Oracle Internet Directory Administrator's Guide Release 9.0.2 Part Number A95192-01 |
|
This section provides a brief description of new features introduced with the latest releases of Oracle Internet Directory, and points you to more information about each one. It contains these topics:
This section describes the new features introduced with Oracle Internet Directory Release 9.0.2.
Enhanced Performance and High Availability
The Oracle Provisioning Integration Service ensures that subscribing applications or business entities are alerted to updates in Oracle Internet Directory for the purpose of keeping local repositories in synch. It enables you to synchronize local, application-specific information by using Oracle Internet Directory as a source of truth.
You can now use salted SHA as a hashing algorithm. This means that you can now select from these available hashing algorithms:
You can also use salted SHA. A salt is a random number added to and stored with the hash value. It prevents pre-computed dictionary attacks by making it extremely expensive to recover the value that was originally hashed.
See Also:
uid=dlin, ou=people, o=oracle
, then this would be unique directly under ou=people
. However, you could have the same user identifier in another branch--for example, uid=dlin, ou=others, o=oracle
. In short, attribute uniqueness was guaranteed only under a given branch, and only within one level.
The applications Oracle Internet Directory synchronizes with can use attributes other than DN as their unique keys. The ability of Oracle Internet Directory to enforce attribute uniqueness enables all applications their own notions of "user," to synchronize their user base with a user repository stored in an enterprise's Oracle Internet Directory server.
The Delegated Administration Service Self-Service Console gives authorized end users a view of their personalized preferences and the ability to update their Oracle9iAS Single Sign-On password. It provides an intuitive user interface for searching for people and other directory-based resource information within Oracle Internet Directory.
You can use the Self-Service Console to configure the object classes, user groups, permissions, and other elements of directory information metadata stored in Oracle Internet Directory.
In general, any directory-specific configuration or maintenance task not available at the high-level OEM GUI is now doable through ODM, as well as command-line interfaces supplied with Oracle Internet Directory.
dc=server1, dc=us, dc=oracle, dc=com
. Oracle Internet Directory stores, parses, and chases all alias references for complete client-side transparency.
Administrators can now use the Delegated Administration Service and its accompanying console to:
The Oracle Internet Directory Self-Service Console provides a unified resource for directory administrators, directory service subscribers, and end users.
These procedures enable you to upgrade from Oracle Internet Directory release 2.1.1. and release 3.0.1.
This section describes the new features introduced with Oracle Internet Directory Release 3.0.1.
This new feature enables you to run more than one installation of Oracle Internet Directory on a single host. You can then replicate between them or use this new feature as part of a failover strategy.
This new service enables directory users to modify their own personal data--such as addresses, phone numbers, and photos--without the intervention of an administrator. It also enables users to search other parts of the directory to which they have access. This frees directory administrators for other tasks in the enterprise.
This new feature enables you to increase high availability by using logical hosts--as opposed to physical hosts--in clustered environments.
Oracle9i Real Application Clusters is a computing environment that harnesses the processing power of multiple, interconnected computers. Along with a collection of hardware, called a cluster, it unites the processing power of each component to become a single, robust computing environment. A cluster comprises two or more computers, also called nodes.
You can run Oracle Internet Directory in an Oracle Real Application Clusters system.
In this paradigm, the directory server binds to the logical host, rather than the physical host. It maintains this connection even if the logical host fails over to a new physical host.
A client connects to the directory server by using the logical host name and address of the server. If the logical host fails over to a new physical host, then that failover is transparent to the client.
This new feature enables you to synchronize various directories with Oracle Internet Directory. It also makes it easier for third party metadirectory vendors and developers to develop and deploy their own connectivity agents.
Password policy management enables you to establish and enforce rules for how passwords are used.
See Also:
|
These procedures enable you to upgrade from Oracle Internet Directory release 2.1.1.
The Oracle directory server and database tools are no long restricted to run on a UTF8 database.
This section describes the new features introduced with Oracle Internet Directory release 2.1.1.
Attribute options enable you to specify how the value for an attribute is made available in a search or a compare operation. For example, suppose that an employee has two addresses, one in London, the other in New York. Options for that employee's address
attribute could allow you to store both addresses. Users could then search for either address.
Attribute options can include language codes. For example, options for John Doe's givenName
attribute could enable you to store his given name in both French and Japanese. A user could then search for the name in either language.
These enhancements enable you to specify the type of change log purging to use: change number-based or time-based.
See Also:
|
This enhanced support enables you to use one or more of these attributes in searches.
See Also:
|
This new feature enables you to migrate data from other LDAP v3-compatible directories into Oracle Internet Directory.
Object class explosion enables you to add or perform an operation on an entry without specifying the entire hierarchy of superclasses associated with that entry.
See Also:
"Guidelines for Adding Object Classes" for an explanation of how to use this feature when adding object classes |
This tool assists in capacity planning. It helps you analyze the various database schema objects so that you can estimate the statistics.
This new feature enhances the available password protection by storing passwords as hashed values. Storing passwords as one-way hashed values--rather than as encrypted values--more fully secures them because a malicious user can neither read nor decrypt them. You can select one of the following hashing algorithms:
See Also:
The following new replication tools are now added:
This tool enables you to move changes from the human intervention queue to either the retry queue or the purge queue.
This tool enables you to synchronize conflicting changes in a replicated environment.
See Also:
|
This new feature enables you to delete a node from a directory replication group.
If you are working in a metadirectory environment, then this new feature enables you to form a single virtual directory by synchronizing multiple directories with Oracle Internet Directory.
Note: This feature was replaced in Release 9.0.2 by the Oracle Directory Integration platform. See Chapter 28, "Oracle Directory Integration Platform Concepts and Components" for further information. |
These new procedures enable you to upgrade from either Oracle Internet Directory release 2.0.4.x or release 2.0.6. Not supported in release 2.1.1.1 or in Release 9.0.2.
|
Copyright © 1999, 2002 Oracle Corporation. All Rights Reserved. |
|