Sample Application Demonstrating the Usage of Realm using Oracle Internet Directory Java API
Date: 07-Jan-2005
Table of Contents
Introduction
Application Overview
Software Requirements
Terminology
Configuring the Application
Deploying and Running the Application
Sample Application Files
Additional References
Introduction
Prerequisite
This sample program is intended for audience interested in integrating customer Java application with Oracle Identity Management. The specific usage here deals with the use of Realm using Oracle Internet Directory Java API.
To understand this sample application the user is expected to have knowledge in the following area,
Technical Overview
An identity management realm defines an enterprise scope over which certain identity management policies are defined and enforced by the deployment. It comprises of
- A well-scoped collection of enterprise identities, for example, all employees in the US domain
- A collection of identity management policies associated with these identities. An example of an identity management policy would be to require that all user passwords have at least one alphanumeric character
- A collection of groups—that is, aggregations of identities—that simplifies the setting of the identity management policies
You can define multiple identity management realms within the same Oracle Identity Management infrastructure. This enables you to isolate user populations and enforce a different identity management policy—for example, password policy, naming policy, self-modification policy—in each realm. Each identity management realm is uniquely named to distinguish it from other realms. It also has a realm-specific administrator with complete administrative control over the realm.
For all Oracle components to function, an identity management realm is required. One particular realm, created during installation of Oracle Internet Directory, is called the default identity management realm. It is where Oracle components expect to find users, groups, and associated policies whenever the name of a realm is not specified.
Application Overview
This is a sample Java program demonstrating the usage of Realm using Oracle Internet Directory Java API. It starts off by creating a LDAP connection bounded as a sample application. Then it looks up the default realm and get the default common attributes for Group and User containers from that realm.
Software Requirements
The following softwares are required for configuring and running this sample application
Terminology
| <ORACLE_HOME> |
Directory where Oracle 10g Application Server is installed. For example. D:\oracle or /private/oracle |
| <SAMPLE_HOME> |
The directory where the sample application is extracted |
| <JAVA_HOME> |
The directory where JAVA is installed |
<OID_Host>
|
The hostname where Oracle Internet Directory is running |
<OID_Port>
|
The non-SSL port number of Oracle Internet Directory |
<Superuser_Password>
|
The password of superuser “cn=orcladmin” |
Configuring the Application
- Unzip the provided
SampleRealm.zip. This creates the SampleRealm directory with all the source files. We will refer to this directory as <SAMPLE_HOME>.
- To create and load the sample LDAP entries into OID, execute the following command against the provided
<SAMPLE_HOME>/data/sample.ldif.
<ORACLE_HOME>/bin/ldifmigrator input_file=<SAMPLE_HOME>/data/sample.ldif output_file=<SAMPLE_HOME>/data/sample_out.ldif –lookup dn="cn=orcladmin" password=<Superuser_Password> port=<OID_Port> host=<OID_Host> -load
The data created by sample_out.ldif consists of the following:
- A set of sample users under the user container of the default realm of the directory. For example, if the realm DN is "dc=acme,dc=com", then the users are created under "dc=sample_users,cn=users,dc=acme,dc=com".
- A set of sample groups under the group container of the default realm of the directory. For example, if the realm DN is "dc=acme,dc=com", then the groups are created under "dc=sample_groups,cn=groups,dc=acme,dc=com". The members of these groups consist of the sample users created above.
- Two application entities are created. The DNs are "orclApplicationCommonName=myTestApp1" and "orclApplicationCommonName=myTestApp2". Both application entities are given the UserProxyPrivilege to allow them to proxy as any end user under the realm user container. However, only application myTestApp1 is given the DASAdmin privilege that which grants it sufficient privileges for user/group management.
- When done with the sample application, execute the following command against the provided
<SAMPLE_HOME>/data/sample_del.ldif to delete the sample LDAP entries.
<ORACLE_HOME>/bin/ldifmigrator input_file=<SAMPLE_HOME>/data/sample_del.ldif output_file=<SAMPLE_HOME>/data/sample_del_out.ldif –lookup dn="cn=orcladmin" password=<Superuser_Password> port=<OID_Port> host=<OID_Host> -load
Deploying and Running the Application
- In the
<SAMPLE_HOME>/src directory, compile the SampleRealm class using the following command
- On Windows
<JAVA_HOME>\bin\javac -d . –classpath <ORACLE_HOME>\jlib\ldapjclnt10.jar SampleRealm.java
- On Linux or Solaris
<JAVA_HOME>/bin/javac -d . –classpath <ORACLE_HOME>/jlib/ldapjclnt10.jar SampleRealm.java
- To run the
SampleRealm class, run the following Java command from the <SAMPLE_HOME>/src directory
- On Windows
<JAVA_HOME>\bin\java –classpath .;<ORACLE_HOME>\jlib\ldapjclnt10.jar oracle.otnsamples.oim.SampleRealm <OID_Host> <OID_Port>
- On Linux or Solaris
<JAVA_HOME>/bin/java –classpath .:<ORACLE_HOME>/jlib/ldapjclnt10.jar oracle.otnsamples.oim.SampleRealm <OID_Host> <OID_Port>
Sample Application Files
This section will provide a tabular listing of the sample application files, along with their respective directory locations and a description of what they do in the overall scheme of the application.
| Directory |
File |
Description |
<SAMPLE_HOME>\doc |
readme.html |
This file |
<SAMPLE_HOME>\src |
*.java |
Java source files used in this sample application |
<SAMPLE_HOME>\data |
*.ldif |
LDIF files containing the sample LDAP data |
Additional References
Please enter your comments about this sample application here. |
Bookmark
