9-6 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory Table 9–1 Configuration Parameters for Settings Group in ODSM Category Setting Description Schema Schema Files Use the Schema Files section to identify the files Oracle Virtual Directory uses to define its schema. The Available Files field lists all available schema files that contain schema definitions. The Selected Files field lists the files that Oracle Virtual Directory uses to verify that LDAP entries conform to schema definitions. Oracle Virtual Directory verifies LDAP entries against the files listed in the Selected Files field only when the Enable Schema Checking option is selected. To move files between the Available Files and Selected Files fields, select one or more files, then use the appropriate Move or Remove arrow buttons to move the file. Oracle Virtual Directory verifies LDAP entries against the files in the Selected Files field in the sequence, or order, in which they appear in the field. Each file is used for verification in descending order from top to bottom, with each file overriding the previous one when conflicts occur. You can change the sequence, or order, in which the files are used for verification by selecting a file name in the Selected Files field and then using the up and down arrow buttons to the right of the Selected Files field to change the order. Typically, the last file identified is schema.user.xml. Any and all changes to schema are applied to the schema.user.xml file to ensure standard files, such as schema.core.xml, remain unchanged between releases, but can also be virtually modified by having the changes in schema.user.xml override default-shipped schema in schema.core.xml. If you are installing a manufacturer supplied schema in DSML form, identify this file in the second to last file in the list of schema files. This protects the distributed manufacturer file from modification while allowing local customization, which is then stored in schema.user.xml. The following is a list of the default schema files: ■ schema.core.xml ■ schema.cosine.xml ■ schema.inetorgperson.xml ■ schema.nis.xml ■ schema.dyngroup.xml ■ schema.java.xml ■ schema.diameter.xml ■ schema.eus.xml ■ schema.user.xml Enable Schema Checking Select the Enable Schema Check option to enable Oracle Virtual Directory to check LDAP entries for conformance against the schema definitions contained in the files listed in the Schema Files section. Oracle suggests disabling the Enable Schema Check option only when an external method of schema checking will be used. Configuring and Managing the Oracle Virtual Directory Server 9-7 Access Control Enable Access Control Select the Enable Access Control option to enable Oracle Virtual Directory to enforce access controls as defined in the access control file. Access Control File Identify the file that stores Oracle Virtual Directory’s Access Control Lists ACL. Server Root Adapter Root DN Enables you to relocate the Oracle Virtual Directory Root DSE entry base= to another location in the virtual directory tree. Relocating the DSE is most commonly performed when you must proxy another servers root entry to replace Oracle Virtual Directorys root entry, usually when you want to make Oracle Virtual Directory appear to be another directory server. This can be useful when the application is making assumptions about the directory. After Oracle Virtual Directorys root entry is renamed from , you can replace it by creating an LDAP Adapter with a remote base of and setting the local root as . If you do this, you should also set Routing Levels to 0 for the LDAP Adapter so that Oracle Virtual Directory only tries to query the Root Entry of the remote server specifically when its root is queried. If you do not set Routing Levels to 0, the remote server receives queries for all requests received by Oracle Virtual Directory. Control Persistent Search Control Enables or disables Oracle Virtual Directory to support the persistent search control regardless of the adapters configured. Server Security Admin Group URL Enter the valid LDAP Admin Group URL used to connect to the Oracle Directory Services Manager Admin port. All users who match this URL can connect to the Admin port to manage Oracle Virtual Directory. configuration after restarting the Oracle Virtual Directory server. Table 9–2 Configuration Parameters for Quotas Group in ODSM Category Setting Description Search Limits Anonymous Enter the maximum number of entries to return for an anonymous client search. The default setting is 1000. Authenticated Enter the maximum number of entries to return for an authenticated user. An authenticated user is defined as a user bound to Oracle Virtual Directory. The Oracle Virtual Directory root account is exempt from this quota and the default setting is 10,000. Table 9–1 Cont. Configuration Parameters for Settings Group in ODSM Category Setting Description 9-8 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory

9.3 Configuring Oracle Virtual Directory Server Settings Using WLST

You can use the WebLogic Scripting Tool WLST at ORACLE_COMMON_ HOMEcommonbinwlst.sh to set Oracle Virtual Directory server settings as follows: Activity Limits Enforce Quotas Enables or disables quota enforcement on the Oracle Virtual Directory server. You must enable the Enforce Quota option to configure the Activity Limits parameters. Rate Determines the time durations in milliseconds of quota enforcement. For example, if you set Rate to 50000, the quotas are enforced for 50 seconds. After 50 seconds expires, the count of quota settings starts over at 0 and the quotas are enforced for another 50 second duration. The default value is 30000, or 30 seconds. Max Connections Enter the maximum number of client connections to allow. Max OpsCon Enter the maximum number of operations to allow for each connection. Max ConsSubject Enter the maximum number of connections to allow for each authenticated subject. Max ConsIP Address Enter the maximum number of connections to allow for each IP address connected to Oracle Virtual Directory. Inactive Connection Timeout Enter the maximum length of time in minutes that a client connection can remain inactive before Oracle Virtual Directory closes the connection. Exempt Subjects Add or delete subjects that are exempt from the quota enforcement. By default, users who have Oracle Directory Services Manager Administrator access typically cn=orcladmin are exempt from quota enforcement. Exempt IP Address Add or delete IP addresses that are exempt from the quota enforcement. Table 9–3 Configuration Parameters for Adapter SSL Settings Group in ODSM Setting Description Keystore Lists the names and locations of existing SSL keystores. Keystore Password Password for the keystore selected in the Keystore list. Trust Store Lists the names and locations of existing SSL trust stores. Trust Store Password Password for the trust store selected in the Trust Store list. Adapters Key Alias Lists the existing Java certificate aliases. Select an alias from the list to see its certificate details in the Selected Certificate Details table. This Adapter Key Alias control is for informational purposes only—it does not write any data. Selected Certificate Details Displays details about the Java certificate for the alias identified in the Adapter Key Alias list. Table 9–2 Cont. Configuration Parameters for Quotas Group in ODSM Category Setting Description Configuring and Managing the Oracle Virtual Directory Server 9-9 1. Connect to the WebLogic Admin Server. For example: connectusername, password,t3:host_name:Admin_Server_Port 2. Move to the Oracle Virtual Directory Root Proxy MBean node and initialize the MBean. For example: custom cdoracle.as.management.mbeans.register cdoracle.as.management.mbeans.register:type=component,name=OVD_COMPONENT_ NAME ,instance=INSTANCE_NAME invokeload,jarray.array[],java.lang.Object,jarray.array[],java.lang.Strin g 3. Move to the Oracle Virtual Directory Server configuration MBean. For example: cd.... cdoracle.as.ovdoracle.as.ovd:type=component.serverconfig,name=serverconfig,i nstance=INSTANCE_NAME,component=OVD_COMPONENT_NAME 4. Using the WLST ls command, you can see a list of attributes for the Oracle Virtual Directory server configuration MBean. Use the getATTRIBUTE_ NAME command to retrieve the current value for an attribute. For example, to retrieve the current value for MaxConnections, which is the maximum number of client connections to allow, execute the following: getMaxConnections Use the set command to update an attribute. For example, to update the value for the MaxConnections setting, execute the following: setMaxConnections, 3000 The following is a list of each Oracle Virtual Directory server configuration MBean attribute and an example command for setting them: ■ ACLCheck: setACLCheck,true ■ Anonymous: setAnonymous,2000 ■ Authenticated: setAuthenticated,20000 ■ DoSActive: setDoSActive,true ■ DoSRatePeriod: setDoSRatePeriod,20000 ■ ExemptIPAddresses: First on one command-line: invokeaddExemptIPAddress,jarray.array[java.lang.String127.0.0.1], java.lang.Object,jarray.array[java.lang.String],java.lang.String Then on one command-line: invokedeleteExemptIPAddress,jarray.array[java.lang.String127.0.0.1] ,java.lang.Object,jarray.array[java.lang.String],java.lang.String Note: Using the set command as shown in the preceding example saves the attribute setting to the MBean—you must perform step 5 in this procedure to save the changes to the Oracle Virtual Directory server. 9-10 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory ■ ExemptSubjects: First on one command-line: invokeaddExemptSubjects,jarray.array[java.lang.Stringcn=myuser], java.lang.Object,jarray.array[java.lang.String],java.lang.String Then on one command-line: invokedeleteExemptSubjects,jarray.array[java.lang.Stringcn=myuser], java.lang.Object,jarray.array[java.lang.String],java.lang.String ■ InactiveConnectionTimeout: setInactiveConnectionTimeout,50 ■ MaxConnections: setMaxConnections,50 ■ MaxConnectionsPerIP: setMaxConnectionsPerIP,20 ■ MaxConnectionsPerSubject: setMaxConnectionsPerSubject,20 ■ MaxOperationsPerConnection: setMaxOperationsPerConnection,10 ■ PersistentSearch: setPersistentSearch,false ■ TLSKeyStore: Read-only attribute ■ TLSTrustStore: Read-only attribute ■ TLSKeyStorePassword: setTLSKeyStorePassword,java.lang.StringPASSWORD.toCharArray ■ TLSTrustStorePassword: setTLSTrustStorePassword,java.lang.Stringwelcome1.toCharArray ■ SchemaCheck: setSchemaCheck,true ■ SchemaLocations: Add on one command-line: invokeaddSchemaLocation,jarray.array[java.lang.Stringschema.myschema. xml],java.lang.Object,jarray.array[java.lang.String],java.lang.String Delete on one command-line: invokedeleteSchemaLocation,jarray.array[java.lang.Stringschema.mysche ma.xml],java.lang.Object,jarray.array[java.lang.String],java.lang.Str ing 5. Save the changes to the Oracle Virtual Directory server and then refresh the MBean. For example: cd.... cdoracle.as.management.mbeans.register cdoracle.as.management.mbeans.register:type=component,name=OVD_COMPONENT_ NAME ,instance=asinst1 invokesave,jarray.array[],java.lang.Object,jarray.array[],java.lang.Strin g invokeload,jarray.array[],java.lang.Object,jarray.array[],java.lang.Strin g