11-28 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory -storepass JKS_PASSWORD -alias ALIAS -file b64certificate.txt -noprompt 5. Verify the SSL connection using the bind DN of the client certificate by executing the following command: ORACLE_HOME binldapbind -U 3 -h HOST -p SSL_PORT -W file:DIRECTORY_FOR_SSL_ WALLET -Q 12 Creating and Configuring Oracle Virtual Directory Adapters 12-1 12 Creating and Configuring Oracle Virtual Directory Adapters This chapter explains how to create and configure Oracle Virtual Directory adapters and includes the following topics: ■ Creating LDAP Adapters ■ Creating Database Adapters ■ Creating Local Store Adapters ■ Creating Join View Adapters The following table lists the available Oracle Virtual Directory adapter templates and which plug-ins are deployed by these templates. Note: This table is intended as a quick reference only. Be sure to read Section 2.9, Understanding Adapter Templates for detailed information about these adapter templates and plug-ins. Table 12–1 Adapter Templates Adapter Template Type Adapter Template Plug-In Deployed by Adapter Template Default Adapter Default Template LDAP Adapters Active_Directory CA_eTrust Changelog_LDAP-TYPE Changelog plug-in EUS_ActiveDirectory ■ Objectclass Mapper ■ Active Directory Password ■ EUSActiveDirectory EUS_OID EUSOID plug-in EUS_Sun ■ Objectclass Mapper ■ EUSun EUS_eDirectory ■ Objectclass Mapper ■ EUSeDirectory General_LDAP_Directory IBM_Directory 12-2 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory Novell_eDirectory OAMAD Adapter with Mapper ■ Active Directory Ranged Attributes ■ Objectclass Mapper ■ Active Directory Password ■ Dump Before ■ Dump After OAMAD Adapter with SSL, Mapper Adapter is hidden to clients by default. It is accessible only through plug-ins like the Active Directory Password plug-in. OAMAD Adapter with Script ■ Active Directory Ranged Attributes ■ Active Directory Password ■ Objectclass Mapper ■ Dump Before ■ Dump After OAMADAM Adapter with Mapper ■ Active Directory Ranged Attributes ■ Objectclass Mapper ■ Active Directory Password ■ Dump Before ■ Dump After OAMADAM Adapter with SSL, Mapper Adapter is hidden to clients by default. It is accessible only through plug-ins like the Active Directory Password plug-in. OAMADAM Adapter with Script ■ Active Directory Ranged Attributes ■ Active Directory Password ■ Dump Before ■ Dump After OAMSunOne Adapter with Mapper ■ Objectclass Mapper ■ Dump SunOne OAMSunOne Adapter with Script Dump Transactions plug-in ONames_LDAP-TYPE ONames plug-in Oracle_Internet_Directory Siemens_DirX SunOne_Directory User_LDAP-TYPE UserManagement plug-in Local Store Adapter Local_Storage_Adapter Table 12–1 Cont. Adapter Templates Adapter Template Type Adapter Template Plug-In Deployed by Adapter Template Creating and Configuring Oracle Virtual Directory Adapters 12-3

12.1 Creating LDAP Adapters

This topic explains how to create and configure LDAP Adapters and includes the following sections: ■ Configuring LDAP Adapters ■ Configuring a Mutual Authentication SSL Connection Between Oracle Virtual Directory and Oracle Internet Directory Perform the following steps to create LDAP Adapters using Oracle Directory Services Manager: 1. Log in to Oracle Directory Services Manager.

2. Select Adapter from the task selection bar. The Adapter navigation tree appears.

3. Click the Create Adapter button. The New Adapter Wizard appears.

4. Perform the following steps to define the Type of adapter:

a. Select LDAP from the Adapter Type list.

b. Enter a unique name for the LDAP Adapter in the Adapter Name field. The adapter name value is used in other configuration fields that must reference the adapter. c. Select an adapter template from the Adapter Template list by referring to Understanding Adapter Templates on page 2-28. Use the Default template if you are unsure which template to use.

d. Click Next. The Connection screen appears.

5. Select a DNS mode of operation from the Use DNS for Auto Discovery options to

configure Oracle Virtual Directory to use DNS to automatically discover the appropriate LDAP hosts for the remote base defined instead of configuring specific LDAP hosts in the Connection Details table. This is also referred to as serverless bind mode. The LDAP Adapter supports the following DNS modes of operation: ■ No : Use the Connection Details table configuration—no serverless bind. Database Adapter OAMDB Adapter with Script ■ DumpDB1 ■ DumpDB2 Note: After selecting an adapter template, Oracle Directory Services Manager populates default values for some adapter settings. You should alter these default settings according to your environment. Note: The DNS options are listed in the Oracle Directory Services Manager interface in English only, however the description for each DNS option is supported in localized language translations. Table 12–1 Cont. Adapter Templates Adapter Template Type Adapter Template Plug-In Deployed by Adapter Template 12-4 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory ■ Standard : Use standard DNS lookup for a non-Microsoft server. All servers are marked as readwrite, so enabling the Follow Referrals setting is advised to allow for LDAP write support. ■ Microsoft : The DNS server is a Microsoft dynamic DNS and also supports load-balancing configuration. If proxying to a Microsoft dynamic DNS server, this is the recommended setting because of Oracle Virtual Directorys ability to auto-detect readwrite servers compared to read-only servers.

6. If you selected the No option for the Use DNS for Auto Discovery setting, add the

proxy LDAP host information in the Connection Details table by clicking the Add Host button and then entering the following information. Each proxy LDAP host must provide equivalent content, that is, must be replicas. a. Enter the IP Address or DNS name of the LDAP host to proxy to in the Hosts field.

b. Enter the port number the proxied LDAP host provides LDAP services on in

the Port field.

c. Enter a number between 0 and 100 in the Weight Value field to configure the

load percentage to send to the host. If the combined percentages for all of the hosts configured for the adapter do not total 100, Oracle Virtual Directory automatically adjusts the load percentages by dividing the percentage you entered for a host by the total percentage of all hosts configured for the adapter. For example, if you have three hosts configured for the adapter at 20 percent, 30 percent, and 40 percent, Oracle Virtual Directory adjusts the 20 to 22 2090, the 30 to 33 3090, and the 40 to 44 4090.

d. Select the Read-only option to configure the LDAP Adapter to only perform

search operations on the LDAP host. The LDAP Adapter automatically directs all modify traffic to readwrite hosts in the list.

7. Select the Use SSLTLS option to secure the communication between the LDAP

Adapter and the proxy LDAP hosts using SSLTLS. Note: Remote base should have a domain component style name when using this setting, for example, dc=myorg,dc=com. This name enables Oracle Virtual Directory to locate the LDAP hosts within the DNS service by looking up myorg.com. Note: Be careful when specifying only a single host for proxying. Without a failover host, the LDAP Adapter cannot automatically fail over to another host. A single host is suitable when Oracle Virtual Directory is connected to a logical LDAP service through a load balancing system. Note: Oracle Virtual Directory 11g Release 1 11.1.1 supports IPv6. If your network supports IPv6 you can use a literal IPv6 address in the Hosts field to identify the proxied LDAP host. See: Managing Certificate Authorities for LDAP Adapters Secured by SSL on page 12-13 for information on Certificate Authorities. Creating and Configuring Oracle Virtual Directory Adapters 12-5 If you select enable the Use SSLTLS option, choose the SSL authentication mode to use for securing the adapter by selecting an option from the SSL Authentication Mode list. The SSL Authentication Mode setting is functional only when the Use SSLTLS option is enabled. 8. Enter the default distinguished name for the LDAP Adapter to bind with when accessing the proxied directory in the Server proxy Bind DN field. Depending on the setting in the Pass Through Credentials field, this DN is used for all operations, or only for exceptional cases such as pass-through mode. The form of the distinguished name must be in the form of the remote directory. The LDAP Adapter binds as Anonymous if the Server proxy Bind DN field is empty. 9. Enter the authentication password in clear text in the Proxy Password field to use with Server proxy Bind DN value. When loaded on the server, the value is automatically encrypted.

10. Click Next. Oracle Virtual Directory attempts to validate the connections to the

hosts you defined in the Connection Details table. The Test Connection screen appears displaying the results of the connection validation process. ■ Upon successful validations, a success message and the details for the connection appear. Click Next. The Name Space screen appears. Continue creating the New LDAP Adapter by advancing to step 11. ■ Upon failed validations, a Could not connect message appears in the Connection column in the status table for the host connections that could not be validated. Click in the row for the host connection that could not be validated to see more information about why the connection failed. Resolve the failed connections by clicking the Back button, reviewing the settings for the host where the connection failed, and then editing the host settings as needed. The connection to the proxy LDAP host must be validated for the adapter to proxy the LDAP host. Click Next on the Test Connection screen of the New LDAP Adapter Wizard after resolving the failed connection. The Name Space screen appears. Continue creating the New LDAP Adapter by advancing to step 11. 11. Enter the location in the remote server directory tree structure to which the local Oracle Virtual Directory root suffix corresponds in the Remote Base field. This is the location in the remote directory under which Oracle Virtual Directory executes all searches and operations for the adapter. The LDAP Adapter applies an automatic mapping of all entries from the remote base to the adapter root base. 12. Enter the namespace you want Oracle Virtual Directory clients to see for the proxied directory’s namespace in the Mapped Namespace field. For example, if the DN in the proxied directory is dc=oracle, dc=com and you want Oracle Virtual Directory clients to see the namespace as dc=Oracle Corp, dc=com, you would enter dc=Oracle Corp, dc=com in the Mapped Namespace field. 13. Set the pass-through credentials for the LDAP Adapter by selecting an option from the Pass Through Credentials list: Note: The pass-through options are listed in the Oracle Directory Services Manager interface in English only, however the description for each pass-through option is supported in localized language translations.