没有合适的资源?快使用搜索试试~ 我知道了~
首页Oracle Internet Directory 10g集成指南:管理员详解
Oracle Internet Directory 10g集成指南:管理员详解
需积分: 10 12 下载量 148 浏览量
更新于2024-08-02
收藏 8.29MB PDF 举报
Oracle Identity Management Integration Guide 是一份针对Oracle Internet Directory (OID)的管理员指南,适用于10g版本(10.1.4.0.1),具体发行日期为2006年7月。该文档由Ellen Desmond为主要作者编写,其他多位专家如Vasuki Ashok、Neelima Bawa等也做出了贡献。Oracle Internet Directory是Oracle提供的一款企业级身份管理解决方案,它整合了身份、访问管理和目录服务。
本指南详细介绍了如何管理和集成Oracle Internet Directory,内容涵盖了系统的安装、配置、管理和维护等多个方面,包括但不限于用户管理、角色定义、权限控制、目录同步、与其他Oracle产品的集成(如Oracle Access Manager、Oracle Application Server等)以及与第三方系统的接口。指南强调了这些组件之间的协同工作,确保在企业环境中实现统一的身份策略和访问控制。
Oracle Internet Directory作为Oracle IDM平台的核心组成部分,其核心功能包括:
1. **目录服务**:提供了一致的数据存储和查询,用于存储用户、组、组织结构等身份信息。
2. **身份认证**:通过支持多种身份验证机制,如密码、智能卡、生物识别等,确保用户身份的准确验证。
3. **授权和访问控制**:实施细粒度的权限管理,帮助企业在满足合规性和安全性需求的同时提高工作效率。
4. **单点登录(Single Sign-On, SSO)**:允许用户使用一次身份凭证即可访问多个应用系统,简化了用户的登录流程。
5. **生命周期管理**:支持从创建、修改到删除用户信息的整个生命周期管理过程。
6. **与Oracle其他产品的集成**:增强了与其他Oracle产品如数据库、中间件的无缝对接,实现数据共享和业务流程自动化。
文档还特别提到,所有包含软件和文档的程序都受版权保护,并且受到许可证协议的约束,禁止未经许可的反向工程、拆解或反编译。这样做旨在保护Oracle知识产权,并确保软件的合法使用和保密性。
阅读这份Oracle Identity Management Integration Guide,管理员不仅可以掌握如何有效管理和优化OID,还能理解如何在复杂的IT环境中实现高效的身份管理策略,提升企业的整体安全性和运营效率。对于任何正在使用或计划采用Oracle IDM的企业来说,这是一份不可或缺的技术参考文献。
xvi
Default Privileges for Proxying on Behalf of End Users......................................................... 21-13
Default Privileges for Managing the Oracle Context............................................................... 21-13
Default Privileges for Reading Common User Attributes ...................................................... 21-13
Default Privileges for Reading Common Group Attributes................................................... 21-14
Default Privileges for Reading the Service Registry................................................................ 21-14
Default Privileges for Administering the Service Registry..................................................... 21-14
Part IV Directory Deployment
22 Directory Deployment Considerations
The Expanding Role of Directories.................................................................................................... 22-1
Logical Organization Of Directory Information............................................................................. 22-2
Physical Distribution: Partitions, Replicas, and High Availability ............................................ 22-2
An Ideal Deployment ..................................................................................................................... 22-2
Partitioning Considerations........................................................................................................... 22-3
Replication Considerations............................................................................................................ 22-3
High Availability Considerations................................................................................................. 22-4
Oracle Directory Integration Platform............................................................................................. 22-5
Capacity Planning, Sizing, and Tuning............................................................................................. 22-5
Capacity Planning........................................................................................................................... 22-6
Sizing Considerations..................................................................................................................... 22-6
Tuning Considerations................................................................................................................... 22-8
23 Deployment of Oracle Identity Management Realms
Planning the Directory Information Tree for Identity Management.......................................... 23-1
Planning the Overall Directory Structure.................................................................................... 23-3
Planning the Names and Containment of Users and Groups.................................................. 23-3
Considerations for Users......................................................................................................... 23-4
Considerations for Groups..................................................................................................... 23-4
Planning the Identity Management Realm.................................................................................. 23-5
Migrating a DIT from a Third-Party Directory........................................................................... 23-7
Identity Management Realms in an Enterprise Deployment....................................................... 23-7
Single Identity Management Realm in the Enterprise............................................................... 23-7
Multiple Identity Management Realms in the Enterprise......................................................... 23-8
Identity Management Realms in a Hosted Deployment............................................................... 23-8
Identity Management Realm Implementation in Oracle Internet Directory............................ 23-9
Default Directory Information Tree and the Identity Management Realm ............................ 23-10
Administration of Identity Management Realms......................................................................... 23-12
Customizing the Default Identity Management Realm .......................................................... 23-12
Changing the Location of Users and Groups In The Default Identity Management
Realm ...................................................................................................................................... 23-13
Creating Additional Identity Management Realms for Hosted Deployments.................... 23-18
24 Capacity Planning for the Directory
About Capacity Planning..................................................................................................................... 24-1
Getting to Know Directory Usage Patterns: A Case Study........................................................... 24-2
xvii
I/O Subsystem Requirements............................................................................................................. 24-4
About the I/O Subsystem.............................................................................................................. 24-5
Rough Estimates of Disk Space Requirements........................................................................... 24-5
Detailed Calculations of Disk Space Requirements................................................................... 24-6
Memory Requirements......................................................................................................................... 24-9
Network Requirements...................................................................................................................... 24-10
CPU Requirements.............................................................................................................................. 24-11
CPU Configuration ....................................................................................................................... 24-11
Rough Estimates of CPU Requirements.................................................................................... 24-11
Detailed Calculations of CPU Requirements............................................................................ 24-12
Summary of Capacity Plan for Acme Corporation....................................................................... 24-13
25 Tuning Considerations for the Directory
About Tuning......................................................................................................................................... 25-1
Tools for Performance Tuning............................................................................................................. 25-2
CPU Usage Tuning ................................................................................................................................ 25-2
Tuning CPU for Oracle Internet Directory Processes................................................................ 25-3
Tuning CPU for Oracle Foreground Processes........................................................................... 25-4
Taking Advantage of Processor Affinity on SMP Systems....................................................... 25-4
Other Alternatives for a CPU Constrained System.................................................................... 25-5
Memory Tuning ..................................................................................................................................... 25-5
Tuning the System Global Area (SGA) for the Oracle Database.............................................. 25-5
Other Alternatives for a Memory-Constrained System ............................................................ 25-5
Tuning Security Event Tracking ................................................................................................... 25-6
Tuning Memory Allocated for Event Tracking................................................................... 25-6
Tuning Memory Used for Each Operation........................................................................... 25-6
Disk Tuning............................................................................................................................................ 25-6
Database Tuning.................................................................................................................................... 25-7
Required Parameters ...................................................................................................................... 25-7
Parameters Dependent on Oracle Internet Directory Server Configuration.......................... 25-8
Using Shared Server Process.................................................................................................. 25-8
SGA Parameters Dependent on Hardware Resources............................................................. 25-8
Entry Caching......................................................................................................................................... 25-8
Caching of Connection DNs ............................................................................................................... 25-9
Optimizing Searches............................................................................................................................. 25-9
Optimizing Subtree Searches ........................................................................................................ 25-9
Optimizing Searches for Large Group Entries............................................................................ 25-9
Entry Cache Enabled Configuration................................................................................... 25-10
Entry Cache Disabled Configuration.................................................................................. 25-10
Optimizing Searches for Skewed Attributes............................................................................. 25-10
Optimizing Searches for Skewed Attributes by Using Oracle Directory Manager ..... 25-11
Optimizing Searches for Skewed Attributes by Using ldapmodify............................... 25-11
Setting the Time Limit Mode............................................................................................................ 25-11
Setting the Time Limit Mode by Using Oracle Directory Manager....................................... 25-11
Setting the Time Limit Mode by Using ldapmodify................................................................ 25-12
Setting the Timeout for Client/Server Connections..................................................................... 25-12
Setting the Timeout for Write Operations...................................................................................... 25-12
xviii
26 Garbage Collection in Oracle Internet Directory
About the Oracle Internet Directory Garbage Collection Framework....................................... 26-1
Components of the Oracle Internet Directory Garbage Collection Framework.................... 26-1
Garbage Collection Plug-in .................................................................................................... 26-1
Background Database Processes............................................................................................ 26-2
How Oracle Internet Directory Garbage Collection Works...................................................... 26-4
Garbage Collector Entries and the Oracle Internet Directory Statistics Collector Entry...... 26-5
Change Log Purging in Multimaster Replication ...................................................................... 26-5
Modifying Oracle Internet Directory Garbage Collectors............................................................ 26-6
Modifying a Garbage Collector by Using Oracle Directory Manager..................................... 26-6
Modifying a Garbage Collector by Using Command-Line Tools............................................ 26-7
Example 1: Modifying a Garbage Collector......................................................................... 26-7
Example 2: Disabling a Garbage Collector Change Log .................................................... 26-7
Modifying the Oracle Internet Directory Statistics Collector ................................................... 26-7
Enabling, Disabling, and Monitoring Logging for Oracle Internet Directory Garbage
Collectors ................................................................................................................................................ 26-7
Enabling Logging for Oracle Internet Directory Garbage Collectors...................................... 26-8
Disabling Logging for Oracle Internet Directory Garbage Collectors..................................... 26-8
Monitoring Garbage Collection Logging..................................................................................... 26-8
27 Migration of Data from Other Data Repositories
The Default Directory Structure of Oracle Internet Directory..................................................... 27-1
Migrating Data from LDAP-Compliant Directories ...................................................................... 27-2
Tools ................................................................................................................................................. 27-2
bulkload..................................................................................................................................... 27-2
dipassistant ............................................................................................................................... 27-2
Oracle Directory Integration Platform Server...................................................................... 27-3
Common Usage Scenarios ............................................................................................................ 27-3
Scenario 1: Using an LDIF File and bulkload ...................................................................... 27-3
Scenario 2: Using dipassistant Directly ................................................................................ 27-4
Scenario 3: Using an LDIF File and dipassistant................................................................. 27-4
Scenario 4: Using dipassistant, bulkload, and LDIF Files.................................................. 27-5
Scenario 5: Using the Oracle Directory Integration Platform Server ............................... 27-6
Tasks For Migrating Data from LDAP-Compliant Directories................................................ 27-6
Task 1: Export Data from the Non-Oracle Internet Directory Server into LDIF File
Format........................................................................................................................................ 27-6
Task 2: Analyze the LDIF User Data for Any Required Schema Additions
Referenced in the LDIF Data.................................................................................................. 27-6
Task 3: Extend the Schema in Oracle Internet Directory ................................................... 27-7
Task 4: Remove Any Proprietary Directory Data from the LDIF File.............................. 27-7
Task 5: Remove Operational Attributes from the LDIF File.............................................. 27-7
Task 6: Remove Incompatible userPassword Attribute Values from the LDIF File...... 27-7
Task 7: Run the bulkload check="TRUE" Mode and Determine Any Remaining
Schema Violations or Duplication Errors............................................................................. 27-8
Migrating User Data from Application-Specific Repositories..................................................... 27-8
The Intermediate Template File.................................................................................................... 27-8
xix
Reconciling Data in Application Repository with Data Already in Oracle Internet
Directory........................................................................................................................................... 27-9
Tasks For Migrating Data from Application-Specific Repositories......................................... 27-9
Task 1: Create an Intermediate Template File ..................................................................... 27-9
Task 2: Run the OID Migration Tool................................................................................... 27-11
28 Server Chaining
Supported External Servers................................................................................................................. 28-1
Integrated Oracle Products.................................................................................................................. 28-2
Supported Operations.......................................................................................................................... 28-2
Server Chaining with Replication .................................................................................................... 28-3
Configuring Server Chaining............................................................................................................. 28-3
Configuring Server Chaining from the Command Line ........................................................... 28-3
Configuring Server Chaining by Using Oracle Directory Manager........................................ 28-4
Requirements for User and Group Containers........................................................................... 28-4
Attribute Mapping.......................................................................................................................... 28-5
Server Chaining Configuration Entries............................................................................................ 28-5
Configuration Entry Attributes..................................................................................................... 28-6
Active Directory Example.............................................................................................................. 28-7
Sun Java System Directory Server (iPlanet) Example................................................................ 28-8
Debugging Server Chaining ............................................................................................................... 28-9
Part V Directory Replication
29 Oracle Internet Directory Replication Concepts
Replication Concepts............................................................................................................................ 29-1
Content to be Replicated: Full or Partial...................................................................................... 29-2
Direction: One-Way or Two-Way................................................................................................. 29-2
Transport Mechanism: Advanced Database Replication or LDAP......................................... 29-3
Directory Replication Group (DRG) Types................................................................................. 29-3
Directory Replication Groups............................................................................................................. 29-4
Data Transfer Between Nodes in a Directory Replication Group............................................ 29-4
Single-Master Replication Groups................................................................................................ 29-5
Multimaster Replication Groups .................................................................................................. 29-5
Fan-Out Replication Groups.......................................................................................................... 29-6
Types of Directory Replication Compared.................................................................................. 29-6
Multimaster Replication with Fan-Out........................................................................................ 29-7
Replication Configuration Objects in the Directory...................................................................... 29-8
The Replication Configuration Container................................................................................... 29-9
The Replica Subentry...................................................................................................................... 29-9
The Replication Agreement Entry.............................................................................................. 29-10
Replication Agreement Entry Attributes............................................................................ 29-10
Advanced Replication Agreements..................................................................................... 29-11
LDAP Replication Agreements............................................................................................ 29-12
Two-Way LDAP Replication Agreements......................................................................... 29-12
The Replication Naming Context Container Entry.................................................................. 29-13
xx
The Replication Naming Context Object Entry........................................................................ 29-13
Directory Replication Server Configuration Parameters ........................................................ 29-14
Examples of Replication Configuration Objects in the Directory.......................................... 29-15
Replication Security............................................................................................................................ 29-18
Authentication and the Directory Replication Server ............................................................. 29-18
Secure Sockets Layer (SSL) and Oracle Internet Directory Replication................................ 29-19
Change Logs in Directory Replication............................................................................................ 29-19
Oracle Database Advanced Replication ......................................................................................... 29-20
Features of Oracle Database Advanced Replication ............................................................... 29-20
Architecture for Oracle Advanced Database Replication....................................................... 29-21
LDAP-Based Replication ................................................................................................................... 29-23
Conflict Resolution in Oracle Replication..................................................................................... 29-25
Levels at Which Replication Conflicts Occur............................................................................ 29-25
Typical Causes of Conflicts.......................................................................................................... 29-26
Automated Resolution of Conflicts............................................................................................ 29-26
Replication Failover............................................................................................................................ 29-27
Included and Excluded Naming Contexts in Partial Replication.............................................. 29-30
Oracle Database Advanced Replication Filtering......................................................................... 29-30
LDAP Replication Filtering............................................................................................................... 29-31
Rules for LDAP Replication Filtering......................................................................................... 29-31
Examples of LDAP Replication Filtering................................................................................... 29-31
Rules for Managing Naming Contexts and Attributes............................................................ 29-35
Optimization of Partial Replication Naming Context for Better Performance.................... 29-36
30 Oracle Internet Directory Replication Installation and Configuration
Oracle Internet Directory Versions and Replication...................................................................... 30-1
Preliminary Information for Installing and Configuring a Replication Group....................... 30-2
Oracle Internet Directory Installation .......................................................................................... 30-2
If You are Installing Oracle Internet Directory as a Master...................................................... 30-3
If You are Installing Oracle Internet Directory as an Advanced Replication-Based Replica
or as a One-Way or Two-Way LDAP-Based Replica................................................................. 30-3
The Replication Environment Management Tool ...................................................................... 30-4
Installing and Configuring Multimaster Replication.................................................................... 30-5
Rules for Configuring Directory Replication Based on Oracle Database Advanced
Replication........................................................................................................................................ 30-5
Installing and Configuring a Multimaster Replication Group................................................ 30-6
Task 1: Install Oracle Internet Directory as a Master on the Master Definition Site
(MDS)......................................................................................................................................... 30-7
Task 2: Install the Oracle Internet Directory as a Replica, on the Remote Master Sites
(RMS) ......................................................................................................................................... 30-7
Task 3: Set Up Oracle Database Advanced Replication for a Directory Replication
Group......................................................................................................................................... 30-9
Task 4 (Optional): Load Data into the Directory............................................................... 30-12
Task 5: Ensure that Oracle Directory Server Instances are Started on All the Nodes . 30-13
Task 6: Start the Replication Servers on All Nodes in the DRG...................................... 30-13
Task 7: Test Directory Replication....................................................................................... 30-14
Adding a Node for Multimaster Replication (Oracle Database Advanced Replication
Types Only).................................................................................................................................... 30-14
剩余769页未读,继续阅读
2023-04-25 上传
2023-05-11 上传
2023-05-13 上传
2023-05-11 上传
2023-05-11 上传
2023-04-25 上传
2023-04-25 上传
2008-12-04 上传
lainah1
- 粉丝: 0
- 资源: 18
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 可换肤的VC.net二维图形变换
- 编码算法
- workspace:我的默认工作区
- exercise-tracker
- rwd4_techdoc
- 涡轮形
- kiwi-开源
- CubeSolver:该程序旨在以最小的移动次数找到任何3x3 Rubik立方体争夺的解决方案
- kodi-plugin.video.urplay-se:这是 Kodi 媒体中心的视频插件,它使用户能够查看来自“http”的内容
- volunteer-network-server
- ZipDB-开源
- madame-ecom
- apparition:测试助手的集合
- 蓝牙控制车-项目开发
- angular-keycloak
- sko_foo::open_book:有关Ruby库中文件如何相互关联以及Rspec使用的文件的指南
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功