When you install Oracle Directory Integration Platform, sample import and export synchronization profiles are automatically created for each of the supported directories that Oracle Directory Integration Platform can connect to. The import and export synchronization profiles created during the install process or with the expressSyncSetup command are only intended as a starting point for you to use when deploying your integration of the Oracle back-end directory and Oracle Directory Server Enterprise Edition.
Because the default synchronization profiles are created using predefined assumptions, you must further customize them for your environment by performing the following steps in the order listed:.
Configure the realm by following the instructions in "Configuring the Realm". When integrating with Oracle Directory Server Enterprise Edition, the following attribute-level mapping is mandatory for all objects:. In the preceding examples, Cn and sn from Oracle Directory Server Enterprise Edition are mapped to cn and sn in the Oracle back-end directory.
Customize the attribute mappings by following the instructions in "Customizing Mapping Rules". If you want to synchronize deletions, and the mapping rules have mandatory attributes, then be sure that the tombstone is configured correctly.
To verify that the tombstone is configured in Oracle Directory Server Enterprise Edition, execute the following command:. Tombstones are automatically configured for Oracle Directory Server Enterprise Edition if replication is enabled. The Oracle back-end directory and Oracle Directory Server Enterprise Edition support the same set of password hashing techniques.
To synchronize passwords between Oracle Internet Directory and Oracle Directory Server Enterprise Edition, ensure that SSL server authentication mode is configured for both directories and that the following mapping rule exists in the mapping file:.
Directory Server Instance Default Layout. Part I Directory Server Reference. Comparison of Software Installation and Server Instances.
Directory Server Data Caching. Directory Server Groups and Roles. Directory Server Class of Service. Directory Server Internationalization Support. Directory Proxy Server Overview. Directory Proxy Server Distribution. Directory Proxy Server Virtualization. Directory Proxy Server Client Authentication. Security in Directory Proxy Server. Directory Proxy Server Logging. Directory Proxy Server Alerts and Monitoring.
This section succinctly addresses key concepts of Directory Server from the point of view of someone who must install and manage Directory Server. This section touches on the following topics. For each installation of Directory Server software, you can create multiple server instances.
Although you may create server instances in the place on the file system where you install the software, nothing requires you to put both the software and the instances side by side. The Directory Server software you install includes the executable files, template data, and sample files needed to create, run, and manage actual servers.
As the software is separate from the actual servers, you can apply patches or service packs to the software without changing the server data. You therefore do not need to patch each server instance, but instead only the software installation. A Directory Server instance holds the configuration data and the directory data required to serve directory client applications. Although in production systems you carefully control the user identity of the server, you can typically create and run a Directory Server instance as any user on the system.
The directory data belongs then to the user who created the instance. In particular, notice that the documentation mentions install-path when referring to the software installation, but instance-path when referring to a server instance. By default, Directory Server listens for LDAP connections on port if the instance was created by root , if the instance was created by non- root. Instead, you supply a port number when enabling the DSML service.
In order to enable client applications to reach Directory Server, you create instances on hosts with static IP addresses. The hostname is also usually referenced in DNS. Client applications typically need at least two pieces of information to access the directory.
LDAP clients and servers do not usually open a new connection for every request. In the LDAP model, a client connects to the server to authenticate before performing other operations.
The connection and authentication process is referred to as binding. Client applications can bind with credentials, but they can also bind anonymously. Directory Server lets you configure access accordingly both for known and anonymous clients. Client applications can also keep a connection open, but bind again, thus changing the authentication identity. This technique can reduce the costs of creating a new connection.
Once the bind has been performed and the client is authenticated, the client can request the following operations. This operation is for moving directory entries from one part of the directory information tree to another. The relative distinguished name is the attribute value used to distinguish a directory entry from the others at the same level of the directory information tree. This operation is for renaming directory entries. This operation is a special case of modDN.
The modRDN operation is always relatively fast, however, as it involves modifying only leaf entries. Find all the directory entries under a specified point in the directory tree that have attribute values matching a filter. A search filter can specify one or more attribute characteristics. When finished performing operations, a client can unbind. After unbinding, the connection is dropped by the client and the server. Client applications can also abandon operations, such as a search that is taking too long.
Directory Server can handle many client connections simultaneously. To handle connections, Directory Server consumes free file descriptors, and manages a number of threads. You can limit the system resources available to Directory Server through the server configuration.
Directory Server stores server instance configuration data in files, but the configuration data is also accessible over LDAP. The files are stored under instance-path as follows.
Directory Server stores other configuration information in the dse. Avoid updating this file by hand. Instead, you use either the web based Directory Service Control Center, or the dsconf command. Yet, both also spare you much of the complexity of making configuration adjustments with LDAP modify operations. Almost all Directory Server product documentation is devoted to Directory Server configuration. In Oracle Directory Server Enterprise Edition Administration Guide , you find extensive instructions for accomplishing a variety of tasks using command line configuration tools.
The Directory Service Control Center online help can help get you back on track when the Directory Service Control Center interface does not seem intuitive enough.
Directory Server manages many binary-tree databases to hold directory data. In general, do not change or move these files. You also find subdirectories for each database managed by the server. You can configure Directory Server to encrypt the information in these files if necessary. From the point of view of client applications, Directory Server presents the directory data stored as directory entries arranged in the directory information tree.
0コメント