Visibility Understanding Routing Settings

Understanding Oracle Virtual Directory Routing 3-9 adapters working together to form a single directory tree branch. Rather than publish the parent and all of the child adapters in namingcontexts, you can publish just the root adapter since the whole logical tree is implied and publishing the child adapters would be redundant or confusing to applications. Internal An Internal adapter is an adapter that is only available to plug-ins and Join View adapters running inside of Oracle Virtual Directory. Internal adapters are not available for use by external LDAP clients. An example of this is an adapter configured for use by a Join View adapter. Rather than publish information twice in the external virtual directory, the primary and joiner adapters can be marked as internal so that only the Join View Adapter may access the information defined in these adapters.

3.2.7 Bind Support

The Bind Support option indicates whether the adapter can process LDAP bind operations. If the adapter does not support a bind function, Oracle Virtual Directory attempts to obtain the userPassword attribute from the entry corresponding to the DN specified and performs a local password compare operation. This is equivalent to having the Pass-through Mode setting set to Never in an LDAP Adapter. Enable the Bind Support setting when defining Custom Adapters that may or may not support a bind operation.

3.2.8 Criticality

When a search operation with an adapter fails due to a host error, Oracle Virtual Directory reacts according to the Criticality setting. The following is a list and brief description of each of the Criticality settings: True The default setting, which indicates that if the adapter fails to return a result, for example, due to an operations error or when all remote hosts have failed, Oracle Virtual Directory causes the overall search operation to fail and returns a DSA Unavailable error to the client regardless of whether data was found in any other adapter or not. False This setting instructs Oracle Virtual Directory that the failure to perform an operation in the adapter is not critical to the overall result. If a non-critical adapter incurs an operations error, than the result is simply omitted from the overall LDAP search results and Oracle Virtual Directory returns partial results from any other adapters and does not indicate any error. Partial Setting the adapter criticality to Partial means the application can notify its own users that partial results were obtained. When an error occurs, Oracle Virtual Directory returns an Admin Limit Exceeded error. While this is not the expected error, the intention of this setting is to cause client application logic to indicate that not all results are shown. Note: The Criticality options are listed in the Oracle Directory Services Manager interface in English only, however the description of the Criticality field is supported in localized language translations. 3-10 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory

3.2.9 Views

Views allow applications to see different information in Oracle Virtual Directory. Views are defined by the distinguished names DN and IP addresses configured for the View. If an Adapter is enabled for a View, then only the DNs or IP Addresses configured in the View may see data from that Adapter. An Adapter can be enabled for one or more Views. A user that is a member of a View can only see information from Adapters that are enabled to the same View. To enable an Adapter for a View, in the Views section on the adapter’s Routing tab, select the Enable option for the appropriate View. If an Adapter is not enabled for a View, it is part of the default View. Any client not assigned to a View may see any Adapter that is part of the default View.

3.2.9.1 Creating and Configuring Views

Perform the following steps to create and configure a View: 1. Log in to Oracle Directory Services Manager.

2. Select Advanced from the task selection bar. The Advanced navigation tree

appears.

3. Expand the Server Views entry in the tree. The list of existing Views appear.

To create a View: a. Click the Add New View button. The Add New View dialog box appears. b. Enter a name for the View in the View Name field and click the OK button to create the new View. The new View appears in the list of existing Views. Perform the following steps to configure a View. To configure a View: a. Click the name of the View to configure in the list of existing Views. A screen appears where you can configure the DNs and IP Addresses for the View. To add a DN or IP address to the View, click the create button in the appropriate field, enter a value, and click the Apply button. To delete a DN or IP address from the View, select the value you want to delete and click the Delete button.

3.2.10 Include Binds From and Exclude Binds From

The Include Binds From and Exclude Binds From settings allow the administrator to indicate adapters which can share each others credentials. The Include Binds From and Exclude Binds From settings also help the adapter determine whether the user credentials or the adapters proxy account should be passed through on an operation. For example, consider different LDAP Adapters proxying two different domain controllers within a Microsoft Active Directory forest. To Oracle Virtual Directory, a user credential from one domain does not appear to be part of another domain. Also, because both domains are from the same forest, you know that the second domain can in fact accept a credential from another domain. The Include Binds From and Exclude Binds From settings allow the administrator to instruct Oracle Virtual Directory on how to handle these situations. When deciding whether a user credential can be passed through, Oracle Virtual Directory considers the following two conditions: ■ whether the supplied credentials are under the current adapter root