37-10 Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory orcloidscexthost: dlin-pc9.us.example.com - replace: orcloidscextport orcloidscextport: 3060 - replace: orcloidsctargetusercontainer orcloidsctargetusercontainer: cn=AD,cn=users,dc=us,dc=oracle,dc=com - replace: orcloidsctargetgroupcontainer orcloidsctargetgroupcontainer: cn=AD,cn=groups,dc=us,dc=oracle,dc=com - replace: orcloidscextusercontainer orcloidscextusercontainer: cn=users,dc=dlin,dc=net - replace: orcloidscextgroupcontainer orcloidscextgroupcontainer: cn=users,dc=dlin,dc=net - replace: orcloidscextsearchenabled orcloidscextsearchenabled: 1 - replace: orcloidscextmodifyenabled orcloidscextmodifyenabled: 1 - replace: orcloidscextauthenabled orcloidscextauthenabled: 1 - replace: orcloidscsslenabled orcloidscsslenabled:1 Active Directory with SSL Example The following example shows server chaining configured to use the Active Directory server ad.example.com, SSL port 3133, and the wallet located at adwalletewallet.p12. cn=oidscad,cn=OID Server Chaining,cn= subconfigsubentry orclOIDSCExtHost: ad.example.com orclOIDSCExtPort: 3060 orclOIDSCExtDN: cn=administrator,cn=users,dc=oidvd,dc=com orclOIDSCExtPassword: orclOIDSCExtUserContainer: cn=users,dc=oidvd,dc=com orclOIDSCTargetUserContainer: cn=AD,cn=users,dc=oracle,dc=com orclOIDSCTargetGroupContainer: cn=AD,cn=groups,dc=oracle,dc=com orclOIDSCExtSearchEnabled: 1 orclOIDSCExtModifyEnabled: 1 orclOIDSCExtAuthEnabled: 1 orclOIDSCSSLEnabled: 1 orclOIDSCExtSSLPort: 3133 orclOIDSCWalletLocation: adwalletewallet.p12 orclOIDSCWalletPassword: Perform the following steps to configure server chaining with SSL from the command line: 1. Configure Active Directory server chaining without SSL, as described in the previous section. 2. Create an LDIF file like the following to enable SSL connection to the external directory. Replace the values of orcloidscextsslport, Configuring Server Chaining 37-11 orcloidscwalletlocation and orcloidscwalletpassword with values that match the actual Active Directory server: dn: cn=oidscad,cn=oid server chaining,cn=subconfigsubentry changetype: modify replace: orcloidscsslenabled orcloidscsslenabled:1 - replace: orcloidscextsslport orcloidscextsslport: 3133 - replace: orcloidscwalletlocation orcloidscwalletlocation: adwalletewallet.p12 - replace: orcloidscwalletpassword orcloidscwalletpassword: passw0rd 3. To apply the changes, use a command line such as ldapmodify -p OID_port -h OID_host -D cn=orcladmin -q -v -f ldif_file_name Active Directory with New Attributes Example The attributes mapUIDtoADAttribute, showExternalGroupEntries, showExternalUserEntries, and addOrcluserv2ToADUsers have been added since Oracle Internet Directory 10g 10.1.4.0.1. To add these attributes to an existing Active Directory server chaining entry, modify the following LDIF file with the appropriate values: dn: cn=oidscad,cn=oid server chaining,cn=subconfigsubentry changetype: modify replace: mapUIDtoADAttribute mapUIDtoADAttribute: name - replace: showExternalGroupEntries showExternalGroupEntries: base - replace: showExternalUserEntries showExternalUserEntries: base - replace: addOrcluserv2ToADUsers addOrcluserv2ToADUsers: 0 Use a command line such as ldapmodify -p OID_port -h OID_host -D cn=orcladmin -q -v -f ldif_file_name to modify the configuration entry. Oracle Directory Server Enterprise Edition and Sun Java System Directory Server iPlanet Example The following example shows server chaining configured to use the Sun Java System Directory Server dlin-pc10.us.example.com, port 103060, as its external directory store. All the attributes are explained in Table 37–1 on page 37-6. cn=oidsciplanet,cn=OID Server Chaining,cn=subconfigsubentry orclOIDSCExtHost: dlin-pc10.us.example.com orclOIDSCExtPort: 10389 orclOIDSCExtDN: cn=directory manager