Skip Headers

Oracle Internet Directory Administrator's Guide
Release 9.0.2

Part Number A95192-01
Go To Documentation Library
Go To Product List
Solution Area
Go To Table Of Contents
Go To Index

Go to previous page Go to next page

Oracle Components and Oracle Internet Directory

Many Oracle components use Oracle Internet Directory for a variety of purposes. In doing this, they rely on a consolidated Oracle Internet Directory schema and a default Directory Information Tree (DIT). This chapter:

This chapter contains these topics:

About Oracle Components and Directory Usage

Oracle Internet Directory enables Oracle components to:

This chapter considers two general types of environment:

Directory schema and DIT requirements are defined with enough flexibility to accommodate both deployment models.

Ready-to-Use Default Configuration

To make it easy for you to start using Oracle components that use the directory, Oracle Universal Installer creates a default schema and directory information tree (DIT) during Oracle Internet Directory installation. This default DIT framework is the same for both hosted and non-hosted environments. It is flexible; you can modify it to suit the needs of your deployment.

During Oracle Internet Directory installation, the Oracle Universal Installer creates:

The Root Oracle Context

The root Oracle context includes:

Figure 15-1 shows the organization of the root Oracle context.

Figure 15-1 The Root Oracle Context

Text description of oidag053.gif follows
Text description of the illustration oidag053.gif

Some of the discovery-related information stored at the root Oracle context includes:

In both hosted and non-hosted scenarios, a component finds the correct node in the DIT by using the orclSubscriberSearchBase and orclSubscriberNickNameAttribute attributes. Once the component finds the appropriate subtree, it obtains the subscriber-specific information it needs from the Oracle context in that subtree.

For example, Oracle9iAS Single Sign-On uses this framework for authenticating a user in a hosted scenario. When a user logs in, Oracle9iAS Single Sign-On prompts the user for a subscriber. Then, when it looks for an entry, the Oracle9iAS Single Sign-On server finds the correct subscriber node in the DIT by using the orclSubscriberSearchBase & orclSubscriberNickName attributes. Once it learns where the subscriber-specific information resides, it then looks in the subscriber-specific Oracle context to find the location of the user.

If a client does not specify a subscriber, then Oracle Internet Directory assumes that the user is looking for information in the default subscriber subtree.

The Subscriber Oracle Context

A subscriber-specific Oracle context includes:

Figure 15-2 shows the organization of a subscriber-specific Oracle context.

Figure 15-2 Subscriber-Specific Oracle Context

Text description of oidag052.gif follows
Text description of the illustration oidag052.gif

Figure 15-2 shows subscriber-wide information in the directory for an Oracle component and information common to all components. It illustrates two aspects:

The Common entry in the subscriber-specific Oracle context contains information for locating users and groups. Specifically, it includes:

In a hosted scenario, you might dedicate a particular instance of a component to multiple subscribers. For example, each subscriber might have its own instance of the Oracle9iAS Portal component. In this case, the instance information and other data required by each individual subscriber is stored in each subscriber's Oracle context. General information required by all subscribers is stored in the root Oracle context.

In Figure 15-2, the dotted line between the user and the subscriber shows some of the flexibility with which you can organize a subscriber subtree. You can create and store user data in different ways--for example, you can store it:

Figure 15-3 Separation of a Subscriber and Subscriber's User Information

Text description of oidag054.gif follows
Text description of the illustration oidag054.gif

As Figure 15-3 shows, you are not required to create a subscriber's users under the subscriber node itself. The orclCommonUserSearchBase attribute in the Common entry for each subscriber-specific Oracle context points to the node containing the user data--in Figure 15-3, it is dc=myCompany,dc=com. This enables subscribers to keep the DNs they may already have, without having to migrate them to a different DIT structure.

A Default Subscriber Configuration

Figure 15-4 shows the DIT for a default subscriber in a non-hosted environment.

Figure 15-4 Default DIT in Non-Hosted Environment

Text description of oidag051.gif follows
Text description of the illustration oidag051.gif

During an Oracle Internet Directory installation, Oracle Universal Installer determines the domain information for the site where it is installing Oracle Internet Directory. It establishes the default DIT structure based on this information. For example, if Oracle Internet Directory is installed at, then Oracle Universal Installer creates the following nodes in the DIT:

If you use the default DIT for your enterprise, then you do not need to configure anything at the root Oracle context. Instead, depending on the structure of the subtree that your deployment uses, you simply do the following:

In a hosted environment, you would create subscribers at the same level in the DIT as the default subscriber node itself.

As part of Default DIT Creation a seed user is also created to help bootstrap using the Delegated Administration Service and other tools. The user is identified by the following DN: cn=orclAdmin,cn=users,cn=my_company, dc=com. The initial password for the user is the same as the Oracle Internet Directory super user (cn=orcladmin) password. By default, this user is allowed to create, delete, and edit users under the cn=Users container or create, delete, and edit groups under the cn=Groups container.

The user also has permission to change the Delegated Administration Service configuration in Oracle Internet Directory. By using this seed user identity, the administrator can use the Delegated Administration Service to create users and groups, and thereby bootstrap the entire directory environment.

See Also:

Chapter 9, "The Delegated Administration Service"

Go to previous page Go to next page
Copyright © 1999, 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Go To Product List
Solution Area
Go To Table Of Contents
Go To Index