Preface

Oracle Internet Directory Administrator's Guide describes the features, architecture, and administration of Oracle Internet Directory. For information about installation, see the installation documentation for your operating system.

This preface contains these topics:

• Audience

• Organization

• Related Documentation

• Conventions

• Documentation Accessibility

Audience

Oracle Internet Directory Administrator's Guide is intended for anyone who performs administration tasks for the Oracle Internet Directory. You should be familiar with either the UNIX operating system or the Microsoft Windows NT operating system in order to understand the line-mode commands and examples. You can perform all of the tasks through the line-mode commands, and you can perform most of the tasks through Oracle Directory Manager, which is operating system-independent.

To use this document, you need some familiarity with the Lightweight Directory Access Protocol (LDAP).

Organization

This document contains the chapters and appendixes listed in this section. Oracle Corporation encourages you to read the conceptual and other introductory material presented in Part I before performing installation and maintenance.

Depending on your administrative role, you may find some parts of this guide more pertinent to the tasks you perform.

Table 0-1 Pertinent Sections for Administrative Task Areas

Administrative Task Area	Pertinent Sections of This Guide
Routine administration	Part II: Basic Directory Administration Part III Directory Security
Directory planning and deployment in enterprises and hosted environments	Part III Directory Security Part IV Directory Deployment Part V Directory Replication Part VI: Oracle Internet Directory and Clusters Part VII: Oracle Internet Directory Plug-ins
Integration between Oracle Internet Directory and other directories	Part VIII: The Oracle Directory Integration Platform

Part I: Getting Started

Part I provides an overview of the product and its features, a conceptual foundation necessary to configure and manage a directory.

Chapter 1, "Introduction"

This chapter provides an introduction to directories, LDAP, and Oracle Internet Directory features.

Chapter 2, "Concepts and Architecture"

This chapter gives an overview of online directories and Lightweight Directory Access Protocol (LDAP). Provides conceptual descriptions of directory entries, attributes, object classes, naming contexts, schemas, distributed directories, security, and National Language Support. It also discusses Oracle Internet Directory architecture.

Chapter 3, "Preliminary Tasks and Information"

This chapter discusses how to prepare your directory for configuration and use. It tells you how to start and stop OID Monitor and instances of Oracle directory server and Oracle directory replication server. It discusses the need to reset the default security configuration, how to upgrade from earlier releases of Oracle Internet Directory, and how to migrate data from other LDAP-compliant directories.

Chapter 4, "Directory Administration Tools"

This chapter explains how to use the various administration tools: Oracle Directory Manager, command-line tools, bulk tools, Catalog Management tool, OID Database Password Utility, replication tools, and Database Statistics Collection tool.

Part II: Basic Directory Administration

Part II guides you through the tasks required to configure and maintain Oracle Internet Directory.

Chapter 5, "Oracle Directory Server Administration"

This chapter provides instructions for managing server configuration set entries; setting system operational attributes; managing naming contexts and password encryption; configuring searches; managing super, guest, and proxy users; setting debug logging levels; using audit log; viewing active server instance information; and changing the password to an Oracle database server.

Chapter 6, "Directory Schema Administration"

This chapter explains what a directory schema is, what an object class is, and what an attribute is. It tells you how to manage the Oracle Internet Directory schema by using Oracle Directory Manager and the command-line tools.

Chapter 7, "Managing Directory Entries"

This chapter explains how to search, view, add, modify and manage entries by using Oracle Directory Manager and the command-line tools.

Chapter 8, "Globalization Support in the Directory"

This chapter discusses Globalization Support as used by Oracle Internet Directory.

Chapter 9, "The Delegated Administration Service"

This chapter explains the Delegated Administration Service, which enables directory users to modify their own personal data--such as addresses, phone numbers, and photos--without the intervention of an administrator. It also enables users to search other parts of the directory to which they have access. This frees directory administrators for other tasks in the enterprise.

Chapter 10, "Attribute Uniqueness"

This chapter explains the attribute uniqueness feature that enables applications synchronizing with Oracle Internet Directory to use attributes other than distinguished names as their unique keys.

Part III Directory Security

Part III tells how to secure data within the directory itself and within an enterprise deployment of a directory.

Chapter 11, "Directory Security Concepts"

This chapter describes the security features available with Oracle Internet Directory, and explains how to deploy the directory for administrative delegation.

Chapter 12, "Secure Sockets Layer (SSL) and the Directory"

This chapter introduces and explains how to configure the features of Secure Sockets Layer (SSL).

Chapter 13, "Directory Access Control"

This chapter provides an overview of access control policies and describes how to administer directory access.

Part IV Directory Deployment

Part IV discusses important deployment considerations, including capacity planning, high availability, and tuning.

Chapter 14, "General Deployment Considerations"

This chapter discusses general issues to consider when deploying Oracle Internet Directory. This chapter helps you assess the requirements of a directory in an enterprise and make effective deployment choices.

Chapter 15, "Oracle Components and Oracle Internet Directory"

Many Oracle components use Oracle Internet Directory for a variety of purposes. In doing this, they rely on a consolidated Oracle Internet Directory schema and a default Directory Information Tree (DIT). This chapter:

• Describes the consolidated Oracle Internet Directory schema used by various components

• Describes a default DIT structure available when using the various Oracle components

Chapter 16, "Directory-Based Application Security"

This chapter discusses how you can exploit the way Oracle Internet Directory stores access control policies to secure applications in a large enterprise and in hosted environments.

Chapter 17, "Directory Storage of User Authentication Credentials"

This chapter explains how Oracle components store application security credentials in Oracle Internet Directory to make their administration easy for both end users and administrators and to address a major security threat to any enterprise.

Chapter 18, "Password Policies"

This chapter discusses password policies--that is, sets of rules that govern how passwords are used. When a user attempts to bind to the directory, the directory server uses the password policy to ensure that the password meets the requirements set in that policy.

Chapter 19, "Capacity Planning Considerations"

This chapter tells you how to assess applications' directory access requirements and ensure that the Oracle Internet Directory has adequate computer resources to service requests at an acceptable rate.

Chapter 20, "Tuning Considerations"

This chapter gives guidelines for ensuring that the combined hardware and software are yielding the desired levels of performance.

Chapter 21, "High Availability And Failover Considerations"

This chapter describes the availability and failover features of various components in the Oracle Internet Directory technology stack, and provides guidelines for exploiting them optimally for typical directory deployment.

Part V Directory Replication

Part IV provides a detailed discussion of replication and how to manage it.

Chapter 22, "Directory Replication Concepts"

This chapter expands on the discussion about replication in Chapter 2, "Concepts and Architecture".

Chapter 23, "Oracle Directory Replication Server Administration"

This chapter explains how to install and initialize Oracle directory replication server software the first time, and how to install new nodes into an environment where that software is already installed.

Chapter 24, "Addition of a Node by Using the Database Copy Procedure"

This chapter describes an alternate method of adding a node to a replicated directory system if the directory is very large.

Part VI: Oracle Internet Directory and Clusters

Part VI discusses cluster support in Oracle Internet Directory.

Chapter 25, "Failover in Cluster Configurations"

This chapter explains how to increase high availability by using logical hosts--as opposed to physical hosts--in clustered environments.

Chapter 26, "Directory Failover in an Oracle9i Real Application Clusters Environment"

This chapter discusses the ways you can run Oracle Internet Directory in an Oracle Real Application Clusters system.

Part VII: Oracle Internet Directory Plug-ins

Chapter 27, "Oracle Internet Directory Plug-in Framework"

This chapter describes how you can extend the capabilities of the Oracle directory server by using plug-ins developed by either Oracle Corporation or third-party vendors.

Part VIII: The Oracle Directory Integration Platform

Part VII explains the concepts, architecture, and components of the Oracle Directory Integration platform, and tells you how to configure and use it to synchronize multiple directories with Oracle Internet Directory.

Chapter 28, "Oracle Directory Integration Platform Concepts and Components"

This chapter introduces the Oracle Directory Integration platform, its components, architecture, and administration tools.

Chapter 29, "Directory Synchronization"

This chapter discusses directory integration agents and the operations they perform in the Oracle Directory Integration platform. It explains how to manage partner agents by using either Oracle Directory Manager of command-line tools.

Chapter 30, "Oracle Directory Integration Server Administration"

This chapter discusses the Oracle directory integration server and tells you how to configure and manage it.

Chapter 31, "Security in the Oracle Directory Integration Platform"

This chapter discusses the most important aspects of security in the Oracle Directory Integration platform.

Chapter 32, "Bootstrapping of a Directory in the Oracle Directory Integration Platform"

This chapter explains some of the initial setup tasks you may need to perform as you begin using the Oracle Directory Integration platform.

Chapter 33, "Synchronization with Oracle Human Resources"

If you store employee data in Oracle Internet Directory, and if you use Oracle Human Resources to create, modify, and delete that data, then you must ensure that the data is synchronized between the two. This chapter explains the Oracle Human Resources agent, which enables you to do this.

Chapter 34, "Synchronization with iPlanet Directory Server"

This chapter explains how you can synchronize between Oracle Internet Directory and an iPlanet Directory Server by using the Oracle Internet Directory integration solution for the iPlanet Directory Server.

Chapter 35, "Synchronization with Third-Party Metadirectory Solutions"

Oracle Internet Directory uses change logs to enable synchronization with supported third party metadirectory solutions. This chapter describes how change log information is generated and how supporting solutions use that information. It tells you how to enable the directory integration agents of third-party metadirectory solutions so that they can synchronize with Oracle Internet Directory.

Chapter 36, "The Oracle Directory Synchronized Provisioning Platform"

This chapter describes the Oracle Directory Provisioning Integration Service, which enables your applications to receive provisioning information from Oracle Internet Directory.

Part IX: Appendixes

Appendix A, "Syntax for LDIF and Command-Line Tools"

This appendix provides syntax, usage notes, and examples for LDAP Data Interchange Format and LDAP command-line tools.

Appendix B, "The Access Control Directive Format"

This appendix describes the format (syntax) of Access Control Information Items(ACIs).

Appendix C, "Schema Elements"

This appendix lists schema elements supported in Oracle Internet Directory.

Appendix D, "Oracle Wallet Manager"

This appendix describes and explains how to use Oracle Wallet Manager to create and manage wallets and certificates.

Appendix E, "Upgrading Oracle Internet Directory"

This appendix tells you how to upgrade to Oracle Internet Directory Release 9.0.2 from Oracle Internet Directory release 2.1.1.

Appendix F, "Migrating Data from Other LDAP-Compliant Directories"

This appendix explains the steps to migrate data from LDAP v3-compatible directories into Oracle Internet Directory.

Appendix G, "The LDAP Filter Definition"

This appendix, copied with permission from the Internet Engineering Task Force (IETF), describes a directory access protocol that provides both read and update access.

Appendix H, "Troubleshooting"

This appendix lists possible failures and error codes and their probable causes.

Appendix I, "Migrating User Data from Application-Specific Repositories"

This appendix explains how to migrate data from application-specific repositories by first creating an intermediate template file, and then running the OID Migration Tool.

Related Documentation

For more information, see:

• Online help available through Oracle Directory Manager, the Delegated Administration Service, and Oracle Enterprise Manager

• Oracle Internet Directory Administrator's Guide Addendum on the Oracle Technology Network at http://otn.oracle.com

• The Oracle9i Application Server and Oracle9i documentation sets, especially:
  • Oracle Internet Directory Application Developer's Guide

  • Oracle9i Database Administrator's Guide

  • Oracle9i Application Developer's Guide - Fundamentals

  • Oracle9i Application Server Administrator's Guide

  • Oracle9i Net Services Administrator's Guide

  • Oracle9i Real Application Clusters Administration

  • Oracle9i Replication

  • Oracle Advanced Security Administrator's Guide

In North America, printed documentation is available for sale in the Oracle Store at

http://oraclestore.oracle.com/

Customers in Europe, the Middle East, and Africa (EMEA) can purchase documentation from

http://www.oraclebookshop.com/

Other customers can contact their Oracle representative to purchase printed documentation.

To download free release notes, installation documentation, white papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registration is free and can be done at

http://technet.oracle.com/membership/index.htm

If you already have a username and password for OTN, then you can go directly to the documentation section of the OTN Web site at

http://technet.oracle.com/docs/index.htm

For additional information, see:

• Chadwick, David. Understanding X.500--The Directory. Thomson Computer Press, 1996.

• Howes, Tim and Mark Smith. LDAP: Programming Directory-enabled Applications with Lightweight Directory Access Protocol. Macmillan Technical Publishing, 1997.

• Howes, Tim, Mark Smith and Gordon Good, Understanding and Deploying LDAP Directory Services. Macmillan Technical Publishing, 1999.

• Internet Assigned Numbers Authority home page, http://www.iana.org, for information about object identifiers

• Internet Engineering Task Force (IETF) documentation, especially:
  • http://www.ietf.org for the IETF home page

  • http://www.ietf.org/html.charters/ldapext-charter.html for the ldapext charter and LDAP drafts)

  • http://www.ietf.org/html.charters/ldup-charter.html for the LDUP charter and drafts

  • http://www.ietf.org/rfc/rfc2254.txt, "The String Representation of LDAP Search Filters"

  • http://www.ietf.org/rfc/rfc1823.txt, "The LDAP Application Program Interface"

• The OpenLDAP Community, http://www.openldap.org

Conventions

This section describes the conventions used in the text and code examples of this documentation set. It describes:

• Conventions in Text

• Conventions in Code Examples

• Conventions for Windows Operating Systems

Conventions in Text

We use various conventions in text to help you more quickly identify special terms. The following table describes those conventions and provides examples of their use.

Convention	Meaning	Example
Bold	Bold typeface indicates terms that are defined in the text or terms that appear in a glossary, or both.	When you specify this clause, you create an index-organized table.
Italics	Italic typeface indicates book titles or emphasis.	Oracle9i Database Concepts Ensure that the recovery catalog and target database do not reside on the same disk.
UPPERCASE monospace (fixed-width font)	Uppercase monospace typeface indicates elements supplied by the system. Such elements include parameters, privileges, datatypes, RMAN keywords, SQL keywords, SQL*Plus or utility commands, packages and methods, as well as system-supplied column names, database objects and structures, user names, and roles.	You can specify this clause only for a NUMBER column. You can back up the database by using the BACKUP command. Query the TABLE_NAME column in the USER_TABLES data dictionary view. Use the DBMS_STATS.GENERATE_STATS procedure.
lowercase monospace (fixed-width font)	Lowercase monospace typeface indicates executables, filenames, directory names, and sample user-supplied elements. Such elements include computer and database names, net service names, and connect identifiers, as well as user-supplied database objects and structures, column names, packages and classes, user names and roles, program units, and parameter values. Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown.	Enter sqlplus to open SQL*Plus. The password is specified in the orapwd file. Back up the datafiles and control files in the /disk1/oracle/dbs directory. The department_id, department_name, and location_id columns are in the hr.departments table. Set the QUERY_REWRITE_ENABLED initialization parameter to true. Connect as oe user. The JRepUtil class implements these methods.
lowercase monospace (fixed-width font) italic	Lowercase monospace italic font represents placeholders or variables.	You can specify the parallel_clause. Run Uold_release.SQL where old_release refers to the release you installed prior to upgrading.

Conventions in Code Examples

Code examples illustrate SQL, PL/SQL, SQL*Plus, or other command-line statements. They are displayed in a monospace (fixed-width) font and separated from normal text as shown in this example:

SELECT username FROM dba_users WHERE username = 'MIGRATE';

The following table describes typographic conventions used in code examples and provides examples of their use.

Convention	Meaning	Example
[ ]	Brackets enclose one or more optional items. Do not enter the brackets.	DECIMAL (digits [ , precision ])
{ }	Braces enclose two or more items, one of which is required. Do not enter the braces.	{ENABLE | DISABLE}
|	A vertical bar represents a choice of two or more options within brackets or braces. Enter one of the options. Do not enter the vertical bar.	{ENABLE | DISABLE} [COMPRESS | NOCOMPRESS]
...	Horizontal ellipsis points indicate either: That we have omitted parts of the code that are not directly related to the example That you can repeat a portion of the code	CREATE TABLE ... AS subquery; SELECT col1, col2, ... , coln FROM employees;
. . .	Vertical ellipsis points indicate that we have omitted several lines of code not directly related to the example.
Other notation	You must enter symbols other than brackets, braces, vertical bars, and ellipsis points as shown.	acctbal NUMBER(11,2); acct CONSTANT NUMBER(4) := 3;
Italics	Italicized text indicates placeholders or variables for which you must supply particular values.	CONNECT SYSTEM/system_password DB_NAME = database_name
UPPERCASE	Uppercase typeface indicates elements supplied by the system. We show these terms in uppercase in order to distinguish them from terms you define. Unless terms appear in brackets, enter them in the order and with the spelling shown. However, because these terms are not case sensitive, you can enter them in lowercase.	SELECT last_name, employee_id FROM employees; SELECT * FROM USER_TABLES; DROP TABLE hr.employees;
lowercase	Lowercase typeface indicates programmatic elements that you supply. For example, lowercase indicates names of tables, columns, or files. Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown.	SELECT last_name, employee_id FROM employees; sqlplus hr/hr CREATE USER mjones IDENTIFIED BY ty3MU9;

Conventions for Windows Operating Systems

The following table describes conventions for Windows operating systems and provides examples of their use.

Convention	Meaning	Example
Choose Start >	How to start a program. For example, to start Oracle Database Configuration Assistant, you must click the Start button on the taskbar and then choose Programs > Oracle - HOME_NAME > Database Administration > Database Configuration Assistant.	Choose Start > Programs > Oracle - HOME_NAME > Database Administration > Database Configuration Assistant
C:\>	Represents the Windows command prompt of the current hard disk drive. Your prompt reflects the subdirectory in which you are working. Referred to as the command prompt in this guide.	C:\oracle\oradata>
HOME_NAME	Represents the Oracle home name. The home name can be up to 16 alphanumeric characters. The only special character allowed in the home name is the underscore.	C:\> net start OracleHOME_NAMETNSListener
ORACLE_HOME and ORACLE_BASE	In releases prior to 8.1, when you installed Oracle components, all subdirectories were located under a top level ORACLE_HOME directory that by default was: C:\orant for Windows NT C:\orawin95 for Windows 95 C:\orawin98 for Windows 98 or whatever you called your Oracle home. In this Optimal Flexible Architecture (OFA)-compliant release, all subdirectories are not under a top level ORACLE_HOME directory. There is a top level directory called ORACLE_BASE that by default is C:\oracle. If you install release 9.0 on a computer with no other Oracle software installed, the default setting for the first Oracle home directory is C:\oracle\ora90. The Oracle home directory is located directly under ORACLE_BASE. All directory path examples in this guide follow OFA conventions. See Oracle9i Database Getting Started for Windows for additional information on OFA compliances and for information on installing Oracle products in non-OFA compliant directories.	Go to the ORACLE_BASE\ORACLE_HOME\rdbms\admin directory.

Documentation Accessibility

Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Standards will continue to evolve over time, and Oracle Corporation is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For additional information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility.

Accessibility of Code Examples in Documentation

JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consists solely of a bracket or brace.