PI_L07

Managing the Oracle Internet Directory



Copyright © 2004, Oracle. All rights reserved.



Objectives



After completing this lesson, you should be able to do the following: • Explain Directory and LDAP concepts • Describe Oracle Internet Directory (OID) • Explain Oracle Internet Directory architecture • Start and stop Oracle Internet Directory processes • Identify various OID command-line tools • Connect to and disconnect from the Directory by using Oracle Directory Manager



7-2



Copyright © 2004, Oracle. All rights reserved.



What Is a Directory?



A directory is: • A special-purpose distributed database • Entry oriented • Used for storing and retrieving entries Applications that use directory services include: • E-mail address books • Corporate white papers store • Centralized applications for managing credentials and privileges • Applications that configure and manage system resources

7-3 Copyright © 2004, Oracle. All rights reserved.



Lightweight Directory Access Protocol (LDAP)

• • LDAP is a lightweight implementation of the Directory Access Protocol (DAP). LDAP features include:

– – – – – – Standards-based protocol Distributed servers Scalability and extensibility Security Data consolidation Fast searches



7-5



Copyright © 2004, Oracle. All rights reserved.



LDAP Components



An LDAP directory is organized in the form of a simple hierarchical tree known as Directory Information Tree (DIT).



Directory Information Tree



Attributes



7-7



Copyright © 2004, Oracle. All rights reserved.



Oracle Internet Directory (OID)



•



• •



•



Oracle Internet Directory is Oracle’s implementation of LDAP version 3 directory service. OID provides directory services to the Oracle database and the Oracle Application Server. OID can support millions of entries and thousands of concurrent client accesses on a single directory node. OID implements sophisticated security management with a robust security model for protecting data from unauthorized access by LDAP clients.

Copyright © 2004, Oracle. All rights reserved.



7-9



Security Benefits of OID



OID provides the following security benefits: • Data integrity • Data confidentiality • Password protection • Data access control



7-10



Copyright © 2004, Oracle. All rights reserved.



OID Architecture Overview



Oracle Database



7-11



Copyright © 2004, Oracle. All rights reserved.



OID Server Instance Architecture

LDAP Server Instance Oracle Directory Server Oracle Net Oracle Net Listener/ Dispatcher



LDAP Requests LDAP Clients



OID Listener/ Dispatcher



Oracle Directory Server



Oracle Net



Oracle Database



Oracle Directory Server



Oracle Net



7-12



Copyright © 2004, Oracle. All rights reserved.



OID Node Architecture Components

Oracle Directory Manager LDAP Oracle Directory Server Instance 1 non SSL port 389 Oracle Directory Server Instance 2 SSL Enable port 636 OID Control Utility (oidctl)

7-13



LDAP



Oracle Directory Replication Server



OS OS



OS OID Monitor (oidmon) Oracle Net



Oracle Net Oracle Net



Oracle Net

Oracle Database



Copyright © 2004, Oracle. All rights reserved.



OID Server Processes



• •



You can connect to the OID server only if the OID server instance is running. To start the OID server, you must start the OID server processes in the following sequence:

– Start the OID Monitor utility. – Start the server Instances using the OID Control Utility.



•



You must stop the OID server by stopping the OID processes in the following sequence:

– Stop the server instance using OID Control. – Stop OID Monitor.



7-15



Copyright © 2004, Oracle. All rights reserved.



Starting OID Monitor Process



•



•



The OID Monitor process must be running to process commands to start and stop the OID server instance using OID Control utility. To start the OID Monitor:

– Set the NLS_LANG to a UTF8 appropriate language – Set the TNS_CONNECT String



oidmon connect=OID1 sleep=20 start



7-16



Copyright © 2004, Oracle. All rights reserved.



Starting Oracle Internet Directory Server Instance

• • You can start an OID server instance only if the OID Monitor process is running. Use the OIDCTL utility to start the OID server instance.



oidctl connect=OID1 server=oidldapd instance=2 configset=3 flags='-p 3062 -debug 1024 -l' start



7-17



Copyright © 2004, Oracle. All rights reserved.



OID Log Files



All the activities of the OID server are logged in the $ORACLE_HOME/ldap/log/ directory, which includes the following types of logs: • oidmon.log from OID Monitor • oidldapd*.log from OID LDAP servers • oidrepld*.log from OID replication servers • *.log from bulk loads



7-19



Copyright © 2004, Oracle. All rights reserved.



Stopping OID Server Instance



• •



Use the OIDCTL command to stop an OID server instance. You must ensure that the OID Monitor process is running, before stopping the OID server instance.

oidctl connect=OID1 server=oidldapd instance=2 stop



7-20



Copyright © 2004, Oracle. All rights reserved.



Stopping OID Monitor Process



You can stop the OID Monitor process by using the OIDMON utility.



oidmon connect=OID1 stop



7-21



Copyright © 2004, Oracle. All rights reserved.



OID Command-Line Tools



OID command-line tools can be classified as following: • Bulk tools • LDAP command-line tools



7-22



Copyright © 2004, Oracle. All rights reserved.



Using Bulk Tools



You can use the following bulk tools to perform bulk data operation on the OID server: • bulkload • ldifwrite • bulkmodify • bulkdelete



7-23



Copyright © 2004, Oracle. All rights reserved.



Using LDAP Command-Line Tools



You can create and modify the data stored in the OID server using the following commands: • ldapadd • ldapaddmt • ldapbind • ldapcompare • ldapdelete • ldapmoddn • ldapmodify • ldapmodifymt • ldapsearch

7-24 Copyright © 2004, Oracle. All rights reserved.



Overview of Oracle Directory Manager



•



•



Oracle Directory Manager (ODM) is a Java-based GUI tool to maintain and administer Oracle Internet Directory data. You can use ODM for the following tasks:

– – – – – – Search, view, and maintain object classes Search and maintain an attribute Create and drop an index on an attribute Search, view, and maintain an entry Control access to OID entries Replication node management



7-25



Copyright © 2004, Oracle. All rights reserved.



Connecting to the OID Server



To connect to an OID server, you must specify: • OID server host name • OID server port



7-26



Copyright © 2004, Oracle. All rights reserved.



ODM Connect Dialog Box



7-27



Copyright © 2004, Oracle. All rights reserved.



Using ODM



You can use and navigate through ODM by using the following controls: • Menu • • Toolbars Navigation pane



7-29



Copyright © 2004, Oracle. All rights reserved.



ODM Navigation Pane



The navigation pane is to the left of the double window interface, and has a tree-like structure.



7-30



Copyright © 2004, Oracle. All rights reserved.



Disconnecting from the OID Server



Disconnect Tool Button



7-31



Copyright © 2004, Oracle. All rights reserved.



Summary



In this lesson, you should have learned how to: • Explain Directory and LDAP concepts • Describe Oracle Internet Directory (OID) • Explain Oracle Internet Directory architecture • Start and stop Oracle Internet Directory processes • Identify various OID command-line tools • Connect to and disconnect from the Directory by using Oracle Directory Manager



7-32



Copyright © 2004, Oracle. All rights reserved.