Oracle Internet Directory Administrator's Guide PDF
Preview Oracle Internet Directory Administrator's Guide
(cid:226) Oracle Internet Directory Administrator’s Guide Release 3.0.1 June 2001 Part No. A90151-01 Oracle Internet Directory Administrator’s Guide, Release 3.0.1 Part No. A90151-01 Copyright © 2001, Oracle Corporation. All rights reserved. Primary Author: Richard Smith Contributing Authors: Michael Cowan, Rebecca Reitmeyer, Ginger Tabora Contributors: Tridip Bhattacharya, Saheli Dey, Bruce Ernst, Rajinder Gupta, Ajay Keni, Stephen Lee, David Lin, Michael Mesaros, Radhika Moolky, Hari Sastry, David Saslav, Daniele Schechter, Gurudat Shakshikumar, Amit Sharma, Daniel Shih, Saurabh Shrivastava, Uppili Srinivasan, Tsai Rung-Huang Graphic Artist: Valarie Moore The Programs (which include both the software and documentation) contain proprietary information of Oracle Corporation; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs is prohibited. Theinformationcontainedinthisdocumentissubjecttochangewithoutnotice.Ifyoufindanyproblems in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this document is error free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Oracle Corporation. If the Programs are delivered to the U.S. Government or anyone licensing or using the programs on behalf of the U.S. Government, the following notice is applicable: Restricted Rights Notice Programs delivered subject to the DOD FAR Supplement are "commercial computer software" and use, duplication, and disclosure of the Programs, including documentation, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement. Otherwise, Programs delivered subject to the Federal Acquisition Regulations are "restricted computer software" and use, duplication, and disclosure of the Programs shall be subject to the restrictions in FAR 52.227-19, Commercial Computer Software - Restricted Rights (June, 1987). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065. The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and Oracle Corporation disclaims liability for any damages caused by such use of the Programs. RSA and RC4 are trademarks of RSA Data Security. Portions of Oracle Internet Directory have been licensed by Oracle Corporation from RSA Data Security. Oracle Directory Manager requires the JavaTM Runtime Environment. The JavaTM Runtime Environment, Version JRE 1.1.6. ("The Software") is developed by Sun Microsystems, Inc. 2550 Garcia Avenue, Mountain View, California 94043. Copyright (c) 1997 Sun Microsystems, Inc. This product contains SSLPlus Integration Suite‘, version 1.2, from Consensus Development Corporation. Oracle Directory Manager requires the Java‘ Runtime Environment. The Java‘ Runtime Environment, Version JRE 1.1.6. ("The Software") is developed by Sun Microsystems, Inc. 2550 Garcia Avenue, Mountain View, California 94043. Copyright (c) 1997 Sun Microsystems, Inc. Oracle is a registered trademark, and SQL*Net, SQL*Loader, SQL*Plus, Net8, Oracle Net Services, and OracleNet are trademarks or registered trademarks of Oracle Corporation. Other names may be trademarks of their respective owners. Contents Send Us Your Comments............................................................................................................... xxix Preface........................................................................................................................................................ xxxi What’s New in Oracle Internet Directory?.............................................................................. xlv Part I Getting Started 1 Introduction What Is a Directory?........................................................................................................................... 1-2 The Expanding Role of Online Directories............................................................................... 1-2 The Problem: Too Many Special Purpose Directories............................................................. 1-4 What Is LDAP?.................................................................................................................................... 1-4 LDAP and Simplified Directory Management......................................................................... 1-4 LDAP Version 3............................................................................................................................ 1-5 What Is Oracle Internet Directory?................................................................................................. 1-6 Oracle Internet Directory Architecture...................................................................................... 1-6 Oracle Internet Directory Components..................................................................................... 1-7 The Advantages of Oracle Internet Directory.......................................................................... 1-8 Scalability................................................................................................................................ 1-8 High Availability................................................................................................................... 1-8 Security................................................................................................................................... 1-9 v 2 Concepts and Architecture Entries.................................................................................................................................................... 2-2 Attributes.............................................................................................................................................. 2-3 Kinds of Attribute Information................................................................................................... 2-5 Single-Valued and Multivalued Attributes.............................................................................. 2-6 Common LDAP Attributes.......................................................................................................... 2-6 Attribute Syntax............................................................................................................................ 2-6 Attribute Matching Rules............................................................................................................ 2-7 Attribute Options.......................................................................................................................... 2-7 Object Classes...................................................................................................................................... 2-8 Subclasses, Superclasses, and Inheritance................................................................................. 2-9 Object Class Types...................................................................................................................... 2-10 Abstract Object Classes....................................................................................................... 2-10 Structural Object Classes.................................................................................................... 2-10 Auxiliary Object Classes..................................................................................................... 2-11 Naming Contexts............................................................................................................................... 2-11 The Directory Schema...................................................................................................................... 2-13 Security............................................................................................................................................... 2-13 Globalization Support..................................................................................................................... 2-14 Oracle Internet Directory Architecture......................................................................................... 2-15 An Oracle Internet Directory Node.......................................................................................... 2-16 An Oracle Directory Server Instance....................................................................................... 2-20 Configuration Set Entries........................................................................................................... 2-21 Example: How Oracle Internet Directory Works........................................................................ 2-21 Distributed Directories.................................................................................................................... 2-22 Replication................................................................................................................................... 2-22 Partitioning.................................................................................................................................. 2-25 About Knowledge References (Referrals)............................................................................... 2-26 Kinds of Knowledge References............................................................................................... 2-28 The Delegated Administration Service........................................................................................ 2-29 The Oracle Directory Integration Platform.................................................................................. 2-29 About Metadirectories............................................................................................................... 2-29 About the Oracle Directory Integration Platform Environment.......................................... 2-30 vi 3 General Deployment Considerations The Expanding Role of Directories................................................................................................. 3-2 Logical Organization Of Directory Information.......................................................................... 3-2 Directory Entry Naming.............................................................................................................. 3-3 DIT Hierarchy and Structure...................................................................................................... 3-3 Physical Distribution: Partitions and Replicas............................................................................. 3-4 An Ideal Deployment................................................................................................................... 3-4 Partitioning Considerations........................................................................................................ 3-5 Replication Considerations......................................................................................................... 3-6 Failover Considerations..................................................................................................................... 3-7 About Capacity Planning, Sizing, and Tuning............................................................................. 3-8 Capacity Planning........................................................................................................................ 3-8 Sizing Considerations.................................................................................................................. 3-9 Tuning Considerations.............................................................................................................. 3-11 Running Multiple Installations of Oracle Internet Directory on One Host......................... 3-12 4 Preliminary Tasks Task 1: Start the OID Monitor.......................................................................................................... 4-2 Starting the OID Monitor............................................................................................................ 4-2 Stopping the OID Monitor.......................................................................................................... 4-3 Task 2: Start a Server Instance.......................................................................................................... 4-3 Starting an Oracle Directory Server Instance........................................................................... 4-4 Stopping an Oracle Directory Server Instance......................................................................... 4-5 Starting an Oracle Directory Replication Server Instance...................................................... 4-6 Stopping an Oracle Directory Replication Server Instance.................................................... 4-7 Restarting Directory Server Instances....................................................................................... 4-7 Troubleshooting Directory Server Instance Startup................................................................ 4-8 Task 3: Reset the Default Security Configuration........................................................................ 4-9 Task 4: Reset the Default Password for the Database.................................................................. 4-9 5 Using the Administration Tools Using Oracle Directory Manager..................................................................................................... 5-2 Starting Oracle Directory Manager............................................................................................ 5-2 Connecting to a Directory Server............................................................................................... 5-3 vii Navigating Oracle Directory Manager...................................................................................... 5-7 Overview of Oracle Directory Manager............................................................................. 5-7 The Oracle Directory Manager Menu Bar.......................................................................... 5-7 The Oracle Directory Manager Toolbar............................................................................. 5-9 Connecting to Additional Directory Servers.......................................................................... 5-10 Disconnecting from a Directory Server................................................................................... 5-10 Performing Administration Tasks by Using Oracle Directory Manager........................... 5-10 Using Command-Line Tools........................................................................................................... 5-11 Using Bulk Tools............................................................................................................................... 5-13 Using OID Control Utility.............................................................................................................. 5-14 Using the Catalog Management Tool............................................................................................ 5-14 Using the OID Database Password Utility.................................................................................. 5-14 Using the Replication Tools............................................................................................................ 5-15 Using the OID Database Statistics Collection Tool................................................................... 5-15 Administration Tasks at a Glance.................................................................................................. 5-16 Part II Basic Directory Administration 6 Managing the Oracle Directory Server Managing Server Configuration Set Entries.................................................................................. 6-2 Preliminary Considerations for Managing Configuration Set Entries................................. 6-2 Managing Server Configuration Set Entries by Using Oracle Directory Manager............. 6-4 Viewing Configuration Set Entries by Using Oracle Directory Manager..................... 6-4 Adding Configuration Set Entries by Using Oracle Directory Manager...................... 6-5 Modifying Configuration Set Entries by Using Oracle Directory Manager................. 6-8 Deleting Configuration Set Entries by Using Oracle Directory Manager................... 6-10 Managing Server Configuration Set Entries by Using Command-Line Tools.................. 6-10 Adding Configuration Set Entries by Using ldapadd.................................................... 6-11 Modifying and Deleting Configuration Set Entries by Using ldapmodify................. 6-12 Setting System Operational Attributes........................................................................................ 6-13 Setting System Operational Attributes by Using Oracle Directory Manager.................... 6-13 Setting System Operational Attributes by Using ldapmodify............................................. 6-15 Managing Naming Contexts........................................................................................................... 6-16 Publishing Naming Contexts by Using Oracle Directory Manager.................................... 6-17 Publishing Naming Contexts by Using ldapmodify............................................................. 6-17 viii Managing Passwords....................................................................................................................... 6-17 Managing Password Policies.................................................................................................... 6-17 Setting Password Policies by Using Oracle Directory Manager................................... 6-20 Setting Password Policies by Using Command-Line Tools.......................................... 6-21 Managing Password Protection................................................................................................ 6-21 Managing Password Protection by Using Oracle Directory Manager........................ 6-22 Managing Password Protection by Using ldapmodify................................................. 6-22 Managing Super Users, Guest Users, and Proxy Users............................................................. 6-22 Managing Super, Guest, and Proxy Users by Using Oracle Directory Manager.............. 6-23 Managing Super, Guest, and Proxy Users by Using ldapmodify....................................... 6-24 Configuring Searches....................................................................................................................... 6-25 Configuring Searches by Using Oracle Directory Manager................................................. 6-25 Setting the Maximum Number of Entries Returned in Searches by Using Oracle Directory Manager.............................................................................................................. 6-25 Setting the Maximum Amount of Time For Searches by Using Oracle Directory Manager................................................................................................................................ 6-26 Configuring Searches by Using ldapmodify.......................................................................... 6-26 Setting Debug Logging Levels....................................................................................................... 6-27 Setting Debug Logging Levels by Using Oracle Directory Manager.................................. 6-27 Setting Debug Logging Levels by Using the OID Control Utility....................................... 6-27 Using Audit Log............................................................................................................................... 6-29 Structure of Audit Log Entries................................................................................................. 6-30 Position of Audit Log Entries in the DIT................................................................................ 6-31 Auditable Events........................................................................................................................ 6-31 Setting the Audit Level.............................................................................................................. 6-32 Setting the Audit Level by Using Oracle Directory Manager....................................... 6-32 Setting the Audit Level by Using ldapmodify................................................................ 6-33 Searching for Audit Log Entries............................................................................................... 6-34 Searching for Audit Log Entries by Using Oracle Directory Manager....................... 6-34 Searching for Audit Log Entries by Using ldapsearch.................................................. 6-34 Purging the Audit Log............................................................................................................... 6-34 Viewing Active Server Instance Information.............................................................................. 6-34 Changing the Password to an Oracle Database Server............................................................. 6-35 ix 7 Managing the Directory Schema About the Directory Schema............................................................................................................. 7-2 About Object Class Management.................................................................................................... 7-2 Guidelines for Adding Object Classes....................................................................................... 7-3 Guidelines for Modifying Object Classes.................................................................................. 7-4 Guidelines for Deleting Object Classes...................................................................................... 7-5 Managing Object Classes by Using Oracle Directory Manager................................................ 7-6 Searching for Object Classes by Using Oracle Directory Manager....................................... 7-6 Viewing Properties of Object Classes by Using Oracle Directory Manager........................ 7-9 Adding Object Classes by Using Oracle Directory Manager............................................... 7-10 Modifying Object Classes by Using Oracle Directory Manager.......................................... 7-12 Deleting Object Classes by Using Oracle Directory Manager.............................................. 7-13 Managing Object Classes by Using Command-Line Tools...................................................... 7-14 Example: Adding a New Object Class..................................................................................... 7-14 Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class.......... 7-15 About Attribute Management........................................................................................................ 7-16 Rules for Adding Attributes...................................................................................................... 7-16 Rules for Modifying Attributes................................................................................................ 7-16 Rules for Deleting Attributes.................................................................................................... 7-17 Managing Attributes by Using Oracle Directory Manager...................................................... 7-17 Viewing All Directory Attributes by Using Oracle Directory Manager............................. 7-18 Searching for Attributes by Using Oracle Directory Manager............................................. 7-19 Adding an Attribute by Using Oracle Directory Manager................................................... 7-21 Adding a New Attribute by Using Oracle Directory Manager.................................... 7-21 Creating a New Attribute from an Existing One by Using Oracle Directory Manager................................................................................................................................ 7-24 Modifying an Attribute by Using Oracle Directory Manager.............................................. 7-26 Deleting an Attribute by Using Oracle Directory Manager................................................. 7-28 Indexing an Attribute by Using Oracle Directory Manager................................................. 7-28 Viewing Indexed Attributes by Using Oracle Directory Manager.............................. 7-28 Adding an Index to an Attribute by Using Oracle Directory Manager....................... 7-28 Dropping an Index from an Attribute by Using Oracle Directory Manager.............. 7-29 Managing Attributes by Using Command-Line Tools.............................................................. 7-29 Adding and Modifying Attributes by Using ldapmodify.................................................... 7-29 Indexing an Attribute by Using Command-Line Tools........................................................ 7-30 x
The list of books you might like
