7-8 Oracle Fusion Middleware Application Security Guide Example 7–3 shows a sample jps-config.xml file configured to run multi-LDAP queries for third-party application servers: Example 7–3 Multi-LDAP Configuration in Third-Party Application Servers jpsConfig xmlns=http:xmlns.oracle.comoracleasschema11jps-config-11_1.xsd xmlns:xsi=http:www.w3.org2001XMLSchema-instance xsi:schemaLocation=http:xmlns.oracle.comoracleasschema11jps-config-11_ 1.xsd schema-major-version=11 schema-minor-version=1 serviceProviders serviceProvider type=IDENTITY_STORE name=idstore.ldap.provider class=oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider descriptionLDAP-based IdentityStore Providerdescription serviceProvider serviceProviders serviceInstances -- instance idstore.oid to represent an ldap server oid -- serviceInstance name=idstore.oid provider=idstore.ldap.provider property name=subscriber.name value=dc=us,dc=oracle,dc=com property name=idstore.type value=OID property name=security.principal.key value=oid.ldap.credentials property name=security.principal.alias value=JPS property name=ldap.url value=ldap:oid1.us.oracle.com:389,ldap:oid2.us.oracle.com:389 extendedProperty nameuser.search.basesname values valuecn=users,dc=us,dc=oracle,dc=comvalue values extendedProperty extendedProperty namegroup.search.basesname values valuecn=groups,dc=us,dc=oracle,dc=comvalue values extendedProperty extendedProperty nameusername.attrname values valueuidvalue values extendedProperty extendedProperty namegroupname.attrname values valuecnvalue values extendedProperty serviceInstance -- instance idstore.ad to represent an ldap server ad -- serviceInstance name=idstore.ad provider=idstore.ldap.provider property name=subscriber.name value=dc=us,dc=oracle,dc=com property name=idstore.type value=ACTIVE_DIRECTORY property name=security.principal.key value=msad.ldap.credentials property name=security.principal.alias value=JPS Configuring the Identity Store Service 7-9 property name=ldap.url value=ldap:msad1.us.oracle.com:389,ldap:msad2.us.oracle.com:389 extendedProperty nameuser.search.basesname values valuecn=users,dc=us,dc=oracle,dc=comvalue values extendedProperty extendedProperty namegroup.search.basesname values valuecn=groups,dc=us,dc=oracle,dc=comvalue values extendedProperty extendedProperty nameusername.attrname values valuecnvalue values extendedProperty extendedProperty namegroupname.attrname values valuecnvalue values extendedProperty serviceInstance -- IDStore service idservice.virtualize to connect to multiple ldaps oid and ad using libOVD-- serviceInstance name=idservice.virtualize provider=idstore.ldap.provider --following property enables virtualization i.e., support for multiple stores -- property name=virtualize value=true -- backend ldap instance idstore.oid-- serviceInstanceRef ref=idstore.oid -- backend ldap instance idstore.ad-- serviceInstanceRef ref=idstore.ad -- Front end ldap properties if not supplied, will use default values -- extendedProperty nameuser.create.basesname values valuecn=users_front,dc=us,dc=oracle,dc=comvalue values extendedProperty extendedProperty namegroup.create.basesname values valuecn=groups_front,dc=us,dc=oracle,dc=comvalue values extendedProperty serviceInstance serviceInstances jpsContexts default=default -- IdStore service connect to multiple ldaps oid+ad through