print Printer View e-mail E-mail this page Bookmark Bookmark
Oracle Application Server Logo

Oracle Internet Directory

July 2005

Summary
Oracle Internet Directory is an LDAP v3 service that combines the mission-critical strength of Oracle's database technology with the flexibility and compatibility of the LDAP v3 directory standard.  Oracle Internet Directory is a critical component of the Oracle Application Server 10g management and security infrastructure.  It is also tightly integrated with the Oracle Database 10g, making it the directory of choice for Oracle shops.  In addition, Oracle Internet Directory's scalability, high availability and security features make it the ideal customer choice for high-end carrier and online service provider implementations.

Product Overview
Oracle Internet Directory offers the flexibility and extensibility of LDAP along with the scalability and reliability of the Oracle10 g platform.  The Oracle Internet Directory server is implemented as an application running on the Oracle Database 10g.  Through its tight integration, Oracle Internet Directory effectively leverages the features of the Oracle platform to make it the compelling choice for mission-critical applications.

Within Oracle Application Server 10g, Oracle Internet Directory enables users to be created centrally and shared across components such as Oracle Application Server 10 g Portal and Oracle Collaboration Suite.  When users log in, they are authenticated once by the Oracle Application Server 10g Single Sign-on Server against their Oracle Internet Directory credential, and can thereby access multiple applications seamlessly.

Scalability
Oracle Internet Directory exploits the massive strengths of Oracle Database 10g, enabling support for huge enterprise and Internet-scale directory applications.  Like the database underneath it, Oracle Internet Directory scales to support terabytes of real-world directory information on a single server.  In addition, technologies such as multi-process and multi-threaded LDAP processes and database connection pooling allow it to support tens of thousands of concurrent client requests while maintaining millisecond response times.

Oracle Internet Directory also supports LDAP referral objects, which enable the physical partitioning of directories.  An administrator embeds pointers which connect the various partitions so that each can be accessed from the other.  Partitioned directories allow delegated administration of the physical directory segments, while maintaining a logically contiguous view of the directory as whole. This is a critical feature for service providers and enterprises hosting a large directory for a federation of smaller, autonomous organizations.

Oracle Internet Directory provides data management tools for manipulating huge volumes of LDAP data.  For example, with the Oracle Internet Directory bulk loader (based on SQL*Loader), administrators can populate a million user-entry directory in about one hour.

High availability
Oracle Internet Directory has been designed to meet the needs of mission-critical deployments.  The underlying Oracle Database 10g running with large data stores and heavy loads can recover from system failures in a matter of seconds.  In addition, Oracle Internet Directory supports all Oracle 10g high-availability solutions and techniques, including hot backups, clustered "logical hosts", Real Application Clusters, failover, and full multi-master replication.  This means if one server in a clustered or replicated community is unavailable for any reason, end users can continue to work and administrators can administer the directory from any other server.  Administrators can even perform functions such as directory user administration, schema extensions and entry modifications. For in depth descriptions of supported High Availability topologies refer to the Oracle Application Server High Availability Guide

Security
Oracle Internet Directory offers comprehensive and flexible support for directory access control.  This includes entry level, attribute level, and prescriptive access control to provide varying levels of security to custom fit enterprise and service provider needs.  An administrator can grant or restrict access to a specific directory attribute, entry, group, or naming context.  Oracle Internet Directory implements three levels of user authentication: anonymous, password-based, and certificate-based using Secure Sockets Layer (SSL) v3 for authenticated access and data privacy.

Oracle Internet Directory offers sophisticated password policy management capabilities (e.g., control over expiration times and password length) and the ability to store passwords using a variety of hashing schemes.  These features allow administrators to define consistent security policies across applications and easily share passwords with other systems.

Directory Integration
Oracle Internet Directory includes the Oracle Directory Integration Platform, which enables customers to synchronize data between various directories and Oracle Internet Directory.  The Oracle Directory Integration Platform is a set of services and interfaces which makes it possible to develop synchronization solutions with other enterprise repositories. It can also be used to provide Oracle Internet Directory interoperability with third party metadirectory solutions.  Oracle Internet Directory includes agents for out-of-the-box synchronization with Oracle Human Resources, Oracle Database, as well as agents for synchronizing information with select third-party LDAP servers, such as SunOne/iPlanet Directory Server and Microsoft Active Directory.

With the Oracle Directory Integration Platform, customers can build a single enterprise directory with global directory entries containing data from such diverse sources as Human Resources applications, LDAP directories, and other data repositories. Oracle Directory Integration Platform uses Oracle Internet Directory as the central enterprise directory for both user and configuration data.

Integration with the Oracle Environment
Oracle Internet Directory provides the directory backbone for a variety of Oracle products, including Oracle Application Server 10g and Oracle Advanced Security Option.  It is also the preferred product for storing Oracle database service names and is replacing Oracle Names for this purpose.

Oracle Internet Directory includes Oracle Directory Manager, a Java-based graphical directory administration tool. Together with Oracle Enterprise Manager, Oracle Directory Manager is used for managing and administering directory information from anywhere in the distributed  environment.  It also manages directory schema and access control information. 

Oracle Internet Directory also includes the Self-Service Console, an easy-to-use, web-based interface which allows end users and application administrators to search for and manage data in the directory.  Another component of the Oracle Internet Directory is the Delegated Administration Service. This console provides Oracle Application Server 10g application administrators with a means of provisioning end users in the Oracle environment.  Oracle Internet Directory also enables components of Oracle Application Server 10g to synchronize data about user and group events, so that those components can update user information stored in their local application instances.

Applications outside the Oracle Application Server 10g environment can track directory changes via the Oracle Internet Directory Provisioning Integration System, so that they can keep private user repositories synchronized with the data in the directory.

Applicaiton Deployment
Oracle Internet Directory supports the development of custom applications that make use of directory data, such as user identity and password.  Application development is facilitated through C and PL/SQL APIs, and JNDI.  In addition, Oracle Internet Directory provides a server side plug-in framework for applications that require customized server functionality, such as referential integrity of data.  The plug-in framework is delivered as a highly flexible PL/SQL interface, allowing user-defined operations to be invoked by the directory server before or after LDAP commands.

Availability
Oracle Internet Directory is available on all major platforms and is translated into all languages supported by Oracle Application Server 10g (9.0.4) and Applicaiton Server 10g Release 2 (10.1.2).

 

Technical Overview

Key Directory Features

  • X.500 information model
  • Extensible directory schema
  • Supports online changes to directory schema with no downtime
  • Implements relevant IETF Version 2 and 3 LDAP RFCs, including v3 referral object support
  • Multi-byte National Language and Unicode support
  • An Open Group LDAP 2000 Branded Server
  • Common Criteria Evaluations at EAL4

Performance

  • Scales to the capabilities of the Oracle Database 10g to support multi-terabyte data stores
  • Unique multi-threaded, multi-process LDAP processes and database connection pooling to support thousands of simultaneous clients
  • Delivers millisecond response time independent of data size
  • Supports server-side entry caching to improve search performance

Security

  • Fine-grained ACL control:
    • Per Entry 
    • Per Attribute
    • By Group Membership
    • Prescriptive (Naming Context)
    • By Mode of Authentication 
  • Configurable SSL v3 data privacy
  • Supports anonymous, password-based and certificate-based user authentication
  • Strong authentication via X.509 v3 digital certificates for PKI implementations 
  • Proxy capabilities enable middle-tier applications to access the directory "on behalf of" end user communities

Replication and High Availability

  • Multi-master replication using Oracle 10g Replication
  • Fan-Out replication based on LDAP v3 Protocol
  • OracleAS cluster
  • Distributed OracleAS cluster

Administration

  • Oracle Directory Manager, a Java-based GUI directory administration based on Oracle Enterprise Manager framework
  • Command-line tools for standard LDAP operations and replication administration
  • Specialized tools for bulk loading and exporting of LDIF data
  • Delegated Administration Service which enables end users and departmental or application administrators to create and update directory information

Requirements

Consult the specific OS system installation guide

Related products

  • Oracle Identity Management
  • Oracle Advanced Security

Getting started

To order Oracle Internet Directory, please visit the Oracle Store .

 

Top of Page

 

Oracle Corporation
World Headquarters
500 Oracle Parkway
Redwood Shores, CA 94065

Worldwide Inquiries:
+1.650.506.7000
Fax +1.650.506.7200
http://www.oracle.com/

Copyright © Oracle Corporation 2005
All Rights Reserved

This document is provided for informational purposes only,
and the information herein is subject to change
without notice.  Please report any errors herein to
Oracle Corporation.  Oracle Corporation does not provide
any warranties covering and specifically disclaims any
liability in connection with this document.

Oracle is a registered trademark of Oracle Corporation.

All other company and product names mentioned are used
for identification purposes only and may be trademarks of
their respective owners.

E-mail this page
Printer View Printer View
Oracle Is The Information Company About Oracle | Oracle RSS Feeds | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Privacy