Click the Create button. The Join Rule dialog box appears.

12-32 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory Local Store Adapter Routing as Join View Adapter’s Local Store Directory If you are using a Local Store Adapter as the local store directory for the Join View Adapter you may want to adjust the Local Store Adapter’s routing settings also. Modify the Storable Attributes routing setting for the Local Store Adapter so that only the attributes that are to be written locally are listed. Include the unique key attribute used in the join rule and include the vdeprimaryref attribute. Optionally, set the Visibility routing setting to Internal for the if you do not want it to be seen by LDAP clients.

12.4.1.3 Configuring Adapter Plug-ins and Mappings

After you create the adapter you can apply Plug-ins and Mappings to the adapter by clicking the adapter name in the Adapter tree, clicking the Plug-Ins tab, and referring to Managing Adapter Plug-ins on page 13-1 and Applying Mappings to Adapters on page 14-3.

12.4.2 Configuring a Shadow Join View Adapter for Oracle Internet Directory

The following steps are an overview of the process for configuring a Join View Shadow Adapter for use with Oracle Internet Directory: On Oracle Internet Directory: 1. Extend the Oracle Internet Directory schema to add support for shadow objectsattributes using the following steps: a. Create an LDIF file with the following information: dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: 1.3.6.1.4.1.17119.1.0.1 NAME vdeprimaryref EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: 1.3.6.1.4.1.17119.1.1.1 NAME vdeShadowObject SUP top STRUCTURAL MUST vdeprimaryref b. Use the Oracle Internet Directory ldapmodify tool to import the LDIF file, for example: ldapmodify -h ORACLE_INTERNET_DIRECTORY_HOST -p ORACLE_INTERNET_DIRECTORY_PORT -D bindDN -q -v -f PATH_TO_LDIF_FILE 2. Create a cn=shadowentries orclcontainer object to store the shadow entries in a branch that is separate from normal users to avoid confusing the shadow entries with any other normal user entries. On Oracle Virtual Directory: 1. Create an LDAP Adapter that connects to the Oracle Internet Directory branch you created in Step 2 and set the visibility to internal because only the Shadow Join must access it. 2. Add vdeprimaryref,uid followed by comma separated list of attributes you want to store in the shadow entry to the Storeable Attributes field. Replace uid Creating and Configuring Oracle Virtual Directory Adapters 12-33 with the name of the attribute you can use to identify the entry if the DN changes in the primary adapter. An example may look like: vdeprimaryref,uid,cn,obpasswordhistory

3. Set the primary adapters visibility to internal as the Shadow Join will be the

visible entry to LDAP clients. 4. Create a new Join View Adapter and set the bind adapter to be the primary adapter. 5. Create a new Shadow Join rule as follows: a. Set the joined adapter to be the shadow LDAP Adapter you created in Step 1. b. Set uid as the condition value, replacing uid with proper value if you are using another attribute as the primary key attribute for the entry. After completing these steps, when you update the entry exposed through the Join View: ■ Oracle Virtual Directory determines which attributes must be written to the primary adapter and to the Shadow LDAP. ■ When Oracle Virtual Directory writes to the Shadow LDAP it first checks to make sure the shadowed entry exists in the LDAP server by checking for the vderef attribute and then the condition attribute value. If Oracle Virtual Directory does not find an entry, it creates the entry then updates the attributes. ■ An LDAP client sees a complete entry with all of the attributes when it connects to Oracle Virtual Directory after the update is complete.