Configuring High Availability for Identity Management Components 8-47 Figure 8–4 Oracle Virtual Directory in a Non-High Availability Architecture The Oracle Virtual Directory server is written in Java and internally it is organized into multiple layers. These layers are logical layers—Oracle Virtual Directory appears as a single complete service to the administrator and to clients.

8.4.1.1 Oracle Virtual Directory Runtime Considerations

OPMN is used to start, monitor, and manage the Oracle Virtual Directory process, and to restart the Oracle Virtual Directory process if it goes down. For information on using OPMNCTL to start and stop Oracle Virtual Directory instances, see Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory. OPMN invokes the JVM to start the VDEServer process with the required parameters. JVM parameters are configured in opmn.xml oracle.security.jps.config is used for the JPS Config File Location, vde.soTimeoutBackend is used to control orphan server connections. You can also use the Oracle Enterprise Manager Fusion Middleware Control to start and stop Oracle Virtual Directory instances. For information, see Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory. Except for JPS, which is installed when Oracle Virtual Directory is installed, Oracle Virtual Directory does not have external dependencies. It can run by itself. Oracle Virtual Directory can be configured to store LDAP objects in the local file system. This feature can be used by JPS and other components. Oracle Virtual Directory provides two types of listeners: LDAP and HTTP. Both listeners support SSLTLS on top of their basic protocols. The LDAP layer also provides the ability to support LDAP-SASL to support digital certificate authentication. The LDAPS protocols provide LDAPv2v3 based services, and the HTTPS protocols provide one or more services such as DSMLv2, or basic white page functions provided by an XSLT enabled Web Gateway. Web Application Oracle Access Manager Oracle Oracle Virtual Directory Directory Client Applications Data Sources Portal Web Service Database 8-48 Oracle Fusion Middleware High Availability Guide Based on the nature of the operation, client connections can either be persistent or short-lived.

8.4.1.2 Oracle Virtual Directory Component Characteristics

This section describes the various configuration artifacts for Oracle Virtual Directory. The following Oracle Virtual Directory configuration files are located under ORACLE_ INSTANCE configOVDOVDComponentName: ■ server.os_xml: Oracle Virtual Directory provides the ability to regulate items such as the number of entries the server can return for an anonymous user or for an authenticated user. You can also limit inbound transaction traffic, which can be used to protect proxied sources from Denial Of Service attacks or to limit LDAP traffic to control access to a limited directory infrastructure resource. These properties and others are configured in server.os_xml. ■ listeners.os_xml: Oracle Virtual Directory provides services to clients through connections known as Listeners. Oracle Virtual Directory supports two types of Listeners: LDAP and HTTP. An Oracle Virtual Directory configuration can have any number of listeners or it can even have zero Listeners, thus restricting access to only the administrative gateway. Most Oracle Virtual Directory deployments will need no more than two HTTP Listeners and two LDAP Listeners, where one Listener is for SSL and one for non-SSL for each protocol. The Listener configuration file is listeners.os_xml. ■ adapters.os_xml: To present the single virtual directory view of data in multiple and various data repositories, Oracle Virtual Directory must connect to those repositories so it can virtualize the data and route data to and from the repositories. Oracle Virtual Directory uses adapters to connect to its underlying data repositories. Each adapter manages a namespace in the directory identified by a specific parent distinguished name DN. There is no limit to how many adapters you can configure. You can also combine and overlap adapters to present a customized directory tree. The adapters configuration file is adapters.os_xml. ■ acls.os_xml Oracle Virtual Directory provides granular access controls that can be applied uniformly across all connected data stores and which are compliant with the Internet Engineering Task Forces RFC 2820, Access Control Requirements for LDAP. The access control rules are modeled on the IETFs internet draft titles LDAP Access Control Model for LDAPv3, March 2, 2001 draft. Oracle Virtual Directory provides virtualized abstraction of one or more enterprise data sources into a single directory view. Accordingly, Access Control Lists ACLs and adapter namespaces are independent of each other. Removing all entries in a namespace, or changing the root value of an adapter, will not effect ACLs Note: For information on configuring a No-Authorization SSL connection between Oracle Virtual Directory and a proxy LDAP directory, see Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory. The procedure described in that manual can be used for any proxy LDAP directory configured to support anonymous ciphers. Configuring High Availability for Identity Management Components 8-49 automatically. ACLs and adapter namespaces must be configured independently of each other. The ACL configuration file is acls.os_xml. Oracle Virtual Directory instance-specific data is stored in the ORACLE_INSTANCE home. The wallet is also stored in the instance home. If a single Oracle Virtual Directory instance fails, use OPMN to restart the instance.

8.4.1.2.1 Oracle Virtual Directory Log File The log files for an Oracle Virtual Directory

instance are stored in the following directory in the instance home: ORACLE_INSTANCE diagnosticslogsOVDOVDComponentName For more information on using the Oracle Virtual Directory log files to troubleshoot Oracle Virtual Directory issues, see Section 8.4.6, Troubleshooting Oracle Virtual Directory High Availability .

8.4.2 Oracle Virtual Directory High Availability Concepts