5-78 Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation LDAP Container Object Class This is the type of the User Federation Record Context class that Oracle Identity Federation should use when creating the LDAP container, if one does not already exist. If this field is empty, its value will be set to applicationProcess. For Microsoft Active Directory, this field has to be set to container for example depending on the user federation record context since applicationProcess will not work under Microsoft Active Directory. To see how these fields are related, note that the user federation record context references the LDAP container entry under which federation records will be stored, and the LDAP container object class defines the LDAP container attribute used in the DN. In the user federation record context, you specify the DN of the container where the federation records will be stored. That DN contains the parent of an already existing container, and an attribute of the federation record context that is part of its object class. For example, if the container parent is dc=us,dc=oracle,dc=com and the record context attribute is cn=orclfed, the requirement that cn must be an attribute of the object class set in the LDAP container object class field or the applicationProcess object class if not set ultimately produces a DN such as: cn=orclfed,dc=us,dc=oracle,dc=com If you choose to express the DN of the Federation Record Context as ou=fed,dc=us,dc=oracle,dc=com, you will need to set the LDAP Container Object Class to an object class that has ou as an attribute, like applicationProcess. And if the DN is: cn=fed,dc=us,dc=oracle,dc=com then the LDAP Container Object Class must define the cn attribute. Here are examples of the LDAP Container Object Class for different types of directory servers: ■ Oracle Internet Directory: empty ■ Sun Java System Directory Server: empty ■ Microsoft Active Directory: container Maximum Connections This is the maximum number of LDAP connections that Oracle Identity Federation will simultaneously open to the LDAP server. Connection Wait Timeout This is the timeout, in minutes, to use when Oracle Identity Federation opens a connection to the LDAP server.

5.13.2.3 Configuring Oracle Identity Federation for an XML Federation Data Store

Follow these steps to configure Oracle Identity Federation to use an XML file as the federation data sore.