Security Features in Oracle Directory Integration Platform 2-5 See Also: ■ The Oracle Fusion Middleware Security Guide for complete information about the Credential Store Framework of the Oracle Application Server 11g infrastructure. ■ The Oracle Fusion Middleware WebLogic Scripting Tool Command Reference for more information about the wlst commands. 2-6 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform Part II Part II General Administration of Oracle Directory Integration Platform This part describes some of the general administrative tasks involved in running Oracle Directory Integration Platform. You can find more specific administrative information in the respective sections of this guide. Part II contains the following chapters: ■ Chapter 3, Administering Oracle Directory Integration Platform ■ Chapter 4, Managing the Oracle Directory Integration Platform 3 Administering Oracle Directory Integration Platform 3-1 3 Administering Oracle Directory Integration Platform This chapter describes tools you can use to administer Oracle Directory Integration Platform. It contains these topics: ■ Graphical Tools for Administering Oracle Directory Integration Platform ■ Command-Line Tools for Administering Oracle Directory Integration Platform

3.1 Graphical Tools for Administering Oracle Directory Integration Platform

You can use the following graphical tools to administer Oracle Directory Integration Platform: ■ Using Fusion Middleware Control ■ Using Oracle Internet Directory Self-Service Console ■ Using Oracle Internet Directory Provisioning Console

3.1.1 Using Fusion Middleware Control

As of 11g Release 1 11.1.1, you can graphically administer many Oracle Directory Integration Platform features from the Oracle Enterprise Manager Fusion Middleware Control. This console enables you to configure and manage all Oracle products from one user interface. To use Oracle Enterprise Manager Fusion Middleware Control to administer Oracle Directory Integration Platform:

1. Connect to Oracle Enterprise Manager Fusion Middleware Control. The URL is of

the form: https:host:portem Note: Prior to 11g Release 1 11.1.1, the Oracle Directory Integration Platform was graphically administered by using the Oracle Directory Integration Server Administration tool. This tool is no longer available with the Oracle Directory Integration Platform. To graphically administer the Oracle Directory Integration Platform in 11g Release 1 11.1.1 you must use Oracle Enterprise Manager Fusion Middleware Control. 3-2 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform 2. In the left panel topology tree, expand the farm, then Identity and Access. Alternatively, from the farm home page, expand Fusion Middleware, then Identity and Access. Oracle Directory Integration Platform components are listed in both places. To distinguish one component from another, move the mouse over the component name and view the full name of the component in the tool tip. 3. Select the Oracle Directory Integration Platform component you want to manage. 4. Use the DIP Server menu to select tasks. You can use the DIP Server menu to navigate to other Fusion Middleware Control pages for Oracle Directory Integration Platform.

3.1.1.1 The Oracle Directory Integration Platform Home Page

The Home Page for Oracle Directory Integration Platform in Oracle Enterprise Manager Fusion Middleware Control provides statistics and information about the component, including: ■ The status of Oracle Directory Integration Platform components, such as the Quartz Scheduler and MBeans. ■ The amount of CPU and memory being utilized. ■ Information about existing Synchronization Profiles, including name, status, average execution time, and successful and failed propagation of changes. ■ Information about existing Provisioning Profiles, including name, status, average execution time, and successful and failed propagation of changes.

3.1.2 Using Oracle Internet Directory Self-Service Console

The Oracle Internet Directory Self-Service Console enables you to delegate administrative privileges to various administrators and to users. It is a ready-to-use standalone application created with Oracle Delegated Administration Services that provides a single graphical interface for delegated administrators and users to manage data in the directory. The Oracle Internet Directory Self-Service Console enables both administrators and users, depending on their privileges, to perform various directory operations. In an integrated deployment, the Oracle Internet Directory Self-Service Console is primarily used for customizing realm parameters.

3.1.3 Using Oracle Internet Directory Provisioning Console

The Oracle Internet Directory Provisioning Console provides a single graphical interface for administrators to provision users in Oracle Internet Directory. The Provisioning Console was created with Oracle Delegated Administration Services, and works alongside the Oracle Internet Directory Self-Service Console. Note: Oracle Directory Integration Platform 11g Release 1 11.1.1 interoperates with and supports Oracle Delegated Administration Services release 10.1.4.3.0. See Also: Oracle Fusion Middleware Guide to Delegated Administration for Oracle Identity Management Administering Oracle Directory Integration Platform 3-3

3.2 Command-Line Tools for Administering Oracle Directory Integration Platform

The following command-line tools, located in the ORACLE_HOMEbin directory, are available for administering Oracle Directory Integration Platform: ■ dipStatus: Allows you to check the status of Oracle Directory Integration Platform and whether or not it is registered. Refer to Viewing the Status of Oracle Directory Integration Platform Using the dipStatus Utility on page 4-3 for more information. ■ manageDIPServerConfig: Manages Oracle Directory Integration Platform configuration settings including refresh interval, Oracle Internet Directory port number, keystore location and password, and the number of scheduler threads. Refer to Managing Oracle Directory Integration Platform Using manageDIPServerConfig on page 4-8 for more information. ■ manageSyncProfiles: Manages Oracle Directory Integration Platform synchronization profiles. Refer to Managing Synchronization Profiles Using manageSyncProfiles on page 7-15 for more information. ■ syncProfileBootstrap: Performs the initial migration of data between a connected target directory and Oracle Internet Directory based on a synchronization profile or LDIF file. Refer to Directory Bootstrapping Using syncProfileBootstrap on page 8-1 for more information. ■ expressSyncSetup: Creates profiles for standard LDAP directories using prepackaged templates based on the directory type. Refer to Creating Import and Export Synchronization Profiles Using expressSyncSetup on page 17-2 for more information. ■ provProfileBulkProv: Performs initial migration of data from an LDIF file to Oracle Internet Directory for a provisioning profile. Refer to Bulk Provisioning Using the provProfileBulkProv Tool on page 12-7 for more information. Note: Oracle Directory Integration Platform 11g Release 1 11.1.1 interoperates with and supports Oracle Delegated Administration Services release 10.1.4.3.0 and higher. See Also: Oracle Fusion Middleware Guide to Delegated Administration for Oracle Identity Management Notes: ■ Best security practice is to provide a password only in response to a prompt from the command. ■ You must set the WLS_HOME and ORACLE_HOME environment variables before executing any of the Oracle Directory Integration Platform commands ■ Refer to the command-specific sections throughout this document and the Oracle Identity Management User Reference for additional information on each of the tools described in the following list.