Configuring Oracle Identity Federation 5-73 ■ User Description attribute - This is the human-readable LDAP attribute used to identify the owner of a federation record, for example uid. Here are examples of the User Description Attribute for different types of directory servers: – Oracle Internet Directory: uid – Sun Java System Directory Server: uid – Microsoft Active Directory: sAMAccountName ■ Person Object Class - Object classes define what data or attributes are associated with an object. A person object class refers to the attributes of a person object; in our context, it is the owner of a federated identity. A directory may utilize one or more object classes to hold person data names, addresses, and so on. Enter the LDAP object class representing an LDAP user entry in the server. Here are examples of the person object class for different types of directory servers: – Oracle Internet Directory: inetOrgPerson – Sun Java System Directory Server: inetOrgPerson – Microsoft Active Directory: user ■ Base DN - This is the directory to which the search for users should be confined. ■ Maximum Connections - This is the maximum number of LDAP connections that Oracle Identity Federation will simultaneously open to the LDAP server. ■ Connection Wait Timeout - This is the timeout, in minutes, to use when Oracle Identity Federation opens a connection to the LDAP server.

5.13.1.3 Configuring Oracle Virtual Directory as User Data Store

Oracle Identity Federation can be integrated with Oracle Virtual Directory; when using Oracle Virtual Directory as the user data store, ensure that the base DN, person object class, unique user id and user description attribute settings are valid for all directory structures connected to Oracle Virtual Directory.

5.13.1.4 Configuring a Redundancy User Data Store

Redundancy is supported for the user data stores; this section explains how to set up redundancy user data stores. There are two ways to set up redundancy user data stores:

1. In the user data store configuration, in the Server URL field, enter a list of

space-separated ldap URLs. For example: ldap:ldap1.oif.mycorp.com ldap:ldap2.oif.mycorp.com ldap:ldap3.oif.mycorp.com or 2. Set up a load balancer in front of the LDAP servers and set the ldaphaenabled property in Oracle Identity Federation configuration to true. For details about this task, see Section 6.4.1, Configuring High Availability LDAP Servers .

5.13.1.5 Configuring No User Data Store

You can configure Oracle Identity Federation not to use a user data store at runtime. In this configuration, the only user information available to the server is the user identifier: