Skip Headers

Oracle Internet Directory Administrator's Guide
Release 9.0.2
Part Number A95192-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to next page

C
Schema Elements

This appendix briefly lists different schema elements supported by Oracle Internet Directory. Most of these elements are used as defined by the ldapext and ASID working groups of the Internet Engineering Task Force (IETF).

See Also:

The following URLs on the World Wide Web:

This appendix contains these topics:

IETF Requests for Comments (RFCs) Enforced by Oracle Internet Directory

Oracle Internet Directory enforces the following Requests for Comments (RFCs) of the Internet Engineering Task Force (IETF):

RFC Title URL

1777

Lightweight Directory Access Protocol

http://www.ietf.org/rfc/rfc1777.txt

1778

The String Representation of Standard Attribute Syntaxes

http://www.ietf.org/rfc/rfc1778.txt

1779

A String Representation of Distinguished Names

http://www.ietf.org/rfc/rfc1779.txt

1960

A String Representation of LDAP Search Filters

http://www.ietf.org/rfc/rfc1960

2079

Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)

http://www.ietf.org/rfc/rfc2079.txt

2247

Using Domains in LDAP/X.500 Distinguished Names

http://www.ietf.org/rfc/rfc2247.txt

2251

Lightweight Directory Access Protocol (v3)

http://www.ietf.org/rfc/rfc2251.txt

2252

Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions

http://www.ietf.org/rfc/rfc2252.txt

2253

Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names

http://www.ietf.org/rfc/rfc2253.txt

2254

The String Representation of LDAP Search Filters

http://www.ietf.org/rfc/rfc2254.txt

2255

The LDAP URL Format

http://www.ietf.org/rfc/rfc2255.txt

2256

A Summary of the X.500(96) User Schema for use with LDAPv3

http://www.ietf.org/rfc/rfc2256.txt

IETF Drafts Enforced by Oracle Internet Directory

Oracle Internet Directory enforces the following two drafts of the IETF:

Draft Title URL

"Definition of the inetOrgPerson LDAP Object Class"

http://ietf.org/rfc/rfc2798.txt

"Referrals and Knowledge References in LDAP Directories"

http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-ldapext-knowledge-00.txt

Proprietary Oracle Internet Directory Schema Elements

Oracle Internet Directory's proprietary schema includes attributes and object classes in these categories:

In addition, Oracle Internet Directory installation includes schema elements that enable specific Oracle products to use Oracle Internet Directory. For information about these schema elements, see the documentation for the specific Oracle product.

Access Control

Attributes Object Class

orclEntryLevelACI, orclACI

orclPrivilegeGroup

Replication

Attributes Object Classes

orclGUID, changeNumber changeType, changes, orclParentGUID, server, supplier, consumer, orclReplBindDN, orclReplBindPassword, changeLog, changeStatus, orclChangeRetryCount, orclPurgeSchedule, orclDirReplGroupAgreement, orclAgreementId, orclSupplierReference,orclConsumerReference, orclReplicationProtocol, orclUpdateSchedule, targetDN, orclExcludedNamingcontexts, orclDirReplGroupDSAs

changeLogEntry, changeStatusEntry, orclReplAgreementEntry

Oracle Internet Directory Configuration

Attributes Object Class

orcldebugflag, orclMaxCC, orclDBType, orclSuffix, orclDITRoot, orclSuName, orclSuPassword, orclSizeLimit, orclTimeLimit, orclGuName, orclGuPassword, orclServerProcs, orclconfigsetnumber, orclhostname, orclIndexedAttribute, orclCatalogEntryDN, orclServerMode, orclPrName, orclPrPassword, orclUseEncrypt, orclDirectoryVersion

subconfig, orclConfigSet, orclLDAPSubConfig, orclREPLSubConfig, orclcontainerOC, subregistry, orclLDAPInstance, orclREPLInstance, orclIndexOC, orcleventLog, orclEvents

SSL

Note:

These attribute values are stored as part of configuration entries.

Attributes: orclsslAuthentication, orclsslEnable, orclsslWalletURL, orclsslWalletPasswd, orclsslPort, orclsslVersion

Audit Log

Attributes Object Class

orclServerEvent, orcleventtype, orclauditattribute, orclauditmessage, orcleventtime, orcluserdn, orclSequence, orclAuditLevel, orclOpResult

OrclAuditOC

Configuration Set Entry Attributes

The following table lists and describes the entire set of configuration set entry attributes that are used to configure an instance of a directory server.

Parameter Description

orcldebugflag

Debug level associated with this instance of the server. The default for configset0 is 0. The range is 0 to 65535.

orclmaxcc

Maximum number of concurrent database connections. The default for configset0 is 10. You cannot use a negative value for this attribute.

orclserverprocs

Number of server processes to start. The default for configset0 is 1. You cannot use a negative value for this attribute.

orclsslport

SSL mode default port (default 636). When you run the directory in the secure mode, it listens at default port 636 and accepts only SSL-based TCP/IP connections. (When you run the directory in the normal mode, it listens at default port 389, accepting normal TCP/IP connections.) You might want to change this port when you add multiple LDAP server instances.

orclnonsslport

Non-SSL mode default port (default 389).

orclsslenable

Flag for toggling SSL on and off. You would want to toggle this flag when you use different instances of the same server for either SSL or non-SSL. You may use either of the following two values:

  • 0 = disables SSL (default in configuration set0)

  • 1 = enables SSL

The default is 0.

orclsslauthentication

Flag, with values of 1, 32, or 64, for specifying the type of authentication you elect to use for each instance of the Oracle directory server. The default value, 1, specifies no authentication. You can run different values concurrently for different instances. Values of one-way and two-way authentication require wallets. You may use one of the following three values:

  • 1 = no SSL authentication

  • 32 = one-way SSL authentication (the server sends its certificate to the client)

  • 64 = two-way SSL authentication (client and server send certificates to each other)

orclsslwalleturl

Sets the location of the Oracle wallet. You initially set this value when you create the wallet. If you elect to change the location of the Oracle wallet, you must change this parameter. You must set the wallet location on both the client and the server. For example, on Solaris, you could set this parameter as follows: 

orclsslwalleturl=file:/Home/my_dir/

On Windows NT, you could set this parameter as follows: 

file:Home\my_dir\

orclsslwalletpasswd

Password used by the server to open its wallet. You initially set this value when you create the wallet. If you elect to change the wallet password, you must change this parameter. You must set the wallet password on both the client and the server.

orclsslversion

SSL version. The default is 3.

See Also:

LDAP Syntax

Syntax defines the type of values that an attribute can hold. Oracle Internet Directory recognizes most of the syntax specified in RFC 2252, that is, it allows you to associate most of the syntax described in that document with an attribute. In addition to recognizing most LDAP syntax, Oracle Internet Directory enforces some LDAP syntax.

This section covers topics in the following subsections:

LDAP Syntax Enforced by Oracle Internet Directory

Oracle Internet Directory enforces LDAP syntax for the following:

Commonly Used LDAP Syntax Recognized by Oracle Internet Directory

The following LDAP syntax is more commonly used:

Attribute Type Description

Numeric String

Boolean

Object Class Description

Certificate

Octet String

Directory String

OID

DN

Presentation Address

Facsimile Telephone Number

Printable String

INTEGER

Telephone Number

JPEG

UTC Time

Name And Optional UID

Additional LDAP Syntax Recognized by Oracle Internet Directory

In addition to the commonly used LDAP syntax defined above, Oracle Internet Directory recognizes LDAP syntax for the following:

Access Point

LDAP Schema Description

ACI Item

LDAP Syntax Description

Audio

Mail Preference

Binary

Master And Shadow Access Points

Bit String

Matching Rule

Certificate List

Matching Rule Use Description

Certificate Pair

MHS OR Address

Country String

Modify Rights

Data Quality Syntax

Name Form Description

Delivery Method

Object Class Description

DIT Content Rule Description

Octet String

DIT Structure Rule Description

Other Mailbox

DL Submit Permission

Postal Address

DSA Quality Syntax

Protocol Information

DSE Type

Substring Assertion

Enhanced Guide

Subtree Specification

Fax

Supplier And Consumer

Generalized Time

Supplier Information

Guide

Supplier Or Consumer

IA5 String

Supported Algorithm

LDAP Schema Definition

Teletex TerminalIdentifier

Telex Number

Size of Attribute Values

Syntax does not put any specific size constraint on attribute values. You can, however, use syntax to specify the size of the attribute value. Oracle Internet Directory does not enforce the 'len' characteristics on the attribute.

For example, to limit an attribute foo to a size of 64, you would define the attribute as follows: 

(object_identifier_of_attribute NAME 'foo' EQUALITY caseIgnoreMatch SYNTAX 
'object_identifier_of_syntax{64}')

See Also:

Section 4.1.6 f of RFC2251 for more information on Attribute Value. You can find this RFC at the following URL: http://www.ietf.org/rfc/rfc2251.txt.

Matching Rules

Oracle Internet Directory recognizes the following matching rules definitions in the schema.

accessDirectiveMatch

IntegerMatch

bitStringMatch

numericStringMatch

caseExactMatch

objectIdentifierFirstComponentMatch

caseExactIA5Match

ObjectIdentifierMatch

caseIgnoreIA5Match

OctetStringMatch

caseIgnoreListMatch

presentationAddressMatch

caseIgnoreMatch

protocolInformationMatch

caseIgnoreOrderingMatch

telephoneNumberMatch

distinguishedNameMatch

uniqueMemberMatch

generalizedTimeMatch

generalizedTimeOrderingMatch

Of the matching rules in the previous list, Oracle Internet Directory actually enforces the following when it compares attribute values:

distinguishedNameMatch

caseExactMatch

caseIgnoreMatch

numericStringMatch

IntegerMatch

telephoneNumberMatch

Schema to Represent a User

A user is represented using the following object classes: OrclUser, OrclUserV2, in addition to inetOrgPerson. The following table describes the attribute names.

Attribute Name Mandatory or Optional Description

OrclGUID

Optional

Specifies a Unique Global ID to identify the user.

Cn

Mandatory

Specifies user's first name and/or common nickname.

Sn

Mandatory

Specifies a user's last name or surname.

GivenName

Optional

Specifies a user's given name.

MiddleName

Optional

Specifies a user's middle name, if any.

DisplayName

Optional

Specifies the name used by GUI tools for display purposes.

OrclMaidenName

Optional

Specifies a user's maiden name, if any.

OrclDateOfBirth

Optional

Specifies a user's birthdate, includes year in yyyymmdd format.

Street

Optional

Specifies the street and location associated with a user's office address.

L

Optional

Specifies the city for a user's office address.

PostalCode

Optional

Specifies the postal code associated with a user's office address.

St

Optional

Specifies the state associated with a user's office address.

C

Optional

Specifies the country associated with a user's office address.

EmployeeNumber

Optional

Specifies a user's employee number, if applicable.

O

Optional

Specifies the organization for which a user works.

Title

Optional

Specifies a user's designation.

Manager

Optional

Specifies the DN of a user's manager.

OrclHireDate

Optional

Specifies the date on which a user was hired by the organization.

Mail

Optional

Specifies a user's e-mail address.

JpegPhoto

Optional

Specifies a photograph of a user.

TelephoneNumber

Optional

Specifies a user's office or work telephone number.

Mobile

Optional

Specifies a user's mobile phone number.

Pager

Optional

Specifies a user's pager number.

FacsimileTelephoneNumber

Optional

Specifies a user fax number.

HomePostalAddress

Optional

Specifies the complete residential postal address of a user. The value is specified as $ separated values for different address components. For example, XYZ Avenue $ Apt. 2 $ San Francisco $ CA $ 92345 $ USA

HomePhone

Optional

Specifies a user's residential phone number.

UserPassword

Optional

Specifies a password to be used for authenticating a user.

OrclActiveStartDate

Optional

Specifies the time from which the user should be allowed to authenticate. The Value is represented in Universal Coordinated Time (UTC) time format. If the attribute is missing, the user is allowed to authenticate immediately.

OrclActiveEndDate

Optional

Specifies the date beyond which a user should not be allowed to authenticate. The value is represented in UTC time format.

OrclPasswordHint

Optional

Specifies the hint to use if a user forgets their password.

OrclPasswordHintAnswer

Optional

Specifies the answer to the password hint question.

OrclIsEnabled

Optional

Specifies if a user is currently enabled to authenticate. Valid values are ENABLED (or attribute not present in the user entry) and DISABLED. A user can successfully authenticate only if a user is enabled or the attribute is not present in the entry.

PreferredLanguage

Optional

Specifies the preferred language for communication with a user.

OrclTimeZone

Optional

Specifies the time zone applicable for a user location.

OrclDefaultProfileGroup

Optional

Specifies the DN of the group to use as default for a user's profile.

OrclIsVisible

Optional

Specifies if a user should display in a regular user search. Valid values are TRUE (or not present) and FALSE. If the attribute is not present, then a user record is visible.

OrclDisplayPersonal
Information

Optional

Specifies if a user chooses to display personal information in a user search. Valid values are TRUE (or not present) and FALSE.

OrclWorkflowNotification Preference

Optional

Specifies the preferred delivery mechanism for sending workflow notification to a user.
Go to previous page Go to next page
Oracle
Copyright © 1999, 2002 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index