Oracle Internet Directory (OID) is an LDAP V3-compliant directory service. LDAP (Lightweight Directory Access Protocol) was conceived as an Internet-ready, lightweight implementation of the X.500 standard for directory services. In this article, we will use JXplorer to explore the structure of OID.
OID Component and Instance
When you install Oracle Internet Directory[2] on a host computer, Oracle Identity Management 11g Installer creates a system component of type OID in a new or existing Oracle instance.The Oracle Internet Directory component contains an OIDMON process (i.e. Oracle Internet Directory Monitor process) and an Oracle Internet Directory instance. The Oracle Internet Directory instance consists of a dispatcher process and one or more OIDLDAPD processes.
The component name for the first Oracle Internet Directory component is usually oid1 and the Oracle instance name is chosen during the installation, usually asinst_1.
Oracle Identity Management 11g Installer also creates the following instance-specific configuration entry for this component during installation:
- cn=oid1,cn=osdldapd,cn=subconfigsubentry
In summary, OID components and instances are created as below:
- oid1
- The first Oracle Internet Directory component
- Successive installations in the cluster will have the component names oid2, oid3, and so forth.
- File system directories created by installer
- ORACLE_INSTANCE/config/OID/oid1
- ORACLE_INSTANCE/diagnostics/logs/OID/oid1
- The first Oracle Internet Directory component
- asinst_1
- Oracle instance name is chosen during the installation, usually is asinst_1
JXplorer
You explore OID by making a connection to it first. An LDAP server is called a Directory System Agent (DSA).- SSL port: 3131
- Non SSL port: 3060
- cn=orcldadmin
the DN (i.e., distinguished name) of oid1 configuration entry is returned:
- cn=oid1,cn=osdldapd,cn=subconfigsubentry
The action in LDAP takes place around entries such as oid1. An entry is defined as a set of attributes, and an attribute is a set (i.e., unordered) of values. For example, oid1 has the following attributes:
- orcloidinstancename: asinst_1
- orclmaxcc: 10
- etc.
Configuring the Oraccle Internet Directory Authentication Provider
You can follow the instructions here to set up OID as one of the authentication providers in WebLogic Server. Some of the information required for the setup can also be found from JXplorer. For example, to find user base DN and group base DN, you can right click on the Users or Groups and select "Copy DN":- User base DN : cn=Users, dc=us, dc=oracle, dc=com
- Group base DN : cn=Groups, dc=us, dc=oracle, dc=com
- cn=Users, dc=us, dc=oracle, dc=com
References
- JXplorer
- Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1)
- Lightweight Directory Access Protocol
- International Standardization Organization (ISO) X.500
- Configure the Oracle Internet Directory Authentication provider
- Oracle Fusion Middleware Security Blog
Access to Advanced Tools: Get hands-on experience with the latest tools and technologies used in the industry as part of the Diploma in Cyber Security Training in India.
ReplyDelete