Index

A B C D E F G H I K L M N O P R S T U V W

A

access control

for agents, 2.2.2

for directory integration and provisioning server, 2.2.1

for profiles, 2.2.2

in Oracle Directory Integration and Provisioning platform, 2.2

in the Oracle Directory Integration and Provisioning platform, 2.2

access control lists (ACLs)

and integration with SunONE Directory Server, 20.3.2

customizing, 18.3.3

for export profiles, 18.3.3.2

for import profiles, 18.3.3.1

sample files, 18.3.3.3

access control policy points (ACPs)

configuring display of, in Oracle Directory Manager, 3.1.6

Active Directory

and Active Directory Connector, 18.1.1

concepts and architecture for integration with, 18.1

configuration of integration with, 18.3

configuring connection details for integration, 18.3.2.3

connector profiles, configuring, 18.3.6

deployment options for integration with, 18.2

domain controller

switching to different in same domain, 18.4.2.3

external authentication plug-in, 18.3.7

enabling, 18.3.7.3

installing, 18.3.7.1, 18.3.7.2

managing, 18.4.2.2

testing, 18.3.7.4

foreign security principals, 18.1.4.4

forest, as mapped to Oracle Internet Directory, 18.1.4.4

integration

distinguished name mapping, 18.3.2.4

post-configuration tasks, 18.4.1

typical management tasks, 18.4.2

managing, 18.4

multiple domain

synchronizing with, 18.3.5

synchronizing deletions from, 18.3.2.7

synchronizing passwords from, 18.3.2.8

troubleshooting integration, C.5

trust relationships between domains, 18.1.4.4

Active Directory Connector

what it does, 18.1.1

Active Directory domain controller

single, integration with, 18.1.4.3

Active Directory domain controllers

multiple, integration with, 18.1.4.4

Active Directory External Authentication Plug-in, 18.1.1

Active Directory, integration with, 18

ActiveChgImp profile, 18.3.2.1

ActiveExport profile

synchronization profiles

ActiveExport, 18.3.2.1

ActiveImport profile, 18.3.2.1

administrative privileges, provisioning, 12.7

anonymous authentication, A.1.1

application bootstrapping, provisioning, 12.4.6

applications

managing with the Provisioning Console, 14.2

Apply button, in Oracle Directory Manager, 3.1.3.1

applying matching filters, 6.6

asynchronous provisioning, 12.3.2

attribute-level mapping, 6.5.2

attribute-level mapping, in integration with Active Directory, 18.3.2.4

attributes

for login name, 17.5

for user login name, 18.3.1

authentication

and Oracle directory integration and provisioning server, 2.1.2

anonymous, A.1.1

external

how it works, 20.2.3.2

in the Oracle Directory Integration and Provisioning platform, 2.1

non-SSL, 2.1.2.1

password-based, A.1.1

profile, 2.1.3

simple, A.1.1

SSL

for Oracle Directory Manager, A.1.2

mode, 2.1.2.2

no, A.1.2

server only, A.1.2

authentication dynamics

Windows native authentication, 18.1.1

authorization

in the Oracle Directory Integration and Provisioning platform, 2.2

auto-provisioning plug-ins

for integration with Microsoft Windows NT, 19.2

B

bootstrapping

application, 12.4.6

in integrated environments

by using default integration profiles, 8.3

by using the parameter file, 8.2

in integration with Active Directory, 18.4.2.1

in Oracle Directory Integration and Provisioning platform, 8

Oracle Internet Directory from Oracle Human Resources, 10.5

browser settings

Windows native authentication, 18.3.8.2

Internet Explorer 5.0, 18.3.8.2

Internet Explorer 6.0, 18.3.8.2, 18.3.8.2

C

Cancel button, in Oracle Directory Integration and Provisioning Server Administration, 3.1.3.1

central enterprise directory, 17.2

Oracle Internet Directory as, 17.2.1

third-party directory as, 17.2.2

change logs

in synchronization process, 1.4.2.2

object store, and integration with third-party metadirectory solutions, 11.1

comparing

two objects, 3.1.3.2

configuration set entries

directory integration and provisioning server, 4.1.2

Oracle directory integration and provisioning server, 4.1.2, 4.3

configuring Active Directory connector profiles, 18.3.6

configuring properties, 13.3

configuring synchronization profiles, 18.3.2

connected directories

described, 1.4.2.2

SSL certificates for, 4.4

connecting

to a directory server, 3.1.2

connection details

configuring for SunONE Directory Server, 20.3.1.2

connector profiles, Active Directory, 18.3.6

connectors, 5

managing from the command line, 7.2

registering, 6.1

SunONE, 20.1

Connectors for Directory Synchronization, described, 5.1.1

Create Like

operation, by using Oracle Directory Integration and Provisioning Server Administration, 3.1.3.2

creating users with the Provisioning Console, 14.1.2

D

Data Access Java plug-in, 12.3.1

data integrity, 2.3

in Oracle Directory Integration and Provisioning platform, 2.3

data privacy

in Oracle Directory Integration and Provisioning platform, 2.4

debug logging

levels

setting for directory integration and provisioning server, 4.7

Debugging

Windows native authentication, C.5.2

default port, 3.1.2

deploying provisioning-integrated applications, 13.1

deregistering a directory, 11.4.2

DIP Tester utility, C.1.3.2

dipassistant

described, 3.3.3

directories

central enterprise, 17.2, 17.2

E

Edit

menu item, in Oracle Directory Manager, 3.1.3.2

error messages

Windows native authentication, C.2.4

Exit menu item, in Oracle Directory Integration and Provisioning Server Administration, 3.1.3.2

express configuration

by using the Oracle Directory Integration and Provisioning Server Administration tool, 18.3.6.2.2

of Active Directory Connector profiles, 18.3.6.2

using, 18.3.6.2.2

external authentication

types, 20.2.3.1

external authentication plug-in

Active Directory, 18.4.2.2

enabling, 18.3.7.3

installing, 18.3.7.1, 18.3.7.2

testing, 18.3.7.4

for integration with Active Directory, 18.3.7

for integration with Microsoft Active Directory, 18.1.1

for integration with Microsoft Windows NT, 19.2

for SunONE Directory Server, 20.3.4

F

features, new, Preface

in Oracle Internet Directory, Release 3.0.1, Preface

release 10g (10.1.2), Preface

release 10g (9.0.4), Preface

release 2.1.1, Preface

release 3.0.1, Preface

release 9.0.2, Preface

File menu, in Oracle Directory Manager, 3.1.3.2

file naming conventions, 6.7

files

location, 6.7

foreign security principal, defined, 18.1.4.4

foreign security principals

in Oracle Internet Directory

synchronzing with Active Directory, 18.3.9

foreign security principals, in Microsoft Active Directory, 18.1.4.4

G

group search context, 17.7

groupcreatebase

configuring in integration with Active Directory, 18.3.1

groupsearchbase

configuring in integration with Active Directory, 18.3.1

H

Help

menu item, in Oracle Directory Manager, 3.1.3.2

I

identity management realms

about, 18.1.4.1

access control policies in, 18.1.4.1

default, 18.1.4.1

identity managment realms

multiple, 18.1.4.1

installing the SunONE Directory Server External Authentication Plug-in, 20.3.4.1

integrated environments

bootstrapping in, 8

security concerns, 17.8

integration

with a relational database, 9

with a single Active Directory domain controller, 18.1.4.3

with Active Directory, 18.3.2, 18.3.2.4

configuring connection details, 18.3.2.3

configuring mapping rules, 18.3.2.1

customizing search filter, 18.3.2.6

in SSL mode, 18.3.4

setting the user login name attribute, 18.3.1

setting user and group search bases, 18.3.1

with Active Directory as the central directory, 18.2.2

with OID as the central directory, 18.2

with Microsoft Active Directory, 18

Active Directory Connector, 18.1.1

concepts and architecture, 18.1

configuration of, 18.3

Oracle Directory Integration and Provisioning component, 18.1.1

Oracle Internet Directory component, 18.1.1

setting the user login name attribute, 18.3.1

with Microsoft Windows NT 4.0, 19.1

with multiple Active Directory domain controllers, 18.1.4.4

with Oracle E-Business Suite, 16

with Oracle Human Resources, 10

with SunONE Directory Server, 20

with third-party directories

considerations, 17

integration profile

enabling, 18.4.1

integration profiles

authentication, 2.1.3

configuring for two-way synchronization with SunONE Directory Server, 20.3.1.5

customizing for SunONE Directory Server, 20.3.1.1

default, 8.3

for synchronization, 5

relational database, 9.3

SunONE connector, configuring, 20.3.1

integration with Microsoft Active Directory

deployment options, 18.2

iplconfig.sh, 20.3.1.3

K

Kerberos protocol, 18.1.1

L

LDAP schema, customizing, 18.3.2.5

log files

Oracle Directory Integration and Provisioning platform, 4.9

anonymous, A.1.1

super user, A.1.1

user, A.1.1

Windows native authentication, 18.3.8.5

M

managing, 18.4.1

managing applications with the Provisioning Console, 14.2

managing users with the Provisioning Console, 14.1

mapping

attribute-level, 6.5.2

distinguished name, 6.5.1

mapping rules, 5.1.2

customizing for Active Directory integration, 18.3.2.4

for group entries, 17.4.2.2

for integration with SunONE Directory Server, 20.3.1.6

for user entries, 17.4.2.1

in integration with Active Directory, 18.3.2.1

Mapping Rules Format, 5.1.2

matching filters

change log, 6.6.2

LDAP search, 6.6.1

matching filters, applying, 6.6

menu bar, Oracle Directory Integration and Provisioning Server Administration, 3.1.3.2

Microsoft Active Directory

and Active Directory Connector, 18.1.1

concepts and architecture for integration with, 18.1

configuration of integration with, 18.3

connector profiles, configuring, 18.3.6

deployment options for integration with, 18.2

external authentication with, 18.1.1

foreign security principals, 18.1.4.4

forest, as mapped to Oracle Internet Directory, 18.1.4.4

integration

post-configuration tasks, 18.4.1

typical management tasks, 18.4.2

integration with, 18

managing, 18.4

multiple domain

synchronizing with, 18.3.5

synchronizing deletions from, 18.3.2.7

synchronizing passwords from, 18.3.2.8

troubleshooting integration, C.5

trust relationships between domains, 18.1.4.4

Microsoft Windows NT

integration with, 19.1

external authentication plug-in, 19.2

multiple Active Directory domain controllers

integration with, 18.1.4.4

multiple-domain Active Directory, synchronizing with, 18.3.5

N

navigator pane, in Oracle Directory Integration and Prvisioning Server Administration, 3.1.3.1

new features, Preface

release 10g (10.1.2), Preface

release 10g (9.0.4), Preface

release 2.1.1, Preface

release 3.0.1, Preface

release 9.0.2, Preface

no SSL authentication option, A.1.2

non-default port, running on, 3.1.2

non-SSL authentication, 2.1.2.1

nontransitive trust relationship in Active Directory, 18.1.4.4

O

object

adding, by using Oracle Directory Manager, 3.1.3.2

objects

comparing, 3.1.3.2

modifying

by using Oracle Directory Integration and Provisioning Server Administration, 3.1.3.2

removing

by using Oracle Directory Integration and Provisioning Server Administration, 3.1.3.2

odisrvreg, 4.10

OID Control Utility

and the Oracle Directory Integration Platform, 3.3.1

OID Monitor

and the Oracle Directory Integration Platform, 3.3.1

one-way authentication, SSL, A.1.2

OpenLDAP Community, Preface

Oracle Application Server Single Sign-On

and integration with Active Directory, 18.1.1

and Windows native authentication, 18.1.1

described, 1.4.3

Oracle Directory Integration and Provisioning

as a component in integration with Active Directory, 18.1.1

how it maintains synchronization, 18.1.2

problems and solutions, C.2

troubleshooting, C

what it is, 1.1

Oracle Directory Integration and Provisioning platform

access control and authorization in, 2.2

data integrity, 2.3

data privacy, 2.4

deletion of users, B.6

deployment example, B

in a replicated environment, 4.8

log files, 4.9

modification of user properties, B.5

structure, 1.1

user creation and provisioning, B.4

what it is, 1.1

Oracle directory integration and provisioning server, 12.2

administration, 4

authentication, 2.1.2

configuration set entries, 4.1.2

managing, 4.3

described, 1.4.2

diagnosing problems, C.1, C.1

in high availability scenario, 4.6

operational information about, 4.1

sequence of events, 4.1.3

starting, stopping, and restarting, 4.5

Oracle Directory Integration and Provisioning Server Administration

Apply button vs. OK button, 3.1.3.1

Cancel button, 3.1.3.1

connecting to a directory server, 3.1.3.2

Create Like operation, 3.1.3.2

disconnect

menu item, 3.1.3.2

Exit menu item, 3.1.3.2

launching, 3.1.1

menu bar, 3.1.3.2

modifying

objects, 3.1.3.2

navigating, 3.1.3

removing objects, 3.1.3.2

starting, 3.1.1

tear-off menu item, 3.1.3.2

tool, 3.1

updating, 3.1.3.2

Oracle Directory Integration and Provisioning Server Registration Tool, described, 3.3.2

Oracle Directory Manager

adding

objects, 3.1.3.2

displaying help navigator, 3.1.3.2

Edit menu, 3.1.3.2

File menu, 3.1.3.2

Help menu item, 3.1.3.2

on UNIX, starting, 3.1.1

on Windows 95, starting, 3.1.1

on Windows NT, starting, 3.1.1

overview, 3.1.3.2

Revert button, 3.1.3.1

running, 3.1.1

starting

on UNIX, 3.1.1

on Windows NT, 3.1.1

Synchronization Execution tab page, A.3.3

Synchronization General tab page, A.3.2

Synchronization Mapping tab page, A.3.4

Synchronization Status tab page, A.3.5

View menu, 3.1.3.2

Oracle Directory Synchronization Service

interaction between components, 1.4.2.2, 1.4.2.2

Oracle E-Business Suite, integrating with, 16

Oracle Human Resources

agent, 10

configuring an integration profile, 10.3.1

mapping rules for, 10.3.3

importing from, 10.2

running synchronization, 10.3.4

synchronizing with, 10

Oracle Identity Management Integration, benefits of, 1.1

Oracle Internet Directory

as a component in integration with Active Directory, 18.1.1

as the central directory in a synchronized environment, 1.4.2.2

configuring for Windows native authentication, 18.3.8.2, 18.3.8.3

described, 1.4.1

schema elements for integration with Active Directory, 18.1.3

Oracle Internet Directory Provisioning Console, 12.2

creating users, 14.1.2

managing applications, 14.2

managing users, 14.1

provisioning users, 14.1.3

searching for users, 14.1.1

Oracle Provisioning Service

described, 1.4.2.3

orclChangeSubscriber, 6.1

orclLastAppliedChangeNumber attribute, 11.3.2

orclodiplastappliedchangenumber, 6.1

orclOdipLastAppliedChgNum, 9.1

orclodiProfile, 6.1

P

password synchronization

configuring for SunONE Directory Server, 20.3.1.4

password-based authentication, A.1.1

passwords

for SSL wallets, A.1.2

not migrated from Microsoft Active Directory to Oracle Internet Directory, 18.2.2

where to store in an integrated environment, 17.3

planning the Active Directory integration, 18.1.4.2

PL/SQL plug-in, 12.3.2

plug-in

Data Access Java, 12.3.1

PL/SQL, 12.3.2

Pre-Data Entry, 12.3.3

plug-in Post-Data Entry, 12.3.3

plug-ins

external authentication

for integration with Active Directory, 18.3.7

for integration with SunONE Directory Server, 20.3.4

SunONE Directory Server, 20.2.3

port

default, 3.1.2

Post-Data Entry plug-in, 12.3.3

Pre-Data Entry plug-in, 12.3.3

problems and solutions

Oracle Directory Integration and Provisioning, C.2

profiles

access controls for, 2.2.2

directory integration, 6.1

deregistering, 7.1.2

managing, 7.1

registering, 7.1.1

directory synchronization, 5.1.2

sample synchronization profiles, 6.2

provisioning

administration model, 12.7.1

administrative privileges, 12.7

agent, 1.4.2.3

agents, for legacy applications, 1.4.2.3

application bootstrapping, 12.4.6

asynchronous, 12.3.2

bulk, 12.4.4

compared with synchronization, 1.3

contrasted with synchronization, 1.3.3

described, 1.3.2

entries in the directory information tree, 12.5.1

explained, 12.1

flow, 12.6

goal of, 1.3.2

on-demand, 12.4.5

Oracle Internet Directory Provisioning Console, 12.2

provisioning integration profile, 12.2

Provisioning Subscription tool, described, 3.3.4

synchronous, 12.3.1

user statuses, 12.5.2

provisioning administration model, 12.7.1

Provisioning Console

creating users, 14.1.2

managing applications, 14.2

managing users, 14.1

provisioning users, 14.1.3

searching for users, 14.1.1

provisioning service

Oracle Provisioning Service, described, 1.4.2.3

Provisioning Subscription tool, described, 3.3.4

provisioning users

bulk provisioning, 12.4.4

created with command-line LDAP tools, 12.4.3

from the Provisioning Console, 12.4.1

on-demand, 12.4.5

statuses, 12.5.2

that are synchronized from an external source, 12.4.2

provisioning users with the Provisioning Console, 14.1.3

provisioning, troubleshooting, C.3

provisioning-integrated application, 13.3

provisioning-integrated applications

deploying, 13.1

registering, 13.2

R

realms

about, 18.1.4.1

access control policies in, 18.1.4.1

configuring in Active Directory integration, 18.3.1

default, 18.1.4.1

multiple, 18.1.4.1

registering a directory, 11.2.2.2

registering applications for provisioning, 13.2

registration, directory, 11.2.2.1

replication

and Oracle Directory Integration and Provisioning platform, 4.8

restarting Oracle directory integration and provisioning server, 4.5

Revert button, in Oracle Directory Manager, 3.1.3.1

S

sample synchronization profiles, 6.2

search filter, customizing in Active Directory integration, 18.3.2.6

SearchDeltaSize parameter, 6.4.1

searches

configuring display and duration of, 3.1.5

searching for users with the Provisioning Console, 14.1.1

security

in integrated environments, 17.8

in the Oracle Directory Integration Platform, 2

tools in Oracle Directory Integration and Provisioning platform, 2.5

server

instances

running, 3.1.1

Simple and Protected GSS-API Negotiation Mechanism (SPNEGO), 18.1.1

single Active Directory domain controller, integration with, 18.1.4.3

single sign-on server

configuring for Windows native authentication, 18.3.8.2, 18.3.8.3, 18.3.8.3

SkipErrorToSyncNextChange parameter, 6.4.2

SPNEGO protocol, 18.1.1

SSL, 2.1.1

and Active Directory integration, 18.3.4

authentication

for Oracle Directory Manager, A.1.2

one-way, A.1.2

server only, A.1.2

certificates for connected directories, 4.4

no authentication, A.1.2

password to user wallet, A.1.2

starting Oracle directory integration and provisioning server, 4.5

statuses

provisioning users, 12.5.2

stopping Oracle directory integration and provisioning server, 4.5

SunONE

connector

about, 20.1

configuring, 20.3

integration profile for, 20.3.1

troubleshooting integration, C.6

Directory Server

connection details, configuring, 20.3.1.2

customizing default integration profiles, 20.3.1.1

external authentication plug-in, 20.2.3, 20.3.4

integration, 20, 20.2

integration profiles, configuring for two-way synchronization, 20.3.1.5

mapping rules for integration with, 20.3.1.6

password synchronization, configuring, 20.3.1.4

supported configurations for integration, 20.5

SunONE Directory Server, External Authentication plug-in, installing, 20.3.4.1

synchronization

Active Directory passwords with Oracle Internet Directory, 18.3.2.8

between Microsoft Active Directory and Oracle Internet Directory, 18.3.8.2, 18.3.8.3

contrasted with provisioning, 1.3.3

decisions to make before, 18.1.4.2

deletions from Active Directory, 18.3.2.7

described, 1.3.1

DirSync control-based, 18.1.2

from a connected directory to Oracle Internet Directory, 5.2.2

from Oracle Internet Directory to a connected directory, 5.2.1

one-way, 1.4.2.2

Oracle Internet Directory passwords with Active Directory, 18.3.2.8

passwords from Active Directory, 18.3.2.8

process, 11.3

profiles, 1.3.1, 5

scenarios, 5.2

status attribute, 7.1.3

two-way, 1.4.2.2

use of the change log, 1.4.2.2

USNChange-based, 18.1.2

with Oracle Human Resources, 10

with other directories, 11, 11.2

Synchronization Execution tab page, in Oracle Directory Manager, A.3.3

Synchronization General tab page, in Oracle Directory Manager, A.3.2

Synchronization Mapping tab page, in Oracle Directory Manager, A.3.4

synchronization profiles

ActiveChgImp, 18.3.2.1

ActiveImport, 18.3.2.1

configuring, 18.3.2

creating, 18.3.2.2

samples for synchronizing with Active Directory, 18.3.2.1

Synchronization Status tab page, in Oracle Directory Manager, A.3.5

synchronization, troubleshooting, C.4

synchronous provisioning, 12.3.1

T

tear-off, in Oracle Directory Integration and Provisioning Server Administration, 3.1.3.2

third-party directories

integration with

considerations, 17

transitive trust relationships in Active Directory, 18.1.4.4

troubleshooting

DIP Tester utility, C.1.3.2

Microsoft Active Directory integration, C.5

Oracle Directory Integration and Provisioning, C

provisioning, C.3

SunONE connector, C.6

synchronization, C.4

types of external authentication, 20.2.3.1

U

UNIX, starting Oracle Directory Manager on, 3.1.1, 3.1.1

user

search context, 17.6

User field, in Oracle Directory Integration and Provisioning Server Administration, A.1.1, A.1.1

usercreatebase

configuring in integration with Active Directory, 18.3.1

users

creating with the Provisioning Console, 14.1.2

managing with the Provisioning Console, 14.1

provisioning with the Provisioning Console, 14.1.3

searching for with the Provisioning Console, 14.1.1

usersearchbase

configuring in integration with Active Directory, 18.3.1

USNChange-based synchronization, 18.1.2

V

View menu, in Oracle Directory Manager, 3.1.3.2

W

wallets

passwords, A.1.2

Windows native authentication, 18.1.1

authentication dynamics, 18.1.1

browser settings, 18.3.8.2, 18.3.8.2

configuring, 18.3.8

debugging, C.5.2

error messages, C.2.4

fallback authentication, 18.3.8.4, 18.3.8.4

how it works, 18.1.1

multiple domains or forests, 18.3.8.3

system requirements, 18.3.8.1, 18.3.8.1

Windows NT

starting Oracle Directory Manager on, 3.1.1

Windows NT 4.0, Microsoft

integration with, 19.1