4-10 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory ContainerDN An optional parameter, ContainerDN identifies the containers the VirtualAttribute plug-in applies to. The VirtualAttribute plug-in is applicable for all entries under the containerDN which match the filter specified by the matchFilter parameter. This parameter can be repeated to specify multiple containerDNs. This parameter also restricts the VirtualAttribute plug-in to a certain branch within data exposed by the adapter. The default setting is , or DSE—that is, if you do not set the ContainerDN parameter, the VirtualAttribute plug-in searches the entire directory tree. MatchFilter An optional parameter, MatchFilter identifies the entries the VirtualAttribute plug-in applies to. The VirtualAttribute plug-in is applicable for all entries under containerDN that match the filter specified by the MatchFilter parameter. If you do not set the MatchFilter parameter, the VirtualAttribute plug-in is applicable for all the entries under the DNs identified by ContainerDN parameter. AddAttribute A list of attributes to add to the entry and a value to assign to these virtual attributes. If an attribute identified by the AddAttribute parameter already exists in the entry, the VirtualAttribute plug-in appends the specified values to the existing set of values. The value can be a constant, another attribute, or a combination of attribute values and constants. You can set the AddAttribute parameter multiple times for the VirtualAttribute plug-in. The value you set for the AddAttribute parameter must be mutually exclusive, that is, different, from the ReplaceAttribute. For example: ■ To add the values of the cn attribute to uid and displayName, set the value of the AddAttribute parameter to: uid=displayName=cn ■ To add the constant value Acme to the companyName attribute, set the value for AddAttribute parameter to: companyName=Acme ■ To add a combination of cn, sn, and dc values to the member attribute, set the AddAttribute parameter value to: member={cn=cn, sn=sn, dc=oracle, dc=com} ReplaceAttribute A list of attributes to add to the entry and a value to assign to these virtual attributes. If an attribute identified by the ReplaceAttribute parameter already exists in the entry, the VirtualAttribute plug-in replaces them using the value you supply. The value can be a constant, another attribute, or a combination of attribute values and constants. You can set the ReplaceAttribute parameter multiple times for the VirtualAttribute plug-in. The value you set for the ReplaceAttribute parameter must be mutually exclusive, that is, different, from the AddAttribute. For example: Note: At a minimum, you must set either the AddAttribute or ReplaceAttribute configuration parameter. Note: The curly braces {} are important. Understanding Oracle Virtual Directory Plug-Ins 4-11 ■ To replace the values of uid and displayName with the values of the cn attribute, the ReplaceAttribute parameter can be configured as: uid=displayName=cn ■ To replace the value of the companyName attribute with the constant value Acme, the ReplaceAttribute parameter can be configured as: companyName=Acme ■ You can replace the member attribute value with a combination of cn, sn, and dc values by configuring the ReplaceAttribute parameter as: member={cn=cn, sn=sn, dc=oracle, dc=com} RemoveAttributes Comma-separated list of attributes to virtually remove from entries that satisfy the MatchFilter under the specified ContainerDN.

4.2.6.2 Example VirtualAttribute Plug-In Deployment

This section provides an example VirtualAttribute plug-in deployment. Assume the following VirtualAttribute plug-in configuration parameters are set: Assume the original entry to be processed is: dn: cn=john, dc=com cn: john cn: jsmith uid: 1234 certificate: selfsigned designation: SMTS title: Senior Software Engineer sn: smith objectclass: person objectclass: top The following shows how the VirtualAttribute plug-in transforms the original entry: After processing the AddAttributes configuration parameter, the entry is: dn: cn=john, dc=com cn: john cn: jsmith uid: 1234 uid: john uid: jsmith displayName: john displayName: jsmith certificate: verisign certificate: selfsigned Note: The curly braces {} are important. Configuration Parameter Value AddAttribute uid=displayName=cn AddAttribute certificate=Verisign AddAttribute member={cn=cn, sn=sn, dc=oracle, dc=com} ReplaceAttribute title=designation RemoveAttributes designation,uid 4-12 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory designation: SMTS title: Senior Software Engineer sn: smith objectclass: person objectclass: top member: cn=john, sn=smith, dc=oracle, dc=com member: cn=jsmith, sn=smith, dc=oracle, dc=com After processing the ReplaceAttributes configuration parameter, the entry is: dn: cn=john, dc=com cn: john cn: jsmith uid: 1234 uid: john uid: jsmith displayName: john displayName: jsmith certificate: verisign certificate: selfsigned designation: SMTS title: Senior Software Engineer sn: smith objectclass: person objectclass: top member: cn=john, sn=smith, dc=oracle, dc=com member: cn=jsmith, sn=smith, dc=oracle, dc=com After processing the RemoveAttributes configuration parameter, the entry is: dn: cn=john, dc=com cn: john cn: jsmith displayName: john displayName: jsmith certificate: verisign certificate: selfsigned title: Senior Software Engineer sn: smith objectclass: person objectclass: top member: cn=john, sn=smith, dc=oracle, dc=com member: cn=jsmith, sn=smith, dc=oracle, dc=com

4.2.7 Dump Transactions Plug-In

The Dump Transactions plug-in generates a record of all transactions for each LDAP operation and logs the record to the Oracle Virtual Directory console log. You can configure the Dump Transactions plug-in to run on any log level. The Dump Transactions plug-in is particularly useful for diagnosing mapping and integration efforts while logic flows through the Oracle Virtual Directory system. You can use the Dump Transaction plug-in to analyze issues on a specific adapter without setting the entire server log level to a more verbose level. Think of the Dump Transactions plug-in as a protocol analyzer for Oracle Virtual Directory.

4.2.7.1 Configuration Parameters

The Dump Transactions plug-in has the following configuration parameter: Understanding Oracle Virtual Directory Plug-Ins 4-13 loglevel The log level at which the plug-in logs transactions. Supported values are: SEVERE, WARNING, INFO, FINE, FINER, and FINEST. There is no default value.

4.2.8 DynamicTree Plug-In

The DynamicTree plug-in enables you to construct DNs in Oracle Virtual Directory using the attribute values of source directory entries that have parent entries which are real, virtual, or pointers to different real entries. This plug-in is useful for generating organization charts and reports in LDAP hierarchy format based on structural data contained in the source directory entry. The Dynamic Tree plug-in provides more flexibility than the DynamicEntry Tree plug-in because it enables you to browse the directory tree. Consider the following figures and examples. Figure 4–2 shows an example directory structure residing in the source directory: Figure 4–2 Example Directory Structure in Source Directory Figure 4–3 shows an example of how the DynamicTree plug-in, with the parentEntryType parameter set to 1 and the attributeName parameter set to parentou, transforms the source directorys flat hierarchy shown in Figure 4–2 into a layered hierarchy in Oracle Virtual Directory. Note: The DynamicTree plug-in is supported only for deployment on adapters—do not deploy the DynamicTree plug-in as a global plug-in. Note: In the following graphics, attribute values in the source directory appear in bold type. dc=oracle, dc=com ou=Software, dc=oracle, dc=com ou=Software ou=West, dc=oracle, dc=com ou=West parentou=Software ou=Development, dc=oracle, dc=com ou=Development parentou=West cn=Paul, ou=Development, dc=oracle, dc=com cn=Jane, ou=West, dc=oracle, dc=com