 (online)
2 (offline)
3 (bootstrap in progress)
4 (bootstrap in progress, cn=oraclecontext bootstrap has completed)
5 (bootstrap completed, failure detected for one or more naming contexts)
6 (database copy based add node)
7 (sync schema)
8 (boot strap without schema sync)

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.818

Other

Single-valued attribute.

8.2.408 orclreplicationid

orclreplicationid is a unique identifier of a one-way, two-way, or peer-to-peer replication group.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.509

8.2.409 orclReplicationProtocol

orclReplicationProtocol defines the replication protocol for change propagation to replica.

It takes the following value:

ODS_LDAP_1.0 (LDAP-based replication)

You cannot modify this attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.29

Other

Single-valued attribute.

8.2.410 orclReplicationState

orclReplicationState indicates the activation state of the replication server. 0 indicates Inactive and 1 indicates Active.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.831

8.2.411 orclReplicaType

orclReplicaType defines the type of replica such as read-only or read/write.

Possible values are:

0 (Read/Write)
1 (Read-Only)

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.816

Other

Single-valued attribute.

8.2.412 orclReplicaURI

orclReplicaURI contains information in ldapURI format that can be used to open a connection to this replica.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

2.16.840.1.113894.1.1.814

Other

Single-valued attribute.

8.2.413 orclReplicaVersion

orclReplicaVersion is the Oracle Internet Directory version of the replica.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.820

Other

Single-valued attribute.

8.2.414 orclreplmaxworkers

orclreplmaxworkers indicates maximum number of worker threads. Required if orclreplautotune is set.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.826

8.2.415 orclreplusesasl;digest-md5

orclreplusesasl;digest-md5 indicates usage of SASL for replication binds.

Values are auth, auth-int, and auth-conf.

Syntax

Directory String

Matching Rule

caseIgnoreMatch; caseIgnoreSubstringMatch

Object ID

2.16.840.1.113894.1.1.829

8.2.416 orclResourceIdentifier

orclResourceIdentifier stores the resource identifier.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.348

8.2.417 orclResourceName

orclResourceName specifies the name of the resource for which the connection information is being maintained.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.350

8.2.418 orclResourceTypeName

orclResourceTypeName specifies the name of the resource, for example, database, XMLPDS, JDBCPDS.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.351

8.2.419 orclResourceViewers

orclResourceViewers lists the users or groups of users who can view a Resource Access Descriptor.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.366

8.2.420 orclRevPwd

orclRevPwd contains the reversible encrypted value of the user password.

This attribute is generated only if the attribute value of orclPwdEncryptionEnable in the password policy entry is set to 1. This attribute cannot be queried.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.216

Other

Directory operational attribute.

Not user modifiable.

8.2.421 orclrienabled

orclrienabled enables referential integrity. 0: disabled, 1: enabled.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.1300

Other

Single-valued attribute

8.2.422 orclrscacheattr

orclrscacheattr is the multi-valued attribute that specifies the Result Set Cache attributes.

Default values are:

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
orclrscacheattr: uid
orclrscacheattr: mail
orclrscacheattr: cn
orclrscacheattr: orclguid

Note:

Typically these attributes are not modified for the life of the entry. If an attribute has referential integrity enabled, that attribute should not be used.

Syntax

1.3.6.1.4.1.1466.115.121.1.44

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.624

Other

Multi-valued attribute.

8.2.423 orclTraceConnDN

If orclDebugFlag is set to a value other than zero (0) and orclTraceConnDN specifies one or more connection DNs, Oracle Internet Directory server logs messages only for connections with specified DNs. Other messages are ignored.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.1051

Other

Multi-valued attribute.

8.2.424 orclTraceConnIP

If orclDebugFlag is set to a value other than zero (0) and orclTraceConnIP specifies one or more connection IP addresses, Oracle Internet Directory server logs messages only for operations performed by the specified connection IP addresses. Other messages are ignored.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.1052

Other

Multi-valued attribute.

8.2.425 orclSAMAccountName

orclSAMAccountName stores the value of Active Directory's SAMAccountName attribute.

In Oracle Internet Directory, this attribute is defined as a directory string type. However, in Active Directory this attribute cannot accept any special or non-printable characters. If any entry is added in Oracle Internet Directory with this attribute, it can only contain a simple text string or synchronization from Oracle Internet Directory to Active Directory will fail.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.903

Other

Single-valued attribute.

8.2.426 orclSASLAuthenticationMode

orclSASLAuthenticationMode indicates different modes depending on the type of authentication required and the level of security, such as, auth-only, auth-int, or auth-conf.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.700

Other

Single-valued attribute.

8.2.427 orclSASLCipherChoice

orclSASLCipherChoice contains the SASL cipher choice. When the authentication mode is auth-conf, the SASL cipher choices can be 3DES, DES, RC4, RC4-56, or RC4-40.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

orclSecondaryUID indicates the secondary UID of a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.360

8.2.434 orclSequence

orclSequence specifies the sequence number for audit log entries.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.62

8.2.435 orclServerAvgMemGrowth

orclServerAvgMemGrowth specifies the Oracle Internet Directory server process memory growth as a percentage.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.148

Other

Single-valued attribute.

8.2.436 orclServerMode

orclServerMode specifies if data can be written to the server.

Valid values are:

r (read-only)
rw (read/write)
rm (read-modify, that is, to read and modify, but not to add or delete)

The default value is rw.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.51

Other

Single-valued attribute.

8.2.437 orclServerProcs

orclServerProcs indicates the number of server processes to start. The default for configset0 is 1. You cannot use a negative value for this attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.364

Other

Single-valued attribute.

8.2.438 orclServiceInstanceLocation

orclServiceInstanceLocation specifies the DN of an instance of a service.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseExactMatch

Object ID

2.16.840.1.113894.1.1.1102

Other

orclsimplemodchglogattributes contains the list of multivalued attributes that, when changed, cause a simplified change log to be generated.

Syntax

DN

Matching Rule

DistinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.823

8.2.445 orclSizeLimit

orclSizeLimit indicates the maximum number of entries to be returned by a search.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.10

Other

Single-valued attribute

8.2.446 orclSkewedAttribute

orclSkewedAttribute contains names of attributes which are skewed. A skewed attribute has very different search response times depending on its value. You can uniform the response times for searches for such an attribute by adding it as a value of the orclskewedattribute attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.405

8.2.447 orclSkipRefInSQL

orclSkipRefInSQL specifies whether to skip referral in SQL generated for searches. Its default value is 0. Set it to 1 if there are no referral entries in the directory; this will help optimizing search performance.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.410

Other

Single-valued attribute

8.2.448 orclSkipSpecialInFilter

Evaluates whether Oracle Internet Directory should skip the processing of special characters specified in filter values during a search operation. Its default value is 0.

0: Process the special characters specified in the filter value.

1: Do not process the special characters specified in the filter value.

Syntax

1.3.6.1.4.1.1466.115.121.1.44

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.629

Other

orclSSLAuthentication indicates the type of SSL authentication to use for this instance of Oracle Internet Directory server. The default value of 1, specifies no SSL authentication. Different instances can have different values. One-way and two-way SSL authentication requires a wallet.

You may use one of the following three values:

1 = Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. If you selected the SSL Enabled check box on the Credentials tab, and choose this option, then only SSL encryption/decryption is used.
32 = One-way authentication. Only the directory server authenticates itself to the client by sending its certificate to the client.
64 = Two-way authentication. Both client and server send certificates to each other.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.13

Other

Single-valued attribute

8.2.453 orclSSLCipherSuite

A cipher suite is a set of authentication, encryption, and data integrity algorithms used for exchanging messages between network nodes. During an SSL handshake, the two nodes negotiate to see which cipher suite they will use when transmitting messages back and forth.

The following cipher suites are supported:

Table 8-3 SSL Cipher Suites Supported in Oracle Internet Directory

Cipher Suite	Authentication	Encryption	Data Integrity
SSL_RSA_WITH_3DES_EDE_CBC_SHA	RSA	3DES	SHA
SSL_RSA_WITH_RC4_128_SHA	RSA	RC4	SHA
SSL_RSA_WITH_RC4_128_MD5	RSA	RC4	MD5
SSL_RSA_WITH_DES_CBC_SHA	RSA	DES	SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5	RSA	RC4_40	MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	RSA	DES40	SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA	None	3DES	SHA
SSL_DH_anon_WITH_RC4_128_MD5	None	RC4	MD5
SSL_DH_anon_WITH_DES_CBC_SHA	None	DES	SHA
SSL_RSA_WITH_AES_128_CBC_SHA	RSA	AES	SHA
SSL_RSA_WITH_AES_256_CBC_SHA	RSA	AES	SHA

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum.

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.19

8.2.454 orclSSLEnable

orclSSLEnable is the flag for enabling or disabling SSL. Use this flag when you use different instances of the same server for either SSL or non-SSL.

Allowed values are:

0—for non-secure operation only
1—for SSL authentication only
2— for both non-secure operation and SSL authentication

The default value is 2.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.14

Other

Single-valued attribute

8.2.455 orclsslinteropmode

orclsslinteropmode allows you to enable SSL interoperability with Oracle legacy applications using no-auth mode.

Starting with Oracle Internet Directory 11g Release 1 (11.1.1.7.0), the default value is disabled (orclsslinteropmode = 0), in order to be fully compliant with the JDK SSL.

In no-auth mode, Oracle legacy components developed before 11g Release 1 (11.1.1.0.0) such as legacy LDAP C clients can connect with Oracle Internet Directory only by using an instance that has interoperability mode enabled (orclsslinteropmode = 1).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.422

Other

Single-valued attribute

8.2.456 orclSSLPort

orclSSLPort is the default SSL port for the directory server. The Default value is 3133.

When you run the directory in the secure mode, it listens at default port 3133 and accepts only SSL-based TCP/IP connections. (When you run the directory in the normal mode, it listens at default port 389, accepting normal TCP/IP connections.) You might want to change this port when you add multiple LDAP server instances.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.17

Other

Single-valued attribute

8.2.457 orclSSLVersion

orclSSLVersion is the SSL version. The default value is 3.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.18

Other

Single-valued attribute

8.2.458 orclSSLWalletURL

orclSSLWalletURL sets the location of the Oracle Wallet.

You initially set this value when you create the wallet. If you elect to change the location of the Oracle Wallet, you must change this parameter. You must set the wallet location on both the client and the server. For example, on UNIX, you could set this parameter as follows:

file:/home/my_dir/my_wallet

On Microsoft Windows, you could set this parameter as follows:

file:C:\my_dir\my_wallet

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.15

Other

Depending on the context of the object that it is applied to, like a service, orclStatus indicates if the service is available or not.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.9.1.9

8.2.465 orclSUAccountLocked

orclSUAccountLocked determines whether a superuser account is locked.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.192

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.466 orclSubscriberDisable

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.100

Other

Single-valued attribute.

8.2.467 orclSubscriberFullName

orclSubscriberFullName stores the full name of the configured realm.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.333

Other

Single-valued attribute.

8.2.468 orclSubscriberNickNameAttribute

orclSubscriberNickNameAttribute stores a name of an attribute that holds the unique identifier of a realm.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.302

Other

orclSULoginFailureCount indicates the number of failed login attempts for the directory superuser.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.191

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.474 orclSUName

orclSUName is the distinguished name of the directory superuser account, for example, cn=orcladmin.

Syntax

1.3.6.1.4.1.1466.115.121.1.12

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.8

Other

Single-valued attribute.

8.2.475 orclSUPassword

orclSUPassword is the Oracle Internet Directory superuser password.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.9

Other

Single-valued attribute.

8.2.476 orclSystemName

orclSystemName identifies the host name on which a particular instance of a service is running.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.7.1.3

Other

Single-valued attribute.

8.2.477 orclTcpConnToClose

orclTcpConnToClose specifies the number of clients for which the Oracle Internet Directory server will close TCP connections.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.153

Other

Single-valued attribute.

8.2.478 orclTcpConnToShutDown

orclTcpConnToShutDown specifies the number of clients for which the Oracle Internet Directory server will shut down TCP connections.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.152

Other

Single-valued attribute.

8.2.479 orclThreadSpawnFailed

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.154

Other

Single-valued attribute.

8.2.480 orclThreadsPerSupplier

orclThreadsPerSupplier specifies the number of threads per supplier for the Oracle directory replication server.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integermatch

Object ID

2.16.840.1.113894.1.1.31

Other

DSA operational attribute.

8.2.481 orclTimeLimit

orclTimeLimit indicates the maximum number of seconds allowed for a search to be completed. The default value is 3600.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.65

Other

orclTrustedApplicationGroup identifies the DN of the group that list all the applications that specific application trusts for Service to Service Authentication.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.368

8.2.491 orclTraceMode

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.175

Other

Single-valued attribute.

8.2.492 orclTxnMaxOperations

orclTxnMaxOperations indicates the maximum number of operations allowed in a transaction.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.381

Other

Single-valued attribute

8.2.493 orclTxnTimeLimit

orclTxnTimeLimit indicates maximum allowed time in a transaction (sec).

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.380

Other

Single-valued attribute

8.2.494 orclUIAccessibilityMode

orclUIAccessibilityMode is set to TRUE to display a user interface that is accessible to people with impaired vision.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.367

Other

Single-valued attribute.

8.2.495 orclUniqueAttrName

orclUniqueAttrName is the name of an attribute that you want to be unique. Autoboot uniqueness means that each entry must have a unique value for this attribute type.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.500

Other

Single-valued attribute.

8.2.496 orclUniqueEnable

orclUniqueEnable disables or enables attribute uniqueness constraints. Allowed values are 0 (disable) or 1 (enable). The default value is 0.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.508

Other

Single-valued attribute.

8.2.497 orclUniqueObjectClass

orclUniqueObjectClass specifies an object class filter for an attribute uniqueness constraint entry.

This means the attribute specified in orclUniqueAttrNamemust be unique in an instance of this object class.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.503

Other

Single-valued attribute.

8.2.498 orclUniqueScope

orclUniqueScope indicates the scope of the attribute uniqueness constrain in the DIT.

Allowed values are:

base—Searches the root entry only
onelevel—Searches one level only
sub—Searches the entire directory

The default value is sub.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.501

Other

Single-valued attribute.

8.2.499 orclUniqueSubtree

When multiple attribute uniqueness constraints have the same values in orclUniqueAttrName, orclUniqueScope and orclUserObjectClasses, but different values in orcluniquesubtree, the union of subtree scopes specified by those attribute uniqueness constraints is checked.

When multiple attribute uniqueness constraints have the same values in orclUniqueAttrName, orclUniqueScope and orclUserObjectClasses, but different values in orcluniquesubtree, the union of subtree scopes specified by those attribute uniqueness constraints is checked.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.502

Other

Single-valued attribute.

8.2.500 orclUnsyncRevPwd

orclUnsyncRevPwd stores a password that is not synchronized with the entry in the userpassword.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.217

Other

Directory operational attribute.

Not user modifiable.

8.2.501 orclUpdateSchedule

orclUpdateSchedule is the replication update interval for new changes and those being retried. The value is in seconds.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integermatch

Object ID

2.16.840.1.113894.1.1.30

Other

Directory operational attribute.

Not user modifiable.

Single-valued attribute.

8.2.502 orclUpgradeInProgress

orclUpgradeInProgress determines whether rolling upgrade is in progress.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.104

Other

Single-valued attribute.

8.2.503 orclUserDN

orclUserDN is the distinguished name (DN) of the user who performed an operation.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.61

8.2.504 orclUserIDAttribute

orclUserIDAttribute specifies the attribute to use as the user identifier value when accessing the resource.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.352

Other

Single-valued attribute.

8.2.505 orclUserModifiable

orclUserModifiable specifies if the data is modifiable by the user that this resource access descriptor entry is created for.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

orclWorkflowNotificationPref identifies workflow notification preferences for a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.313

8.2.511 orclWriteWaitThreads

orclWriteWaitThreads specifies the number of Oracle Internet Directory server threads waiting to write to the network.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.143

Other

Single-valued attribute.

8.2.512 owner

owner specifies the distinguished name (DN) of some object which has some responsibility for the associated object.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.5.4.32

8.2.513 pilotStartTime

pilotStartTime indicates the time stamp of when pilot mode was started for a replica.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

2.16.840.1.113894.1.1.825

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.514 preferredServerList

preferredServerList contains the IP addresses of the preferred servers that a directory user agent should use in a space separated list.

The servers in this list are tried in order before those in the defaultServerList until a successful connection is made. This has no default value. At least one server must be specified in either preferredServerList or defaultServerList.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (Printable String)

Matching Rule

caseIgnoreIA5Match

Object ID

1.3.6.1.4.1.11.1.3.1.1.2

Other

Single-valued attribute.

8.2.515 profileTTL

profileTTL is the time to live before a client directory user agent (DUA) should re-read this configuration profile.

The values for profileTTL can be zero, to indicate no expiration, or a positive integer combined with one of the following letters to indicate the unit of measure:

d: indicates days

h: indicates hours

m: indicates minutes

s: indicates seconds

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.11.1.3.1.1.7

Other

Single-valued attribute.

8.2.516 protocolInformation

This attribute is used in conjunction with the presentationAddress attribute, to provide additional information to the Open System Interconnection (OSI) network service.

Syntax

1.3.6.1.4.1.1466.115.121.1.42 (Protocol Information)

Matching Rule

protocolInformationMatch

Object ID

2.5.4.48

8.2.517 pwdAccountLockedTime

pwdAccountLockedTime indicates the time stamp of when a user's account was locked.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.17

Other

Single-valued attribute.

Directory operational attribute.

No user modification.

8.2.518 pwdAllowUserChange

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.14

Other

Single-valued attribute.

8.2.519 pwdChangedTime

pwdChangedTime indicates the time stamp indicating when the user's current password was created or modified.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.16

Other

Single-valued attribute.

Directory operational attribute.

No user modification.

8.2.520 pwdCheckSyntax

pwdCheckSyntax takes value 1 and 0. A value of 1 (default) means passwords are checked for syntax errors. A value of 0 means syntax checking is disabled.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.5

Other

Single-valued attribute.

8.2.521 pwdExpirationWarned

pwdExpirationWarned indicates the time stamp when the first password expiration warning was sent to the user.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.18

Other

Directory operational attribute.

No user modification.

8.2.522 pwdExpireWarning

pwdExpireWarning indicates the number of seconds before a password expires that a warning should be sent to the user.

The user will see the warning when they attempt to log on during the warning period. If the user does not modify the password before it expires, the user is locked out until the password is changed by the administrator. The default value is 0, which means no warnings are sent.

For this feature to work, the client application must support it.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.7

Other

Single-valued attribute.

8.2.523 pwdFailureCountInterval

pwdFailureCountInterval indicates the number of seconds after which the password failure times are purged from the user entry. If this attribute is not present, or if it has a value of 0, then failure times are never purged. The default value is 0.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.12

Other

Single-valued attribute.

8.2.524 pwdFailureTime

pwdFailureTime indicates the time stamp of consecutive failed login attempts by the user.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.19

Other

Directory operational attribute.

No user modification.

8.2.525 pwdGraceLoginLimit

pwdGraceLoginLimit indicates the maximum number of grace logins allowed after a password expires. The default value is 0 (no grace logins allowed). The recommended value is 3.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.8

Other

Single-valued attribute.

8.2.526 pwdGraceLoginTimeLimit

pwdGraceLoginTimeLimit is the number of seconds after account lockout to allow grace logins.

Syntax

1.3.6.1.4.1.1466.115.121.1.27(Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.418

Other

Single-valued attribute.

8.2.527 pwdGraceUseTime

pwdGraceUseTime indicates the time stamps of each grace login for a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.21

Other

Directory operational attribute.

No user modification.

8.2.528 pwdHistory

pwdHistory contains a history of a user's previous passwords.

The number of passwords stored in the history is determined by the pwdInHistory attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.20

Other

Single-valued attribute.

Directory operational attribute.

No user modification.

8.2.529 pwdInHistory

pwdInHistory indicates the number of previous passwords to be stored in the password history.

See pwdHistory. If a user attempts to reuse one of the passwords stored in the history, then the password is rejected. The default value is 0 (no previous passwords stored in the history).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.4

Other

Single-valued attribute.

8.2.530 pwdLockout

pwdLockout is the specification to determine whether users are locked out of the directory after the number of consecutive failed bind attempts specified by pwdMaxFailure.

If the value of this policy attribute is TRUE, then users are locked out. If this attribute is not present, or if the value is FALSE, then users are not locked out and the value of pwdMaxFailure is ignored. By default, account lockout is enforced.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.9

Other

Single-valued attribute.

8.2.531 pwdLockoutDuration

pwdLockoutDuration indicates the number of seconds a user is locked out of the directory on certain conditions as stated in the section below.

The number of seconds a user is locked out of the directory if both of the following are true:

Account lockout is enabled.
The user has been unable to bind successfully to the directory for at least the number of times specified by pwdMaxFailure.

You can set user lockout for a specific duration, or until the administrator resets the user's password. A default value of 0 (zero) means that the user is locked out forever. A user account stays locked even after the lockout duration has passed unless the user binds with the correct password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.10

Other

Single-valued attribute.

8.2.532 pwdMaxAge

pwdMaxAge indicates the maximum number of seconds that a given password is valid. If this attribute is not present, or if the value is 0 (zero), then the password does not expire. By default, the passwords expire in 60 days.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.3

Other

Single-valued attribute.

8.2.533 pwdMaxFailure

pwdMaxFailure indicates the number of consecutive failed bind attempts after which a user account is locked. If this attribute is not present, or if the value is 0 (zero), then the account is not locked due to failed bind attempts, and the value of the password lockout policy is ignored. The default is 4.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.11

Other

Single-valued attribute.

8.2.534 pwdMinAge

pwdMinAge holds the number of seconds that must elapse between modifications to the password. If this attribute is not present, 0 seconds is assumed.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.2

Other

Single-valued attribute.

8.2.535 pwdMinLength

pwdMinLength is the minimum number of characters required in a password. The default is 5. The value for this attribute must be at least 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.6

Other

Single-valued attribute.

8.2.536 pwdMustChange

pwdMustChange is an indicator of whether users must change their passwords after the first login, or after the password is reset by the administrator.

Enabling this option requires users to change their passwords even if user-defined passwords are disabled. By default, users need not change their passwords after reset. Allowed values are 1 (true) or 0 (false).

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.13

Other

Single-valued attribute.

8.2.537 pwdpolicysubentry

pwdpolicysubentry is the DN of the password policy applicable at the subtree rooted at this DN.

Syntax

1.3.6.1.4.1.1466.115.121.1.34

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.417

8.2.538 pwdReset

pwdReset is an indicator that the password has been reset and must be changed by the user on first authentication. Allowed values are TRUE or FALSE.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.22

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.539 pwdSafeModify

pwdSafeModify is an indicator of whether user must supply old password with new one when modifying password. By default, the old password is not required. Allowed values are TRUE or FALSE.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.15

Other

Single-valued attribute.

8.2.540 ref

ref is a named reference.

Values placed in the attribute must conform to the specification given for the labeledURI attribute (RFC 2079).

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

2.16.840.1.113730.3.1.34

Other

DSA operational attribute.

8.2.541 seeAlso

seeAlso specifies the distinguished names of other directory objects which may be other aspects (in some sense) of the same real world object.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.5.4.34

8.2.542 serverName

serverName is the name of the server involved in an Oracle Directory Integration and Provisioning change subscription.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

caseignoresubstringsmatch

Object ID

2.16.840.1.113894.1.1.34

8.2.543 serviceAuthenticationMethod

serviceAuthenticationMethod is the authentication method for the service.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.11.1.3.1.1.15

8.2.544 serviceCredentialLevel

serviceCredentialLevel is the credential level to be used by a service. The default value for all services is NULL. The supported credential levels are anonymous or proxy.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.11.1.3.1.1.13

8.2.545 serviceSearchDescriptor

serviceSearchDescriptor defines how and where an LDAP naming service client should search for information for a particular service. It contains a service name, followed by one or more semicolon-separated base-scope-filters.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

1.3.6.1.4.1.11.1.3.1.1.8

8.2.546 sn

sn is the surname or last name of a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{32768} (Directory String, 32768 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.5.4.4

8.2.547 supportedcontrol

supportedcontrol is a list of controls supported by directory server.

Syntax

OID

Object ID

1.3.6.1.4.1.1466.101.120.13

8.2.548 supportedextension

supportedextension is a list of extended operation supported.

Syntax

OID

Object ID

1.3.6.1.4.1.1466.101.120.7

8.2.549 supportedldapversion

supportedldapversion is a list of LDAP versions supported.

Syntax

Integer

Object ID

1.3.6.1.4.1.1466.101.120.15

8.2.550 uniqueMember

uniqueMember is the distinguished name for the member of a group.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.5.4.50

8.2.551 supportedsaslmechanisms

supportedsaslmechanisms is a list of SASL mechanism supported.

Syntax

Directory String

Matching Rule

Object ID

1.3.6.1.4.1.1466.101.120.14

8.2.552 userCertificate;binary

It is the user’s certificate.

Syntax

1.3.6.1.4.1.1466.115.121.1.8 (Certificate)

Matching Rule

octetStringMatch

Object ID

2.5.4.36

8.2.553 userPassword

userPassword is the password used to authenticate a user to the directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.5.4.35

Other

Single-valued attribute.

8.2.554 userPKCS12

PKCS#12 PFX PDU for exchange of personal identity information.

Syntax

1.3.6.1.4.1.1466.115.121.1.5 (Binary)

Matching Rule

N/A

Object ID

2.16.840.1.113730.3.1.216

8.2.555 x509issuer

x509issuer is the DN of the certificate authority who issued the X.509 certificate revocation list.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

1.3.6.1.4.1.10126.1.5.3.4

8.1 Standard LDAP Attributes

8.2 Oracle Identity Management Attribute Reference

8.2.1 attributeMap

8.2.2 attributeTypes

8.2.3 authenticationMethod

8.2.4 authPassword

8.2.5 bindAuthPriv

8.2.6 bindTimeLimit

8.2.7 c

8.2.8 changeloginfo

8.2.9 changestatus

8.2.10 cn

8.2.11 contentRules

8.2.12 createTimestamp

8.2.13 creatorsName

8.2.14 credentialLevel

8.2.15 defaultSearchBase

8.2.16 defaultSearchScope

8.2.17 defaultServerList

8.2.18 description

8.2.19 displayName

8.2.20 followReferrals

8.2.21 javaClassName

8.2.22 jpegPhoto

8.2.23 krbPrincipalName

8.2.24 labeledURI

8.2.25 ldapSyntaxes

8.2.26 mail

8.2.27 matchingRules

8.2.28 middleName

8.2.29 modifiersName

8.2.30 modifyTimestamp

8.2.31 namingContexts

8.2.32 objectClass

8.2.33 objectClasses

8.2.34 objectClassMap

8.2.35 orclACI

8.2.36 orclACLResultsLatency

8.2.37 orclActivateReplication

8.2.38 orclActiveConn

8.2.39 orclActiveEndDate

8.2.40 orclActiveStartdate

8.2.41 orclActiveThreads

8.2.42 orclAgreementId

8.2.43 orclagreementtype

8.2.44 orclAnonymousBindsFlag

8.2.45 orclAppFullName

8.2.46 orclAppId

8.2.47 orclApplicationAddress

8.2.48 orclApplicationCommonName

8.2.49 orclApplicationType

8.2.50 orclAssocDB

8.2.51 orclAssocIasInstance

8.2.52 orclAttrACLEvalLatency

8.2.53 orclAudCustEvents

8.2.54 orclAudFilterPreset

8.2.55 orclAuditAttribute

8.2.56 orclAuditMessage

8.2.57 orclAudSplUsers

8.2.58 orclBERgenLatency

8.2.59 orclBlockDNIP

8.2.60 orclcachenotifyip

8.2.61 orclCatalogEntryDN

8.2.62 orclCategory

8.2.63 orclCertExtensionAttribute

8.2.64 orclCertExtensionOID

8.2.65 orclCertificateHash

8.2.66 orclCertificateMatch

8.2.67 orclCertMappingAttribute

8.2.68 orclChangeLogLife

8.2.69 orclChangeRetryCount

8.2.70 orclCommonAutoRegEnabled

8.2.71 orclCommonContextMap

8.2.72 orclCommonDefaultUserCreateBase

8.2.73 orclCommonGroupCreateBase

8.2.74 orclCommonNamingAttribute

8.2.75 orclCommonNicknameAttribute

8.2.76 orclCommonSASLRealm

8.2.77 orclCommonUserSearchBase

8.2.78 orclCommonVerifierEnable