Table of Contents
- List of Figures
- List of Tables
- Title and Copyright Information
- Preface
- What's New in This Guide?
-
Part I Overview of Oracle Unified Directory
-
1
Introduction to Oracle Unified Directory
- 1.1 Understanding Oracle Unified Directory
- 1.2 Overview of Directory Server
- 1.3 Overview of Proxy Server
- 1.4 Overview of the Replication Gateway
- 2 Understanding Deployment Scenarios Using the Directory Server
-
3
Understanding Deployments Using the Proxy Server
- 3.1 Understanding Your Proxy Deployment Type
-
3.2
Supported Proxy Deployments
- 3.2.1 Configuration 1: Simple Load Balancing
- 3.2.2 Configuration 2: Simple Distribution
- 3.2.3 Configuration 3: Failover Between Data Centers
- 3.2.4 Configuration 4: Distribution with Load Balancing
- 3.2.5 Configuration 5: Distribution with Failover Between Data Centers
- 3.2.6 Configuration 6: Enterprise User Security
- 3.2.7 Configuration 7: Multiple Replicated Proxies
- 3.2.8 Configuration 8: Virtualization
- 4 Understanding Mixed Deployments
-
1
Introduction to Oracle Unified Directory
-
Part II Oracle Unified Directory Concepts and Architecture
- 5 Understanding Oracle Unified Directory Concepts and Architecture
-
6
Understanding Oracle Unified Directory High Availability Deployments
- 6.1 Overview of High Availability
- 6.2 Understanding Availability and Single Points of Failure
-
6.3
Overview of Redundancy for High Availability
- 6.3.1 Understanding Redundancy at the Hardware Level
- 6.3.2 Understanding Redundancy at Directory Server Level Using Replication
- 6.3.3 Understanding the Use of Directory Proxy Server as Part of a Redundant Solution
- 6.3.4 Understanding the Use of Application Isolation for High Availability
- 6.3.5 Understanding How to Use the Replication Gateway for High Availability
- 6.4 Sample Topologies Using Redundancy for High Availability
-
7
Understanding the Oracle Unified Directory Replication Model
- 7.1 Overview of the Replication Architecture
- 7.2 Understanding the Replication Mechanism
- 7.3 Overview of Historical Information and Conflict Resolution
- 7.4 Overview of Schema Replication
- 7.5 Overview of Replication Status
- 7.6 About Replication Groups
-
7.7
Understanding Assured Replication
- 7.7.1 Need for Assured Replication
-
7.7.2
Supported Assured Replication Modes Configuration
- 7.7.2.1 Example of Using Safe Data Mode
- 7.7.2.2 Example of Using Safe Data Level = 1
- 7.7.2.3 Example of Using Safe Data Level = 2 (RS and DS on Different Hosts)
- 7.7.2.4 Example of Using Safe Data Level = 2 (RS and DS on Same Host)
- 7.7.2.5 Example of Using Safe Read Mode
- 7.7.2.6 Understanding Safe Read Mode and Replication Groups
- 7.7.2.7 Example of Using Safe Read Mode in a Single Data Center With One Group
- 7.7.2.8 Example of Using Safe Read Mode in a Single Data Center With More Than One Group
- 7.7.2.9 Example of Using Safe Read Mode in a Multi-Data Center Deployment
- 7.7.3 Understanding Assured Replication Connection Algorithm
- 7.7.4 Understanding Assured Replication and Replication Status
- 7.7.5 Understanding Assured Replication Monitoring
- 7.8 Overview of Fractional Replication
- 8 Understanding the Oracle Unified Directory Indexing Model
-
9
Understanding Access Control Model in Oracle Unified Directory
-
9.1
Understanding Access Control Principles
- 9.1.1 About Access Control
- 9.1.2 Overview of Access Control Instructions Structure
- 9.1.3 Configuring Directory Server Global Access Control Instructions
- 9.1.4 About Evaluation of Access Control Instructions
- 9.1.5 About Limitations of Access Control Instructions
- 9.1.6 About Replication of Access Control Instructions
- 9.1.7 About Anonymous Read Access ACI
-
9.2
Understanding the Syntax of Access Control Instructions
- 9.2.1 Overview of Access Control Instructions Syntax
-
9.2.2
Defining Targets
- 9.2.2.1 Overview of LDIF Target Keywords
- 9.2.2.2 Targeting a Directory Entry
- 9.2.2.3 Targeting Attributes in a Targeted Entry
- 9.2.2.4 Targeting Both an Entry and Attributes
- 9.2.2.5 Targeting Entries or Attributes Using LDAP Filters
- 9.2.2.6 Targeting Attribute Values Using LDAP Filters
- 9.2.2.7 Targeting a Single Directory Entry
- 9.2.2.8 Specifying the Scope of an ACI
- 9.2.2.9 Targeting LDAP Controls
- 9.2.2.10 Targeting LDAP Extended Operations
- 9.2.3 Setting Permissions
- 9.3 Understanding Bind Rules
-
9.4
Understanding Bind Rule Syntax
- 9.4.1 Overview of Bind Rule Syntax
-
9.4.2
Defining User Access (userdn Keyword)
- 9.4.2.1 About userdn Keyword
- 9.4.2.2 Defining General Access Using all Keyword
- 9.4.2.3 Defining Anonymous Access Using anyone Keyword
- 9.4.2.4 Defining Self Access Using self Keyword
- 9.4.2.5 Defining Parent Access Using parent Keyword
- 9.4.2.6 Specifying Users With LDAP URLs
- 9.4.2.7 Specifying Users With Wildcards
- 9.4.2.8 Specifying Users With a Logical OR of LDAP URLs
- 9.4.2.9 Excluding Specific LDAP URLs
- 9.4.3 Defining Group Access Using groupdn Keyword
-
9.4.4
Defining Access Based on Value Matching Using userattr Keyword
- 9.4.4.1 Overview of Bind-Type Format
- 9.4.4.2 Overview of Attribute-Value Format
- 9.4.4.3 Example for USERDN Bind Type
- 9.4.4.4 Example for GROUPDN Bind Type
- 9.4.4.5 Example for LDAPURL Bind Type
- 9.4.4.6 Example for Attribute Value
- 9.4.4.7 About Inheritance Level
- 9.4.4.8 Example for Inheritance
- 9.4.4.9 Adding Permissions to a User
- 9.4.5 Understanding How to Define Access From a Specific IP Address (ip Keyword)
- 9.4.6 Understanding How to Define Access From a Specific Domain Using dns Keyword
- 9.4.7 Understanding How to Define Access at a Specific Time of Day or Day of Week Using timeofday and dayofweek Keywords
- 9.4.8 Understanding How to Define Access Based on Authentication Method Using authmethod Keyword
- 9.4.9 Defining Access Based on a Connection's Security Strength Factor Using ssf Keyword
- 9.5 Compatibility With the Oracle Directory Server Enterprise Edition Access Control Model
- 9.6 Using Macro ACIs for Advanced Access Control
- 9.7 Understanding Virtual Access Control Instructions
-
9.1
Understanding Access Control Principles
- 10 Understanding the Oracle Unified Directory Schema Model
- 11 Understanding Root Users and the Privilege Subsystem
-
12
Understanding the Proxy, Distribution, and Virtualization Functionality
-
12.1
Accessing Remote Data Sources
- 12.1.1 Enabling LDAP Clients to Access Identity Data Stored in an RDBMS
- 12.1.2 Understanding How to Enable Communication with a Remote LDAP Server
- 12.2 Overview of Load Balancing Using the Proxy
- 12.3 Overview of Data Distribution Using the Proxy
-
12.4
Understanding Data Integration Using the Proxy
- 12.4.1 Understanding How to Retrieve All Attribute Values from an Active Directory Server
- 12.4.2 About Enterprise User Security Databases Integration
- 12.4.3 Overview of Enabling LDAP Clients to Update User Passwords Stored in Active Directory
-
12.4.4
Understanding Pass-Through Authentication
- 12.4.4.1 Overview of the Pass-Through Authentication Mechanism
- 12.4.4.2 Understanding the Pass-Through Authentication Configuration Model
- 12.4.4.3 Understanding the Pass-Through Authentication Configuration Parameters
- 12.4.4.4 Overview of Pass-Through Authentication Implementation for Different Servers
- 12.4.4.5 Understanding Implementation of Pass-Through Authentication for a Kerberos Server
- 12.4.5 Understanding Oracle Unified Directory Plug-Ins
- 12.4.6 Overview of Transforming Remote LDAP Server’s Global Unique Identifier Value
-
12.5
Understanding Virtualization
-
12.5.1
Using Entries from Multiple Directories
- 12.5.1.1 Understanding the Join Workflow Element
- 12.5.1.2 Understanding Join Participants
- 12.5.1.3 Overview of Join Rules
- 12.5.1.4 Overview of Join Policies
- 12.5.1.5 Understanding Supported Joiner Types
- 12.5.1.6 Understanding the Join Condition
- 12.5.1.7 About Virtual Attributes Creation
- 12.5.1.8 Overview of Attribute Flow Settings
- 12.5.1.9 About Bind Operations
- 12.5.1.10 About DN Attributes Translation
- 12.5.1.11 Configuring the Criticality of Join Participants
- 12.5.1.12 Understanding Enabled Operations
- 12.5.1.13 Understanding How to Cascade Write Operations to Secondary Participants
- 12.5.1.14 Understanding How to Use the Join Workflow Element to Implement Pass-Through Authentication
- 12.5.1.15 Handling LDAP Operations in Join Workflow Elements
- 12.5.2 Overview of Optimizing Search Results From Virtual Directories Using Workflow Elements
- 12.5.3 Understanding Addition of memberof User Attributes to person Entries
- 12.5.4 Overview of Renaming DNs Using the Proxy
- 12.5.5 Understanding How to Modify RDN Values Using the Proxy
- 12.5.6 Understanding How to Retrieve Attributes from a SAML Identity Provider Using SAML XASP
- 12.5.7 Understanding ForkJoin Workflow Element
- 12.5.8 Understanding DynamicGroups Workflow Element
-
12.5.1
Using Entries from Multiple Directories
- 12.6 Understanding the Global Index Catalog
-
12.7
Understanding the Transformation Framework
- 12.7.1 Overview of Transformation
-
12.7.2
Components of Transformation
-
12.7.2.1
Overview of Transformation Types
- 12.7.2.1.1 addOutboundAttribute Transformation Type
- 12.7.2.1.2 filterOutboundAttribute Transformation Type
- 12.7.2.1.3 addInboundAttribute Transformation Type
- 12.7.2.1.4 filterInboundAttribute Transformation Type
- 12.7.2.1.5 mapAttribute Transformation Type
- 12.7.2.1.6 Map Object Class Transformation Type
- 12.7.2.1.7 tokenize-attributeTransformation Type
- 12.7.2.2 Overview of Transformation Conditions
- 12.7.2.3 Defining Attribute Values for Transformation
-
12.7.2.1
Overview of Transformation Types
-
12.7.3
Examples of Transformation Use Case Configuration
- 12.7.3.1 Mapping Activation or Deactivation for a Specific Back End Directory
- 12.7.3.2 Mapping Object Classes by Using map-attribute Transformation Type
- 12.7.3.3 Mapping Object Classes by Using map-object-class Transformation Type
- 12.7.3.4 Adding Attributes to Source Object Class by Using map-object-class Transformation Type
- 12.7.3.5 Filtering Attributes from Source Object Class by Using map-object-class Transformation Type
-
12.1
Accessing Remote Data Sources
- 13 Understanding Identity Mapping in Oracle Unified Directory
-
14
Understanding Data Encryption in Oracle Unified Directory
- 14.1 What is Attribute Encryption?
- 14.2 Understanding Attribute Encryption
- 14.3 Understanding Encryption Algorithms
- 14.4 Understanding Encryption in Index Keys
- 14.5 Understanding Encryption in Replication Topology
- 14.6 Considerations for Attribute Encryption Usage
- 14.7 Configuring Attribute Encryption
- 14.8 Configuring Attribute Encryption in Replication Enabled Topology
- 14.9 Encryption or Re-encryption of Existing Data
- 14.10 Use Case Scenarios
-
Part III Basic Administration
-
15
Starting and Stopping the Server
- 15.1 Starting the Server
- 15.2 Stopping the Server
- 15.3 Checking the Server Status
- 15.4 Running the Server as a Non-Root User
- 15.5 Starting and Stopping Oracle Unified Directory Instance Created Within the Domain
-
16
Accessing Oracle Unified Directory Using OUDSM
- 16.1 Invoking OUDSM
- 16.2 Connecting to the Server Using OUDSM
- 16.3 Displaying Server Information Using OUDSM
-
17
Configuring the Server Instance
-
17.1
Managing the Server Configuration Using dsconfig
- 17.1.1 Using the dsconfig Command
- 17.1.2 Using dsconfig in Interactive Mode
- 17.1.3 Getting Help With dsconfig
-
17.1.4
Configuring a Server Instance Using dsconfig
- 17.1.4.1 Viewing the Properties of a Component
- 17.1.4.2 Listing Components
- 17.1.4.3 Understanding How Server Changes Are Recorded
- 17.1.4.4 Creating a Component
- 17.1.4.5 Modifying Component Properties
- 17.1.4.6 Modifying the Values of a Multi-Valued Property
- 17.1.4.7 Deleting a Component
- 17.1.4.8 Using dsconfig in Batch Mode
- 17.1.5 Configuring Connection Handlers Using dsconfig
-
17.1.6
Configuring Network Groups Using dsconfig
- 17.1.6.1 About Network Group Creation
- 17.1.6.2 Creating Network Groups
- 17.1.6.3 Modifying Network Group Properties
-
17.1.6.4
Creating a Network Group Quality of Service Policy
- 17.1.6.4.1 Creating a Request Filtering Quality of Service Policy
- 17.1.6.4.2 Creating a Resource Limit Quality of Service Policy
- 17.1.6.4.3 Creating an Affinity Quality of Service Policy
- 17.1.6.4.4 Creating a Referral Quality of Service Policy
- 17.1.6.4.5 Creating a Subtree Access Control Quality of Service Policy
- 17.1.6.5 Modifying a Network Group Quality of Service Policy
- 17.1.6.6 Relocating the Root DSE Entry for a Network Group
- 17.1.6.7 Customizing the Root DSE Entry for a Network Group
- 17.1.7 Configuring Workflows Using dsconfig
- 17.1.8 Configuring Workflow Elements Using dsconfig
- 17.1.9 Configuring Plug-Ins Using dsconfig
- 17.1.10 Configuring Suffixes with dsconfig
- 17.1.11 Configuring Access Control Groups With dsconfig
- 17.2 Managing Suffixes Using manage-suffix
-
17.3
Managing the Server Configuration Using OUDSM
- 17.3.1 Understanding How to Select a Configuration View
- 17.3.2 Using Shortcuts to Configure Objects Using OUDSM
- 17.3.3 Configuring Suffixes Using OUDSM
- 17.3.4 Configuring Workflow Elements Using OUDSM
- 17.3.5 Configuring Workflows Using OUDSM
- 17.3.6 Configuring Connection Handlers Using OUDSM
- 17.3.7 Configuring Network Groups Using OUDSM
- 17.3.8 Modifying the General Server Configuration Using OUDSM
- 17.4 Managing Administration Traffic to the Server
- 17.5 Configuring Commands As Tasks
- 17.6 Deploying and Configuring the DSML Gateway
- 17.7 Managing the OUDSM Session Timeout
-
17.1
Managing the Server Configuration Using dsconfig
-
18
Managing Directory Data
-
18.1
Importing and Exporting Data
- 18.1.1 Populating a Stand-Alone Directory Server With Data
-
18.1.2
Importing Data Using import-ldif
- 18.1.2.1 About import-ldif Operation Modes
- 18.1.2.2 Importing Data in Offline Mode
- 18.1.2.3 Replacing Existing Data During an Offline Import
- 18.1.2.4 Appending Imported Data to Existing Data
- 18.1.2.5 Importing Fractional Files
- 18.1.2.6 Importing Fractional Files Using Filters
- 18.1.2.7 Including or Excluding Attributes During Import
- 18.1.2.8 Importing a Compressed LDIF File
- 18.1.2.9 Recording Rejected or Skipped Entries During Import
- 18.1.2.10 Importing Data From a MakeLDIF Template
- 18.1.2.11 Running an Import in Online Mode
- 18.1.2.12 Scheduling an Import
-
18.1.3
Exporting Data Using export-ldif
- 18.1.3.1 About export-ldif Operation Modes
- 18.1.3.2 Exporting Data to LDIF
- 18.1.3.3 Exporting Partial Data
- 18.1.3.4 Exporting Part of a Back End Using Filters
- 18.1.3.5 Including or Excluding Attributes During Export
- 18.1.3.6 Exporting to LDIF and Then Compress the File
- 18.1.3.7 Running an Export in Online Mode
- 18.1.3.8 Scheduling an Export
- 18.1.4 About Creating MakeLDIF Template Files
- 18.2 Importing Large Data Sets
-
18.3
Backing Up, Purging, and Restoring Data
- 18.3.1 Overview of the Backup and Restore Process
-
18.3.2
Backing Up Data
- 18.3.2.1 Backing Up All Back Ends
- 18.3.2.2 Backing Up All Back Ends with Encryption and Signed Hashes
- 18.3.2.3 Performing an Incremental Backup on All Back Ends
- 18.3.2.4 Backing Up a Specific Back End
- 18.3.2.5 Performing an Incremental Backup on a Specific Back End
- 18.3.2.6 Scheduling a Backup as a Task
- 18.3.3 About the Server Configuration Back Up
- 18.3.4 Backing Up the Directory Server for Disaster Recovery
- 18.3.5 Backing up and Restoring Data Using File System Snapshots
- 18.3.6 Restoring Data
- 18.3.7 Considerations for Re-instating Replicated Directory Servers
- 18.3.8 Deleting Backup Data Files
- 18.3.9 Purging Backup Data Files Automatically
-
18.4
About Searching Directory Data
- 18.4.1 Overview of the ldapsearch Command
- 18.4.2 About ldapsearch Location and Format
- 18.4.3 Understanding Search Criteria
-
18.4.4
Using ldapsearch Command
- 18.4.4.1 About ldapsearch Command Options
- 18.4.4.2 Returning All Entries
- 18.4.4.3 Searching For a Specific User
- 18.4.4.4 Searching for Specific User Attributes
- 18.4.4.5 Performing a Search With Base Scope
- 18.4.4.6 Performing a Search With One-Level Scope
- 18.4.4.7 Performing a Search With Subtree Scope
- 18.4.4.8 Returning Attribute Names Only
- 18.4.4.9 Returning User Attributes Only
- 18.4.4.10 Returning Base DNs Only
- 18.4.4.11 Searching For Specific Object Classes
- 18.4.4.12 Returning A Count of Matching Entries in the Directory
- 18.4.4.13 Performing a Search With a Compound Filter
- 18.4.4.14 Performing a Search Using a Filter File
- 18.4.4.15 Limiting the Number of Entries Returned in a Search
- 18.4.5 Searching Data Using OUDSM
-
18.5
Using Advanced Search Features
- 18.5.1 Searching for Special Entries and Attributes
-
18.5.2
Searching Over SSL
- 18.5.2.1 Searching Over SSL With Blind Trust
- 18.5.2.2 Searching Over SSL Using a Trust Store
- 18.5.2.3 Searching Over SSL With No Trust Store
- 18.5.2.4 Searching Over SSL Using a Keystore
- 18.5.2.5 Searching Using useStartTLS
- 18.5.2.6 Searching Using SASL With DIGEST-MD5 Client Authentication
- 18.5.2.7 Searching Using SASL With the GSSAPI Mechanism
- 18.5.2.8 Searching Using SASL With the PLAIN Mechanism
-
18.5.3
Searching Using Controls
- 18.5.3.1 Viewing the Available Controls
- 18.5.3.2 Searching Using the Join Search Control
- 18.5.3.3 Searching Using the Proximity Search Control
- 18.5.3.4 Searching Using the Account Usability Request Control
- 18.5.3.5 Searching Using the Authorization Identity Request Control
- 18.5.3.6 Searching Using the Get Effective Rights Control
- 18.5.3.7 Searching Using the LDAP Assertion Control
- 18.5.3.8 Searching Using the LDAP Subentry Control
- 18.5.3.9 Searching Using the Manage DSA IT Control
- 18.5.3.10 Searching Using the Matched Values Filter Control
- 18.5.3.11 Searching Using the Password Policy Control
- 18.5.3.12 Searching Using the Persistent Search Control
- 18.5.3.13 Searching Using the Proxied Authorization Control
- 18.5.3.14 Searching Using the Server-Side Sort Control
- 18.5.3.15 Searching Using the Simple Paged Results Control
-
18.5.3.16
Searching Using the Virtual List View Control
- 18.5.3.16.1 About the Virtual List View Control
- 18.5.3.16.2 Searching Using the Virtual List View Control
- 18.5.3.16.3 Searching Using Virtual List View With a Specific Target
- 18.5.3.16.4 Searching Using Virtual List View With a Known Total
- 18.5.3.16.5 Allowing Anonymous Access to the Virtual List View Control
- 18.5.4 Searching in Verbose Mode and With a Properties File
- 18.5.5 Searching Internationalized Entries
- 18.5.6 Sorting Multi-Valued Attributes in a Search Response
- 18.6 Handling Directory Data
- 18.7 Indexing Directory Data
- 18.8 Reducing Stored Data Size
- 18.9 Configuring Selective Attribute Caching
- 18.10 Ensuring Attribute Value Uniqueness
-
18.11
Configuring Virtual Attributes
- 18.11.1 Supported Virtual Attributes
-
18.11.2
Configuring Virtual Attributes Using dsconfig
- 18.11.2.1 Listing the Existing Virtual Attributes Using dsconfig
- 18.11.2.2 Creating a New Virtual Attribute Using dsconfig
- 18.11.2.3 Enabling or Disabling a Virtual Attribute Using dsconfig
- 18.11.2.4 Viewing the Configuration of a Virtual Attribute Using dsconfig
- 18.11.2.5 Changing the Configuration of a Virtual Attribute Using dsconfig
-
18.11.3
Configuring Virtual Attributes Using OUDSM
- 18.11.3.1 Listing Existing Virtual Attributes Using OUDSM
- 18.11.3.2 Creating Virtual Attributes Using OUDSM
- 18.11.3.3 Viewing the Configuration of a Virtual Attribute Using OUDSM
- 18.11.3.4 Changing the Configuration of a Virtual Attribute Using OUDSM
- 18.11.3.5 Enabling or Disabling a Virtual Attribute Using OUDSM
- 18.12 Using LDAP Subentries
- 18.13 Using Collective Attributes
- 18.14 Configuring Referrals
-
18.15
Managing Data Using OUDSM
- 18.15.1 Viewing Entries
- 18.15.2 Viewing the Attributes of an Entry
- 18.15.3 Searching for Entries
- 18.15.4 Adding an Entry
- 18.15.5 Adding an Entry Based on an Existing Entry
- 18.15.6 Deleting an Entry
- 18.15.7 Deleting an Entry and Its Subtree
- 18.15.8 Modifying an Entry's RDN
- 18.15.9 Importing Data From an LDIF File
- 18.15.10 Exporting Data to an LDIF File
-
18.1
Importing and Exporting Data
-
19
Managing Users and Groups
- 19.1 Managing User Accounts
- 19.2 Configuring Root Users
-
19.3
Defining Groups
-
19.3.1
Defining Static Groups
- 19.3.1.1 Overview of Static Group
- 19.3.1.2 Creating a Static Group With groupOfNames
- 19.3.1.3 Creating a Static Group With groupOfUniqueNames
- 19.3.1.4 Creating a Static Group With groupOfEntries
- 19.3.1.5 Viewing All Members of a Static Group
- 19.3.1.6 Viewing All Static Groups of Which a User Is a Member
- 19.3.1.7 How to Find Whether a User is a Member of a Group
- 19.3.2 Defining Dynamic Groups
- 19.3.3 Defining Virtual Static Groups
- 19.3.4 Defining Nested Groups
-
19.3.1
Defining Static Groups
- 19.4 Maintaining Referential Integrity
- 19.5 Simulating ODSEE Roles in an Oracle Unified Directory Server
-
15
Starting and Stopping the Server
-
Part IV Configuring Proxy, Distribution, and Virtualization Functionality
-
20
Configuring Access to Remote Data Sources
-
20.1
Configuring Access to Identity Data Stored in an RDBMS
- 20.1.1 Understanding the RDBMS Workflow Element Use Case
- 20.1.2 Configuring the RDBMS Workflow Element
-
20.1.3
Creating the Components to Communicate with the RDBMS
- 20.1.3.1 Creating an RDBMS Extension
- 20.1.3.2 Creating an RDBMS Extension to Use Secure Connection
- 20.1.3.3 Creating an RDBMS Workflow Element
- 20.1.3.4 Creating a Workflow for the RDBMS Entries
- 20.1.3.5 Creating an Access Control Group for the RDBMS Workflow
- 20.1.3.6 Associating the Workflow to a Network Group
-
20.1.3.7
Configuring the LDAP-SQL Mappings
- 20.1.3.7.1 Understanding the Sample Schema for PERSON and Phone Tables
- 20.1.3.7.2 Creating RDBMS Tables
- 20.1.3.7.3 Creating Object Class Mappings
- 20.1.3.7.4 Creating Attribute Mappings
- 20.1.3.7.5 Testing the Mappings
- 20.1.3.7.6 Using Passwords Stored in the RDBMS
- 20.1.3.7.7 Understanding the Sample Schema for USER_GROUP Table
- 20.1.4 About Granting Access to the Virtual Data
-
20.2
Configuring Communication With Remote LDAP Servers
-
20.2.1
Configuring LDAP Server Extensions
- 20.2.1.1 Viewing the Existing LDAP Server Extensions
- 20.2.1.2 Viewing LDAP Server Extension Properties
- 20.2.1.3 Viewing Advanced LDAP Server Extension Properties
- 20.2.1.4 Creating an LDAP Server Extension
- 20.2.1.5 Modifying the Properties of an LDAP Server Extension
- 20.2.1.6 Modifying the Advanced Properties of an LDAP Server Extension
- 20.2.1.7 Modifying the LDAP Data Source Monitoring Connection Properties
- 20.2.2 Configuring Proxy LDAP Workflow Elements
- 20.2.3 Configuring the Bind Mode
-
20.2.1
Configuring LDAP Server Extensions
-
20.1
Configuring Access to Identity Data Stored in an RDBMS
-
21
Configuring Load Balancing Using the Proxy
-
21.1
Configuring Load Balancing Using the dsconfig Command
- 21.1.1 Configuring Load Balancing using the dsconfig Command
- 21.1.2 Creating a Load Balancing Workflow Element
- 21.1.3 Creating a Load Balancing Algorithm
- 21.1.4 Creating Load Balancing Routes
-
21.1.5
Modifying Load Balancing Properties
- 21.1.5.1 Modifying Load Balancing Properties
- 21.1.5.2 Setting the Priority in a Failover Algorithm
- 21.1.5.3 Setting the switch-back Flag
- 21.1.5.4 Setting the Saturation Precision for the Optimal or Saturation Algorithm
- 21.1.5.5 Setting the Weight of a Proportional Algorithm
- 21.1.5.6 Setting the Threshold for a Saturation Algorithm
- 21.1.5.7 Setting the Saturation Threshold Alert
- 21.1.5.8 Setting Client Connection Affinity
- 21.1.5.9 Deleting Load Balancing Elements
- 21.2 Configuring Load Balancing Using OUDSM
-
21.1
Configuring Load Balancing Using the dsconfig Command
-
22
Configuring Distribution Using the Proxy
-
22.1
Configuring a Distribution Deployment Using the dsconfig Command
- 22.1.1 Configuring Distribution Using dsconfig Command
- 22.1.2 Creating a Distribution Workflow Element
- 22.1.3 Creating a Distribution Algorithm
- 22.1.4 Creating Distribution Partitions
- 22.1.5 Managing Modify DN Requests
- 22.1.6 Configuring Criticality in Workflows Using dsconfig
- 22.1.7 Configuring Criticality in Workflow Elements Using dsconfig
- 22.1.8 Deleting a Distribution Configuration
- 22.2 Configuring a Distribution Deployment Using OUDSM
-
22.1
Configuring a Distribution Deployment Using the dsconfig Command
-
23
Configuring Integration Using the Proxy
- 23.1 Retrieving All Attribute Values from an Active Directory Server
- 23.2 About Integrating with Enterprise User Security Databases
-
23.3
Updating User Passwords Stored in Active Directory
- 23.3.1 Setting Up an Oracle Unified Directory Proxy Server
- 23.3.2 Creating and Configuring an Ad Password Workflow Element
- 23.3.3 Creating a Workflow for the Ad Password Workflow Element
- 23.3.4 Adding the Workflow to a Network Group
-
23.4
Overview of Configuring Pass-Through Authentication
- 23.4.1 Configuring Pass-Through Authentication
- 23.4.2 Prerequisites for Configuring Pass-Through Authentication
- 23.4.3 Best Practices for Configuring Pass-Through Authentication
- 23.4.4 Configuring Pass-Through Authentication Using dsconfig
- 23.4.5 Understanding Pass-Through Authentication Configuration Using OUDSM
- 23.5 About Oracle Unified Directory Plug-Ins Configuration
- 23.6 Configuring a Proxy Instance to Monitor Back-End Servers
-
23.7
Configuring Global Indexes Using the Command Line
-
23.7.1
Configuring Global Index Catalogs Using gicadm
- 23.7.1.1 Creating a Global Index Catalog Containing Global Indexes
- 23.7.1.2 Viewing Global Index Catalog Properties
- 23.7.1.3 About Modifying the Global Index Catalog Properties
- 23.7.1.4 Modifying the Global Index Catalog Properties
- 23.7.1.5 Modifying Multi-Valued Global Index Catalog Properties
- 23.7.1.6 Resetting Global Index Catalog Properties to the Default Values
- 23.7.1.7 Viewing Global Index Properties
- 23.7.1.8 Importing Content into a Global Index Catalog
- 23.7.1.9 Exporting Contents of a Global Index Catalog to a Directory
- 23.7.1.10 Associating a Global Index Catalog With a Distribution Element
- 23.7.1.11 Disassociating a Global Index Catalog From a Distribution Element
- 23.7.1.12 Adding a Global Index to a Global Index Catalog
- 23.7.1.13 Removing a Global Index From a Global Index Catalog
-
23.7.2
Replicating Global Index Catalogs
- 23.7.2.1 Creating a Replicated Topology and Enable Global Index Catalog Replication
- 23.7.2.2 Enabling Global Index Catalog Replication
- 23.7.2.3 Initializing Global Index Catalog Replication
- 23.7.2.4 Disabling Global Index Catalog Replication
- 23.7.2.5 Viewing the Status of a Replicated Global Index Catalog Configuration
- 23.7.2.6 Logging of Replication Activities
- 23.7.2.7 Lifecycle Examples for Replicated Global Index Catalogs
- 23.7.3 Configuring Controls Required by the Global Index Catalog with Oracle Unified Directory
-
23.7.1
Configuring Global Index Catalogs Using gicadm
- 23.8 Configuring Virtual ACIs
-
24
Configuring Virtualization
- 24.1 Configuring a Virtual Directory View of Your Repositories
- 24.2 Optimizing Search Results From a Virtual Directory
- 24.3 Adding the memberof User Attribute to person Entries
- 24.4 Performing DN Renaming
- 24.5 Performing RDN Changing Configuration
- 24.6 Configuring Transformations
- 24.7 Configuring SAML XASP
-
24.8
Deploying ForkJoin Workflow Element Configuration Model
- 24.8.1 Understanding ForkJoin Workflow Element Configuration Model
-
24.8.2
Implementing ForkJoin Workflow Element Configuration Model
- 24.8.2.1 Preparing For ForkJoin Workflow Element Configuration
- 24.8.2.2 Configuring OUD Proxy Server For ForkJoin Workflow Element Configuration
- 24.8.2.3 Creating ForkJoin Workflow Element
- 24.8.2.4 Configuring ForkJoin Workflow Element
- 24.8.2.5 Configuring ForkJoin Workflow Element Join Policy
- 24.8.2.6 Validating ForkJoin Workflow Element Configuration
- 24.9 Configuring DynamicGroup Workflow Element
-
25
Configuring Proxy, Distribution, and Virtualization Deployments
- 25.1 Configuring a Load Balancing Deployment
- 25.2 Configuring a Distribution Deployment
- 25.3 Configuring a Distribution Deployment with Load Balancing
- 25.4 Configuring a Failover Deployment Between Data Centers
- 25.5 Configuring a Distribution with Failover Deployment Between Data Centers
-
25.6
Configuring a Union Workflow Element Deployment with Union Partition
- 25.6.1 Setting Up OUD Instances to Implement Union Workflow Element Configuration
- 25.6.2 Setting Up OUD Proxy Server to Implement Union Workflow Element Configuration
- 25.6.3 Configuring OUD Proxy Server to Implement Union Workflow Element Configuration
- 25.6.4 Creating Union Workflow Element
- 25.6.5 Configuring Union Workflow Element
- 25.6.6 Configuring Union Partition
- 25.6.7 Validating Union Workflow Element Configuration
-
20
Configuring Access to Remote Data Sources
-
Part V Advanced Administration: Security, Access Control, and Password Policies
-
26
Configuring Security Between Clients and Servers
- 26.1 Getting SSL Up and Running Quickly
-
26.2
Configuring Key Manager Providers
- 26.2.1 Overview of Key Manager Provider
- 26.2.2 Using JKS Key Manager Provider
- 26.2.3 Using the PKCS #12 Key Manager Provider
- 26.2.4 Overview of PKCS #11 Key Manager Provider
- 26.2.5 Overview of Hardware-Based Key Manager Provider
- 26.2.6 About Replacing a Certificate in a Production Server
- 26.2.7 Configuring Key Managers Using OUDSM
- 26.3 Configuring Trust Manager Providers
- 26.4 Configuring Certificate Mappers
-
26.5
Configuring SSL and StartTLS for LDAP and JMX
-
26.5.1
Configuring the LDAP and LDAPS Connection Handlers
- 26.5.1.1 Enabling a Connection Handler
- 26.5.1.2 Specifying a Connection Handler's Listening Port
- 26.5.1.3 Specifying a Connection Handler's Authorization Policy
- 26.5.1.4 Specifying a Nickname for a Connection Handler's Certificate
- 26.5.1.5 Specifying a Connection Handler's Key Manager Provider
- 26.5.1.6 Specifying a Connection Handler's Trust Manager Provider
- 26.5.1.7 Enabling StartTLS Support
- 26.5.1.8 Enabling SSL-Based Communication
- 26.5.1.9 Specifying Protocol Version and Cipher Suites in a Connection Handler
- 26.5.2 About JMX Connection Handler
-
26.5.1
Configuring the LDAP and LDAPS Connection Handlers
- 26.6 Configuring SSL Protocol and Cipher Suites in Crypto Manager for Replication
- 26.7 Overriding System Default Protocols and Cipher Suites for TLS Communication
-
26.8
Using SASL Authentication
- 26.8.1 About the Supported SASL Mechanisms
- 26.8.2 About Authorization IDs
- 26.8.3 About the SASL Options for the ANONYMOUS Mechanism
- 26.8.4 About the SASL Options for the CRAM-MD5 Mechanism
- 26.8.5 About the SASL Options for the DIGEST-MD5 Mechanism
- 26.8.6 About the SASL Options for the EXTERNAL Mechanism
- 26.8.7 About the SASL Options for the GSSAPI Mechanism
- 26.8.8 About the SASL Options for the PLAIN Mechanism
- 26.8.9 About DIGEST-MD5 SASL Mechanism
- 26.9 Configuring SASL Authentication
-
26.10
Configuring Kerberos and the Oracle Unified Directory Server for GSSAPI SASL Authentication
- 26.10.1 Configuring Kerberos V5 on a Host
- 26.10.2 Specifying SASL Options for Kerberos Authentication
-
26.10.3
Configuring Kerberos Authentication Using GSSAPI With SASL
- 26.10.3.1 Assumptions for This Example
- 26.10.3.2 Editing the Kerberos Client Configuration File(All machines)
- 26.10.3.3 Editing the Administration Server ACL Configuration File(All machines)
- 26.10.3.4 Editing the KDC Server Configuration File (KDC Machine)
- 26.10.3.5 Creating the KDC Database (KDC Machine)
- 26.10.3.6 Creating an Administration Principal and Keytab(KDC Machine)
- 26.10.3.7 Start the Kerberos Daemons(KDC Machine)
- 26.10.3.8 Adding Host Principals for the KDC and Oracle Unified Directory Machines(KDC Machine)
- 26.10.3.9 Adding an LDAP Principal for the Directory Server(KDC Machine)
- 26.10.3.10 Adding a Test User to the KDC(KDC Machine)
- 26.10.3.11 Directory Server Machine: Install Oracle Unified Directory
- 26.10.3.12 Creating and Configuring the Directory Server LDAP(Directory Server Machine)
- 26.10.3.13 Configuring the Directory Server to Enable GSSAPI(Directory Server Machine)
- 26.10.3.14 Adding a Test User to the Directory Server(Directory Server Machine)
- 26.10.3.15 Obtaining a Kerberos Ticket as the Test User(Directory Server Machine)
- 26.10.3.16 Authenticating to the Directory Server Through GSSAPI(Client Machine)
- 26.10.4 Creating a Kerberos Workflow Element Using dsconfig
- 26.10.5 Troubleshooting Kerberos Configuration
- 26.11 Testing SSL, StartTLS, and SASL Authentication With ldapsearch
-
26.12
Debugging SSL Using OpenSSL s_client Test Utility
- 26.12.1 About OpenSSL s_client Test Utility
- 26.12.2 Scenario 1- Connection Refused
- 26.12.3 Scenario 2- Verify Return Code: 18 (Self Signed Certificate)
- 26.12.4 Scenario 3 - Verify Return Code: 0 (ok)
- 26.12.5 Scenario 4 - SSLHandshakeException
- 26.12.6 Scenario 5 - SASL EXTERNAL Bind Request Could Not Be Processed
- 26.13 Debugging SSL or TLS Using Java Debug Information
- 26.14 Controlling Connection Access Using Allowed and Denied Rules
- 26.15 Configuring Unlimited Strength Cryptography
- 26.16 Configuring TLS Protocols and Cipher Suites for OUDSM to OUD Communication
- 27 Configuring Security Between the Proxy and the Data Source
-
28
Controlling Access To Data
- 28.1 Managing Global ACIs Using dsconfig
- 28.2 Managing ACIs With ldapmodify
- 28.3 Managing Access Control Using OUDSM
- 28.4 Managing Macro ACIs Using OUDSM
-
28.5
Managing Access Control
- 28.5.1 Granting Write Access to Personal Entries
- 28.5.2 Granting a Group Full Access to a Suffix
- 28.5.3 Granting Rights to Add and Delete Group Entries
- 28.5.4 Allowing Users to Add or Remove Themselves from a Group
- 28.5.5 Granting Conditional Access to a Group
- 28.5.6 Denying Access
- 28.5.7 Defining Permissions for DNs that Contain a Comma
- 28.6 About Proxy Authorization ACIs
- 28.7 Viewing Effective Rights
- 29 Managing Administrative Users
-
30
Managing Password Policies
- 30.1 Understanding Password Policy Components
- 30.2 Working with the Default Password Policy Properties
- 30.3 Attributes for Password Policy State Information
- 30.4 Attributes Used in the pwdPolicy Object Class
- 30.5 Understanding Password Policies, Password Validators, and Password Generators in a Replicated Environment
-
30.6
Managing Password Policies by Using the Command Line
- 30.6.1 Configuring the Default Password Policy
- 30.6.2 Creating a New Password Policy
- 30.6.3 Creating a First Login Password Policy
- 30.6.4 Assigning a Password Policy to an Individual Account
- 30.6.5 Preventing Password Policy Modifications
- 30.6.6 Assigning a Password Policy to a Group of Users
- 30.6.7 Defining a Password Policy as an LDAP Subentry
- 30.6.8 Deleting a Password Policy
-
30.7
Managing Password Policies Using OUDSM
- 30.7.1 Listing the Configured Password Policy Subentries
- 30.7.2 Creating a Password Policy Subentry
- 30.7.3 Creating a Password Policy Subentry Based on an Existing Password Policy Subentry
- 30.7.4 Deleting a Password Policy Subentry
- 30.7.5 Displaying the Configured Password Policies
- 30.7.6 Modifying a Password Policy
- 30.7.7 Creating a Password Policy
- 30.7.8 Creating a Password Policy Based on an Existing Password Policy
- 30.7.9 Deleting a Password Policy
- 30.7.10 Displaying the Supported Password Storage Schemes
- 30.7.11 Enabling or Disabling a Password Storage Scheme
-
30.8
Managing Password Validators
-
30.8.1
Managing Password Validators by Using the Command Line
- 30.8.1.1 Displaying the Available Password Validators
- 30.8.1.2 Displaying the Properties of a Password Validator
- 30.8.1.3 Enabling or Disabling a Password Validator
- 30.8.1.4 Configuring the Values of a Password Validator
- 30.8.1.5 Associating a Password Validator With a Password Policy
- 30.8.1.6 Defining a Password Validator as an LDAP Subentry
- 30.8.2 Managing Password Validators Using OUDSM
-
30.8.1
Managing Password Validators by Using the Command Line
-
30.9
Managing Password Generators
- 30.9.1 Displaying the Configured Password Generators
- 30.9.2 Displaying the Properties of a Password Generator
- 30.9.3 Enabling or Disabling a Password Generator
- 30.9.4 Configuring the Properties of a Password Generator
- 30.9.5 Associating a Password Generator With a Password Policy
- 30.9.6 Defining a Password Generator as an LDAP Subentry
-
31
Integrating Oracle Unified Directory with Oracle Enterprise User Security
- 31.1 Understanding How Oracle Enterprise User Security Works with Oracle Unified Directory
- 31.2 Understanding the Options Before Integrating Oracle Unified Directory with Oracle Enterprise User Security
- 31.3 About the Prerequisites Before Integrating Oracle Unified Directory with Oracle Enterprise User Security
-
31.4
Enabling Oracle Unified Directory and Oracle Enterprise User Security to Work Together
-
31.4.1
Configuring Oracle Directory Server as a Directory for Enterprise User Security
-
31.4.1.1
Configuring Oracle Unified Directory to Work with Enterprise User Security
- 31.4.1.1.1 Installing and Configuring a New Oracle Unified Directory Instance to Work with Enterprise User Security
- 31.4.1.1.2 Configuring an Existing Oracle Unified Directory Server to Work with Enterprise User Security Using the Command Line
- 31.4.1.1.3 Configuring an Existing Oracle Unified Directory Server to Work with Enterpriser User Security Using OUDSM
- 31.4.1.2 Configuring the User and Groups Location
- 31.4.1.3 Selecting the Oracle Context to be Used by Enterprise User Security
- 31.4.1.4 Registering the Database in the LDAP Server
-
31.4.1.5
Configuring Roles and Permissions
- 31.4.1.5.1 Creating a Shared Schema in the Database
- 31.4.1.5.2 Creating a New User-Schema Mapping
- 31.4.1.5.3 Creating a Role in the Database
- 31.4.1.5.4 Creating a New Role in the Domain
- 31.4.1.5.5 Defining a Proxy Permission in the Database
- 31.4.1.5.6 Creating a New Proxy Permission
- 31.4.1.5.7 Configuring Mappings for a Specific Database
- 31.4.1.6 Testing the Database Configurations
-
31.4.1.1
Configuring Oracle Unified Directory to Work with Enterprise User Security
-
31.4.2
Configuring Oracle Unified Directory Proxy to Work with an External LDAP Directory and Enterprise User Security
-
31.4.2.1
Configuring User Identities in the External LDAP Directory
- 31.4.2.1.1 Configuring User Identities in Microsoft Active Directory
- 31.4.2.1.2 Configuring User Identities in Microsoft Active Directory Using Centrally Managed Users
- 31.4.2.1.3 Configuring User Identities in Oracle Directory Server Enterprise Edition
- 31.4.2.1.4 Configuring User Identities in Novell eDirectory
- 31.4.2.1.5 Configuring User Identities in Oracle Unified Directory
-
31.4.2.2
Configuring Oracle Unified Directory Proxy to Work with Enterprise User Security
- 31.4.2.2.1 Installing and Configuring a New Oracle Unified Directory Proxy Using the Command Line
- 31.4.2.2.2 Installing and Configuring a New Oracle Unified Directory Proxy to Work with Enterprise User Security Using the Graphical User Interface
- 31.4.2.2.3 Configuring an Existing Oracle Unified Directory Proxy to Work with Enterprise User Security Using OUDSM
- 31.4.2.3 Configuring the Users and Groups Location
- 31.4.2.4 Selecting the Oracle Context to be Used By Enterprise User Security
- 31.4.2.5 Registering the Database in the LDAP Server
-
31.4.2.6
Configuring Roles and Permissions
- 31.4.2.6.1 Creating a Shared Schema in the Database
- 31.4.2.6.2 Creating a New User-Schema Mapping
- 31.4.2.6.3 Creating a Role in the Database
- 31.4.2.6.4 Creating a New Role in the Domain
- 31.4.2.6.5 Defining a Proxy Permission in the Database
- 31.4.2.6.6 Creating a New Proxy Permission
- 31.4.2.6.7 Configuring Mappings for a Specific Database
- 31.4.2.7 Testing the Database Configurations
-
31.4.2.1
Configuring User Identities in the External LDAP Directory
- 31.4.3 Configuring Password Policy for Oracle Unified Directory Administrator
-
31.4.1
Configuring Oracle Directory Server as a Directory for Enterprise User Security
- 31.5 Using Additional Enterprise User Security Configuration Options
- 31.6 Best Practices for Employing EUS Admin User
- 31.7 Understanding Enterprise User Security Password Warnings
-
31.8
Troubleshooting Issues after Integrating OUD and Enterprise User Security
- 31.8.1 Resolving Net Configuration Assistant Tool Error Messages
-
31.8.2
Resolving Database Configuration Assistant Error Messages
- 31.8.2.1 Resolving TNS-04409 error / TNS-04427: SSL access to the Directory Server
- 31.8.2.2 Resolving TNS-04409 error / TNS-04431: Required suffixes
- 31.8.2.3 Resolving TNS-04411 error when registering the DB with a user different from cn=directory manager
- 31.8.2.4 Resolving TNS-04409 error / TNS-04405
-
31.8.3
Resolving Oracle SQL Error Messages
- 31.8.3.1 Resolving ORA-28030: Server encountered problems accessing LDAP directory service
- 31.8.3.2 Resolving ORA-01017: invalid username/password; logon denied
- 31.8.3.3 Resolving ORA-28274: No ORACLE password attribute corresponding to user nickname exists
- 31.8.3.4 Resolving ORA-28051: the account is locked
- 31.9 Disabling the Existing Anonymous ACIs in Upgraded Environments
-
26
Configuring Security Between Clients and Servers
-
Part VI Advanced Administration: Data Replication, Schema Management, and Moving Across Environments
-
32
Replicating Directory Data
- 32.1 About the Prerequisites Before Configuring Replication
-
32.2
Understanding Data Replication With dsreplication
- 32.2.1 Understanding Replication Between Two Servers With dsreplication
- 32.2.2 Initializing a Replicated Server With dsreplication
- 32.2.3 Initializing an Entire Topology With dsreplication
- 32.2.4 Testing the Replicated Topology
- 32.2.5 Obtaining the Status of a Replicated Topology With dsreplication
- 32.2.6 Merging Two Existing Replicated Topologies With dsreplication
- 32.2.7 Disabling Replication for a Specific Replication Domain With dsreplication
-
32.3
Configuring Data Replication Using OUDSM
- 32.3.1 Considerations When Updating OUDSM
- 32.3.2 Viewing or Modifying an Existing Replication Server Configuration
- 32.3.3 Viewing or Modifying a Replicated Suffix Configuration
- 32.3.4 About Replication Configuration Wizard on the Directory Manager Tab
- 32.3.5 Accessing Replication Configuration Wizard from the Topology Manager Tab
- 32.4 Understanding Configuration for Large Replication Topologies
-
32.5
Modifying the Replication Configuration With dsconfig
- 32.5.1 Retrieving the Replication Domain Name
- 32.5.2 Configuring Replication Purge Delay
- 32.5.3 Configuring Window Size
- 32.5.4 Configuring Initialization Window Size
- 32.5.5 Configuring Heartbeat Interval
- 32.5.6 Changing the Isolation Policy
- 32.5.7 Configuring Encrypted Replication
- 32.5.8 Configuring Replication Groups
- 32.5.9 Configuring Assured Replication
- 32.5.10 Configuring Fractional Replication
- 32.5.11 Configuring Replication Status
- 32.5.12 Configuring the Replication Server Weight
- 32.6 Initializing a Replicated Server With Data
-
32.7
Using the External Change Log
- 32.7.1 Enabling the External Change Log
- 32.7.2 About External Change Log APIs
- 32.7.3 How a Client Application Uses the External Change Log in Cookie Mode
- 32.7.4 Format of External Change Log Entries
- 32.7.5 Specifying the Attributes to be Included in the External Change Log
- 32.7.6 Specifying the Attributes to be Excluded in the External Change Log
- 32.7.7 Initializing Client Applications to Use the External Change Log
- 32.7.8 Controlling Access to the External Change Log
- 32.7.9 Purging the External Change Log
- 32.7.10 Disabling the External Change Log on a Server
- 32.7.11 Disabling the External Change Log for a Specific Domain
- 32.7.12 Retrieving the Last Change Number
-
32.7.13
Porting Applications that Rely on Other Change Logs
- 32.7.13.1 Understanding the Differences Between the ECL and the LDAP Change Log Draft
- 32.7.13.2 Understanding the Differences Between the ECL and the Oracle Directory Server Enterprise Edition Retro Change Log
- 32.7.13.3 About the API for Compatibility With the LDAP Change Log Draft and the Oracle Directory Server Enterprise Edition Retro Change Log
- 32.8 Managing Tombstones in Oracle Unified Directory
- 32.9 Configuring Schema Replication
- 32.10 Replicating to a Read-Only Server
- 32.11 Detecting and Resolving Replication Inconsistencies
- 32.12 Managing Certificates Using dsreplication
- 32.13 Using verify Subcommand
- 32.14 Understanding Purging Historical Replication Data
- 32.15 Understanding Isolated Replicas
-
32.16
Replicating Between Oracle Directory Server Enterprise Edition and Oracle Unified Directory
- 32.16.1 About Replicating Between Oracle Directory Server Enterprise Edition and Oracle Unified Directory
- 32.16.2 Migrating the Oracle Directory Server Enterprise Edition Schema and Configuration
- 32.16.3 Configuring Replication Between Oracle Directory Server Enterprise Edition and Oracle Unified Directory
- 32.16.4 Initializing the Oracle Unified Directory with Oracle Directory Server Enterprise Edition Data
-
33
Managing Directory Schema
- 33.1 Understanding Schema in Oracle Unified Directory
- 33.2 Configuring Schema Checking
- 33.3 Working With Object Identifiers (OIDs)
- 33.4 Extending the Schema
- 33.5 About Replicating the Schema
-
33.6
Managing the Schema Using OUDSM
- 33.6.1 Adding a New Attribute Type
- 33.6.2 Adding an Attribute Based on an Existing Attribute
- 33.6.3 Modifying an Attribute
- 33.6.4 Deleting an Attribute
- 33.6.5 Viewing All Directory Attributes
- 33.6.6 Searching for Attributes
- 33.6.7 Viewing the Indexing Details of an Attribute
- 33.6.8 Adding a New Object Class
- 33.6.9 Adding an Object Class Based on an Existing Object Class
- 33.6.10 Viewing the Properties of an Object Class
- 33.6.11 Modifying an Object Class
- 33.6.12 Deleting an Object Class
- 33.6.13 Searching for Object Classes
- 33.6.14 Displaying a List of LDAP Syntaxes
- 33.6.15 Searching for a Syntax
- 33.6.16 Displaying a List of LDAP Matching Rules
- 33.6.17 Searching for a Matching Rule
- 33.6.18 Displaying a List of Content Rules
- 33.6.19 Searching for a Content Rule
- 33.6.20 Creating a New Content Rule
- 33.6.21 Creating a Content Rule Based on an Existing Content Rule
- 33.6.22 Modifying a Content Rule
- 33.6.23 Deleting a Content Rule
- 34 Moving from a Test to a Production Environment
-
32
Replicating Directory Data
-
Part VII Advanced Administration: Monitoring and Tuning Performance
-
35
Monitoring Oracle Unified Directory
- 35.1 Overview of Monitoring Information
- 35.2 Configuring Monitor Providers
-
35.3
Configuring Logs
-
35.3.1
Configuring Logs Using dsconfig
-
35.3.1.1
Configuring Log Publishers
- 35.3.1.1.1 Viewing Existing Log Publishers
- 35.3.1.1.2 Enabling a Log Publisher
- 35.3.1.1.3 Deleting a Log Publisher
- 35.3.1.1.4 Logging in ODL Format
- 35.3.1.1.5 Logging Internal Operations
- 35.3.1.1.6 Logging Additional Connection Details
- 35.3.1.1.7 Configuring the Name of Rotated Log Files Using Local Time Stamp
- 35.3.1.2 Configuring Log Retention Policies
- 35.3.1.3 Configuring Log Rotation Policies
- 35.3.1.4 Configuring Logs for HTTP/HTTPS Operations
-
35.3.1.1
Configuring Log Publishers
- 35.3.2 Configuring Logs Using OUDSM
- 35.3.3 Logging Operations to Access Log Publishers
- 35.3.4 Masking Attributes in the Audit Log
-
35.3.1
Configuring Logs Using dsconfig
-
35.4
Configuring Alerts and Account Status Notification Handlers
- 35.4.1 Managing Alert Handlers
-
35.4.2
Managing Account Status Notification Handlers
- 35.4.2.1 Viewing the Configured Account Status Notification Handlers
- 35.4.2.2 Enabling Account Status Notification Handlers
- 35.4.2.3 Creating a New Account Status Notification Handler
- 35.4.2.4 Deleting an Account Status Notification Handler
- 35.4.2.5 Customizing Message Template Files for SMTP Account Status Notification Handlers
-
35.5
Monitoring the Server with LDAP
-
35.5.1
Viewing Monitoring Information Using the cn=monitor Entry
- 35.5.1.1 Overview of Monitored Attributes in the Proxy
- 35.5.1.2 Viewing the Available Monitoring Information
- 35.5.1.3 Monitoring General-Purpose Server Information
- 35.5.1.4 Monitoring System Information
- 35.5.1.5 Monitoring Version Information
- 35.5.1.6 Monitoring the User Root Back End
- 35.5.1.7 Monitoring the Backup Back End
- 35.5.1.8 Monitoring the Tasks Back End
- 35.5.1.9 Monitoring the monitor Back End
- 35.5.1.10 Monitoring the Schema Back End
- 35.5.1.11 Monitoring the adminRoot Back End
- 35.5.1.12 Monitoring the ads-truststore Back End
- 35.5.1.13 Monitoring Client Connections
- 35.5.1.14 Monitoring the LDAP Connection Handler
- 35.5.1.15 Monitoring LDAP Connection Handler Statistics
- 35.5.1.16 Monitoring Connections on the LDAP Connection Handler
- 35.5.1.17 Monitoring the Administration Connector
- 35.5.1.18 Monitoring Administration Connector Statistics
- 35.5.1.19 Monitoring Connections on the Administration Connector
- 35.5.1.20 Monitoring the LDIF Connection Handler
- 35.5.1.21 Monitoring the Work Queue
- 35.5.1.22 Monitoring JVM Stack Trace Information
- 35.5.1.23 Monitoring the JVM Memory Usage
- 35.5.1.24 Monitoring the userRoot Database Environment
- 35.5.1.25 Managing the Database Cache
- 35.5.1.26 Monitoring the Entry Cache
- 35.5.1.27 Monitoring Network Groups
- 35.5.1.28 Monitoring Distribution
- 35.5.1.29 Monitoring Load Balancing
- 35.5.1.30 Monitoring Remote LDAP Servers
- 35.5.1.31 Monitoring a Global Index
- 35.5.1.32 Monitoring a Global Index Catalog
- 35.5.2 Monitoring Using the manage-tasks Command
- 35.5.3 Monitoring the Server Using JConsole
- 35.5.4 Accessing Logs
-
35.5.1
Viewing Monitoring Information Using the cn=monitor Entry
- 35.6 Monitoring the Server With SNMP
-
35.7
Monitoring a Replicated Topology
- 35.7.1 Monitoring Basic Oracle Unified Directory Replication Status Using dsreplication
-
35.7.2
Monitoring Advanced Oracle Unified Directory Replication Status Using dsreplication
- 35.7.2.1 Viewing a Comprehensive List of Available Replication Status Information
- 35.7.2.2 Monitoring the Topology and Its Connections
- 35.7.2.3 Monitoring Replication Latency
- 35.7.2.4 Monitoring Data Consistency
- 35.7.2.5 Monitoring Replication Security
- 35.7.2.6 Monitoring Replicated Updates
- 35.7.2.7 Monitoring Replication Conflicts
- 35.7.3 Monitoring Oracle Unified Directory and ODSEE Replication Status in Deployments Using Replication Gateways
- 35.8 Monitoring the Proxy LDAP Connector
- 35.9 Understanding the General Purpose Enterprise Monitoring Solutions
-
36
Tuning Performance
- 36.1 About Performance Problem Assessment
- 36.2 Understanding How to Tune General Performance Parameters
- 36.3 Understanding Java Virtual Machine Settings Using dsjavaproperties Utility
- 36.4 Tuning Java Virtual Machine Settings Using the dstune Utility
- 36.5 Determining the Database Cache Size
-
36.6
Tuning the Server Configuration
- 36.6.1 Back End Tuning Parameters
- 36.6.2 Core Server Tuning Parameters
- 36.6.3 Tuning a Server Containing Static Groups
- 36.6.4 Additional Tuning Recommendations
-
35
Monitoring Oracle Unified Directory
-
Part VIII REST Interfaces
- 37 Administering Oracle Unified Directory Using REST API
- 38 Managing OUD Directory Data with SCIM REST API
- 39 Managing Directory Data Using Data Management REST API
- 40 Configuring REST API Support
-
A
Appendixes and Glossary
-
A.1
Oracle Unified Directory Command-Line Interface Reference
- A.1.1 General Command-Line Usage Information
-
A.1.2
Server Administration Commands
- A.1.2.1 create-rc-script
- A.1.2.2 dps2oud
- A.1.2.3 ds2oud
- A.1.2.4 dsconfig
- A.1.2.5 dsjavaproperties
- A.1.2.6 dsreplication
- A.1.2.7 dstune
- A.1.2.8 gicadm
- A.1.2.9 manage-tasks
- A.1.2.10 oudCopyConfig
- A.1.2.11 oudExtractMovePlan
- A.1.2.12 oudPasteConfig
- A.1.2.13 oud-replication-gateway-setup
- A.1.2.14 oud-setup
- A.1.2.15 oud-proxy-setup
- A.1.2.16 start-ds
- A.1.2.17 status
- A.1.2.18 stop-ds
- A.1.2.19 uninstall
- A.1.2.20 windows-service
-
A.1.3
Data Administration Commands
- A.1.3.1 backup
- A.1.3.2 base64
- A.1.3.3 dbtest
- A.1.3.4 encode-password
- A.1.3.5 export-ldif
- A.1.3.6 import-ldif
- A.1.3.7 ldif-diff
- A.1.3.8 ldifmodify
- A.1.3.9 ldifsearch
- A.1.3.10 list-backends
- A.1.3.11 make-ldif
- A.1.3.12 manage-account
- A.1.3.13 rebuild-index
- A.1.3.14 restore
- A.1.3.15 split-ldif
- A.1.3.16 verify-index
- A.1.3.17 purge-backup
- A.1.4 LDAP Client Commands
- A.2 LDAP Controls and Operations Reference
-
A.3
Standards and Specifications Supported by Oracle Unified Directory
- A.3.1 RFCs Supported by Oracle Unified Directory
- A.3.2 Internet Drafts Supported by Oracle Unified Directory
- A.3.3 Other Specifications Supported by Oracle Unified Directory
- A.3.4 Enabling FIPS Mode on OUD Server
- A.3.5 Supported TLS Protocols and Cipher Suites by Oracle Unified Directory
- A.3.6 Overview of Basic Encoding Rules
- A.3.7 Authenticating Using CRAM-MD5 SASL Mechanism
- A.4 Glossary of Terms for Oracle Unified Directory
-
A.1
Oracle Unified Directory Command-Line Interface Reference