Skip Headers
Oracle® Internet Directory Administrator's Guide,
10
g
Release 2 (10.1.2)
B14082-02
Home
Solution Area
Index
Next
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Internet Directory?
New Features Introduced with Oracle Internet Directory 10g Release 2 (10.1.2)
New Features Introduced with Oracle Internet Directory 10
g
(9.0.4)
About Oracle Internet Directory Release 9.2
New Features Introduced with Oracle Internet Directory Release 9.0.2
New Features Introduced with Oracle Internet Directory Release 3.0.1
New Features Introduced with Oracle Internet Directory Release 2.1.1
Part I Getting Started
1
Introduction to LDAP and Oracle Internet Directory
1.1
What Is a Directory?
1.1.1
The Expanding Role of Online Directories
1.1.2
The Problem: Too Many Special-Purpose Directories
1.2
What Is the Lightweight Directory Access Protocol (LDAP)?
1.2.1
LDAP and Simplified Directory Management
1.2.2
LDAP Version 3
1.3
Oracle Identity Management
1.4
What Is Oracle Internet Directory?
1.4.1
Overview of Oracle Internet Directory
1.4.2
Components of Oracle Internet Directory
1.4.3
Advantages of Oracle Internet Directory
1.4.3.1
Scalability
1.4.3.2
High Availability
1.4.3.3
Security
1.4.3.4
Integration with the Oracle Environment
1.5
How Oracle Components Use Oracle Internet Directory
1.5.1
Easier and More Cost-Effective Administration of Applications
1.5.2
Tighter Security Through Centralized Security Policy Administration
1.5.3
Integration of Multiple Directories
2
Directory Concepts and Architecture
2.1
Oracle Internet Directory Architecture
2.1.1
An Oracle Internet Directory Node
2.1.2
An Oracle Directory Server Instance
2.1.3
Directory Metadata
2.1.4
Configuration Set Entries
2.2
Example: How Oracle Internet Directory Works
2.3
Entries
2.3.1
Distinguished Names (DNs) and Directory Information Trees (DITs)
2.3.2
Entry Caching
2.4
Attributes
2.4.1
Kinds of Attribute Information
2.4.2
Single-Valued and Multivalued Attributes
2.4.3
Common LDAP Attributes
2.4.4
Attribute Syntax
2.4.5
Attribute Matching Rules
2.4.6
Attribute Options
2.5
Object Classes
2.5.1
Subclasses, Superclasses, and Inheritance
2.5.2
Object Class Types
2.5.2.1
Structural Object Classes
2.5.2.2
Auxiliary Object Classes
2.5.2.3
Abstract Object Classes
2.6
Naming Contexts
2.7
Security
2.8
Globalization Support
2.9
Distributed Directories
2.9.1
Directory Replication
2.9.2
Directory Partitioning
2.10
Knowledge References and Referrals
2.11
Oracle Delegated Administration Services and the Oracle Internet Directory Self-Service Console
2.12
The Service Registry and Service to Service Authentication
2.13
Oracle Directory Integration and Provisioning
2.14
Oracle Internet Directory and Identity Management
2.14.1
About Identity Management
2.14.2
About the Oracle Identity Management Infrastructure
2.14.3
Identity Management Realms
2.14.3.1
Default Identity Management Realm
2.14.3.2
Identity Management Policies
2.15
Resource Information
2.15.1
Resource Type Information
2.15.2
Resource Access Information
2.15.3
Location of Resource Information in the DIT
3
Post-Installation Tasks and Information
3.1
Task 1: Reset the Default Security Configuration
3.2
Task 2: Reset the Default Password for the Database
3.3
Task 3: Run the OID Database Statistics Collection Tool
3.4
Tasks to Perform After Upgrading from Release 9.0.2
3.4.1
Set ACL Policy on Groups Container after Upgrade from Release 9.0.2
3.5
Determining LDAP Port Assignment on UNIX and Linux
3.6
Log File Locations
4
Directory Administration Tools
4.1
Using Oracle Directory Manager
4.1.1
Starting Oracle Directory Manager
4.1.2
Connecting to a Directory Server by Using Oracle Directory Manager
4.1.3
Navigating Oracle Directory Manager
4.1.3.1
Overview of Oracle Directory Manager
4.1.3.2
The Oracle Directory Manager Menu Bar
4.1.3.3
The Oracle Directory Manager Toolbar
4.1.4
Connecting to Additional Directory Servers by Using Oracle Directory Manager
4.1.5
Disconnecting from a Directory Server by Using Oracle Directory Manager
4.1.6
Configuring the Display and Duration of Searches in Oracle Directory Manager
4.1.7
Performing Administrative Tasks by Using Oracle Directory Manager
4.2
Process Control of Oracle Internet Directory Components
4.2.1
Tools and Daemons Important to Oracle Internet Directory Process Control
4.2.2
Oracle Internet Directory Integration with OPMN
4.2.2.1
Semantics of OPMN Monitoring Oracle Internet Directory
4.2.2.2
Oracle Internet Directory Snippet in OPMN.XML
4.2.2.3
Semantics of OPMN Starting Oracle Internet Directory
4.2.2.4
Semantics of OPMN Stopping Oracle Internet Directory
4.2.2.5
Semantics of OPMN Monitoring OIDMON
4.2.3
Oracle Internet Directory Process Control–Best Practices
4.2.3.1
Changing the Configuration of the Default OID LDAP Server Instance
4.2.3.2
Configuring Additional Oracle Internet Directory LDAP Server Instances
4.2.3.3
Deconfiguring the Default Oracle Internet Directory LDAP Server Instance
4.2.3.4
Configuring an Instance of the Oracle Internet Directory Replication Server
4.2.3.5
Configuring an Oracle Directory Integration and Provisioning Server Instance
4.2.4
OIDMON and the ODS_PROCESS Table
4.2.5
OIDCTL Process Control Semantics
4.3
Using Command-Line Tools
4.3.1
Command-Line Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers
4.3.2
Command-Line Tools for Managing Entries and Attributes
4.3.3
Command-Line Tools for Performing Bulk Operations
4.3.4
Command-Line Tools for Managing Replication
4.3.5
OID Migration Tool (ldifmigrator)
4.3.6
OID Database Statistics Tool (oidstats.sql)
4.3.7
OID Database Password Utility (oidpasswd)
4.4
Routine Administration at a Glance
Part II Basic Directory Administration
5
Oracle Directory Server Administration
5.1
Managing Server Configuration Set Entries
5.1.1
Preliminary Considerations for Managing Configuration Set Entries
5.1.2
Managing Server Configuration Set Entries by Using Oracle Directory Manager
5.1.2.1
Viewing Configuration Set Entries by Using Oracle Directory Manager
5.1.2.2
Adding Configuration Set Entries by Using Oracle Directory Manager
5.1.2.3
Modifying Configuration Set Entries by Using Oracle Directory Manager
5.1.2.4
Deleting Configuration Set Entries by Using Oracle Directory Manager
5.1.3
Managing Server Configuration Set Entries by Using Command-Line Tools
5.1.3.1
Adding Configuration Set Entries by Using ldapadd
5.1.3.2
Modifying and Deleting Configuration Set Entries by Using ldapmodify
5.2
Setting System Operational Attributes
5.2.1
Setting System Operational Attributes by Using Oracle Directory Manager
5.2.2
Setting System Operational Attributes by Using ldapmodify
5.3
Managing Naming Contexts
5.3.1
Publishing Naming Contexts by Using Oracle Directory Manager
5.3.2
Publishing Naming Contexts by Using ldapmodify
5.4
Managing Super Users, Guest Users, and Proxy Users
5.4.1
About Super Users, Guest, Users, and Proxy Users
5.4.2
Managing Super Users, Guest Users, and Proxy Users by Using Oracle Directory Manager
5.4.3
Managing Super Users, Guest Users, and Proxy Users by Using ldapmodify
5.5
Managing Anonymous Binds
5.6
Viewing Active Server Instance Information
5.7
Closing Idle LDAP Connections
5.8
Changing the Password to the Oracle Internet Directory Database Server
5.9
Dereferencing Alias Entries
5.9.1
About Alias Entries
5.9.2
Examples: Using Alias Entry Dereferencing
5.9.2.1
Example: Adding an Alias Entry
5.9.2.2
Examples: Searching the Directory with Alias Entries
5.9.2.3
Example: Modifying Alias Entries
5.9.3
Success and Error Messages
5.10
Locating Directory Servers in a Distributed Environment
5.10.1
Static Directory Server Discovery by Using the Directory Server Usage File (ldap.ora)
5.10.2
Dynamic Directory Server Discovery by Using the Domain Name System (DNS)
5.10.2.1
How a Client Locates a Directory Server by Using DNS
5.10.2.2
Registering a Directory Server with the Domain Name System
6
Directory Entries Administration
6.1
Managing Entries by Using Oracle Directory Manager
6.1.1
Searching for Entries by Using Oracle Directory Manager
6.1.2
Viewing Attributes for a Specific Entry by Using Oracle Directory Manager
6.1.3
Adding Entries by Using Oracle Directory Manager
6.1.3.1
Adding a New Entry by Using Oracle Directory Manager
6.1.3.2
Adding an Entry by Copying an Existing Entry in Oracle Directory Manager
6.1.3.3
Example: Adding a User Entry by Using Oracle Directory Manager
6.1.4
Modifying Entries by Using Oracle Directory Manager
6.1.4.1
Example: Modifying a User Entry by Using Oracle Directory Manager
6.1.5
Managing Entries with Attribute Options by Using Oracle Directory Manager
6.1.5.1
Adding an Attribute Option to an Existing Entry by Using Oracle Directory Manager
6.1.5.2
Modifying an Attribute Option by Using Oracle Directory Manager
6.1.5.3
Deleting an Attribute Option by Using Oracle Directory Manager
6.2
Managing Entries by Using Command-Line Tools
6.2.1
Command-Line Tools for Managing Entries
6.2.1.1
Example: Adding a User Entry by Using ldapadd
6.2.1.2
Example: Modifying a User Entry by Using ldapmodify
6.2.2
Managing Entries with Attribute Options by Using Command-Line Tools
6.2.2.1
Example: Adding an Attribute Option by Using ldapmodify
6.2.2.2
Example: Deleting an Attribute Option by Using ldapmodify
6.2.2.3
Example: Searching for Entries with Attribute Options by Using ldapsearch
6.3
Managing Entries by Using Bulk Tools
6.3.1
Importing an LDIF File by Using bulkload
6.3.1.1
Task 1: Back Up the Oracle Database Server
6.3.1.2
Task 2: Find Out the Oracle Internet Directory Password
6.3.1.3
Task 3: Check Input for Schema and Data Consistency Violations
6.3.1.4
Task 4: Generate the Input Files for SQL*Loader
6.3.1.5
Task 5: Load the Input Files
6.3.1.6
If Bulk Loading Fails
6.3.2
Converting Directory Data to LDIF
6.3.3
Modifying a Large Number of Entries
6.3.4
Deleting a Large Number of Entries
6.4
Managing Knowledge References and Referrals
6.4.1
Configuring Smart Referrals
6.4.2
Configuring Default Referrals
6.4.3
Client-Side Referral Caching
6.4.3.1
How Client-Side Referral Caching Works
7
Attribute Uniqueness in the Directory
7.1
About Attribute Uniqueness
7.2
Rules for Creating Attribute Uniqueness
7.2.1
Specifying Multiple Attribute Names in an Attribute Uniqueness Constraint
7.2.2
Specifying Multiple Subtrees in an Attribute Uniqueness Constraint
7.2.3
Specifying Multiple Scopes in an Attribute Uniqueness Constraint
7.2.4
Specifying Multiple Object Classes in an Attribute Uniqueness Constraint
7.2.5
Specifying Multiple Subtrees, Scopes, and Object Classes in an Attribute Uniqueness Constraint
7.3
Managing Attribute Uniqueness
7.3.1
Location of Attribute Uniqueness Entries
7.3.2
Managing Attribute Uniqueness by Using Oracle Directory Manager
7.3.2.1
Creating an Attribute Uniqueness Constraint Entry
7.3.2.2
Modifying an Attribute Uniqueness Constraint Entry by Using Oracle Directory Manager
7.3.2.3
Deleting an Attribute Uniqueness Constraint Policy by Using Oracle Directory Manager
7.3.3
Managing Attribute Uniqueness by Using Command-Line Tools
7.3.3.1
Enabling and Disabling Attribute Uniqueness by Using Command-Line Tools
7.3.3.2
Creating Attribute Uniqueness Constraint Entries by Using Command-Line Tools
7.3.3.3
Modifying Attribute Uniqueness Constraint Entries by Using Command-Line Tools
7.3.3.4
Deleting Attribute Uniqueness Constraint Entries by Using Command-Line Tools
7.4
Limitations of Attribute Uniqueness in Oracle Internet Directory 10
g
Release 2 (10.1.2)
8
Directory Schema Administration
8.1
About the Directory Schema
8.2
Object Classes in the Directory
8.2.1
About Object Class Management
8.2.1.1
Inheritance
8.2.1.2
Mandatory and Optional Attributes in Object Classes
8.2.1.3
Addition of Entries in Top-Down Sequence
8.2.1.4
Object Class Explosion
8.2.2
Guidelines for Adding, Modifying, and Deleting Object Classes
8.2.2.1
Guidelines for Adding Object Classes
8.2.2.2
Guidelines for Modifying Object Classes
8.2.2.3
Guidelines for Deleting Object Classes
8.2.3
Managing Object Classes by Using Oracle Directory Manager
8.2.3.1
Searching for Object Classes by Using Oracle Directory Manager
8.2.3.2
Viewing Properties of Object Classes by Using Oracle Directory Manager
8.2.3.3
Adding Object Classes by Using Oracle Directory Manager
8.2.3.4
Modifying Object Classes by Using Oracle Directory Manager
8.2.3.5
Deleting Object Classes by Using Oracle Directory Manager
8.2.4
Managing Object Classes by Using Command-Line Tools
8.2.4.1
Example: Adding a New Object Class
8.2.4.2
Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class
8.3
Attributes in the Directory
8.3.1
About Attribute Management
8.3.1.1
Rules for Adding Attributes
8.3.1.2
Rules for Modifying Attributes
8.3.1.3
Rules for Deleting Attributes
8.3.2
Managing Attributes by Using Oracle Directory Manager
8.3.2.1
Viewing All Directory Attributes by Using Oracle Directory Manager
8.3.2.2
Searching for Attributes by Using Oracle Directory Manager
8.3.2.3
Adding an Attribute by Using Oracle Directory Manager
8.3.2.4
Modifying an Attribute by Using Oracle Directory Manager
8.3.2.5
Deleting an Attribute by Using Oracle Directory Manager
8.3.2.6
Indexing an Attribute by Using Oracle Directory Manager
8.3.3
Managing Attributes by Using Command-Line Tools
8.3.3.1
Adding and Modifying Attributes by Using ldapmodify
8.3.3.2
Deleting Attributes by Using ldapmodify
8.3.3.3
Indexing an Attribute by Using Command-Line Tools
8.4
How to Extend the Number of Attributes Associated with Entries
8.4.1
Extending the Number of Attributes Prior to Creating Entries in the Directory
8.4.2
Extending the Number of Attributes for Existing Entries by Creating an Auxiliary Object Class
8.4.3
Extending the Number of Attributes for Existing Entries by Creating a Content Rule
8.4.3.1
Rules for Creating and Modifying Content Rules
8.4.3.2
Schema Enforcement When Using Content Rules
8.4.3.3
Searches for Object Classes Listed in Content Rules
8.4.3.4
Managing Content Rules
8.5
Matching Rules in the Directory
8.5.1
Viewing Matching Rules by Using Oracle Directory Manager
8.5.2
Viewing Matching Rules by Using ldapsearch
8.6
Syntaxes in the Directory
8.6.1
Viewing Syntaxes by Using Oracle Directory Manager
8.6.2
Viewing Syntaxes by Using by Using ldapsearch
9
Dynamic and Static Groups in Oracle Internet Directory
9.1
About Groups
9.1.1
Static Groups
9.1.1.1
Schema Elements for Creating Static Groups
9.1.2
Dynamic Groups
9.1.2.1
Schema Elements for Creating a Dynamic Group
9.1.2.2
Limitations of Dynamic Groups in Oracle Internet Directory 10
g
Release 2 (10.1.2)
9.1.3
Hierarchies
9.1.4
Querying Group Entries
9.1.5
When to Use Each Kind of Group
9.2
Managing Group Entries
9.2.1
Managing Static Group Entries by Using Oracle Directory Manager
9.2.1.1
Creating Static Group Entries by Using Oracle Directory Manager
9.2.1.2
Modifying a Static Group Entry by Using Oracle Directory Manager
9.2.2
Managing Static Group Entries by Using Command-Line Tools
9.2.2.1
Creating a Static Group Entry by Using ldapadd
9.2.2.2
Modifying a Static Group by Using ldapmodify
9.2.3
Examples of Dynamic Group Entries
9.2.3.1
Example: a Dynamic Group Entry Using the labeledURI Attribute
9.2.3.2
Example: a Dynamic Group Entry Using the CONNECTBY Assertion
9.2.4
Managing Dynamic Groups by Using Oracle Directory Manager
9.2.4.1
Creating Dynamic Group Entries by Using Oracle Directory Manager
9.2.4.2
Modifying a Dynamic Group Entry by Using Oracle Directory Manager
9.2.5
Managing Dynamic Groups by Using Command-Line Tools
9.2.5.1
Creating a Dynamic Group Entry by Using ldapadd
9.2.5.2
Example: Creating a Dynamic Group Entry by Using ldapadd
9.2.5.3
Example: Modifying a Dynamic Group by Using ldapmodify
10
Logging, Auditing, and Monitoring the Directory
10.1
Using Debug Logging
10.1.1
About Oracle Internet Directory Debug Logging
10.1.2
About Log Messages
10.1.2.1
Log Messages for Specified LDAP Operations
10.1.2.2
Log Messages Not Associated with Specified LDAP Operations
10.1.2.3
Example: Trace Messages in Oracle Internet Directory Server Log File
10.1.2.4
How to Interpret Trace Messages in the Log File
10.1.3
Setting Debug Logging Levels
10.1.3.1
Setting Debug Logging Levels by Using Oracle Directory Manager
10.1.3.2
Setting Debug Logging Levels by Using the OID Control Utility
10.1.4
Setting the Operation Debug Dimension
10.1.4.1
Setting the Operation Debug Dimension by Using Oracle Directory Manager
10.1.4.2
Setting the Operation Debug Dimension by Using ldapmodify
10.1.5
Force Flushing the Trace Information to a Log File
10.2
Using the Audit Log
10.2.1
Structure of Audit Log Entries
10.2.2
Position of Audit Log Entries in the DIT
10.2.3
Auditable Events
10.2.4
Setting the Audit Level
10.2.4.1
Setting the Audit Level by Using Oracle Directory Manager
10.2.4.2
Setting the Audit Level by Using ldapmodify
10.2.5
Searching for Audit Log Entries
10.2.5.1
Searching for Audit Log Entries by Using Oracle Directory Manager
10.2.5.2
Searching for Audit Log Entries by Using ldapsearch
10.2.6
Purging the Audit Log
10.3
Monitoring Oracle Internet Directory Servers
10.3.1
Capabilities of Oracle Internet Directory Server Manageability
10.3.2
Oracle Internet Directory Server Manageability Architecture and Components
10.3.3
Location of Configuration Information for Oracle Internet Directory Server Manageability
10.3.4
Configuring Oracle Internet Directory Server Manageability
10.3.5
Configuring Critical Events
10.3.6
Using the Oracle Internet Directory Server Manageability Framework Through Oracle Enterprise Manager 10
g
Application Server Control Console
10.3.6.1
Enabling Information Collection by Using Oracle Enterprise Manager 10
g
Application Server Control Console
10.3.6.2
Starting a New Directory Server Instance by Using Oracle Enterprise Manager 10
g
Application Server Control Console
10.3.6.3
Stopping a Directory Server Instance by Using Oracle Enterprise Manager 10
g
Application Server Control Console
10.3.6.4
Restarting a Directory Server Instance by Using Oracle Enterprise Manager 10
g
Application Server Control Console
10.3.6.5
Viewing Directory Server Activities by Using Oracle Enterprise Manager 10
g
Application Server Control Console
10.3.6.6
Viewing Directory Server Operations by Using Oracle Enterprise Manager 10
g
Application Server Control Console
11
Backup and Restoration of a Directory
11.1
Backing Up and Restoring a Small Directory or Specific Naming Context
11.2
Backing Up and Restoring a Large Directory
12
Directory Security Concepts
12.1
Data Integrity and Oracle Internet Directory
12.2
Data Privacy and Oracle Internet Directory
12.3
Authorization in Oracle Internet Directory
12.4
Authentication in Oracle Internet Directory
12.4.1
Direct Authentication
12.4.2
Indirect Authentication
12.4.3
External Authentication
12.5
Protection of User Passwords for Directory Authentication
12.6
Password Policies in Oracle Internet Directory
12.7
Authentication by Using Simple Authentication and Security Layer (SASL)
13
Secure Sockets Layer (SSL) and the Directory
13.1
Supported Cipher Suites
13.2
SSL Client Scenarios
13.3
Limitations of the Use of SSL in10
g
Release 2 (10.1.2)
13.4
Configuring and Testing Oracle Internet Directory With SSL
13.4.1
Configuring SSL Parameters
13.4.1.1
Configuring SSL Parameters by Using Oracle Directory Manager
13.4.1.2
Configuring SSL Parameters by Using Command-Line Tools
13.4.2
Configure Oracle Internet Directory for SSL
13.4.3
Testing SSL Connections From the Command Line
13.4.3.1
Testing SSL With Encryption Only
13.4.3.2
Testing SSL With Server Authentication
13.4.3.3
Testing SSL With Client and Server Authentication
13.4.4
Testing SSL Connections With Oracle Directory Manager
13.5
Other Components and SSL
14
Directory Access Control
14.1
Overview of Access Control Policy Administration
14.1.1
Access Control Management Constructs
14.1.1.1
Access Control Policy Points (ACPs)
14.1.1.2
The orclACI Attribute for Prescriptive Access Control
14.1.1.3
The orclEntryLevelACI Attribute for Entry-Level Access Control
14.1.1.4
Security Groups
14.1.2
Access Control Information Components
14.1.2.1
Object: To What Are You Granting Access?
14.1.2.2
Subject: To Whom Are You Granting Access?
14.1.2.3
Operations: What Access Are You Granting?
14.1.3
Access Level Requirements for LDAP Operations
14.2
How ACL Evaluation Works
14.2.1
Precedence Rules Used in ACL Evaluation
14.2.1.1
Precedence at the Entry Level
14.2.1.2
Precedence at the Attribute Level
14.2.2
Use of More Than One ACI for the Same Object
14.2.3
Exclusionary Access to Directory Objects
14.2.4
ACL Evaluation For Groups
14.3
Managing Access Control by Using Oracle Directory Manager
14.3.1
Configuring Oracle Directory Manager for Access Control Management
14.3.1.1
Configuring the Display of ACPs in Oracle Directory Manager
14.3.1.2
Configuring Searches for ACPs When Using Oracle Directory Manager
14.3.2
Viewing an ACP by Using Oracle Directory Manager
14.3.3
Adding an ACP by Using Oracle Directory Manager
14.3.3.1
Task 1: Specify the Entry That Will Be the ACP
14.3.3.2
Task 2: Configure Structural Access Items
14.3.3.3
Task 3: Configure Content Access Items
14.3.4
Adding an ACP by Using the ACP Creation Wizard of Oracle Directory Manager
14.3.4.1
Task 1: Specify the Entry That Will Be the ACP
14.3.4.2
Task 2: Configure Structural Access Items by Using the ACP Creation Wizard
14.3.4.3
Task 3: Configure Content Access Items by Using the ACP Creation Wizard
14.3.5
Modifying an ACP by Using Oracle Directory Manager
14.3.5.1
Task 1: Specify the Entry That You Want to Modify
14.3.5.2
Task 2: Modify Structural Access Items
14.3.5.3
Task 3: Modify Content Access Items
14.3.6
Granting Entry-Level Access by Using Oracle Directory Manager
14.3.7
Example: Managing ACPs by Using Oracle Directory Manager
14.3.7.1
Create a New ACP
14.3.7.2
Create a Third ACI
14.3.7.3
Create a Fourth ACI
14.4
Managing Access Control by Using Command-Line Tools
14.4.1
Example: Restricting the Kind of Entry a User Can Add
14.4.2
Example: Setting Up an Inheritable ACP by Using ldapmodify
14.4.3
Example: Setting Up Entry-Level ACIs by Using ldapmodify
14.4.4
Example: Using Wild Cards
14.4.5
Example: Selecting Entries by DN
14.4.6
Example: Using Attribute and Subject Selectors
14.4.7
Example: Granting Read-Only Access
14.4.8
Example: Granting Selfwrite Access to Group Entries
14.4.9
Example: Defining a Completely Autonomous Policy to Inhibit Overriding Policies
Part III Directory Security
15
Password Policies in Oracle Internet Directory
15.1
About Password Policies
15.1.1
What a Password Policy Is
15.1.2
Default Password Policy
15.1.3
Directory Server Verification of Password Policy Information
15.1.4
Overview: Establishing a Password Policy for an Identity Management Realm
15.2
Managing Password Policies
15.2.1
Managing Password Policies by Using Oracle Directory Manager
15.2.1.1
Viewing Password Policies of an Identity Management Realm by Using Oracle Directory Manager
15.2.1.2
Modifying Password Policies of an Identity Management Realm by Using Oracle Directory Manager
15.2.2
Managing Password Policies by Using Command-Line Tools
15.2.2.1
Example: Setting Password Policies by Using Command-Line Tools
15.2.2.2
Examples: Managing the Password Policies of an Identity Management Realm by Using Command-Line Tools
15.2.2.3
Example: Enabling and Disabling Accounts by Using Command-Line Tools
15.2.2.4
Example: Unlocking Accounts by Using Command-Line Tools
15.2.2.5
Example: Forcing a Password Change by Using Command-Line Tools
15.2.3
Managing Password Policies by Using the Self-Service Console
15.2.3.1
Enabling and Disabling Accounts by Using the Oracle Internet Directory Self-Service Console
15.2.3.2
Unlocking Accounts by Using the Oracle Internet Directory Self-Service Console
15.2.3.3
Resetting Your Own Password by Using the Oracle Internet Directory Self-Service Console
15.3
Password Policy Error Messages
16
Directory Storage of Password Verifiers
16.1
About Centralized Storage of User Authentication Credentials
16.2
Storing and Managing Password Verifiers for Authenticating to Oracle Internet Directory
16.2.1
Password Verifiers and Authentication to the Directory
16.2.2
Hashing Schemes for Creating Password Verifiers
16.2.3
Managing Password Protection by Using Oracle Directory Manager
16.2.4
Managing Password Protection by Using ldapmodify
16.3
Storing and Managing Password Verifiers for Authenticating to Oracle Components
16.3.1
About Password Verifiers for Oracle Components
16.3.2
Attributes for Storing Password Verifiers
16.3.3
Default Verifiers for Oracle Components
16.3.4
Example: How Password Verification Works for an Oracle Component
16.3.5
Managing Password Verifier Profiles for Oracle Components by Using Oracle Directory Manager
16.3.5.1
Viewing and Modifying a Password Verifier Profile for an Oracle Component by Using Oracle Directory Manager
16.3.6
Managing Password Verifier Profiles for Oracle Components by Using Command-Line Tools
16.3.6.1
Viewing a Password Verifier Profile by Using Command-Line Tools
16.3.6.2
Example: Modifying a Password Verifier Profile by Using Command-Line Tools
16.4
Verifier Generation Using Dynamic Parameters
16.4.1
Generating Dynamic Password Verifiers
16.4.2
Configuring Oracle Internet Directory to Generate Dynamic Password Verifiers
17
Delegation of Privileges for an Oracle Technology Deployment
17.1
Delegation in the Oracle Identity Management Model
17.1.1
How Delegation Works
17.1.2
Delegation in an Oracle Application Server Environment
17.1.3
About the Default Configuration
17.1.4
Overview: Privileges for Administering the Oracle Technology Stack
17.2
Delegation of Privileges for User and Group Management
17.2.1
How Privileges Are Granted for Managing User and Group Data
17.2.2
Default Privileges for Managing User Data
17.2.2.1
Creating Users for a Realm
17.2.2.2
Modifying Attributes of a User
17.2.2.3
Deleting a User
17.2.2.4
Delegating User Administration
17.2.3
Default Privileges for Managing Group Data
17.2.3.1
Creating Groups
17.2.3.2
Modifying the Attributes of Groups
17.2.3.3
Deleting Groups
17.2.3.4
Delegating Group Administration
17.3
Delegation of Privileges for Deployment of Oracle Components
17.3.1
How Deployment Privileges Are Granted
17.3.2
Oracle Application Server Administrators
17.3.3
User Management Application Administrators
17.3.4
Trusted Application Administrators
17.4
Delegation of Privileges for Component Runtime
17.4.1
Default Privileges for Reading and Modifying User Passwords
17.4.2
Default Privileges for Comparing User Passwords
17.4.3
Default Privileges for Comparing Password Verifiers
17.4.4
Default Privileges for Proxying on Behalf of End Users
17.4.5
Default Privileges for Managing the Oracle Context
17.4.6
Default Privileges for Reading Common User Attributes
17.4.7
Default Privileges for Reading Common Group Attributes
17.4.8
Default Privileges for Reading the Service Registry
17.4.9
Default Privileges for Administering the Service Registry
Part IV Directory Deployment
18
Directory Deployment Considerations
18.1
The Expanding Role of Directories
18.2
Logical Organization Of Directory Information
18.3
Physical Distribution: Partitions, Replicas, and High Availability
18.3.1
An Ideal Deployment
18.3.2
Partitioning Considerations
18.3.3
Replication Considerations
18.3.4
High Availability Considerations
18.4
Oracle Directory Integration and Provisioning
18.5
Capacity Planning, Sizing, and Tuning
18.5.1
Capacity Planning
18.5.2
Sizing Considerations
18.5.3
Tuning Considerations
19
Deployment of Oracle Identity Management Realms
19.1
Planning the Directory Information Tree for Identity Management
19.1.1
Planning the Overall Directory Structure
19.1.2
Planning the Names and Containment of Users and Groups
19.1.2.1
Considerations for Users
19.1.2.2
Considerations for Groups
19.1.3
Planning the Identity Management Realm
19.1.4
Migrating a DIT from a Third-Party Directory
19.2
Identity Management Realms in an Enterprise Deployment
19.2.1
Single Identity Management Realm in the Enterprise
19.2.2
Multiple Identity Management Realms in the Enterprise
19.3
Identity Management Realms in a Hosted Deployment
19.4
Identity Management Realm Implementation in Oracle Internet Directory
19.5
Default Directory Information Tree and the Identity Management Realm
19.6
Administration of Identity Management Realms
19.6.1
Customizing the Default Identity Management Realm
19.6.1.1
Changing the Location of Users and Groups In The Default Identity Management Realm
19.6.2
Creating Additional Identity Management Realms for Hosted Deployments
20
Capacity Planning for the Directory
20.1
About Capacity Planning
20.2
Getting to Know Directory Usage Patterns: A Case Study
20.3
I/O Subsystem Requirements
20.3.1
About the I/O Subsystem
20.3.2
Rough Estimates of Disk Space Requirements
20.3.3
Detailed Calculations of Disk Space Requirements
20.4
Memory Requirements
20.5
Network Requirements
20.6
CPU Requirements
20.6.1
CPU Configuration
20.6.2
Rough Estimates of CPU Requirements
20.6.3
Detailed Calculations of CPU Requirements
20.7
Summary of Capacity Plan for Acme Corporation
21
Tuning Considerations for the Directory
21.1
About Tuning
21.2
Tools for Performance Tuning
21.3
CPU Usage Tuning
21.3.1
Tuning CPU for Oracle Internet Directory Processes
21.3.2
Tuning CPU for Oracle Foreground Processes
21.3.3
Taking Advantage of Processor Affinity on SMP Systems
21.3.4
Other Alternatives for a CPU Constrained System
21.4
Memory Tuning
21.4.1
Tuning the System Global Area (SGA) for the Oracle Database
21.4.2
Other Alternatives for a Memory-Constrained System
21.5
Disk Tuning
21.6
Database Tuning
21.6.1
Required Parameters
21.6.2
Parameters Dependent on Oracle Internet Directory Server Configuration
21.6.2.1
Using Shared Server Process
21.6.3
SGA Parameters Dependent on Hardware Resources
21.7
Entry Caching
21.8
Optimizing Searches
21.8.1
Optimizing Searches for Large Group Entries
21.8.2
Optimizing Searches for Skewed Attributes
21.8.2.1
Optimizing Searches for Skewed Attributes by Using Oracle Directory Manager
21.8.2.2
Optimizing Searches for Skewed Attributes by Using ldapmodify
21.9
Setting the Time Limit Mode
21.9.1
Setting the Time Limit Mode by Using Oracle Directory Manager
21.9.2
Setting the Time Limit Mode by Using ldapmodify
21.10
Setting the Timeout for Client/Server Connections
22
Garbage Collection in Oracle Internet Directory
22.1
About the Oracle Internet Directory Garbage Collection Framework
22.1.1
Components of the Oracle Internet Directory Garbage Collection Framework
22.1.1.1
Garbage Collection Plug-in
22.1.1.2
Background Database Processes
22.1.2
How Oracle Internet Directory Garbage Collection Works
22.1.3
Garbage Collector Entries and the Oracle Internet Directory Statistics Collector Entry
22.1.4
Change Log Purging in Multimaster Replication
22.2
Modifying Oracle Internet Directory Garbage Collectors
22.2.1
Modifying a Garbage Collector by Using Oracle Directory Manager
22.2.2
Modifying a Garbage Collector by Using Command-Line Tools
22.2.2.1
Example 1: Modifying a Garbage Collector
22.2.2.2
Example 2: Disabling a Garbage Collector Change Log
22.2.3
Modifying the Oracle Internet Directory Statistics Collector
22.3
Enabling and Disabling Logging for Oracle Internet Directory Garbage Collectors
22.3.1
Enabling Logging for Oracle Internet Directory Garbage Collectors
22.3.2
Disabling Logging for Oracle Internet Directory Garbage Collectors
22.3.3
Monitoring Garbage Collection Logging
23
Migration of Data from Other Data Repositories
23.1
The Default Directory Structure of Oracle Internet Directory
23.2
Migrating Data from LDAP-Compliant Directories
23.2.1
Tools
23.2.1.1
bulkload
23.2.1.2
dipassistant
23.2.1.3
Oracle Directory Integration and Provisioning Server
23.2.2
Common Usage Scenarios
23.2.2.1
Scenario 1: Using an LDIF File and bulkload
23.2.2.2
Scenario 2: Using dipassistant Directly
23.2.2.3
Scenario 3: Using an LDIF File and dipassistant
23.2.2.4
Scenario 4: Using dipassistant, bulkload, and LDIF Files
23.2.2.5
Scenario 5: Using the Oracle Directory Integration and Provisioning Server
23.2.3
Tasks For Migrating Data from LDAP-Compliant Directories
23.2.3.1
Task 1: Export Data from the Non-Oracle Internet Directory Server into LDIF File Format
23.2.3.2
Task 2: Analyze the LDIF User Data for Any Required Schema Additions Referenced in the LDIF Data
23.2.3.3
Task 3: Extend the Schema in Oracle Internet Directory
23.2.3.4
Task 4: Remove Any Proprietary Directory Data from the LDIF File
23.2.3.5
Task 5: Remove Operational Attributes from the LDIF File
23.2.3.6
Task 6: Remove Incompatible userPassword Attribute Values from the LDIF File
23.2.3.7
Task 7: Run the bulkload.sh -check Mode and Determine Any Remaining Schema Violations or Duplication Errors
23.3
Migrating User Data from Application-Specific Repositories
23.3.1
The Intermediate Template File
23.3.2
Reconciling Data in Application Repository with Data Already in Oracle Internet Directory
23.3.3
Tasks For Migrating Data from Application-Specific Repositories
23.3.3.1
Task 1: Create an Intermediate Template File
23.3.3.2
Task 2: Run the OID Migration Tool
Part V Directory Replication
24
Oracle Internet Directory Replication Concepts
24.1
About Directory Replication
24.2
Full and Partial Directory Replication
24.2.1
Full Directory Replication
24.2.2
Partial Directory Replication
24.3
Directory Replication Groups
24.3.1
Data Transfer Between Nodes in a Directory Replication Group
24.3.2
Single-Master Replication Groups
24.3.3
Multimaster Replication Groups
24.3.4
Fan-Out Replication Groups
24.3.5
Types of Directory Replication Compared
24.3.6
Multimaster Replication with Fan-Out
24.4
Included and Excluded Naming Contexts
24.5
Replication Agreements
24.5.1
Oracle Database Advanced Replication Agreements
24.5.2
LDAP-Based Replication Agreements
24.6
Replication Configuration Objects in the Directory
24.6.1
The Replication Configuration Container
24.6.2
The Replica Subentry
24.6.3
The Replication Agreement Entry
24.6.4
The Replication Naming Context Container Entry
24.6.5
The Replication Naming Context Object Entry
24.6.6
Examples of Replication Configuration Objects in the Directory
24.7
Replication Security
24.7.1
Authentication and the Directory Replication Server
24.7.2
Secure Sockets Layer (SSL) and Oracle Internet Directory Replication
24.8
Change Logs in Directory Replication
24.9
Multimaster Replication
24.9.1
Oracle Database Advanced Replication
24.9.2
Architecture for Multimaster Replication
24.9.2.1
The Multimaster Replication Process on the Supplier Side
24.9.2.2
The Multimaster Replication Process on the Consumer Side
24.9.3
Conflict Resolution in Multimaster Replication
24.9.3.1
Levels at Which Replication Conflicts Occur
24.9.3.2
Typical Causes of Conflicts
24.9.3.3
Automated Resolution of Conflicts
24.10
Fan-Out and Partial Replication
24.11
Rules for Oracle Database Advanced Replication Filtering
24.12
Rules for Partial Replication Filtering
24.12.1
Rules for Managing Naming Contexts and Attributes
24.12.2
Optimization of Partial Replication Naming Context for Better Performance
25
Oracle Internet Directory Replication Administration
25.1
Installing and Configuring Multimaster Replication
25.1.1
Rules for Configuring Directory Replication Based on Oracle Database Advanced Replication
25.1.2
Installing and Configuring a Multimaster Replication Group
25.1.2.1
Preliminary Information for Installing and Configuring a Multimaster Replication Group
25.1.2.2
Task 1: Install Oracle Internet Directory as a Master on the Master Definition Site (MDS)
25.1.2.3
Task 2: Install the Oracle Internet Directory as a Replica, on the Remote Master Sites (RMS)
25.1.2.4
Task 3: Set Up Oracle Database Advanced Replication for a Directory Replication Group
25.1.2.5
Task 4 (Optional): Load Data into the Directory
25.1.2.6
Task 5: Ensure that Oracle Directory Server Instances are Started on All the Nodes
25.1.2.7
Task 6: Start the Replication Servers on All Nodes in the DRG
25.1.2.8
Task 7: Test Directory Replication
25.1.3
Adding a Node for Multimaster Replication (Oracle Database Advanced Replication Types Only)
25.1.3.1
Prepare the Oracle Net Services Environment
25.1.3.2
Task 1: Stop the Directory Replication Server on All Nodes
25.1.3.3
Task 2: Identify a Sponsor Node and Install Oracle Internet Directory as a Replica on the Remote Site
25.1.3.4
Task 3: Switch the Sponsor Node to Read-Only Mode
25.1.3.5
Task 4: Back up the Sponsor Node by Using ldifwrite
25.1.3.6
Task 5: Perform Advanced Replication Add Node Setup
25.1.3.7
Task 6: Switch the Sponsor Node to Updatable Mode
25.1.3.8
Task 7: Start the Directory Replication Server on All Nodes Except the New Node
25.1.3.9
Task 8: Load Data into the New Node by Using bulkload
25.1.3.10
Task 9: Start the Directory Server on the New Node
25.1.3.11
Task 10: Start the Directory Replication Server on the New Node
25.1.4
Deleting a Node from a Multimaster Replication Group
25.1.4.1
Task 1: Stop the Directory Replication Server on All Nodes
25.1.4.2
Task 2: Stop All Oracle Internet Directory Processes in the Node to be Deleted
25.1.4.3
Task 3: Delete the Node from the Master Definition Site
25.1.4.4
Task 4: Start the Directory Replication Server on All Nodes
25.1.5
Resolving Conflicts Manually in a Multimaster Replication Group
25.1.5.1
Monitoring Replication Change Conflicts
25.1.5.2
Examples of Conflict Resolution Messages
25.1.5.3
About the Human Intervention Queue Manipulation Tool
25.1.5.4
About the Oracle Internet Directory Reconciliation Tool
25.2
Installing and Configuring LDAP-Based Replication
25.2.1
Rules for Configuring LDAP-Based Replication
25.2.2
Back Up Your LDAP Data by Using ldifwrite and bulkload
25.2.3
Installing and Configuring an LDAP Replica with Default Settings
25.2.3.1
Task 1: Identify and Start the Directory Server on the Supplier Node
25.2.3.2
Task 2: Installing Oracle Internet Directory As An LDAP Replica
25.2.4
Installing and Configuring an LDAP-Based Replica with Customized Settings
25.2.4.1
Configuring an LDAP-Based Replica by Using Automatic Bootstrapping
25.2.4.2
Configuring an LDAP-Based Replica by Using the ldifwrite Tool
25.2.5
Deleting an LDAP-Based Replica
25.2.5.1
Task 1: Stop the Directory Replication Server on the Node to be Deleted
25.2.5.2
Task 2: Delete the Replica from the Replication Group
25.2.5.3
Task 3: Stop the Directory Server on the Node to be Deleted
25.2.6
Determining What Is to Be Replicated in LDAP-Based Partial Replication
25.2.6.1
Viewing and Modifying Replica Naming Context Objects by Using Oracle Directory Manager
25.2.6.2
Adding Replica Naming Context Objects by Using Oracle Directory Manager
25.2.6.3
Deleting Replica Naming Context Objects by Using Oracle Directory Manager
25.2.6.4
Modifying Replica Naming Context Object Parameters by Using ldapmodify
25.3
Managing Replication
25.3.1
Viewing and Modifying Directory Replication Server Configuration Parameters
25.3.1.1
Viewing Configuration Parameters of the Directory Replication Server by Using Oracle Directory Manager
25.3.1.2
Modifying Configuration Parameters of the Directory Replication Server by Using Oracle Directory Manager
25.3.1.3
Modifying Directory Replication Server Configuration Parameters by Using Command-Line Tools
25.3.2
Viewing and Modifying Parameters for Particular Replica Nodes
25.3.2.1
Viewing and Modifying Parameters for a Particular Replica Node by Using Oracle Directory Manager
25.3.2.2
Modifying a Particular Replica Node by Using Command-Line Tools
25.3.3
Modifying Parameters for Replication Agreements
25.3.3.1
Modifying Parameters for Replication Agreements Based on Oracle Database Advanced Replication
25.3.3.2
Modifying Parameters for Replication Agreements Based on LDAP
25.3.4
Changing the Replication Administrator's Password on All Nodes
25.3.5
Managing the Change Log
25.3.6
Modifying the Speed of Directory Replication
25.3.6.1
Modifying the Speed of Directory Replication When Using Oracle Database Advanced Replication
25.3.6.2
Modifying the Speed of Directory Replication When Using LDAP-Based Replication
25.4
Example: Installing and Configuring a Multimaster Replication Group with Fan-Out
Part VI Directory Plug-ins
26
Oracle Internet Directory Plug-in Framework
26.1
About Directory Server Plug-ins
26.2
Creating Plug-ins
26.3
Registering and Managing Plug-ins
26.3.1
Registering and Managing Plug-ins by Using Oracle Directory Manager
26.3.1.1
Adding a Plug-in Configuration Entry by Using Oracle Directory Manager
26.3.1.2
Editing a Plug-in by Using Oracle Directory Manager
26.3.1.3
Deleting a Plug-in by Using Oracle Directory Manager
26.3.2
Registering and Managing Plug-ins by Using Command-Line Tools
26.3.2.1
Examples: Adding a Plug-in Configuration Entry by Using Command-Line Tools
26.3.2.2
Example: Modifying a Plug-in Configuration Entry by Using Command-Line Tools
26.3.2.3
Example: Deleting a Plug-in Configuration Entry by Using Command-Line Tools
27
Oracle Internet Directory Plug-In for Password Policies
27.1
How the Password Policy Plug-in Works
27.2
Example: Installing, Configuring, and Enabling a Customized Password Policy Plug-in
27.2.1
Loading and Registering the PL/SQL Program
27.2.2
Coding the Password Policy Plug-in
27.2.3
Debugging the Password Policy Plug-in
27.2.4
Contents of Sample PL/SQL Package pluginpkg.sql
28
Setting Up the Customized External Authentication Plug-in
28.1
Native Authentication Contrasted with External Authentication
28.2
Example: Installing, Configuring, and Enabling the External Authentication Plug-in
28.2.1
Sample PL/SQL Package oidexaup.sql
28.2.2
Debugging the External Authentication Plug-in
28.2.3
Contents of PL/SQL Package oidexaup.sql
Part VII Appendixes
A
Windows and Fields in Oracle Directory Manager
A.1
Connection Management Fields in Oracle Directory Manager
A.2
Access Control Management Fields in Oracle Directory Manager
A.3
Attribute Uniqueness Fields in Oracle Directory Manager
A.4
Garbage Collection Management Fields in Oracle Directory Manager
A.5
Oracle Internet Directory Statistics Collection Management Fields in Oracle Directory Manager
A.6
Password Policy Fields in Oracle Directory Manager
A.7
Password Verifier Fields in Oracle Directory Manager
A.8
Plug-in Management Fields in Oracle Directory Manager
A.9
Replication Fields in Oracle Directory Manager
A.10
Schema Management Fields in Oracle Directory Manager
A.10.1
Object Classes Fields in Oracle Directory Manager
A.10.2
Attributes Fields in Oracle Directory Manager
A.10.3
Matching Rules Fields in Oracle Directory Manager
A.10.4
Content Rules Management Fields in Oracle Directory Manager
A.11
Server Management Fields in Oracle Directory Manager
A.11.1
Configuration Sets Fields in Oracle Directory Manager
A.11.2
System Operational Attributes Fields in Oracle Directory Manager
A.11.3
Super, Guest, and Proxy User Fields in Oracle Directory Manager
A.11.4
Query Optimization Fields in Oracle Directory Manager
A.11.5
Entry Search Fields and Buttons in Oracle Directory Manager
A.12
SSL Management Fields in Oracle Directory Manager
A.13
Synchronization Fields in Oracle Directory Manager
B
The LDAP Filter Definition
C
The Access Control Directive Format
C.1
Schema for orclACI
C.2
Schema for orclEntryLevelACI
D
Globalization Support in the Directory
D.1
About Character Sets and the Directory
D.1.1
About Unicode
D.1.2
About Oracle and UTF-8
D.1.3
Migration from UTF8 to AL32UTF8 when Upgrading Oracle Internet Directory
D.2
The NLS_LANG Environment Variable
D.3
Using Non-AL32UTF8 Databases
D.4
Using Globalization Support with LDIF Files
D.4.1
An LDIF file Containing Only ASCII Strings
D.4.2
An LDIF file Containing UTF-8 Encoded Strings
D.4.2.1
CASE 1: Native Strings (Non-UTF-8)
D.4.2.2
CASE 2: UTF-8 Strings
D.4.2.3
CASE 3: BASE64 Encoded UTF-8 Strings
D.4.2.4
CASE 4: BASE64 Encoded Native Strings
D.5
Using Globalization Support with Command-Line Tools
D.5.1
Specifying the -E Argument When Using Each Tool
D.5.2
Examples: Using the -E Argument with Command-Line Tools
D.6
Setting NLS_LANG in the Client Environment
D.7
Using Globalization Support with Bulk Tools
D.7.1
Using Globalization Support with bulkload
D.7.2
Using Globalization Support with ldifwrite
D.7.3
Using Globalization Support with bulkdelete
D.7.4
Using Globalization Support with bulkmodify
E
Setting up Access Controls for Creation and Search Bases for Users and Groups
E.1
Setting up Access Controls for the User Search Base and the User Creation Base
E.2
Setting up Access Controls for the Group Search Base and the Group Creation Base
F
The Multimaster Replication Process
F.1
How the Multimaster Replication Process Adds a New Entry to a Consumer
F.2
How the Multimaster Replication Process Deletes an Entry
F.3
How the Multimaster Replication Process Modifies an Entry
F.4
How the Multimaster Replication Process Modifies a Relative Distinguished Name
F.5
How the Multimaster Replication Process Modifies a Distinguished Name
G
Searching the Directory for User Certificates
G.1
Certificate Mapping
G.2
Search Types
H
LDAP Replica States
I
Addition of a Directory Node by Using the Database Copy Procedure
I.1
Definitions
I.2
Prerequisites
I.3
Sponsor Directory Site Environment
I.4
New Directory Site Environment
I.5
Tasks To Be Performed on the New Node
I.6
Tasks To Be Performed on the Sponsor Node
I.7
Tasks To Be Performed on the New Node
I.8
Verification Process
J
Troubleshooting Oracle Internet Directory
J.1
Problems and Solutions
J.1.1
Installation Errors
J.1.2
TCP/IP Problems
J.1.2.1
Do Not Use TCP-Based Monitoring of Oracle Internet Directory Server Availability on Microsoft Windows 2003 Server
J.1.2.2
Do Not Install DaimondCS Port Explorer
J.1.3
Directory Server Error Messages and Causes
J.1.3.1
Oracle Database Server Error Due to Schema Modifications
J.1.3.2
Constraint Violation Error Due to Editing a User or Group or Creating a Realm
J.1.3.3
Standard Error Messages Returned from Oracle Directory Server
J.1.3.4
Additional Directory Server Error Messages
J.1.4
Troubleshooting Password Policies
J.1.4.1
Password Policy Error Messages
J.1.4.2
Possible Password Policy Problems
J.1.5
Troubleshooting Directory Performance
J.1.5.1
Poor LDAP Search Performance
J.1.5.2
Poor LDAP Add or Modify Performance
J.1.6
Troubleshooting Starting, Stopping, and Restarting of the Directory Server
J.1.6.1
About the Tools for Starting, Stopping, and Restarting the Directory Server Instance
J.1.6.2
Problems Starting, Stopping, and Restarting the Directory Server
J.1.7
Troubleshooting Oracle Internet Directory Replication
J.1.7.1
Replication Server Does Not Start
J.1.7.2
Repository Creation Assistant Error
J.1.7.3
Errors in Replication Bootstrap
J.1.7.4
Changes Are Not Replicated
J.1.7.5
Replication Stops Working
J.1.8
Troubleshooting SSL Setup
J.1.9
Troubleshooting Change Log Garbage Collection
J.1.9.1
Change Logs Are Not Purged
J.1.10
Troubleshooting Dynamic Password Verifiers
J.1.11
Troubleshooting Oracle Internet Directory Password Wallets
J.1.11.1
Oracle Internet Directory Server Does Not Start
J.1.11.2
Password Not Synchronized
J.1.12
Troubleshooting bulkload
J.2
Need More Help?
Glossary
Index