Oracle® Identity Management Concepts and Deployment Planning Guide
10g Release 2 (10.1.2) B14084-02 |
|
Previous |
Next |
This appendix describes the default settings that are available after you install Oracle Internet Directory.
The installation of Oracle Internet Directory creates a default DIT and sets up a default identity management realm using several assumptions about the deployment.
The following is a summary of the operations performed during the Oracle Internet Directory installation:
A default DIT is created based on the domain name of the system on which Oracle Internet Directory is installed. For example, if Oracle Internet Directory is installed on a machine named oidhost.us.acme.com
, the default DIT is dc=us,dc=acme,dc=com
.
A default identity management realm is created, whose base corresponds to the domain name of the system. Following the preceding example, the root of the default identity management realm is dc=us,dc=acme,dc=com
.
Associated with this realm is an entity called Oracle Context, that stores all the realm-specific policies and metadata. For example, Oracle Context might be created with the distinguished name cn=OracleContext,dc=us,dc=acme,dc=com
. This entry, and the nodes under it, serves as the basis for Oracle software to detect realm specific policies and settings.
Directory structure and naming policies created in the default identity management realm enable Oracle components to locate various identities. Following are the default values for these policies:
All users are located in the cn=users
container under the base of the identity management realm. In this scenario, the distinguished name is cn=users,dc=us,dc=acme,dc=com
.
Any new users created in the identity management realm using the Oracle Identity Management infrastructure are also created under the cn=users
container.
All new users created in the identity management realm using the Oracle Identity Management infrastructure belong to the object classes orclUserV2
and inetOrgPerson
.
All groups are located in the cn=groups
container under the base of the identity management realm. In this scenario, the distinguished name is cn=groups,dc=us,dc=acme,dc=com
.
A bootstrap user (realm administrator) is created under the cn=users
container. In this scenario, the fully-qualified distinguished name of the bootstrap user is cn=orcladmin,cn=users,dc=us,dc=acme,dc=com
.
Default authentication policies are created that enable the authentication services to perform appropriate actions, including the default directory password policy (such as password length, number of tries before being locked out, and number of days before password expiration) and additional password verifiers that must be automatically generated when provisioning users.
Identity management privileges are created and granted to the bootstrap user who can further delegate these authorizations through the Oracle Delegated Administration Services self-service console. Some of these privileges include: