Skip Headers
Oracle® Identity Management Guide to Delegated Administration
10g Release 2 (10.1.2)
B14086-02
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

5 Managing Users and Groups with the Oracle Internet Directory Self-Service Console

This chapter describes how to manage users and groups with the Oracle Internet Directory Self-Service Console.

It contains these topics:


See Also:

Oracle Identity Management Integration Guide for information on provisioning with the Oracle Internet Directory Provisioning Console

5.1 About the Oracle Internet Directory Self-Service Console

The Oracle Internet Directory Self-Service Console enables you to delegate administrative privileges to various administrators and to end users. It is a ready-to-use standalone application created by using Oracle Delegated Administration Services. It provides a single graphical interface for delegated administrators and end users to manage data in the directory.

Figure 5-1 shows how the Self-Service Console interacts with Oracle Delegated Administration Services.

Figure 5-1 Interactions of Oracle Internet Directory Self-Service Console with Oracle Delegated Administration Services

Description of Figure 5-1  follows
Description of "Figure 5-1 Interactions of Oracle Internet Directory Self-Service Console with Oracle Delegated Administration Services "

5.2 Managing Identity Management Realms

This section explains how to use the Self-Service Console to configure a realm, modify those configurations, and create additional realms. It contains these topics:

5.2.1 Configuring an Identity Management Realm

If you have the correct administrative privileges, then you can specify the following for an identity management realm:

  • The attribute by which you want users to identify themselves when they log in

  • The root entries of the user search base and of the group search base—that is, the locations in the directory information tree containing entries for users and groups

  • The root entries for the user creation base and the group creation base—that is, the location in the DIT where users and groups are created. This can be the same as the user search base or a location under the user search base.

  • The display of realm and product logos


Note:

Any changes you make to an identity management realm will only affect the realm which you are currently logged into as an administrator. In other words, changes you make to one realm are not automatically propagated to other realms.

To configure an identity management realm:

  1. Log in with the administrator account for the realm you want to configure.

  2. Select the Configuration tab, then choose Identity Management Realm. The Identity Management Realm Configuration window appears.

    This window is described in "Identity Management Realm Configuration".

  3. In the Identity Management Realm window, enter values for the various fields.

  4. Choose Submit to save your changes.


    Note:

    Although you can enter more than one value in the User Search Base field, doing so can degrade performance.

5.2.2 Configuring the Parent DN for Entries in a Realm

You can specify one or more parent DNs for entries in a realm. If you specify more than one, then a delegated administrator can choose the one under which to place a new user entry.

There are two ways to specify parent DNs. The first is by specifying values for the User Creation Base, and the second is by specifying values for the organizational units (ou) attribute. If you specify a different set of values for each, then those for the ou attribute prevail.


Note:

When you add new values to the User Creation Base or organizational units, you must ensure that the containers exist in Oracle Internet Directory and that the access controls are properly configured. See Oracle Internet Directory Administrator's Guide for information on how to set up access controls for the User Creation Base or organizational units.

To specify parent DNs by providing values for the User Creation Base:

  1. Select the Configuration tab, then choose Identity Management Realm. The Identity Management Realm Configuration window appears.

    This window is described in "Identity Management Realm Configuration".

  2. In the User Creation Base field, enter one or more DNs, one line for each DN.

  3. Choose Submit.

Alternatively, you can specify parent DNs by setting the value for the organizational unit (ou) attribute. If you do this, then a delegated administrator can choose the organization unit under which to place user entries. To specify a parent DN by using this method:

  1. Select the Configuration tab, then choose User Entry. The Configure User Object Classes window appears.

    This window is described in "Configure User Object Classes".

  2. Choose Next. The Configure User Attributes window appears.

    This window is described in "Configure User Attributes".

  3. Choose Add New Attribute. The Add/Edit Attribute window appears.

    This window is described in "Add/Edit Attribute".

  4. In the Add New Attributes window, from the Directory Attribute Name list, select the ou attribute.

  5. From the UI Type list, select Predefined List.

  6. In the LOV Values field, enter the display name of the parent DN, followed by three semicolons (;), followed by the DN itself.

    For example:

    Sales;;;cn=users,dc=us,dc=my_company,dc=com
    HR;;;cn=groups,dc=us,dc=my_company,dc=com
    
    

    Following this example, when a delegated administrator chooses the organizational unit under which to place a user entry, she selects from a list displaying Sales and HR.

    You can add more parents DNs, one line for each.

  7. Choose Done.

5.2.3 Creating an Additional Identity Management Realm

If you have the administrative privileges, then you create an entry for an identity management realm as follows:

  1. Select the Configuration tab.

    At the top right of the Oracle Internet Directory Self Service Console, choose the Realm Management icon. The Identity Management Realms window appears.

    This window is described in "Identity Management Realms".

  2. In the Identity Management Realms window, choose Create. The Create Identity Management Realm window appears.

    This window is described in "Create Identity Management Realm".

  3. In the Create Identity Management Realm window, enter the appropriate values in the fields.

  4. Choose Submit.

5.2.4 Viewing Configuration Settings for Additional Identity Management Realms

To view the configuration settings of an identity management realm:

  1. Select the Configuration tab.

  2. At the top right of the Self-Service Console, choose the Realm Management icon. The Identity Management Realms window appears.

    This window is described in "Identity Management Realms"

  3. In the Identity Management Realms window, in the Search Identity Management Realm field, enter all or part of the name of the realm whose entry you want to view, then choose Go. This displays a list of realms that match your search criteria.

  4. From the search results list, select the realm you want to view, then choose View. This takes you to the View Identity Management Realm window where you can view the configuration settings.

    This window is described in "View Identity Management Realm".

5.3 Managing User Entries

This section explains how to use the Self-Service Console to manage user entries. It contains these topics:

5.3.1 Configuring User Entries

When a user creates or edits a user entry, the Self-Service Console displays various categories—including, for example, basic information, password, and photo—each with its own set of attributes. You can specify which of these categories the console displays, and how it displays them and their corresponding attributes.

Specifically, the Self-Service Console enables you to:

  • Select from object classes now in the directory those you want to associate with user entries, and add and modify these object classes

  • Specify the categories of attributes you want to enable users to add or modify

  • Customize the way the Self-Service Console displays those categories and attributes


See Also:

Oracle Internet Directory Administrator's Guide for information on how to administer Oracle Internet Directory object classes and attributes

To configure user entries:

  1. Select the Configuration tab, then select User Entry. This displays the Configure User Object Classes window listing the existing object classes associated with user entries.

    This window is described in "Configure User Object Classes".

  2. To add an object class for user entries:

    1. In the Configure User Object Classes window, choose Add Object Class. The All Object Classes window appears.

      This window is described in "All Object Classes".

    2. Select from the list an object class you want to add, then choose Add. This returns you to the Configure Object Class window. The object class you just chose is now listed as an object class for user entries.

    3. To add more object classes, repeat these steps, or, to move to the next step, choose Next to display the Configure User Attributes window.

      This window is described in "Configure User Attributes" .

  3. The Configure User Attributes window lists some—but not all—of the attributes of the object classes you specified in Step 2. There may be other attributes belonging to those object classes as well. You can add as many of those other attributes as you wish by following the instructions in this step. You can modify how the attributes are displayed or delete attributes.

    To add attributes to user entries:

    1. In the Configure User Attributes window, choose Add New Attribute. The Add/Edit Attribute window appears.

      This window is described in "Add/Edit Attribute".

    2. In the Add New Attribute window, enter values for the fields.

    3. Choose Done. This returns you to the Configure User Attributes window. The attribute you just chose is now listed in the attribute list.

    4. To add more attributes, repeat these steps.

    To modify the display of attributes:

    1. In the Configure User Attributes window, in the Directory Attribute Name column, select the attribute you want to modify, then choose Edit. The Editing Attribute window appears.

      This window is described in "Editing Attribute".

    2. In the Editing Attribute window, enter values for the fields.

    3. Choose Done. This returns you to the Configure User Attributes window. The attribute configurations you just made are now reflected in the Directory Attribute Name list.

    4. To configure or modify more attributes, repeat these steps.

    To delete attributes of user entries, in the Configure User Attributes window, in the Directory Attribute Name list, select the attribute you want to configure, then choose Delete.

  4. To customize the display of categories, in the Configure User Attributes window choose Next to display the Configure Attribute Categories window, which contains a table listing the existing categories, the name displayed to the user, and the display order of each category.

    This window is described in "Configure Attribute Categories".

    1. To add a new category, choose Create. The Create window appears. In the UI Label field, enter the name of the category as you would like it displayed in the interface.

    2. To modify the display name of a category, in the UI Label column, edit the field for each attribute you want to modify.

    3. To set the display order of categories, choose Order Category to display the Order Category window displays the various categories you just specified.

      This window is described in "Order Category".

    4. To set the display order of attributes for each category, select the category, then choose Edit to display the Edit Category window.

      This window is described in "Edit Category".

    5. To delete a category, select the category, then choose Delete to display the Delete Category window. Click Yes to delete the category or No to return to the Configure Attribute Categories page.

      This window is described in "Delete Category".

    When you have finished configuring attribute categories, choose Next to display the Configure Search Table Columns window.

    This window is described in "Configure Search Table Columns".

  5. When a user performs a search, the results are displayed in a table. You can specify the number of columns in that table and their headings. To configure search table columns:

    1. In the Configure Search Table Column window, in the All Attributes box, select one or more attributes that you want to be represented in the search results. These will serve as column headings in the search results table.

    2. Use the left-right arrows to move the attributes to the Selected Attributes box.

    3. In the Selected Attributes box, order the attributes by using the up-down arrows to the right of the box. The first attribute in the list represents the column farthest to the left in the search results table.

    When you have finished configuring the search results table, choose Next to display the Configure Roles window.

    This window is described in "Configure Roles".

  6. To enable users to assign roles to users, in the Configure Roles window, in the Enable Roles category, select Enable Role assignment in the user management interface.

    You can specify the roles that users can assign to other users.

    To add a role that users can assign to other users:

    1. Choose Add Role to display the Search and Select: Roles window.

    2. In the Group Name Begins With field, enter the first few letters of the name of the administrative group you want to add.

    3. From the search results, select the name of the administrative group you want to add, then choose Select. This returns you to the Configure Roles window. The administrative group you just selected appears in the Roles list.

    To delete a role, select it from the table and choose Delete.

  7. When you have finished configuring user entries, choose Finish.

5.3.2 Viewing User Entries

To view a user entry:

  1. Search for a user entry by following the instructions described in "Searching for Entries by Using the Self-Service Console".

  2. Select the user whose entry you want to view, then click the View button to display the View User window.

    This window is described in "View User".

5.3.3 Creating User Entries

To create a user entry:

  1. Select the Directory tab, then select User.

  2. Choose Create to display the Create User window.

    This window is described in "Create User".

  3. In the Create User window, enter the appropriate information. Fields designated with an asterisk (*) are mandatory.


    Caution:

    The User ID field cannot contain spaces or any of the following characters: & ' % ? \ / + = ( ) * ^ , ; | ' ~

    If resource access information is not specified, you can create it. To do this:

    1. In the Resource Access Information section, choose Create to display Create Resource window.

      This window is described in "Create Resource" window.

    2. In the Resource Name field, specify the name of the resource or service to be accessed by the component on your behalf.

    3. From the Resource Type list, select the type of resource to be accessed. Default options are:

      • OracleDB: an Oracle9i Database Server

      • ExpressPDS: Oracle Express Pluggable Data Source

      • JDBCPDS: Java Database Connectivity Pluggable Data Source

      Other resource types may appear in this list as specified by the administrator.

    4. Choose Next. The Resource Access Information window appears.

    5. In the Resource Access Information window, specify the user name and password and the name of the database that you want the user to access.

    6. Verify that you have entered all information correctly, then choose Submit.

5.3.4 Modifying User Entries

To modify a user entry:

  1. Select the Directory tab, and perform a search for the user whose entry you want to modify.

  2. Select the user whose entry you want to modify, then choose Edit to display the Edit User window.

    This window is described in "Edit User".

  3. In the Edit User window, enter the appropriate information. Fields designated with an asterisk (*) are mandatory. If resource access information is not specified, you can create it. To do this:

    1. In the Resource Access Information section, choose Create. The Create Resource window appears.

    2. In the Resource Name field, specify the name of the resource or service to be accessed by the component on your behalf.

    3. From the Resource Type list, select the type of resource to be accessed. Default options are:

      • OracleDB: an Oracle9i Database Server

      • ExpressPDS: Oracle Express Pluggable Data Source

      • JDBCPDS: Java Database Connectivity Pluggable Data Source

      Other resource types may appear in this list as specified by the administrator.

    4. Choose Next. The Resource Access Information window appears.

    5. In the Resource Access Information window, specify the user name and password and the name of the database that you want the user to access.

    6. Verify that you have entered all information correctly, then choose Submit.


Note:

If you do not have the privileges to edit a user entry, then the Edit button does not appear, and you cannot perform this operation.

5.3.5 Deleting User Entries

To delete a user entry:

  1. Search for the user you want to delete by following the instructions in "Searching for Entries by Using the Self-Service Console".

  2. Select the user you want to delete from the search results table, then click Delete. The Delete User window appears.

    This window is described in "Delete User".

  3. The Delete User window displays and prompts you to confirm deletion. Click Yes to delete the user or No to return to the Users page.

5.3.6 Managing Users in Bulk

You can upload an LDIF (LDAP Data Interchange Format) file to the Provisioning Console to create, edit, or delete users in bulk mode.

To create, edit, or delete users in bulk mode:

  1. Select the Directory tab, then select User.

  2. Choose Bulk to display Bulk User Management window.

    This window is described in "Bulk User Management".

  3. In the Bulk User Management window, choose Browse to locate the LDIF file containing the data for the users you want to create, edit, or delete.

  4. To ignore failed users, select the Ignore Failed Users box. If you select the Ignore Failed Users box, the bulk create process will attempt to create, edit, or delete users regardless of failures. Failed users will be placed in a file you can download at the end of the process. If you do not select the Ignore Failed Users box, the bulk management process will terminate at the first failed user.

  5. Choose OK.

5.3.7 Assigning Privileges to Users

You can privilege a user to:

  • Create, edit, and delete users and groups

  • Assign privileges to other users and groups

You can also revoke privileges from a user.

To assign privileges to a user:

  1. Search for the user entry to which you want to assign privileges by following the instructions described in "Searching for Entries by Using the Self-Service Console".

  2. From the search results list, select the user to whom you want to assign privileges, then choose Privileges. The Assign Privileges to User window displays a list of privileges.

    This window is described in "Assign Privileges to User".

  3. Select the privileges you want to assign to this user.

  4. Choose Submit.


Note:

Any changes you make to a user's privileges will not take effect until the user logs out and logs back into the Self-Service Console.

5.3.8 Changing the Password of a User

You can change the password of a user other than yourself if:

  • You have the necessary access rights

  • You have configured user entries so that the userpassword attribute is available for modification. The steps for specifying a user attribute for modification are described in "Configuring User Entries".

To change another user's password, following the instructions in "Creating User Entries".

5.3.9 Specifying Additional Password Reset Validation Questions

The Self-Service Console allows users to specify a custom password hint that the user must successfully answer before a password is reset. Additionally, an administrator can specify an unlimited number of questions that a user must successfully answer before a password is reset.

To specify additional password reset validation questions:

  1. Use Oracle Directory Manager to perform the following tasks:

    1. Add custom attributes to the directory schema. You should create a separate attribute for each password reset validation question.

    2. Create a new auxiliary object class and assign to it the custom attributes you created in the last step that represent each password reset validation question.


    See Also:

    Oracle Internet Directory Administrator's Guide for information on how to administer Oracle Internet Directory object classes and attributes

  2. To make the new object class and attributes you created in Step 1 available, select the Configuration tab, then select User Entry. This displays the Configure User Object Classes window listing the existing object classes associated with user entries. Click Refresh Page new object class and attributes available.

    This window is described in "Configure User Object Classes".

  3. Add the new object class and attributes by following the procedures described in "Configuring User Entries". In the Configure User Attributes window, be sure to select the Viewable and Password Reset Validation check boxes for each attribute that represents a password reset validation question. You can also select the Self Editable check box if you want to give users the ability to edit an attribute.

5.4 Managing Group Entries

This section explains how to use the Self-Service Console to create, modify, and delete group entries and to assign privileges to groups. It contains these topics:

5.4.1 Viewing Group Entries

To view a group entry:

  1. Select the Directory tab, then select Group.

  2. Search for the group entry you want to view by following the instructions described in "Searching for Group Entries by Using the Self-Service Console".

  3. From the search results, click name of the group entry you want to view. The View Group window appears.

    This window is described in "View Group".

5.4.2 Creating Group Entries

To create a group entry:

  1. Select the Directory tab, then select Group.

  2. Choose Create. The Create Group window appears.

    This window is described in "Create Group".

  3. In the Create Group window, enter the values for the various fields.

  4. Choose Submit.

5.4.3 Modifying Group Entries

To modify a group entry:

  1. Search for the group entry you want to modify by following the instructions described in "Searching for Group Entries by Using the Self-Service Console".

  2. From the search results, select the group entry you want to modify.

  3. Choose View/Manage. The Manage Group window appears.

    This window is described in "Manage Group".

  4. Choose Edit. The Edit Group window appears.

    This window is described in "Edit Group".

  5. In the Edit Group window, modify the fields as necessary.

  6. Choose Submit.

5.4.4 Deleting Group Entries

To delete group entries:

  1. Search for the group entry you want to delete by following the instructions described in "Searching for Group Entries by Using the Self-Service Console".

  2. From the search results, select the group whose entry you want to delete.

  3. Choose View/Manage. The Manage Group window appears.

    This window is described in "Manage Group".

  4. In the Manage Group window, choose Delete. The Confirmation of Deletion window appears.

    This window is described in "Confirmation of Deletion".

  5. In the Confirmation window, choose either Yes or No.

5.4.5 Assigning Privileges to Groups

You can privilege a group to do one or more of the following:

  • Create, edit, and delete new users and groups

  • Assign privileges to users and to other groups

You can also revoke privileges from a group.

To assign privileges to a group:

  1. Search for the group entry to which you want to assign privileges by following the instructions described in "Searching for Group Entries by Using the Self-Service Console".

  2. From the search results, select the group to which you want to assign privileges.

  3. Choose Assign Privilege. The Assign Privileges to Group window displays a list of privileges.

    This window is described in "Assign Privileges to Group".

  4. In the Assign Privileges to Group window, select the privileges you want to assign to this group.

  5. Choose Submit.

5.5 Managing Services

This section explains how to use the Self-Service Console to modify service properties and modify subscription information for service recipients. It contains these topics:


Note:

You cannot configure or manage custom application services with the Self-Service Console.

5.5.1 About Services and Delegated Administration

A service can be a single application or a bundle of applications that performs a coherent set of tasks. It is supplied by a service provider to either individuals or groups, called service recipients.

To access a service, a service recipient must be subscribed to it. In the subscription process, an administrator for either a subscriber or a service provider creates a subscription list. This list specifies which service recipient users can use the service and for how long.

Service recipients can be service providers in their own right, supplying services to other service recipients.

The administrative tasks you can perform with the Self-Service Console depend on whether you are an administrator for a subscriber or for a service provider. If you are an administrator for a subscriber, then you can:

  • Modify the entry for your subscriber

  • Create, modify, and delete subscription information for a service. For example, you can specify how long a user can use a service, then change or delete that information.

  • Manage the subscription list

If you are the administrator for a service provider, then, in addition to performing all of the tasks of an subscriber administrator, you can:

  • Create entries for subscribers

  • Provision applications and services in the application service provider environment

5.5.2 Modifying Service Properties

You can change the display name and the network address for a service. To do this:

  1. Select the Directory tab, then select Services. The Services window displays a list of available services.

    This window is described in "Services".

  2. In the Services window, select the service whose properties you want to modify.

  3. Choose Edit Service. The Edit Service window appears.

    This window is described in "Edit Service".

  4. In the Edit Service window, enter values for the fields you want to modify.

  5. Choose Submit.

5.5.3 Modifying Subscription Information for a Service Recipient

You can add or remove a user from a subscription list. You can also change a recipient's start or end date.

To modify subscription information:

  1. Select the Directory tab, then select Service. The Services window displays a list of available services.

    This window is described in "Services".

  2. In the Services window, select the service whose properties you want to modify.

  3. Choose Edit Subscription. The Edit Subscription window appears.

    This window is described in "Edit Subscription".

  4. Select the service recipient whose subscription information you want to modify.

  5. Choose Edit. The Edit Service Recipient window appears.

    This window is described in "Edit Service Recipient".

  6. In the Edit Service Recipient window, enter your modifications:

    1. In the Start Date field, specify the date on which the recipient can begin using the service.

    2. In the End Date field, specify the date on which that usage ends.

    To add users to the subscription list:

    1. Choose Add User. The Search and Select window appears.

      This window is described in "Search and Select".

    2. In the Search and Select window, perform a search for the user you want to add to the list.

    3. From the search results, select the user you want to add, then choose Select. This returns you to the Add New Service recipient window. The user you just added now appears in the list.

    To remove a user from the subscription list, select the user, then choose Remove User.

  7. When you have made your changes in the Edit Service Recipient window, choose Submit. This returns you to the Edit Subscription window.


Note:

The format of the date is mm/dd/yyyy. This format cannot be customized.

5.6 Managing Accounts

This section explains how to use the Self-Service Console to unlock, enable, or disable user accounts. It contains these topics:

5.6.1 Unlocking User Accounts

If a user's account has been locked for any reason—for example, they failed to change their password within the specified time limit—then you can unlock it without resetting the user password. This saves you from having to explicitly tell the user the new password. Instead, the user can simply log in by using the old password.

To unlock a user's account:

  1. Search for the user account that you want to unlock by following the instructions described in "Searching for Entries by Using the Self-Service Console".

  2. Select the account that you want to unlock.

  3. Choose Unlock. The Unlock User window appears.

    This window is described in "Unlock User".

  4. The Unlock User window prompts you to confirm the unlocking of a user account. Click Yes to unlock the user account or No to return to the Users page.


Note:

If a realm administrator's account becomes locked, the Oracle Internet Directory super user can unlock it by modifying the realm administrator's account password, using Oracle Directory Manager. See Oracle Internet Directory Administrator's Guide for information on how to use Oracle Directory Manager.

5.6.2 Enabling User Accounts

If a user's account has been temporarily suspended—that is, disabled—then you can enable it. To do this:

  1. Search for the user account that you want to enable by following the instructions described in "Searching for Entries by Using the Self-Service Console".

  2. Select the account that you want to enable.

  3. Choose Enable. The Enable User window appears.

    This window is described in "Enable User".

  4. The Enable User window prompts you to confirm the enabling of a user account. Click Yes to enable the user account or No to return to the Users page.

5.6.3 Disabling User Accounts

You can temporarily suspend—that is, disable—a user's account. To do this:

  1. Search for the user account that you want to disable by following the instructions described in "Searching for Entries by Using the Self-Service Console".

  2. Select the account that you want to disable.

  3. Choose Disable. The Disable User window appears.

    This window is described in "Disable User".

  4. The Disable User window prompts you to confirm the disabling of a user account. Click Yes to disable the user account or No to return to the Users page.

5.7 Managing Resource Information

This section explains how to use the Self-Service Console to specify a new resource type and to configure default resource access information. It contains these topics:

5.7.1 Specifying a New Resource Type

To specify a new resource type:

  1. Select the Configuration tab, then choose Preferences to display the Preferences window.

    This window is described in "Preferences".

  2. In the Configure Resource Type Information section, choose Create. The Create Resource Type window appears.

    This window is described in "Create Resource Type".

  3. In the Create Resource Type window, enter values in the appropriate fields.

  4. When you have entered all of the appropriate information in the Create Resource Type window, choose Submit. This returns you to the Preferences window. The resource type you just specified now appears under the Resource Type Name column.


    See Also:

    The section on resource information in the Concepts and Architecture chapter of the Oracle Internet Directory Administrator's Guide for a brief description of resource information

5.7.2 Configuring Default Resource Access Information

If you have a large number of users, then, instead of specifying resource access information for each user entry, you can define commonly used resources that all users automatically inherit. To do this:

  1. Select the Configuration tab, then choose Preferences to display the Preferences window.

    This window is described in "Preferences".

  2. In the Default Resource Access Information section, choose Create. The Create Resource window appears.

    This window is described in "Create Resource".

  3. In the Resource Name field, specify the name of the resource or service to be accessed by the component on your behalf.

  4. From the Resource Type list, select the type of resource to be accessed. Default options are:

    • OracleDB: an Oracle9i Database Server

    • ExpressPDS: Oracle Express Pluggable Data Source

    • JDBCPDS: Java Database Connectivity Pluggable Data Source

    Other resource types may appear in this list as specified by the administrator.

  5. Choose Next. The Resource Access Information window appears.

    This window is described "Resource Access Information".

  6. In the Resource Access Information window, enter the appropriate information into the fields.

  7. Verify that you have entered all information correctly, then choose Submit. This returns you to the Preferences window. The default resource access information you just created now appears in the Resource Name column.


    See Also:

    The section on resource information in the Concepts and Architecture chapter of the Oracle Internet Directory Administrator's Guide for a brief description of resource information

5.8 Managing Diagnostic Settings

This section explains how to view and configure diagnostic settings for Oracle Delegated Administration Services. It contains these topics:

You can use the diagnostic settings in Oracle Delegated Administration Services to debug your implementation without having to examine the log files. If you have configuration privileges, then you can also change the runtime logging levels without restarting Oracle Delegated Administration Services.

5.8.1 Viewing and Configuring Application Diagnostic and Logging Settings

You can view and configure application level diagnostic settings for all user sessions and all units in an Oracle Delegated Administration Services application. Diagnostic settings can be turned on or off. If an application-level diagnostic setting is turned on, diagnostics will display, unless overridden by session-level or unit-level diagnostic settings. If an application-level diagnostic setting is turned off, diagnostics will not display, unless overridden by session-level or unit-level diagnostic settings.

To view and configure application-level diagnostic settings:

  1. Enter the following URL in a Web browser to open the Application Level Diagnostic Settings window:

    http://host_name:port_number/oiddas/ui/oracle/ldap/das/pages/Application
    
    

    This window is described in "Application Level Diagnostic Settings"

  2. Basic application-level configuration settings display in the Information section and connection pool settings and statistics display in the Connection Pool section.

    To display diagnostic information:

    1. In the Configuration section, change the Value field to On.

    2. Select Update. Scroll to the bottom of the Web page to view the diagnostic information.

    To change logging levels:

    1. In the Logging section, click the check boxes of the logging levels you want to change.

    2. Select a desired value from the Change log level to box.

    3. Select Update.

5.8.2 Viewing and Configuring Session-Level Diagnostic Settings

You can view and configure session-level diagnostic settings for the current user session and for all units in an Oracle Delegated Administration Services application. Diagnostic settings can be turned on or off or can inherit application-level diagnostic settings. If a session-level diagnostic setting is turned on, diagnostics will display, unless overridden by a unit-level diagnostic setting. If a session-level diagnostic setting is turned off, diagnostics will not display, unless overridden by a unit-level diagnostic setting. If a particular diagnostic setting is set to "inherit", then the application-level diagnostic setting applies.

To view and configure session-level diagnostic settings:

  1. Enter the following URL in a Web browser to open the Session Level Diagnostic Settings window:

    http://host_name:port_number/oiddas/ui/oracle/ldap/das/pages/Session
    
    

    This window is described in Session Level Diagnostic Settings

  2. Basic session-level configuration settings display in the Information section and console navigation settings display in the Navigation section.

    To change session-level diagnostic settings:

    1. In the Configuration section, select a desired value in the Value field for the diagnostic setting you want to change.

    2. Select Update.

5.8.3 Setting Unit-Level Diagnostic Settings

Unit-level diagnostic settings control the display of diagnostics for the current user session in a given unit. Applicable values for a diagnostic setting at the unit level are "on", "off", and "inherit". If a unit-level diagnostic setting is turned on, diagnostics will display for the specified unit. If a unit-level diagnostic setting is turned off, diagnostics will not display for the specified unit. If a value of "inherit" is applied to a diagnostic setting, then the session-level diagnostic setting applies.

To enable or disable diagnostics for the current user session and a specific unit, append a question mark and "diagnostic=on", or "diagnostic=off", or "diagnostic=inherit" to the URL of the desired unit. For example, the following URL enables diagnostics for the current user session with the user search unit:

http://host_name:port_number/oiddas/ui/oracle/ldap/das/
pages/UserSearch?diagnostic=on