ORACLE® INTERNET DIRECTORY  DATASHEET

Combining the flexibility of the Internet's LDAP Version 3 standard with the robustness of the Oracle database, Oracle Internet Directory provides a scalable, reliable and secure LDAP v3 directory service for mission critical applications.

SUMMARY
Oracle Internet Directory is an LDAP v3 service that combines the mission-critical strength of Oracle's database technology with the flexibility and compatibility of the LDAP v3 directory standard.  Oracle Internet Directory is tightly integrated with the Oracle management environment, making it the enterprise directory of choice for Oracle shops.  In addition, Oracle Internet Directory's scalability, high availability and security features make it the ideal customer choice for high-end carrier and online service provider implementations.

PRODUCT OVERVIEW
Oracle Internet Directory offers the flexibility and extensibility of the LDAP v3 Internet standard along with the scalability and reliability of the Oracle9i platform.  The Oracle Internet Directory server is implemented as an application running on the Oracle9i database.  Through its tight integration, Oracle Internet Directory effectively leverages the features of the Oracle platform to make it the compelling choice for mission-critical applications.

Oracle Internet Directory Architecture

SCALABILITY
Oracle Internet Directory exploits the massive strengths of Oracle9i, enabling support for huge enterprise and Internet-scale directory applications.  Like the database underneath it, Oracle Internet Directory scales to support terabytes of real-world directory information on a single server.  In addition, technologies such as multi-process and multi-threaded LDAP processes and database connection pooling allow it to support tens of thousands of concurrent client requests while maintaining subsecond response times.

In addition, Oracle Internet Directory suppports LDAP referral objects, which enable the physical partitioning of directories.  An administrator embeds pointers which connect the various partitions so that each can be accessed from the other.  Partitioned directories allow delegated administration of the physical directory segments, while maintaining a logically contiguous view of the directory as whole. This is a critical feature for service providers and enterprises hosting a large directory for a federation of smaller, autonomous organizations.

Oracle Internet Directory also provides data management tools for manipulating huge volumes of LDAP data.  For example, with the Oracle Internet Directory bulk loader (based on SQL*Loader), administrators can populate a million user-entry directory in about one hour.

HIGH AVAILABILITY
Oracle Internet Directory has been designed to meet the needs of mission-critical deployments.  The underlying Oracle9i database running with large datastores and heavy loads can recover from system failures in a matter of seconds.  In addition, Oracle Internet Directory supports all Oracle9i high-availability solutions and techniques, including hot backups, certain OPS configurations, clustered "logical hosts", Real Application Clusters, failover, and full multi-master replication.  This means if one server in a clustered or replicated community is unavailable for any reason, administrators have the ability to administer the directory from any other server to perform functions such as directory user administration, schema extensions and entry modifications.

SECURITY
Oracle Internet Directory offers comprehensive and flexible support for directory access control.  This includes entry level, attribute level, and prescriptive access control to provide varying levels of security to custom fit enterprise and service provider needs.  An administrator can grant or restrict access to a specific directory attribute, entry, group, or naming context.  Oracle Internet Directory implements three levels of user authentication: anonymous, password-based, and certificate-based using Secure Sockets Layer (SSL) v3 for authenticated access and data privacy.

For password management, Oracle Internet Directory offers sophisticated password policy management capabilities and the ability to store passwords using a variety of hashing schemes.

DIRECTORY INTEGRATION
Oracle Internet Directory inclues the Oracle Directory Integration Platform, which enables customers to synchronize data between various directories and Oracle Internet Directory.  The Oracle Directory Integration Platform is a set of services and interfaces which makes it possible to develop synchronization solutions with other enterprise repositories. It can also be used to provide Oracle Internet Directory interoperability with third party metadirectory solutions.

With the Oracle Directory Integration Platform, customers can build a single directory with a global directory entry containing data from such diverse sources as Human Resources applications, email services, and NOS databases. Oracle Directory Integration Platform uses Oracle Internet Directory as the central store (the central directory) for both user and configuration data.

The platform facilitates directory integration with:

•      third party metadirectory products
•      strategic third party directories
•      third party provisioning systems
•      the Oracle technology stack, and
•      relational database resident data

ORACLE HUMAN RESOURCES SYNCHRONIZATION
The Directory Integration Platform ships with an Oracle Human Resources Agent for synchronizing employee data from Oracle Human Resources into Oracle Internet Directory.  The HR Agent provides out-of-the-box, instant connectivity between Oracle Internet Directory and Human Resources.  Customers can modify which Human Resources attributes are synchronized, and they can reformat the data when the data is synchronized.

Customers can now use Oracle Human Resources to begin provisioning other systems via Oracle Internet Directory.  For example, an employee could be entered in HR.  That employee's data would then be synchronized into Oracle Internet Directory, and that employee could be automatically given an Oracle9iAS Single Sign-on account, thereby giving them access to Oracle9iAS Oracle Portal.

INTEGRATION WITH THE ORACLE ENVIRONMENT
Oracle Internet Directory provides the directory backbone for Oracle Advanced Security Option, Oracle9iAS Email, Oracle9iAS Unified Messaging, and Oracle Message Broker.  Oracle Internet Directory is also the preferred product for storing Oracle database service names and is replacing Oracle Net (Net8).

Oracle Internet Directory includes Oracle Directory Manager, a graphical directory administration tool for managing and administering directory information from anywhere in the distributed  environment.  It also manages directory schema and access control information.  Built with the same user interface framework as Oracle Enterprise Manager, Oracle's flagship system management application, Oracle Directory Manager provides administrative transparency as Oracle shops deploy Oracle Internet Directory.

Oracle Directory Manager User Interface

APPLICATION DEVELOPMENT
Oracle Internet Directory supports the development of custom applications that make use of directory data, such as user identity and password.  Application development is facilitated through C and PL/SQL APIs, and JNDI.

AVAILABILITY
Oracle Internet Directory is available on all major platforms and is translated into all languages support by Oracle9i.  Oracle Internet Directory is now also available as part of Oracle Internet Applications Server, beginning with v1.0.2.1.
 

TECHNICAL OVERVIEW KEY DIRECTORY FEATURES X.500 information model Extensible directory schema Supports online changes to directory schema with no downtime Implements relevant IETF Version 2 and 3 LDAP RFCs, including v3 referral object support Multi-byte National Language and Unicode support PERFORMANCE Scales to the capabilities of the Oracle9i database to support multi-terabyte data stores Unique multi-threaded, multi-process LDAP processes and database connection pooling to support thousands of simultaneous clients Delivers subsecond response time independent of data size SECURITY Fine-grained ACL control: Per Entry  Per Attribute By Group Membership Prescriptive (Naming Context) By Mode of Authentication  Configurable SSL v3 data privacy Supports anonymous, password-based and certificate-based user authentication Strong authentication via X.509 v3 digital certificates for PKI implementations  REPLICATION Multi-master replication using Oracle9i Replication Implements replication based on de facto LDAP standards (change log representation) ADMINISTRATION Oracle Directory Manager, a Java-based GUI directory administration based on Oracle Enterprise Manager framework Command-line tools for standard LDAP operations and replication administration Specialized tools for bulk loading and exporting of LDIF data Delegated Administration Service enabling end users and others to self administer directory information REQUIREMENTS Memory:  Installation Minimum: 128 MB  Recommended for Deployment: Varies by platform and application Disk Space:  2 GB (includes space required for all dependent components) Swap space: 128 MB RELATED PRODUCTS AND SERVICES Oracle9i Application Server Advanced Security Option Email Server and Unified Messaging Message Broker GETTING STARTED To order Oracle Internet Directory, please visit the Oracle Store.   Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: +1.650.506.7000 Fax +1.650.506.7200 http://www.oracle.com/ Copyright © Oracle Corporation 2001 All Rights Reserved This document is provided for informational purposes only, and the information herein is subject to change without notice.  Please report any errors herein to Oracle Corporation.  Oracle Corporation does not provide any warranties covering and specifically disclaims any liability in connection with this document. Oracle is a registered trademark, and Oracle9i and PL/SQL are trademarks or registered trademarks of Oracle Corporation.  All other company and product names mentioned are used for identification purposes only and may be trademarks of their respective owners.   Top of Page |Copyright and Corporate Info