Understanding the Directory Tier
1.5.1 Understanding the Directory Tier
The directory tier is in the Intranet Zone. The directory tier is the deployment tier where all the LDAP services reside. This tier includes products such as Oracle Internet Directory and Oracle Virtual Directory. The directory tier is managed by directory administrators providing enterprise LDAP service support. The directory tier is closely tied with the data tier. Access to the data tier is important for the following reasons: ■ Oracle Internet Directory relies on Oracle Database as its back end. ■ Oracle Virtual Directory provides virtualization support for other LDAP services or databases or both. In some cases, the directory tier and data tier might be managed by the same group of administrators. In many enterprises, however, database administrators own the data tier while directory administrators own the directory tier. Typically protected by firewalls, applications above the directory tier access LDAP services through a designated LDAP host port. The standard LDAP port is 389 for the non-SSL port and 636 for the SSL port. LDAP services are often used for white pages lookup by clients such as email clients in the intranet. The directory tier stores two types of information: ■ Identity Information: Information about users and groups ■ Oracle Platform Security Services OPSS: Information about security policies and about configuration. You must always store policy information in Oracle Internet Directory. You may store identity information in Oracle Internet Directory or in another directory such as Microsoft Active Directory. If you store the Identity details in a non-OID directory you can either use Oracle Virtual Directory to present that information or use Oracle Directory Integration Platform to synchronize the users and groups from the non-OID directory to Oracle Internet Directory. A split directory configuration is one where identity data is stored in multiple directories, possibly in different locations. Use this kind of deployment when you do not want to modify the existing Identity Store by extending the schema. In that case, deploy a new Oracle Internet Directory or ODSEE instance to store the extended attributes. Alternatively, you can use the Oracle Internet Directory instance deployed for Policy Store for this purpose. In this scenario, use Oracle Virtual Directory to present all the identity data in a single consolidated view that Oracle Identity Management components can interpret. Although you can use a single Oracle Internet Directory instance for storing both the identity and policy information, in some cases it might be required that you use two separate Oracle Internet Directory installations - one for the Policy Store and another for Identity Store. Examples include the following scenarios: ■ The throughput or enterprise directory requirements dictate separating out the two stores See Also: Configuring an Identity Store with Multiple Directories in Oracle Fusion Middleware Integration Overview for Oracle Identity Management Suite for information about configuring Oracle Virtual Directory in a split directory environment. 1-10 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management If you intend to separate your identity and policy information, you must create two separate clusters of highly available Oracle Internet Directory. These Oracle Internet Directory clusters can share the same machines but they should use separate Real Application Clusters databases as their data store. If you are using Oracle Internet Directory exclusively, you do not need to use Oracle Virtual Directory. This guide assumes that you are creating two virtual names: one for your Policy Store policystore.mycompany.com and one for your Identity Store idstore.mycompany.com. When using a single Oracle Internet Directory for both your identity and policy information, you can either create two virtual host names, both pointing to the same directory, or combine them into a single suitable virtual host name in the load balancer.1.5.2 Understanding the Application Tier
Parts
» Oracle Fusion Middleware Online Documentation Library
» What is an Enterprise Deployment? Terminology
» Understanding the Directory Tier
» Architecture Notes Understanding the Application Tier
» Architecture Notes Security Provisions
» Using This Guide Oracle Fusion Middleware Online Documentation Library
» Hardware Resource Planning Oracle Fusion Middleware Online Documentation Library
» Load Balancers Network Prerequisites
» Configuring Virtual Server Names and Ports on the Load Balancer
» Virtual IP Addresses Managing Oracle Fusion Middleware Component Connections
» Firewall and Port Configuration
» Directory Structure Terminology and Environment Variables
» Recommended Locations for the Different Directories
» WebLogic Domain Considerations Real Application Clusters
» Creating Database Services for 11.2.x Databases Database Tuning
» RCU Example Executing the Repository Creation Utility
» Introduction Using this Guide Software Installation Summary
» Installation Installing Oracle HTTP Server
» Installing Oracle Fusion Middleware Components Installing Oracle Fusion Middleware Home
» Installing JRockit Installing Oracle Identity Management
» Upgrading the Oracle Homes for Oracle Identity Management from 11.1.1.2 to 11.1.1.5
» Installing the Oracle SOA Suite
» Installing Oracle Identity and Access Management
» Validating the Installation Backing up the Web Tier Configuration
» Enabling ADMINVHN on IDMHOST1 Running the Configuration Wizard on IDMHOST1 to Create a Domain
» Failing over the Administration Server to IDMHOST2
» Failing the Administration Server Back to IDMHOST1
» Configuring the First Oracle Internet Directory Instance
» Configuring an Additional Oracle Internet Directory Instance
» Registering Oracle Internet Directory with the WebLogic Server Domain
» Extending the Oracle WebLogic Domain with Oracle Directory Integration Platform and ODSM
» Installing and Configuring Oracle Directory Integration Platform and ODSM on IDMHOST2
» Provisioning the Managed Servers in the Managed Server Directory
» Validating Oracle Directory Services Manager Validating Oracle Directory Integration Platform
» Backing Up the Application Tier Configuration
» Configuring the First Oracle Virtual Directory Instance
» Configuring an Additional Oracle Virtual Directory
» Registering Oracle Virtual Directory with the Oracle WebLogic Server Domain
» Creating Policy Store Users and the Policy Container
» Reassociating the Policy and Credential Store
» Extending Directory Schema for Oracle Access Manager
» Creating Users and Groups for Oracle Access Manager
» Creating Users and Groups for Oracle Adaptive Access Manager
» Creating Users and Groups for Oracle Identity Manager
» Creating Users and Groups for Oracle WebLogic Server
» Creating Access Control Lists in Non-Oracle Internet Directory Directories
» Extending Domain with Oracle Access Manager
» Removing IDM Domain Agent Propagating the Domain Changes to the Managed Server Domain Directory
» Changing Oracle Access Manager Security Model
» Configuring Oracle Access Manager by Using the IDM Automation Tool
» Adding the oamadmin Account to Access System Administrators Validating Oracle Access Manager
» Setting up Keystore with the SSL Certificate and Private Key file of the Access Client
» Extending Domain for Oracle Adaptive Access Manager
» Prerequisites Loading Oracle Adaptive Access Manager Seed Data
» Backing Up the Application Tier Configuration Backing Up the Application Tier Configuration
» Prerequisites Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2
» Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite on IDMHOST1
» Propagating the Oracle Identity Manager and SOA Managed Servers to OIMHOST1 and OIMHOST2
» Prerequisites Configuring Oracle Identity Manager to Work with the Oracle Web Tier
» Configuring an IT Resource Instance for Email
» Creating and Importing New Rules
» Tuning Oracle Platform Security Backing Up the Application Tier Configuration
» Prerequisites Oracle Fusion Middleware Online Documentation Library
» Configuring Oracle Identity Federation on OIFHOST1
» Configuring Oracle Identity Federation on OIFHOST2
» Provisioning the Managed Servers on the Local Disk
» Validating Oracle Identity Federation Backing Up the Application Tier Configuration
» Generating Self-Signed Certificates Using the utils.CertGen Utility
» Configuring Node Manager to Use the Custom Keystores
» Starting Node Manager Configuring Managed WebLogic Servers to Use the Custom Keystores
» Configuring Server Migration Targets Click the Migration tab.
» Updating Existing LDAP Users with Required Object Classes
» Integrating Oracle Access Manager with Oracle Identity Manager by Using idmConfigTool
» Updating Oracle Virtual Directory Authenticator Manually Creating CSF Keys
» Managing the Password of the xelsysadm User Validating Integration
» Validating Oracle Adaptive Access Manager
» Prerequisites Creating Oracle Directory Authenticator
» On the Configure Web Server screen, click Yes to automatically update the web
» Validating WebGate Validating the Oracle Access Manager Single Sign-On Setup
» Monitoring Oracle Virtual Directory
» Monitoring Oracle Directory Integration Platform
» Scaling Up the Directory Tier
» Click the SSL tab. Click Advanced. Set Hostname Verification to None. Click Save.
» Click Save. Oracle Fusion Middleware Online Documentation Library
» Patching an Oracle Fusion Middleware Source File Patching Identity Management Components
» Troubleshooting Oracle Internet Directory
» Troubleshooting Oracle Virtual Directory
» Troubleshooting Oracle Directory Integration Platform
» Troubleshooting Oracle Directory Services Manager
Show more