3-6 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory then you can establish a regular expression that selects adapters based on the RDN type. For Active Directory Adapter, the DN match might be: .cn=[a-z0-9] For Open LDAP, the DN match might be: .uid=[a-z0-9] By using DN Matching, Oracle Virtual Directory can effectively manage overlapped adapters by exploiting the differences in the existing sources. In the DN Matching field you can enter a regular expression indicating how DNs within the adapter must be formed. The regular expression applies to the portion of the DN below the adapters root. For example, if the adapters root is ou=People,o=MyBigOrg.com and you only want to allow entries in the next level whose RDN begins with the letters A through J, you can specify an expression such as: m.uid=[a-j][a-z0-9] This expression indicates that the DN must contain a uid= term, followed by the letters A through J, followed by any number of alpha numeric characters. The sign indicates the end of the string. In this case, because a comma is excluded at the end of the string, the uid= must be the last component of the DN within this adapter. Because the UID value must begin with A through J, then only UIDs matching that criteria are accepted. Finally, the . part of the regular expression indicates that any number of characters of any type can occur between the start of the string indicated by and the specific value uid=.

3.2.4 Levels

When using multiple adapters where some adapters are children of other adapters, it may be desirable to configure the parent adapter so that queries occurring within the namespace of a child adapter are not also sent to the parent adapter. This happens when the DN of an LDAP operation pertains to both a child adapter and a parent adapter through normal namespace selection. By setting the depth, or level of the parent adapter, Oracle Virtual Directory can eliminate the parent adapter from participating in child transactions. Used with LDAP searches, the routing Levels setting determines how many levels below the adapter root the search base may be. For example, a value of 0 requires the search base to be the same as the adapter root, a value of 1 allows the search base to be at the adapter root or one level down, and so on. An empty blank Levels setting, which is the default setting, allows searches at all levels. The Levels setting is useful as a performance parameter when mixing highly nested multiple adapter scenarios. Although the root adapter has the potential for being selected for all queries of a virtualized tree, this may not be desirable since other adapters may be set to point to parts of the tree containing the relevant data. To keep Notes: ■ Because DNs are case-insensitive, regular expression matching is performed in a case-insensitive manner. ■ The m and trailing part of the match expression is optional. Understanding Oracle Virtual Directory Routing 3-7 the root adapter out of all queries except those actually examining the root entry, thus increasing server performance, the Levels setting should be set to 0.