Oracle Unified Directory 12c: Administration Ed 2 LVC

Course Overview

• Course Objectives
• Target Audience
• Course Schedule
• Practice Environment Topology
• Additional Information

Introduction to OUD

• Objectives
• Identity Management Overview
• Functional Areas of Oracle Identity Management
• Products: Directory Services
• Products: Identity Governance
• Products: Access Management
• Oracle Unified Directory
• Oracle Unified Directory: Key Features
• Oracle Unified Directory: Functional Aspects
• Technical Differences: OUD and OID
• OID Compared to OUD
• Summary

Installing and Configuring OUD

• Objectives
• Hardware and Software Requirements
• Hardware Requirements
• Software Requirements
• Oracle Unified Directory Architecture
• OUD Architecture
• Oracle Unified Directory Components
• Oracle Unified Directory: Working
• Install Oracle Unified Directory Software
• Installing OUD
• Installing Oracle Unified Directory 12c: GUI Installation
• Installing Oracle Unified Directory 12c: Silent Installation
• Configure OUD Directory Server Instance
• OUD 12c Directory Server Setup and Configuration
• Running the oud-setup Utility Without Using the Setup Wizard
• Short-Form and Long-Form Options
• Using Ports 389 and 636 for LDAP Connections
• Install Oracle Unified Directory Services Manager
• Oracle Unified Directory Services Manager (OUDSM): Overview
• Prerequisite Software to Run OUDSM on WLS
• Configuring a WLS Domain for OUDSM
• Using OUDSM to Access Multiple OUD Instances
• Uninstall Oracle Unified Directory
• Uninstalling Oracle Unified Directory
• Uninstalling Oracle Unified Directory Server Instances
• Uninstalling the OUD 12c Software
• Summary

OUD: Basic Administration

• Objectives
• OUD Tools and Controlling OUD Instance
• OUD Administration Tools
• Starting and Stopping Directory Servers on Linux and UNIX Systems
• Enabling and Disabling Directory Servers as Microsoft Windows Services
• Manage OUD Data
• Importing Data
• Importing Partial Data
• Exporting Data
• Exporting Partial Data
• LDAP Client Tools
• Managing Entries: LDAP Commands
• Managing Entries: OUDSM
• Indexing: Overview
• Determining Whether a Search Is Indexed
• Indexing Directory Data
• Work with OUD Data Attributes
• Unique Attribute Plug-In
• Configuring the Unique Attribute Plug-In
• Virtual Attributes
• Creating Virtual Attributes
• Configure Referrals
• Referrals
• Configuring the Referral List Manually
• Smart Referrals
• Manage OUD Users and Groups
• Managing User Accounts
• Managing User Passwords
• Root Users
• Managing Root Users
• Groups
• Static Groups
• Dynamic Groups
• Virtual Static Groups
• Nested Groups
• Referential Integrity Plug-In
• Manage OUD LDAP Schema
• Directory Schema
• Extending Schema
• Managing Attribute Types
• Managing Object Classes
• Viewing Syntaxes and Matching Rules
• Quiz
• Summary

OUD Monitoring and Logging

• Objectives
• Monitoring Overview
• Monitoring
• Monitoring: Overview
• Manage Monitor Providers
• Manage Alert Handlers
• Alert Handlers
• Managing Alert Handlers: dsconfig
• Creating an Email Alert Handler: dsconfig
• Managing Alert Handlers: OUDSM
• View Monitoring Data in cn=monitor
• Monitoring Using the cn=monitor Subtree
• Monitoring Using the cn=monitor Entry: Example
• Logging Overview
• Logging
• Log Files: Overview
• Log File Format: Standard Versus ODL
• OUD Log Files
• Manage Logging Providers
• Enabling OUD Logging in OUDSM
• Enabling OUD Logging by Using CLI
• Viewing OUD Logging Status by Using CLI
• OUD Logging Status Output
• Viewing OUD Log Files
• Log Files Retention and Rotation Policy Example: Audit Logger
• Logging: Audit Example
• Logging: Access Example
• Logging: Debug Example
• Logging: Errors Example
• Summary

OUD Security

• Objectives
• Access Control Model
• Access Control
• Access Control: Overview
• ACI Structure
• Access Control Instruction
• ACI Evaluation
• ACI Structure
• ACI Syntax for Targets and Bind Rules
• ACI Syntax Example
• Securing and Controlling Access to Directory Data
• Managing Global ACIs: Overview
• Managing Global ACIs
• Managing Non-Global ACIs
• Adding and Removing a Non-Global ACI
• Managing ACIs with OUDSM
• Password Policies
• Password Policies: Fundamentals
• Configuring Password Policies with dsconfig
• Creating a New Password Policy
• Password Policy as an LDAP Subentry
• Defining Password Policy as an LDAP Subentry
• Configuring Password Policies by Using OUDSM
• Password Validators and Password Generators
• Password Validators
• Managing Password Validators
• Password Generators
• Enabling Secure LDAP Connectivity
• Prepare OUD SSL Artifacts
• Configure and Test OUD LDAPS Connection Handler
• Configuring SSL for OUD
• Attribute Encryption
• Attribute Encryption: Fundamentals
• Attribute Encryption: Configuration Parameters
• Summary

Deploying OUD Replication Topology

• Objectives
• OUD Replication Topologies
• Replication Topology
• Servers in a Replication Topology
• Single Data Center, Two Directory Servers, Two Replication Servers
• Single Data Center, Five Directory Servers, Two Replication Servers
• Two Data Centers, Four Directory Servers, Four Replication Servers
• Enabling and Initializing OUD Replication Servers
• Enabling Replication: oud-setup
• Defining the Global Administrator
• Specifying Base DNs
• Enabling Replication: dsreplication enable
• Initializing Directory Data for Replicas: oud-setup
• Initializing Directory Data for Replicas: dsreplication
• Initializing Directory Data for Replicas: backup and restore
• Initializing Configuration Data for Replicated Servers
• Modifying Existing Replication Configuration
• Retrieving the Replication Domain Name
• Configuring Replication Groups
• Configuring Replication Groups: Example
• Configuring Assured, Fractional, and Isolated Replication
• Replication: Loose Consistency Model
• Assured Replication: Providing Tighter Consistency
• Configuring Assured Replication: Safe Data Mode
• Configuring Assured Replication: Safe Read Mode
• Fractional Replication
• Configuring Fractional Replication
• Isolated Replication
• Configuring Isolated Replication
• Testing and Tuning Replication
• Determining Replication Status
• Verifying Replication Success
• Tuning Replication
• Using OUDSM to Configure Replication
• Using OUDSM to Configure Data Replication
• Manage Configuration of an Existing Replication Server
• Manage Configuration for a Replicated Suffix
• Replication Configuration Wizard
• Creating a New Topology
• Managing an Existing Replication Topology
• Quiz
• Summary

Oracle Directory Integration Platform

• Objectives
• DIP Overview and Architecture
• Oracle Directory Integration Platform: Overview
• Synchronization
• Provisioning
• DIP Architecture
• DIP Synchronization Service
• Synchronization Service: Operations
• Connectors
• Directory Synchronization Profiles
• Default Synchronization Profiles
• Synchronization Agent
• DIP Installation and Configuration
• Administering Directory Integration Platform
• Command-Line Tools for Administering DIP
• Using FMW Control to Administer and Monitor DIP
• Starting and Stopping DIP
• Viewing DIP Status
• Viewing DIP Registration Information
• Oracle Directory Integration Platform Server Configuration
• Viewing DIP Logs
• DIP Security Features
• SSL and DIP
• Credential Store
• Configuring DIP for SSL Mode 2
• Integration Profile Authentication
• Access Control for DIP Server and Profiles
• Troubleshooting DIP
• DIP Tester
• Quiz
• Summary

Synchronizing Directory Data with OUD

• Objectives
• When to Use Oracle Directory Integration Platform
• Benefits of Using DIP with OUD
• Software Requirements for Running DIP
• Oracle Directory Integration Platform Typical Topologies
• Configuring OUD as the DIP Back-End Directory
• Configuring OUD as the DIP Back End: Prerequisites
• Creating a WebLogic Domain to Configure DIP
• Configuring OUD as the DIP Back End: dipConfigurator
• dipConfigurator: ACIs
• Synchronizing OUD as Back-End Directory with OID
• Synchronizing OUD and OID
• Synchronization Profiles
• Synchronization Profiles: General
• Synchronization Profiles: Mapping
• Mapping Rules
• Domain and Attribute Mapping Rule Format
• Example Domain Rules:
• Attribute Rules
• Synchronization Profiles: Filtering
• Matching Filters
• Synchronization Profiles: Advanced
• Deregistering a Profile in FMW Control
• Bootstrapping Data into the Oracle Back-End Directory
• Synchronizing OUD as Back-End Directory with MS Active Directory
• Synchronizing from AD to OUD
• OUD Schema Elements for AD
• Synchronizing OUD and AD
• Summary

OUD Proxy Servers

• Objectives
• OUD Proxy Mode Capabilities and Request Routing
• OUD 12c Proxy Server
• Request Routing on OUD 12c Proxy Servers
• Request Routing on OUD 12c Directory Servers
• Request Routing Configuration Object Creation
• Proxy Server Load-Balancing Model
• OUD 12c Proxy Server Load Balancing
• OUD 12c Proxy Server Proportional Load Balancing
• OUD 12c Proxy Server Saturation Load Balancing
• OUD 12c Proxy Server Optimal Load Balancing
• OUD 12c Proxy Server Search Filter Load Balancing
• Proxy Server Data Distribution Model
• OUD 12c Proxy Server Data Distribution
• OUD 12c Proxy Server Numeric Data Distribution
• OUD 12c Proxy Server Lexico Data Distribution
• OUD 12c Proxy Server Capacity Data Distribution
• OUD 12c Proxy Server DN Pattern Data Distribution
• Global Index Catalog
• OUD 12c Proxy Server Setup
• Setting Up an OUD 12c Proxy Server
• Configure a New Proxy Server
• Selecting Load Balancing or Data Distribution as the Proxy Type
• Adding Back-End LDAP Servers for Load Balancing
• Defining Load Balancing Algorithm and Server Weights
• Selecting the Number of Data Distribution LDAP Servers
• Specifying How the Proxy Server Distributes Data
• Defining Global Index Catalog
• Configure OUD 12c Proxy in OUDSM
• Configuring OUD 12c Proxy in OUDSM
• OUDSM Core Configuration
• Testing OUD Proxies
• Testing Load Balancing
• Testing Data Distribution
• Quiz
• Summary

OUD Plug-ins and Extensibility Framework

• Objectives
• Need for Plug-ins and OUD RDBMS Workflow Element
• Need for Plug-Ins
• RDBMS Workflow Element
• RDBMS Workflow Element: Use Cases
• RDBMS Workflow Element: Features
• OUD Plug-in: Overview
• OUD Plug-Ins
• OUD Plug-Ins: Life Cycle
• OUD Plug-Ins: Use Cases
• Introduction to OUD Plug-in API
• OUD Plug-ins: Implementation Points
• OUD Plug-in API: Overview
• Deploying a Sample Plug-In
• Quiz
• Summary

Virtualizing OUD

• Objectives
• Pass-Through Authentication Capabilities
• Pass-Through Authentication Mechanism
• Pass-Through Authentication Workflow Element: Features
• Pass-Through Authentication Configuration Model
• Configuring Pass-Through Authentication
• OUD Virtualization Mechanism
• Difference Between Join and Distribution
• Join Workflow Element
• Features of the Join Workflow Element
• ForkJoin Workflow Element
• Configuring Virtualization
• Join Participants
• Using Join Workflow Element for Pass-Through Authentication
• DN Renaming Workflow Element
• DN Renaming: Example
• RDN Changing
• RDN Changing Workflow Element Definition Example
• Optimizing Virtualization Search Results
• Optimizing Virtual Search Results
• Summary

Integrating OUD with Enterprise User Security

• Objectives
• Database Management
• Database Management: Traditional Problems
• Database Management: An OUD Solution
• Enterprise User Security (EUS)
• Enterprise User Security: Overview
• Benefits of EUS
• Integrating EUS and OUD
• When to Integrate EUS and OUD
• Database Accounts Stored in OUD
• Configuring EUS with OUD
• Configuring EUS with OUD: High-Level Tasks
• OUD Setup and Configuration for EUS
• Set Up OUD Instance for EUS Integration
• Update modifyRealm.ldif File and Load into OUD
• Update java.security File and Restart OUD Instance
• Prepare Oracle Database for EUS
• View and Copy OUD Keystore Passphrase
• Get OUD Keystore Passphrase from keystore.pin File
• Export OUD Self-Signed SSL Certificate
• Add Exported OUD SSL Certificate to Database Wallet
• Configure DB Listener for Directory Connectivity
• Enable Oracle Database Directory Server Use
• Configure OUD Password Management for EUS Administration
• Configure Pluggable Database for EUS Integration
• Verify PDB Entries in OUD
• Log In to Pluggable Database and Add PDB Users
• Create User-to-Schema Mapping in OUD
• Test User Log In to Pluggable Database
• EUS with OUD Proxy and Active Directory PTA
• OUD Proxy Forwards Database Accounts to External Directory
• Accounts in Active Directory: Password-Based Authentication
• Accounts in Active Directory: Kerberos Authentication
• Integrating OUD, EUS, and AD for Password Authentication
• Quiz
• Summary
• A Coexistence Topology: OUD and ODSEE
• Objectives A-2
• Defining Coexistence Topology and Potential Issues A-3
• Coexistence Topology A-4
• Update Initiated from ODSEE 11g – Data Modification Flow A-6
• Update Initiated from the OUD 12c – Data Modification Flow A-7
• Coexistence Topology Use Case – Starting State A-8
• Coexistence Topology Use Case – Intermediate State A-9
• Coexistence Topology Use Case – Upgrade Complete A-10
• Defining Coexistence Topology and Potential Issues A-11
• Coexistence Topology – Potential Issues A-12
• ODSEE 11g Configuration: Password Policy and Account Lockout A-13
• ODSEE 11g Configuration: Roles and Class of Service A-16
• ODSEE 11g Configuration: Plug-ins and Indexes A-18
• Analyzing Your ODSEE 11g Configuration: Schema A-20
• ODSEE 11g Configuration: ACIs A-22
• Running the ds2oud Utility in Diagnostic Mode A-23
• Resolving Coexistence Issues A-25
• Configure OUD 12c for Coexistence Topology with ODSEE 11g A-28
• Deploy OUD 12c for Coexistence with ODSEE 11g A-29
• Set up OUD 12c Directory Servers in a Coexistence Topology A-30
• Run ds2oud –a to Initialize the OUD 12c Directory Servers A-31
• Enable Replication for OUD 12c Directory Servers A-32
• Deploying OUD 12c Replication Gateways A-33
• Creating OUD 12c Replication Gateway Instance A-34
• Define Replication Gateway Administration Properties A-35
• Configure Replication Gateway ODSEE 11g Server Settings A-36
• Configure Replication Gateway OUD 12c Server Settings A-37
• Review and Complete Replication Gateway Configuration A-38
• Populating OUD 12c Directory Servers with ODSEE 11g Data A-39
• Exporting ODSEE 11g Directory Data A-40
• Initializing the OUD 12c Directory Servers with Directory Data A-41
• Test Directory Data Replication in Coexistence Topology A-42
• Testing the Coexistence Topology A-43
• Monitoring the Replication Gateway A-44
• Completing Upgrade to OUD 12c A-46
• Upgrade Completion Activities A-47
• Upgrade from ODSEE 11g to OUD 12c Completed A-48
• Summary A-49
• Quiz A-50