LDAP Tools Usage Oracle Fusion Middleware Online Documentation Library

9 Configuring and Managing the Oracle Virtual Directory Server 9-1 9 Configuring and Managing the Oracle Virtual Directory Server This chapter explains how to configure Oracle Virtual Directory server settings and includes the following topics: ■ Configuring Oracle Virtual Directory Server Properties Using Fusion Middleware Control ■ Configuring Oracle Virtual Directory Server Settings Using Oracle Directory Services Manager ■ Configuring Oracle Virtual Directory Server Settings Using WLST ■ Controlling the Maximum Heap Size Allocated to the Oracle Virtual Directory Server ■ Controlling Orphan Connections Caused by Remote Client or Server Failure ■ Managing Oracle Virtual Directory Libraries Using Oracle Directory Services Manager ■ Copying Configuration Files Between Oracle Virtual Directory Servers Using syncovdconfig

9.1 Configuring Oracle Virtual Directory Server Properties Using Fusion Middleware Control

Oracle Virtual Directory provides the ability to regulate items such as the number of entries the server can return for an anonymous user or for an authenticated user. You can also limit inbound transaction traffic to protect proxied sources from Denial Of Service attacks or to limit LDAP traffic to control access to a limited directory infrastructure resource. You can configure these properties and others on the Oracle Virtual Directory Server Properties page in Oracle Enterprise Manager Fusion Middleware Control. There are two tabs on the Server Properties screen: General and Change SuperUser Password . The General tab contains options to configure general server properties, such as quotas on activity limits, search settings, and schema and access control checks. You can use the Change SuperUser Password tab to change the password for the Oracle Virtual Directory superuser. The following are the procedures to configure the properties on each tab: 1. Log in to Oracle Enterprise Manager Fusion Middleware Control and navigate to the Oracle Virtual Directory target on which to configure the server settings. 9-2 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory

2. Select Administration and then Server Properties from the Oracle Virtual

Directory menu. The Server Properties screen appears. To configure general Oracle Virtual Directory server properties: 1. Click the General tab on the Server Properties screen. 2. Enable quota enforcement on the server by selecting the Enable Quota Enforcement option and entering the following information: ■ Enter the maximum number of client connections to allow in the Maximum Client Connections field. ■ Enter the maximum number of operations to allow for each connection in the Maximum Operations per Connection field. ■ Enter the maximum number of connections to allow for each authenticated subject in the Maximum Connections per Authenticated Subject field. ■ Enter the maximum number of connections to allow for each IP address connected to Oracle Virtual Directory in the Maximum Connections per IP Address field. ■ Enter the maximum length of time in minutes that a client connection can remain inactive before Oracle Virtual Directory closes the connection in the Maximum time period minutes field. ■ Add or delete IP addresses that are exempt from the quota checking in the Exempt IP addresses field. To add an IP address, enter the IP address in the Exempt IP Addresses field. To delete an IP address, select the IP address in the Exempt IP Addresses field and delete it. ■ Add or delete subjects that are exempt from the quota checking in the Exempt Subjects field. To add a subject, enter the subject in the Exempt IP Subjects field. To delete a subject, select the subject in the Exempt IP Subjects field and delete it.

3. Enter the maximum number of entries to return for an anonymous client search in

the Anonymous Search field. The default setting is 1000.

4. Enter the maximum number of entries to return for an authenticated user in the

Authenticated User Search field. An authenticated user is defined as a user bound to Oracle Virtual Directory. The Oracle Virtual Directory root account is exempt from this quota and the default setting is 10,000. Note: You must select the Enable Quota Enforcement option to configure the Activity Limits parameters. Note: Oracle Virtual Directory 11g Release 1 11.1.1 supports IPv6. If your network supports IPv6 you can use literal IPv6 addresses in the Exempt IP Addresses field to identify IP addresses that are exempt from quota enforcement. Note: By default, users who have Oracle Directory Services Manager Administrator access typically cn=orcladmin are exempt from quota checking. Configuring and Managing the Oracle Virtual Directory Server 9-3

5. Select the Enable Access Control Check option to enable Oracle Virtual Directory

to enforce access controls as defined in the access control file.

6. Select the Enable Persistent Search option to enable Oracle Virtual Directory to

support the persistent search control regardless of the adapters configured.

7. Select the Enable Schema Check option to enable Oracle Virtual Directory to

check LDAP entries for conformance against the schema definitions contained in the files listed in the Schema Locations field. Oracle suggests disabling the Enable Schema Check option only when an external method for schema checking will be used.

8. If the Enable Schema Check option is selected, Oracle Virtual Directory uses the

files that are listed in the Schema Locations field to verify that LDAP entries conform to schema definitions. Use this field to identify the files Oracle Virtual Directory uses to define its schema. Each file is applied in descending order from top to bottom, with each file overriding the previous one when conflicts occur. Typically, the last file identified is schema.user.xml. Any and all changes to schema are applied to the schema.user.xml file to ensure standard files, such as schema.core.xml, remain unchanged between releases, but can also be virtually modified by having the changes in schema.user.xml override default-shipped schema in schema.core.xml. If you are installing a manufacturer supplied schema in DSML form, identify this file in the second to last file in the list of schema files. This protects the distributed manufacturer file from modification while allowing local customization, which is then stored in schema.user.xml. The following is a list of the default schema files: ■ schema.core.xml ■ schema.cosine.xml ■ schema.inetorgperson.xml ■ schema.nis.xml ■ schema.dyngroup.xml ■ schema.java.xml ■ schema.diameter.xml ■ schema.eus.xml ■ schema.user.xml 9. Use the TLS Configuration section to: ■ Read the names of the adapter keystore and truststore. You cannot configure these values using Oracle Enterprise Manager Fusion Middleware Control. ■ Set the password for the adapter keystore and truststore.

10. Click Apply on the Server Configuration screen to apply your settings.

To change the password for the Oracle Virtual Directory superuser: 1. Click the Change SuperUser Password tab on the Server Properties screen. 2. Enter the existing superuser password in the Old Password field. 3. Enter the new superuser password in the New Password field.