Oracle Internet Directory Administrator’s Guide · Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) E10029-03 January 2011

Oracle® Fusion MiddlewareAdministrator's Guide for Oracle Internet Directory

11g Release 1 (11.1.1)

E10029-03

January 2011

Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, 11g Release 1 (11.1.1)

E10029-03

Copyright © 1999, 2011, Oracle and/or its affiliates. All rights reserved.

Primary Author: Ellen Desmond

Contributors: Olfat Aly, Krishna Chander, Giriraj Chauhan, Margaret Chou, Quan Dinh, Maud Jamati-Bartlett, Vinoth Janakiraman, Buddhika Kottahachchi, Venkat Medam, Vishal Parashar, Karthi Purushothaman, Lakshmi Ramadoss, Loganathan Ramasamy, Ramaprakash Sathyanarayan, Daniel Shih, Olaf Stullich, Dipankar Thakuria, Arun Theebaprakasam, Vinay Thulasidas, Satishkumar Venkatasamy, Frances Wu

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.

RSA and RC4 are trademarks of RSA Data Security. Portions of Oracle Internet Directory have been licensed by Oracle Corporation from RSA Data Security.

This product contains SSLPlus Integration SuiteTM version 1.2, from Consensus Development Corporation.

v

Contents

Preface .......................................................................................................................................................... xxxvii

Audience................................................................................................................................................ xxxviiDocumentation Accessibility .............................................................................................................. xxxviiRelated Documents ............................................................................................................................. xxxviiiConventions ........................................................................................................................................... xxxix

What's New in Oracle Internet Directory?..................................................................................... xli

New Features Introduced with Oracle Internet Directory 11g Release 1 (11.1.1.4.0) ....................... xliNew Features Introduced with Oracle Internet Directory 11g Release 1 (11.1.1) ............................ xliiNew Features Introduced with Oracle Internet Directory 10g (10.1.4.1) ......................................... xlivNew Features Introduced with Oracle Internet Directory 10g Release 2 (10.1.2)........................... xlvi

Part I Understanding Directory Services

1 Introduction to Directory Services

What Is a Directory?................................................................................................................................. 1-1The Expanding Role of Online Directories..................................................................................... 1-1The Problem: Too Many Special-Purpose Directories .................................................................. 1-2

What Is the Lightweight Directory Access Protocol (LDAP)? ......................................................... 1-3LDAP and Simplified Directory Management .............................................................................. 1-3LDAP Version 3.................................................................................................................................. 1-3

What Is Oracle Internet Directory? ....................................................................................................... 1-4Overview of Oracle Internet Directory ........................................................................................... 1-4Components of Oracle Internet Directory ...................................................................................... 1-5Advantages of Oracle Internet Directory ....................................................................................... 1-5

Scalability ..................................................................................................................................... 1-6High Availability ........................................................................................................................ 1-6Security ......................................................................................................................................... 1-6Integration with the Oracle Environment ............................................................................... 1-6

How Oracle Products Use Oracle Internet Directory ........................................................................ 1-6Easier and More Cost-Effective Administration of Oracle Products.......................................... 1-7Tighter Security Through Centralized Security Policy Administration .................................... 1-7Integration of Multiple Directories.................................................................................................. 1-8

vi

2 Understanding Oracle Internet Directory in Oracle Fusion Middleware

WebLogic Server Domain ....................................................................................................................... 2-1Oracle Internet Directory as a System Component ........................................................................... 2-2Oracle Internet Directory Deployment Options ................................................................................ 2-2Middleware Home ................................................................................................................................... 2-3WebLogic Server Home ........................................................................................................................... 2-3Oracle Common Home ............................................................................................................................ 2-3Oracle Home ............................................................................................................................................. 2-3Oracle Instance ......................................................................................................................................... 2-3Oracle Enterprise Manager Fusion Middleware Control ................................................................. 2-4Logging, Auditing, and Diagnostics..................................................................................................... 2-4MBeans and the WebLogic Scripting Tool .......................................................................................... 2-4

3 Understanding Oracle Internet Directory Concepts and Architecture

Oracle Internet Directory Architecture ................................................................................................ 3-1An Oracle Internet Directory Node................................................................................................. 3-2An Oracle Directory Server Instance............................................................................................... 3-3Oracle Internet Directory Ports ........................................................................................................ 3-4Directory Metadata ............................................................................................................................ 3-4

How Oracle Internet Directory Processes a Search Request............................................................ 3-6Directory Entries....................................................................................................................................... 3-7

Distinguished Names (DNs) and Directory Information Trees (DITs)...................................... 3-7Entry Caching ..................................................................................................................................... 3-8

Attributes ................................................................................................................................................... 3-8Kinds of Attribute Information ........................................................................................................ 3-9Single-Valued and Multivalued Attributes................................................................................. 3-10Common LDAP Attributes ............................................................................................................ 3-10Attribute Syntax .............................................................................................................................. 3-11Attribute Matching Rules............................................................................................................... 3-11Attribute Options ............................................................................................................................ 3-11

Object Classes ........................................................................................................................................ 3-12Subclasses, Superclasses, and Inheritance................................................................................... 3-12Object Class Types .......................................................................................................................... 3-13

Structural Object Classes......................................................................................................... 3-13Auxiliary Object Classes ......................................................................................................... 3-13Abstract Object Classes ........................................................................................................... 3-13

Naming Contexts ................................................................................................................................... 3-14Security.................................................................................................................................................... 3-14Globalization Support.......................................................................................................................... 3-15Distributed Directories ........................................................................................................................ 3-16

Directory Replication...................................................................................................................... 3-16Directory Partitioning..................................................................................................................... 3-16

Knowledge References and Referrals ............................................................................................... 3-17Oracle Delegated Administration Services and the Oracle Internet Directory Self-Service Console .................................................................................................................................................... 3-19The Service Registry and Service to Service Authentication ...................................................... 3-19Oracle Directory Integration Platform .............................................................................................. 3-20

vii

Oracle Internet Directory and Identity Management .................................................................... 3-20About Identity Management ......................................................................................................... 3-21Oracle Identity Management Products ....................................................................................... 3-21Identity Management Realms ....................................................................................................... 3-23

Default Identity Management Realm.................................................................................... 3-23Identity Management Policies................................................................................................ 3-23

Resource Information ........................................................................................................................... 3-24Resource Type Information ........................................................................................................... 3-24Resource Access Information ........................................................................................................ 3-24Location of Resource Information in the DIT ............................................................................. 3-24

4 Understanding Process Control of Oracle Internet Directory Components

Oracle Internet Directory Process Control Architecture................................................................... 4-1The ODS_PROCESS_STATUS Table ................................................................................................... 4-2Starting, Stopping, and Monitoring of Oracle Internet Directory Processes ............................... 4-3

Oracle Internet Directory Snippet in opmn.xml ............................................................................ 4-3OPMN Starting Oracle Internet Directory...................................................................................... 4-4OPMN Stopping of Oracle Internet Directory ............................................................................... 4-4Process Monitoring ............................................................................................................................ 4-5

Oracle Internet Directory Process Control–Best Practices................................................................ 4-5

5 Understanding Oracle Internet Directory Organization

The Directory Information Tree ............................................................................................................ 5-1Planning the Overall Directory Structure ........................................................................................... 5-2Planning the Names and Organization of Users and Groups ......................................................... 5-3

Organizing Users................................................................................................................................ 5-3Organizing Groups ............................................................................................................................ 5-4

Migrating a DIT from a Third-Party Directory .................................................................................. 5-5

6 Understanding Oracle Internet Directory Replication

Why Use Replication? ............................................................................................................................. 6-2Replication Concepts ............................................................................................................................... 6-2

Content to be Replicated: Full or Partial......................................................................................... 6-2Direction: One-Way, Two-Way, or Peer to Peer............................................................................ 6-3Transport Mechanism: LDAP or Oracle Database Advanced Replication................................ 6-4Directory Replication Group (DRG) Type: Single-master, Multimaster, or Fan-out ............... 6-4

Single-Master Replication Example ......................................................................................... 6-5Multimaster Replication Example ............................................................................................ 6-5Fan-out Replication Example .................................................................................................... 6-6

Loose Consistency Model ................................................................................................................. 6-6How the Replication Concepts Fit Together .................................................................................. 6-6Multimaster Replication with Fan-Out........................................................................................... 6-7

What Kind of Replication Do You Need?............................................................................................ 6-8

Part II Basic Administration

viii

7 Getting Started With Oracle Internet Directory

Patching Your System to 11g Release 1 (11.1.1.4.0) ............................................................................. 7-1Deselecting Cipher Suites for SSL Server Authentication ........................................................... 7-1Upgrading a Directory Replication Group..................................................................................... 7-2

Postinstallation Tasks and Information ............................................................................................... 7-2Setting Up the Environment ............................................................................................................. 7-2Starting and Stopping the Oracle Stack .......................................................................................... 7-2Identifying Default URLs and Ports................................................................................................ 7-2Tuning Oracle Internet Directory .................................................................................................... 7-2Enabling Anonymous Binds............................................................................................................. 7-3Enabling Oracle Internet Directory to run on Privileged Ports................................................... 7-3Verifying Oracle Database Time Zone ........................................................................................... 7-3

Using Fusion Middleware Control to Manage Oracle Internet Directory ................................... 7-4Using Oracle Directory Services Manager .......................................................................................... 7-5

Introduction to Oracle Directory Services Manager ..................................................................... 7-6Using the JAWS Screen Reader with Oracle Directory Services Manager ......................... 7-6Non-Super User Access to Oracle Directory Services Manager .......................................... 7-6Single Sign-On Integration with Oracle Directory Services Manager................................. 7-6

Configuring ODSM for SSO Integration......................................................................................... 7-7Configuring the SSO Server for ODSM Integration...................................................................... 7-8Configuring the Oracle HTTP Server for ODSM-SSO Integration ............................................. 7-9Invoking Oracle Directory Services Manager ................................................................................ 7-9Connecting to the Server from Oracle Directory Services Manager........................................... 7-9

Logging in to the Directory Server from Oracle Directory Services Manager................ 7-10Logging Into the Directory Server from Oracle Directory Services Manager Using SSL ........ 7-11Connecting to an SSO-Enabled Directory as an SSO-Authenticated User ...................... 7-12

Configuring Oracle Directory Services Manager Session Timeout ......................................... 7-12Configuring Oracle HTTP Server to Support Oracle Directory Services Manager in an Oracle WebLogic Server Cluster 7-12

Using Command-Line Utilities to Manage Oracle Internet Directory ....................................... 7-13Using Standard LDAP Utilities ..................................................................................................... 7-13Using Bulk Tools ............................................................................................................................. 7-14Using WLST ..................................................................................................................................... 7-14

Basic Tasks for Configuring and Managing Oracle Internet Directory ..................................... 7-15

8 Managing Oracle Internet Directory Instances

Introduction to Managing Oracle Internet Directory Instances .................................................... 8-1The Instance-Specific Configuration Entry .................................................................................... 8-1Creating the First Oracle Internet Directory Instance................................................................... 8-2Creating Additional Oracle Internet Directory Instances ............................................................ 8-3Registering an Oracle Instance or Component with the WebLogic Server ............................... 8-4

Managing Oracle Internet Directory Components by Using Fusion Middleware Control ..... 8-4Viewing Active Server Information by Using Fusion Middleware Control ............................ 8-5Starting the Oracle Internet Directory Server by Using Fusion Middleware Control ............ 8-5Stopping the Oracle Internet Directory Server by Using Fusion Middleware Control ........... 8-5Restarting the Oracle Internet Directory Server by Using Fusion Middleware Control......... 8-5

ix

Managing Oracle Internet Directory Components by Using opmnctl .......................................... 8-5Creating an Oracle Internet Directory Component by Using opmnctl ..................................... 8-6Registering an Oracle Instance by Using opmnctl ........................................................................ 8-7Unregistering an Oracle Instance by Using opmnctl .................................................................... 8-7Updating the Component Registration of an Oracle Instance by Using opmnctl.................... 8-8Deleting an Oracle Internet Directory Component by Using opmnctl ...................................... 8-9Viewing Active Server Instance Information by Using opmnctl ................................................ 8-9Starting the Oracle Internet Directory Server by Using opmnctl................................................ 8-9Stopping the Oracle Internet Directory Server by Using opmnctl........................................... 8-10Restarting the Oracle Internet Directory Server by Using opmnctl......................................... 8-10Changing the Oracle Database Information in opmn.xml........................................................ 8-10

Starting an Instance of the Replication Server by Using OIDCTL ............................................. 8-10

9 Managing System Configuration Attributes

Introduction to Managing System Configuration Attributes.......................................................... 9-1What are Configuration Attributes?................................................................................................ 9-1What are Operational Attributes?.................................................................................................... 9-2Attributes of the Instance-Specific Configuration Entry ............................................................. 9-2Attributes of the DSA Configuration Entry ................................................................................... 9-9Attributes of the DSE...................................................................................................................... 9-10

Managing System Configuration Attributes by Using Fusion Middleware Control.............. 9-11Configuring Server Properties ...................................................................................................... 9-11Configuring Shared Properties ..................................................................................................... 9-13Configuring Other Parameters...................................................................................................... 9-14

Managing System Configuration Attributes by Using WLST ..................................................... 9-14Managing System Configuration Attributes by Using LDAP Tools........................................... 9-16

Setting System Configuration Attributes by Using ldapmodify ............................................. 9-16Listing Configuration Attributes with ldapsearch..................................................................... 9-17

Managing System Configuration Attributes by Using ODSM Data Browser.......................... 9-18Navigating to the Instance-Specific Configuration Entry ......................................................... 9-18Navigating to the DSA Configuration Entry .............................................................................. 9-18Navigating to the DSE Root........................................................................................................... 9-18

10 Managing IP Addresses

Introduction to Managing IP Addresses........................................................................................... 10-1Configuring an IP Address for IP V6, Cold Failover Cluster, or Virtual IP............................... 10-1

11 Managing Naming Contexts

Introduction to Managing Naming Contexts................................................................................... 11-1Searching for Published Naming Contexts...................................................................................... 11-1Publishing a Naming Context............................................................................................................. 11-2

12 Managing Accounts and Passwords

Introduction to Managing Accounts and Passwords ..................................................................... 12-1Managing Accounts and Passwords by Using Command-Line Tools ........................................ 12-2

x

Enabling and Disabling Accounts by Using Command-Line Tools........................................ 12-2Unlocking Accounts by Using Command-Line Tools............................................................... 12-3Forcing a Password Change by Using Command-Line Tools.................................................. 12-3

Managing Accounts and Passwords by Using the Self-Service Console ................................... 12-3Enabling and Disabling Accounts by Using the Oracle Internet Directory Self-Service Console.. 12-4Unlocking Accounts by Using the Oracle Internet Directory Self-Service Console.............. 12-4Resetting Your Own Password by Using the Oracle Internet Directory Self-Service Console ...... 12-4

Listing and Unlocking Locked Accounts by Using Oracle Directory Services Manager ....... 12-4Changing the Superuser Password by Using Fusion Middleware Control .............................. 12-5Creating Another Account With Superuser Privileges .................................................................. 12-5Managing the Superuser Password by Using ldapmodify ........................................................... 12-6Changing the Oracle Internet Directory Database Password....................................................... 12-6Resetting the Superuser Password..................................................................................................... 12-7Changing the Password for the EMD Administrator Account..................................................... 12-7Changing the Password for the ODSSM Administrator Account............................................... 12-8

13 Managing Directory Entries

Introduction to Managing Directory Entries ................................................................................... 13-1Managing Entries by Using Oracle Directory Services Manager ................................................ 13-1

Displaying Entries by Using Oracle Directory Services Manager ........................................... 13-2Searching for Entries by Using Oracle Directory Services Manager ....................................... 13-3Importing Entries from an LDIF File by Using Oracle Directory Services Manager ............ 13-5Exporting Entries to an LDIF File by Using Oracle Directory Services Manager.................. 13-5Viewing Attributes for a Specific Entry by Using Oracle Directory Services Manager ....... 13-5Adding a New Entry by Using Oracle Directory Services Manager....................................... 13-6Deleting an Entry or Subtree by Using Oracle Directory Services Manager.......................... 13-8Adding an Entry by Copying an Existing Entry in Oracle Directory Services Manager ..... 13-8Modifying an Entry by Using Oracle Directory Services Manager ......................................... 13-9

Managing Entries by Using LDAP Command-Line Tools .......................................................... 13-11Listing All the Attributes in the Directory by Using ldapsearch ........................................... 13-11Listing Operational Attributes by Using ldapsearch............................................................... 13-11Attribute Case in ldapsearch Output ......................................................................................... 13-12Adding a User Entry by Using ldapadd.................................................................................... 13-12Modifying a User Entry by Using ldapmodify......................................................................... 13-13Adding an Attribute Option by Using ldapmodify ................................................................. 13-13Deleting an Attribute Option by Using ldapmodify................................................................ 13-13Searching for Entries with Attribute Options by Using ldapsearch...................................... 13-13

14 Managing Dynamic and Static Groups

Introduction to Managing Dynamic and Static Groups ................................................................ 14-1Static Groups.................................................................................................................................... 14-1

Schema Elements for Creating Static Groups ...................................................................... 14-2Dynamic Groups ............................................................................................................................. 14-2

Cached and Uncached Dynamic Groups ............................................................................. 14-2Enhancements to and Limitations of Dynamic Groups in Oracle Internet Directory .. 14-3

xi

Schema Elements for Creating a Dynamic Group .............................................................. 14-4Hierarchies ....................................................................................................................................... 14-6Querying Group Entries................................................................................................................. 14-7orclMemberOf Attribute ................................................................................................................ 14-7When to Use Each Kind of Group ................................................................................................ 14-8

Managing Group Entries by Using Oracle Directory Services Manager ................................... 14-8Creating Static Group Entries by Using Oracle Directory Services Manager ........................ 14-8Modifying a Static Group Entry by Using Oracle Directory Services Manager .................. 14-10Creating Dynamic Group Entries by Using Oracle Directory Services Manager................ 14-10Modifying a Dynamic Group Entry by Using Oracle Directory Services Manager............ 14-13

Managing Group Entries by Using the Command Line.............................................................. 14-13Creating a Static Group Entry by Using ldapadd .................................................................... 14-13Modifying a Static Group by Using ldapmodify...................................................................... 14-14Creating a Dynamic Group Entry by Using ldapadd.............................................................. 14-15

Creating a Cached Dynamic Group Using labeledURI Attribute .................................. 14-15Creating an Uncached Dynamic List Using labeledURI Attribute................................. 14-15Creating a Dynamic Group Using CONNECT BY String................................................ 14-15

Modifying a Dynamic Group by Using ldapmodify ............................................................... 14-16

15 Performing Bulk Operations

Introduction to Performing Bulk Operations .................................................................................. 15-1Changing Server Mode ........................................................................................................................ 15-2

Setting the Server Mode by Using Fusion Middleware Control.............................................. 15-3Setting the Server Mode by Using ldapmodify .......................................................................... 15-3

Loading Data Into the Schema by Using bulkload ........................................................................ 15-3Importing an LDIF File by Using bulkload................................................................................. 15-6Loading Data in Incremental or Append Mode By Using bulkload ....................................... 15-7Performing Index Verification By Using bulkload..................................................................... 15-8Re-Creating Indexes By Using bulkload...................................................................................... 15-8Recovering Data After a Load Failure By Using bulkload ...................................................... 15-8

Modifying Attributes of a Large Number of Entries By Using bulkmodify............................. 15-8Adding a Description for All Entries Under a Specified Naming Context ............................ 15-9Adding an Attribute for Entries Under a Specified Naming Context Matching a Filter ..... 15-9Replacing an Attribute for All Entries Under a Specified Naming Context .......................... 15-9

Deleting Entries or Attributes of Entries by Using bulkdelete.................................................... 15-9Deleting All Entries Under a Specified Naming Context by Using bulkdelete ................... 15-10Deleting Entries Under Naming Contexts and Making them Tombstone Entries.............. 15-10

Dumping Data from Oracle Internet Directory to a File by Using ldifwrite .......................... 15-10Dumping Part of a Specified Naming Context to an LDIF File.............................................. 15-11Dumping Entries Under a Specified Naming Context to an LDIF File................................. 15-11

Creating and Dropping Indexes from Existing Attributes by Using catalog .......................... 15-11Changing a Searchable Attribute into a Non-searchable Attribute....................................... 15-12Changing a Non-searchable Attribute into a Searchable Attribute....................................... 15-12

16 Managing Collective Attributes

Introduction to Collective Attributes ................................................................................................ 16-1

xii

The RFC Definition and Oracle Extensions ................................................................................ 16-1RFC 3671.................................................................................................................................... 16-1Oracle Extensions..................................................................................................................... 16-1

Defining the Collective Attribute Subentry................................................................................. 16-2Using subtreeSpecification............................................................................................................. 16-2

Base ............................................................................................................................................ 16-2Minimum and Maximum ....................................................................................................... 16-2Specific Exclusions................................................................................................................... 16-3

Overriding a Collective Attribute................................................................................................. 16-4Managing Collective Attributes by Using the Command Line ................................................... 16-4

Adding a Subentry by Using ldapadd ......................................................................................... 16-4Modifying a Subentry by Using ldapmodify.............................................................................. 16-4

17 Managing Alias Entries

Introduction to Managing Alias Entries ........................................................................................... 17-1Adding an Alias Entry .......................................................................................................................... 17-2Searching the Directory with Alias Entries...................................................................................... 17-3

Searching the Base with Alias Entries ......................................................................................... 17-3Searching One-Level with Alias Entries ...................................................................................... 17-4Searching a Subtree with Alias Entries ....................................................................................... 17-5

Modifying Alias Entries ...................................................................................................................... 17-6Interpreting Messages Related to Alias Dereferencing................................................................. 17-6

18 Managing Attribute Uniqueness Constraint Entries

Introduction to Managing Attribute Uniqueness Constraint Entries ........................................ 18-1Specifying Attribute Uniqueness Constraint Entries .................................................................... 18-3

Specifying Multiple Attribute Names in an Attribute Uniqueness Constraint ..................... 18-4Specifying Multiple Subtrees in an Attribute Uniqueness Constraint .................................... 18-4Specifying Multiple Scopes in an Attribute Uniqueness Constraint ....................................... 18-5Specifying Multiple Object Classes in an Attribute Uniqueness Constraint.......................... 18-5Specifying Multiple Subtrees, Scopes, and Object Classes in an Attribute Uniqueness Constraint 18-6

Managing an Attribute Uniqueness Constraint Entry by Using Oracle Directory Services Manager................................................................................................................................................... 18-6

Creating an Attribute Uniqueness Constraint Entry by Using ODSM ................................... 18-6Modifying an Attribute Uniqueness Constraint Entry by Using ODSM................................ 18-7Deleting an Attribute Uniqueness Constraint Entry by Using ODSM ................................... 18-7

Managing an Attribute Uniqueness Constraint Entry by Using the Command Line ............. 18-7Creating Attribute Uniqueness Across a Directory by Using Command-Line Tools........... 18-7Creating Attribute Uniqueness Across One Subtree by Using Command-Line Tools......... 18-8Creating Attribute Uniqueness Across One Object Class by Using Command-Line Tools 18-8Modifying Attribute Uniqueness Constraint Entries by Using Command-Line Tools........ 18-9Deleting Attribute Uniqueness Constraint Entries by Using Command-Line Tools............ 18-9Enabling and Disabling Attribute Uniqueness by Using Command-Line Tools .................. 18-9

xiii

19 Managing Knowledge References and Referrals

Introduction to Managing Knowledge References and Referrals ............................................... 19-1Configuring Smart Referrals............................................................................................................... 19-3Configuring Default Referrals............................................................................................................ 19-4

20 Managing Directory Schema

Introduction to Managing Directory Schema .................................................................................. 20-1Where Schema Information is Stored in the Directory.............................................................. 20-2Understanding Object Classes....................................................................................................... 20-2

About Adding Object Classes ................................................................................................ 20-3About Modifying Object Classes ........................................................................................... 20-4About Deleting Object Classes............................................................................................... 20-4

Understanding Attributes ............................................................................................................. 20-4About Adding Attributes........................................................................................................ 20-5About Modifying Attributes .................................................................................................. 20-5About Deleting Attributes ...................................................................................................... 20-5About Indexing Attributes .................................................................................................... 20-6

Extending the Number of Attributes Associated with Entries................................................. 20-6Extending the Number of Attributes before Creating Entries in the Directory ............. 20-7Extending the Number of Attributes for Existing Entries by Creating an Auxiliary Object Class 20-7Extending the Number of Attributes for Existing Entries by Creating a Content Rule 20-8Rules for Creating and Modifying Content Rules .............................................................. 20-8Schema Enforcement When Using Content Rules .............................................................. 20-9Searches for Object Classes Listed in Content Rules .......................................................... 20-9

Understanding Attribute Aliases ............................................................................................... 20-10Object Identifier Support in LDAP Operations ........................................................................ 20-10

Managing Directory Schema by Using Oracle Directory Services Manager .......................... 20-10Searching for Object Classes by Using Oracle Directory Services Manager ........................ 20-11Adding Object Classes by Using Oracle Directory Services Manager .................................. 20-11Modifying Object Classes by Using Oracle Directory Services Manager ............................. 20-12Deleting Object Classes by Using Oracle Directory Services Manager................................. 20-13Viewing Properties of Object Classes by Using Oracle Directory Services Manager ......... 20-13Adding a New Attribute by Using Oracle Directory Services Manager .............................. 20-13Modifying an Attribute by Using Oracle Directory Services Manager................................. 20-14Deleting an Attribute by Using Oracle Directory Services Manager .................................... 20-14Viewing All Directory Attributes by Using Oracle Directory Services Manager................ 20-15Searching for Attributes by Using Oracle Directory Services Manager................................ 20-15Adding an Index to a New Attribute by Using Oracle Directory Services Manager.......... 20-15Adding an Index to an Existing Attribute by Using Oracle Directory Services Manager . 20-15Dropping an Index from an Attribute by Using Oracle Directory Services Manager ........ 20-16Creating a Content Rule by Using Oracle Directory Services Manager ............................... 20-16Modifying a Content Rule by Using Oracle Directory Services Manager............................ 20-16Viewing Matching Rules by Using Oracle Directory Services Manager .............................. 20-17Viewing Syntaxes by Using Oracle Directory Services Manager .......................................... 20-17

Managing Directory Schema by Using the Command Line ....................................................... 20-17

xiv

Viewing the Schema by Using ldapsearch ................................................................................ 20-18Adding a New Object Class by Using Command-Line Tools ................................................ 20-18Adding a New Attribute to an Auxiliary or User-Defined Object Class by Using Command-Line Tools 20-19Modifying Object Classes by Using Command-Line Tools.................................................... 20-19Adding and Modifying Attributes by Using ldapmodify ...................................................... 20-19Deleting Attributes by Using ldapmodify................................................................................. 20-20Indexing an Attribute for Which No Data Exists by Using ldapmodify ............................... 20-20Dropping an Index from an Attribute by Using ldapmodify................................................. 20-21Indexing an Attribute for Which Data Exists by Using the Catalog Management Tool .... 20-21Adding a New Attribute With Attribute Aliases by Using the Command Line ................. 20-21Adding or Modifying Attribute Aliases in Existing Attributes by Using the Command Line ...... 20-22Deleting Attribute Aliases by Using the Command Line ....................................................... 20-22Using Attribute Aliases with LDAP Commands ..................................................................... 20-22

Using Attribute Aliases with ldapsearch ........................................................................... 20-23Using Attribute Aliases with ldapadd................................................................................ 20-24Using Attribute Aliases with ldapmodify.......................................................................... 20-24Using Attribute Aliases with ldapdelete ............................................................................ 20-25Using Attribute Aliases with ldapmoddn.......................................................................... 20-25

Managing Content Rules by Using Command-Line Tools..................................................... 20-25Viewing Matching Rules by Using ldapsearch......................................................................... 20-26Viewing Syntaxes by Using by Using ldapsearch.................................................................... 20-26

21 Configuring Referential Integrity

Introduction to Configuring Referential Integrity ......................................................................... 21-1Enabling Referential Integrity by Using Fusion Middleware Control ..................................... 21-2Disabling Referential Integrity by Using Fusion Middleware Control..................................... 21-2Enabling Referential Integrity by Using the Command Line ...................................................... 21-2Configuring Specific Attributes for Referential Integrity by Using the Command Line ...... 21-3Disabling Referential Integrity by Using the Command Line..................................................... 21-3Detecting and Correcting Referential Integrity Violations........................................................... 21-3

22 Managing Auditing

Introduction to Auditing...................................................................................................................... 22-1Configuring the Audit Store.......................................................................................................... 22-2Oracle Internet Directory Audit Configuration.......................................................................... 22-2Replication and Oracle Directory Integration Platform Audit Configuration....................... 22-3Audit Record Fields ........................................................................................................................ 22-3Audit Record Storage ..................................................................................................................... 22-3Generating Audit Reports.............................................................................................................. 22-4

Managing Auditing by Using Fusion Middleware Control ......................................................... 22-4Managing Auditing by Using WLST ................................................................................................ 22-5Managing Auditing from the Command Line................................................................................. 22-5

Viewing Audit Configuration from the Command Line .......................................................... 22-5Configuring Oracle Internet Directory Auditing from the Command Line .......................... 22-6Enabling Replication and Oracle Directory Integration Platform Auditing .......................... 22-6

xv

23 Managing Logging

Introduction to Logging ....................................................................................................................... 23-1Features of Oracle Internet Directory Debug Logging .............................................................. 23-2Interpreting Log Messages ............................................................................................................ 23-2

Log Messages for Specified LDAP Operations.................................................................... 23-3Log Messages Not Associated with Specified LDAP Operations .................................... 23-3Example: Trace Messages in Oracle Internet Directory Server Log File.......................... 23-3

Managing Logging by Using Fusion Middleware Control........................................................... 23-4Viewing Log Files by Using Fusion Middleware Control ........................................................ 23-5Configuring Logging by Using Fusion Middleware Control................................................... 23-5

Managing Logging from the Command Line .................................................................................. 23-6Viewing Log Files from the Command Line............................................................................... 23-6Setting Debug Logging Levels by Using the Command Line .................................................. 23-6Setting the Debug Operation by Using the Command Line..................................................... 23-7Force Flushing the Trace Information to a Log File ................................................................... 23-8

24 Monitoring Oracle Internet Directory

Introduction to Monitoring Oracle Internet Directory Server ..................................................... 24-1Capabilities of Oracle Internet Directory Server Manageability.............................................. 24-1Oracle Internet Directory Server Manageability Architecture and Components.................. 24-2Purging of Security Events and Statistics Entries....................................................................... 24-4Account Used for Accessing Server Manageability Information............................................. 24-4

Setting Up Statistics Collection by Using Fusion Middleware Control .................................... 24-4Configuring Directory Server Statistics Collection by Using Fusion Middleware Control . 24-4Configuring a User for Statistics Collection by Using Fusion Middleware Control ............ 24-5

Viewing Statistics Information with Fusion Middleware Control ............................................. 24-6Viewing Statistics Information on the Oracle Internet Directory Home Page....................... 24-6Viewing Information on the Oracle Internet Directory Performance Page............................ 24-6

Viewing Statistics Information from the Oracle Directory Services Manager Home Page.... 24-7Setting Up Statistics Collection by Using the Command-Line .................................................... 24-7

Configuring Health, General, and Performance Statistics Attributes ..................................... 24-8Configuring Security Events Tracking......................................................................................... 24-8Configuring User Statistics Collection from the Command Line ............................................ 24-9Configuring Event Levels from the Command Line ................................................................ 24-9Configuring a User for Statistics Collection by Using the Command Line.......................... 24-10

Viewing Information with the OIDDIAG Tool ............................................................................ 24-10

25 Backing Up and Restoring Oracle Internet Directory

Introduction to Backing Up and Restoring Oracle Internet Directory ....................................... 25-1Backing Up and Restoring a Small Directory or Specific Naming Context .............................. 25-1Backing Up and Restoring a Large Directory .................................................................................. 25-2

Part III Advanced Administration: Security

xvi

26 Configuring Secure Sockets Layer (SSL)

Introduction to Configuring Secure Sockets Layer (SSL) ............................................................ 26-1Supported Cipher Suites ................................................................................................................ 26-2Supported Protocol Versions......................................................................................................... 26-2SSL Authentication Modes ............................................................................................................ 26-3Limitations of the Use of SSL in11g Release 1 (11.1.1) ............................................................... 26-4Oracle Wallets.................................................................................................................................. 26-4Other Components and SSL ......................................................................................................... 26-4SSL Interoperability Mode............................................................................................................. 26-5StartTLS ............................................................................................................................................ 26-5

Configuring SSL by Using Fusion Middleware Control .............................................................. 26-5Creating a Wallet by Using Fusion Middleware Control ......................................................... 26-6Configuring SSL Parameters by Using Fusion Middleware Control ..................................... 26-7Setting SSL Parameters with Fusion Middleware Control ....................................................... 26-8

Configuring SSL by Using WLST...................................................................................................... 26-8Configuring SSL by Using LDAP Commands .............................................................................. 26-10Testing SSL Connections by Using Oracle Directory Services Manager ................................. 26-11Testing SSL Connections From the Command Line..................................................................... 26-11

Testing SSL With Encryption Only............................................................................................. 26-12Testing SSL With Server Authentication ................................................................................... 26-12Testing SSL With Client and Server Authentication................................................................ 26-12

Configuring SSL Interoperability Mode ........................................................................................ 26-13

27 Configuring Data Privacy

Introduction to Table Space Encryption ........................................................................................... 27-1Enabling and Disabling Table Space Encryption ........................................................................... 27-1Introduction to Using Database Vault With Oracle Internet Directory...................................... 27-3Configuring Oracle Database Vault to Protect Oracle Internet Directory Data........................ 27-3

Registering Oracle Database Vault ............................................................................................... 27-3Adding a Database Vault Realm and Policies for Oracle Internet Directory......................... 27-4Managing Oracle Database Vault Configuration for Oracle Internet Directory ................... 27-5Deleting Database Vault Policies For Oracle Internet Directory.............................................. 27-5Disabling Oracle Database Vault for the Oracle Internet Directory Database....................... 27-5

Best Practices for Using Database Vault with Oracle Internet Directory................................... 27-5Introduction to Sensitive Attributes.................................................................................................. 27-6

List of Sensitive Attributes............................................................................................................. 27-6Encryption Algorithm for Sensitive Attributes .......................................................................... 27-6

Configuring Privacy of Retrieved Sensitive Attributes................................................................. 27-7Introduction to Hashed Attributes..................................................................................................... 27-7Configuring Hashed Attributes.......................................................................................................... 27-8

Configuring Hashed Attributes by Using Fusion Middleware Control ................................. 27-8Configuring Hashed Attributes by Using ldapmodify ............................................................. 27-8

28 Managing Password Policies

Introduction to Managing Password Policies .................................................................................. 28-1What a Password Policy Is............................................................................................................. 28-1

xvii

Steps Required to Create and Apply a Password Policy........................................................... 28-2Fine-Grained Password Policies ................................................................................................... 28-2Default Password Policy ................................................................................................................ 28-4Password Policy Attributes ........................................................................................................... 28-5Password Policy-Related Operational Attributes ...................................................................... 28-7Directory Server Verification of Password Policy Information................................................ 28-7Password Policy Error Messages .................................................................................................. 28-8Releases Before 10g (10.1.4.0.1) ..................................................................................................... 28-8

Managing Password Policies by Using Oracle Directory Services Manager ............................ 28-9Viewing Password Policies by Using Oracle Directory Services Manager ............................ 28-9Modifying Password Policies by Using Oracle Directory Services Manager ........................ 28-9Creating a Password Policy and Assigning it to a Subtree by Using ODSM....................... 28-10

Managing Password Policies by Using Command-Line Tools .................................................. 28-10Viewing Password Policies by Using Command-Line Tools ................................................. 28-11Creating a New Password Policy by Using Command-Line Tools....................................... 28-11Applying a Password Policy to a Subtree by Using Command-Line Tools......................... 28-11Setting Password Policies by Using Command-Line Tools.................................................... 28-12

29 Managing Directory Access Control

Introduction to Managing Directory Access Control .................................................................... 29-1Access Control Management Constructs..................................................................................... 29-2

Access Control Policy Points (ACPs) .................................................................................... 29-3The orclACI Attribute for Prescriptive Access Control...................................................... 29-3The orclEntryLevelACI Attribute for Entry-Level Access Control .................................. 29-3Security Groups........................................................................................................................ 29-4

Access Control Information Components ................................................................................... 29-7Object: To What Are You Granting Access? ........................................................................ 29-7Subject: To Whom Are You Granting Access?..................................................................... 29-8Operations: What Access Are You Granting?.................................................................... 29-10

Access Level Requirements for LDAP Operations .................................................................. 29-11How ACL Evaluation Works ...................................................................................................... 29-12

Precedence Rules Used in ACL Evaluation ....................................................................... 29-12Use of More Than One ACI for the Same Object .............................................................. 29-14Exclusionary Access to Directory Objects .......................................................................... 29-15ACL Evaluation For Groups ................................................................................................ 29-15

Managing Access Control by Using Oracle Directory Services Manager ................................ 29-15Viewing an ACP by Using Oracle Directory Services Manager ............................................ 29-15Adding an ACP by Using Oracle Directory Services Manager.............................................. 29-16

Task 1: Specify the Entry That Will Be the ACP................................................................ 29-16Task 2: Configure Structural Access Items......................................................................... 29-16Task 3: Configure Content Access Items ............................................................................ 29-18Delete a Structural or Content Access Item ....................................................................... 29-19

Modifying an ACP by Using Access Control Management in ODSM.................................. 29-20Adding or Modifying an ACP by Using the Data Browser in ODSM .................................. 29-21Setting or Modifying Entry-Level Access by Using the Data Browser in ODSM................ 29-21

Managing Access Control by Using Command-Line Tools ........................................................ 29-22Restricting the Kind of Entry a User Can Add ......................................................................... 29-22

xviii

Setting Up an Inheritable ACP by Using ldapmodify ............................................................. 29-23Setting Up Entry-Level ACIs by Using ldapmodify ................................................................ 29-23Using Wildcards in an LDIF File with ldapmodify ................................................................. 29-23Selecting Entries by DN ............................................................................................................... 29-24Using Attribute and Subject Selectors........................................................................................ 29-24Granting Read-Only Access......................................................................................................... 29-25Granting Selfwrite Access to Group Entries ............................................................................ 29-25Defining a Completely Autonomous Policy to Inhibit Overriding Policies......................... 29-25

30 Managing Password Verifiers

Introduction to Password Verifiers for Authenticating to the Directory ................................... 30-1Userpassword Verifiers and Authentication to the Directory.................................................. 30-2Hashing Schemes for Creating Userpassword Verifiers ........................................................... 30-2

Managing Hashing Schemes for Password Verifiers for Authenticating to the Directory .... 30-3Introduction to Password Verifiers for Authenticating to Components .................................... 30-3

About Password Verifiers for Authenticating to Oracle Components ................................... 30-4Attributes for Storing Password Verifiers for Authenticating to Oracle Components......... 30-5Default Verifiers for Oracle Components.................................................................................... 30-7How Password Verification Works for an Oracle Component ................................................ 30-8

Managing Password Verifier Profiles for Oracle Components by Using ODSM .................... 30-9Managing Password Verifier Profiles for Components by Using Command-Line Tools..... 30-10

Viewing a Password Verifier Profile by Using Command-Line Tools ................................. 30-10Example: Modifying a Password Verifier Profile by Using Command-Line Tools ............ 30-10

Introduction to Generating Verifiers by Using Dynamic Parameters ..................................... 30-10Configuring Oracle Internet Directory to Generate Dynamic Password Verifiers ................ 30-11

31 Delegating Privileges for Oracle Identity Management

Introduction to Delegating Privileges for Oracle Identity Management ................................. 31-1How Delegation Works.................................................................................................................. 31-1Delegation in an Oracle Fusion Middleware Environment...................................................... 31-2About the Default Configuration.................................................................................................. 31-3Privileges for Administering the Oracle Technology Stack...................................................... 31-3

Delegating Privileges for User and Group Management.............................................................. 31-4How Privileges Are Granted for Managing User and Group Data ........................................ 31-4Default Privileges for Managing User Data ................................................................................ 31-5

Creating Users for a Realm..................................................................................................... 31-5Modifying Attributes of a User.............................................................................................. 31-5Deleting a User ......................................................................................................................... 31-6Delegating User Administration............................................................................................ 31-6

Default Privileges for Managing Group Data............................................................................. 31-7Creating Groups....................................................................................................................... 31-7Modifying the Attributes of Groups ..................................................................................... 31-7Deleting Groups ....................................................................................................................... 31-7Delegating Group Administration ........................................................................................ 31-8

Delegating Privileges for Deployment of Oracle Components ................................................... 31-8How Deployment Privileges Are Granted .................................................................................. 31-9Oracle Application Server Administrators.................................................................................. 31-9

xix

User Management Application Administrators ....................................................................... 31-10Trusted Application Administrators.......................................................................................... 31-10

Delegating Privileges for Component Run Time ......................................................................... 31-10Default Privileges for Reading and Modifying User Passwords ........................................... 31-11Default Privileges for Comparing User Passwords ................................................................. 31-12Default Privileges for Comparing Password Verifiers ............................................................ 31-12Default Privileges for Proxying on Behalf of End Users ......................................................... 31-13Default Privileges for Managing the Oracle Context............................................................... 31-13Default Privileges for Reading Common User Attributes ...................................................... 31-13Default Privileges for Reading Common Group Attributes................................................... 31-14Default Privileges for Reading the Service Registry ................................................................ 31-14Default Privileges for Administering the Service Registry..................................................... 31-14

32 Managing Authentication

Introduction to Authentication .......................................................................................................... 32-1Direct Authentication ..................................................................................................................... 32-1Indirect Authentication .................................................................................................................. 32-3External Authentication ................................................................................................................. 32-4Simple Authentication and Security Layer (SASL) ................................................................... 32-5

Configuring Certificate Authentication Method by Using Fusion Middleware Control ...... 32-6Configuring SASL Authentication by Using Fusion Middleware Control............................... 32-6Configuring Certificate Authentication Method by Using Command-Line Tools .................. 32-6Configuring SASL Authentication by Using the Command Line............................................... 32-7Introduction to Anonymous Binds .................................................................................................... 32-8Managing Anonymous Binds ............................................................................................................. 32-8

Managing Anonymous Binds by Using Fusion Middleware Control ................................... 32-8Managing Anonymous Binds by Using the Command Line ................................................... 32-8

Part IV Advanced Administration: Managing Directory Deployment

33 Planning, Deploying and Managing Realms

Introduction to Planning, Deploying and Managing Realms ...................................................... 33-1Planning the Identity Management Realm.................................................................................. 33-1Identity Management Realms in an Enterprise Deployment ................................................... 33-3

Single Identity Management Realm in the Enterprise........................................................ 33-3Multiple Identity Management Realms in the Enterprise ................................................. 33-4

Identity Management Realms in a Hosted Deployment........................................................... 33-4Identity Management Realm Implementation in Oracle Internet Directory.......................... 33-5Default Directory Information Tree and the Identity Management Realm............................ 33-6

Customizing the Default Identity Management Realm ................................................................ 33-8Steps to Update the Existing User and Group Search Base .................................................... 33-10Set up an Additional Search Base ............................................................................................... 33-11Refresh Oracle Single Sign-On .................................................................................................... 33-12Reconfigure Provisioning Profiles .............................................................................................. 33-12

Creating Additional Identity Management Realms for Hosted Deployments....................... 33-14

xx

34 Tuning and Sizing Oracle Internet Directory

35 Managing Garbage Collection

Introduction to Managing Garbage Collection ............................................................................... 35-1Components of the Oracle Internet Directory Garbage Collection Framework.................... 35-1

Garbage Collection Plug-in .................................................................................................... 35-1Background Database Processes............................................................................................ 35-2

How Oracle Internet Directory Garbage Collection Works...................................................... 35-4Garbage Collector Entries and the Oracle Internet Directory Statistics Collector Entry...... 35-5Change Log Purging....................................................................................................................... 35-5

Set Oracle Database Time Zone for Garbage Collection .............................................................. 35-6Modifying Oracle Internet Directory Garbage Collectors ............................................................ 35-7

Modifying a Garbage Collector by Using Oracle Directory Services Manager ..................... 35-7Modifying a Garbage Collector by Using Command-Line Tools ............................................ 35-7

Example 1: Modifying a Garbage Collector ......................................................................... 35-7Example 2: Disabling a Garbage Collector Change Log .................................................... 35-7

Modifying the Oracle Internet Directory Statistics Collector ................................................... 35-8Managing Logging for Oracle Internet Directory Garbage Collectors....................................... 35-8

Enabling Logging for Oracle Internet Directory Garbage Collectors...................................... 35-8Disabling Logging for Oracle Internet Directory Garbage Collectors..................................... 35-9Monitoring Garbage Collection Logging..................................................................................... 35-9

Configuring Time-Based Change Log Purging ............................................................................... 35-9

36 Migrating Data from Other Data Repositories

Introduction to Migrating Data from Other Data Repositories .................................................. 36-1Migrating Data from LDAP-Compliant Directories ...................................................................... 36-1

Migrating LDAP Data by Using an LDIF File and bulkload .................................................... 36-2Migrating LDAP Data by Using syncProfileBootstrap Directly .............................................. 36-4Migrating LDAP Data by Using an LDIF File and syncProfileBootstrap............................... 36-5Migrating LDAP Data by Using syncProfileBootstrap, bulkload, and LDIF Files................ 36-5Migrating LDAP Data by Using the Oracle Directory Integration Platform Server ............. 36-6

Migrating User Data from Application-Specific Repositories..................................................... 36-6The Intermediate Template File .................................................................................................... 36-7Reconciling Data in Application Repository with Data Already in the Directory ................ 36-7Tasks For Migrating Data from Application-Specific Repositories ......................................... 36-7

Task 1: Create an Intermediate Template File ..................................................................... 36-7Task 2: Run the OID Migration Tool..................................................................................... 36-9

37 Configuring Server Chaining

Introduction to Configuring Server Chaining................................................................................. 37-1Supported External Servers ........................................................................................................... 37-2Integrated Oracle Products ............................................................................................................ 37-2

Oracle Single Sign-On ............................................................................................................. 37-2Enterprise User Security ......................................................................................................... 37-2

Supported Operations .................................................................................................................... 37-3Server Chaining with Replication ................................................................................................ 37-3

xxi

Configuring Server Chaining ............................................................................................................. 37-3Configuring Server Chaining by Using Oracle Directory Services Manager......................... 37-4Configuring Server Chaining from the Command Line ........................................................... 37-5

Creating Server Chaining Configuration Entries ........................................................................... 37-5Configuration Entry Attributes..................................................................................................... 37-6Requirements for User and Group Containers........................................................................... 37-8Attribute Mapping .......................................................................................................................... 37-8Active Directory Example.............................................................................................................. 37-9Active Directory with SSL Example ........................................................................................... 37-10Active Directory with New Attributes Example ...................................................................... 37-11Oracle Directory Server Enterprise Edition and Sun Java System Directory Server (iPlanet) Example 37-11Oracle Directory Server Enterprise Edition and Sun Java System Directory Server (iPlanet) with SSL Example 37-12eDirectory Example ...................................................................................................................... 37-13eDirectory with SSL Example ..................................................................................................... 37-14

Debugging Server Chaining ............................................................................................................. 37-14Configuring an Active Directory Plug-in for Password Change Notification ....................... 37-14

Part V Advanced Administration: Directory Replication

38 Setting Up Replication

Introduction to Setting Up Replication ............................................................................................ 38-2Replication Transport Mechanisms.............................................................................................. 38-2Replication Setup Methods............................................................................................................ 38-2

Replication Wizard .................................................................................................................. 38-2Command Line Tools .............................................................................................................. 38-3Database Copy Procedure ...................................................................................................... 38-3

Bootstrap Rules................................................................................................................................ 38-3The Replication Agreement ........................................................................................................... 38-4Other Replication Configuration Attributes ............................................................................... 38-5Replication Process and Architecture .......................................................................................... 38-5Rules for Configuring LDAP-Based Replication ........................................................................ 38-5Replication Security ........................................................................................................................ 38-6

Authentication and the Directory Replication Server ........................................................ 38-6Secure Sockets Layer (SSL) and Oracle Internet Directory Replication........................... 38-7

LDAP Replication Filtering for Partial Replication.................................................................... 38-7Included and Excluded Naming Contexts in LDAP Replication Filtering ..................... 38-7Attributes that Control Naming Contexts.