OUD Proxy – Join Views


# Create the one proxy and two directory servers. Following are the connection details : 

Proxy : non-SSL=3389, SSL=3636 and Admin port=3444 

DS Primary: non-SSL=1389, SSL=1636 and Admin port=1444

DS Secondary : non-SSL=2389, SSL=2636 and Admin port=2444


 $ dsconfig -X


>>>> Specify Oracle Unified Directory LDAP connection parameters

Directory server host name or IP address [den00acx]:

Directory server administration port number [3444]:

Administrator user bind DN [cn=Directory Manager]:

Password for user 'cn=Directory Manager':


>>>> Oracle Unified Directory configuration console main menu

What do you want to configure?

    1)  General Configuration             6)   Remote Data Source
    2)  Authentication and authorization  7)   Virtualization
    3)  Schema                            8)   Load Balancing
    4)  Replication                       9)   Distribution
    5)  Local Data Source                 10)  Integration

    q)  quit

Enter choice: 1


>>>> General Configuration management menu

What would you like to do?

    1)  Administration Connector                  8)   Identity Mapper
    2)  Alert Handler                             9)   Log Publisher
    3)  Certificate Mapper                        10)  Log Retention Policy
    4)  Connection Handler                        11)  Log Rotation Policy
    5)  Directory Integration Platform Extension  12)  Network Group
    6)  Extended Operation Handler                13)  Work Queue
    7)  Global Configuration                      14)  Workflow

    b)  back
    q)  quit

Enter choice [b]: 14


>>>> Workflow management menu

What would you like to do?

    1)  List existing Workflows
    2)  Create a new Workflow
    3)  View and edit an existing Workflow
    4)  Delete an existing Workflow

    b)  back
    q)  quit

Enter choice [b]: 2




>>>> Enter a name for the Workflow that you want to create: WorkFlow1


>>>> Configuring the "base-dn" property

    Specifies the base DN of the data targeted by the Workflow .

    Syntax:  DN

Enter a value for the "base-dn" property: dc=joinedSuffix


>>>> Configuring the "enabled" property

    Indicates whether the Workflow is enabled for use in the server.

    If a Workflow is not enabled, then its contents are not accessible when
    processing operations.

Select a value for the "enabled" property:

    1)  true
    2)  false

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 1


>>>> Configuring the "workflow-element" property

    Specifies the root Workflow Element in the Workflow .

Select a Workflow Element for the "workflow-element" property:

    1)  adminRoot       5)  schema
    2)  ads-truststore  6)  tasks
    3)  backup          7)  virtualAcis
    4)  monitor         8)  Create a new Workflow Element

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 8


>>>> Select the type of Workflow Element that you want to create:

    1)   Ad Paging Workflow Element     13)  Join Workflow Element
    2)   Ad Password Workflow Element   14)  Kerberos Auth Provider Workflow
                                             Element
    3)   DB Local Backend Workflow      15)  LDIF Local Backend Workflow
         Element                             Element
    4)   Distribution Workflow Element  16)  Load Balancing Workflow Element
    5)   DN Renaming Workflow Element   17)  Memory Local Backend Workflow
                                             Element
    6)   Dynamic Entry Tree Workflow    18)  Pass Through Authentication
         Element                             Workflow Element
    7)   Eus Workflow Element           19)  Plugin Workflow Element
    8)   Eus Context Workflow Element   20)  Proxy LDAP Workflow Element
    9)   Fa Workflow Element            21)  RDBMS Workflow Element
    10)  Flat Tree Workflow Element     22)  RDN Changing Workflow Element
    11)  Get Rid Of Duplicate Workflow  23)  Transformations Workflow Element
         Element
    12)  Hide Entries By Filter         24)  Virtual Member Of Workflow
         Workflow Element                    Element

    ?)   help
    c)   cancel
    q)   quit

Enter choice [c]: 13


>>>> Enter a name for the Join Workflow Element that you want to create: JoinWorkFlowElement1


>>>> Configuring the "enabled" property

    Indicates whether the Workflow Element is enabled for use in the server.

    If a Workflow Element is not enabled, then its contents are not accessible
    when processing operations.

Select a value for the "enabled" property:

    1)  true
    2)  false

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 1


>>>> Configuring the "join-suffix" property

    The virtual DN that will be exposed by the Join Workflow Element

    Syntax:  DN

Enter a value for the "join-suffix" property: dc=joinedSuffix


>>>> Configure the properties of the Join Workflow Element

        Property                Value(s)
        ---------------------------------------------------------------
    1)  dn-attribute            manager, member, memberof, uniquemember
    2)  enabled                 true
    3)  join-suffix             dc=joinedSuffix
    4)  populate-joinedentrydn  false

    ?)  help
    f)  finish - create the new Join Workflow Element
    c)  cancel
    q)  quit

Enter choice [f]: f 

The Join Workflow Element was created successfully


>>>> Configure the properties of the Workflow

        Property              Value(s)
        -----------------------------------------------------------------------
    1)  access-control-group  The globally available default access control
                              group will be used.
    2)  base-dn               dc=joinedSuffix
    3)  enabled               true
    4)  virtual-aci-mode      false
    5)  workflow-element      JoinWorkFlowElement1

    ?)  help
    f)  finish - create the new Workflow
    c)  cancel
    q)  quit

Enter choice [f]: f 

The Workflow was created successfully

Press RETURN to continue


>>>> Workflow management menu

What would you like to do?

    1)  List existing Workflows
    2)  Create a new Workflow
    3)  View and edit an existing Workflow
    4)  Delete an existing Workflow

    b)  back
    q)  quit

Enter choice [b]: q 


$ dsconfig -X


>>>> Specify Oracle Unified Directory LDAP connection parameters

Directory server host name or IP address [den00acx]:

Directory server administration port number [3444]:

Administrator user bind DN [cn=Directory Manager]:

Password for user 'cn=Directory Manager':


>>>> Oracle Unified Directory configuration console main menu

What do you want to configure?

    1)  General Configuration             6)   Remote Data Source
    2)  Authentication and authorization  7)   Virtualization
    3)  Schema                            8)   Load Balancing
    4)  Replication                       9)   Distribution
    5)  Local Data Source                 10)  Integration

    q)  quit

Enter choice: 6 


>>>> Remote Data Source management menu

What would you like to do?

    1)  LDAP Server Extension        3)  RDBMS Extension
    2)  Proxy LDAP Workflow Element  4)  RDBMS Workflow Element

    b)  back
    q)  quit

Enter choice [b]: 1 


>>>> LDAP Server Extension management menu

What would you like to do?

    1)  List existing LDAP Server Extensions
    2)  Create a new LDAP Server Extension
    3)  View and edit an existing LDAP Server Extension
    4)  Delete an existing LDAP Server Extension

    b)  back
    q)  quit

Enter choice [b]: 2 


>>>> Enter a name for the LDAP Server Extension that you want to create: LDAPServerExtension1


>>>> Configuring the "enabled" property

    Indicates whether the Extension is enabled.

Select a value for the "enabled" property:

    1)  true
    2)  false

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 1 


>>>> Configuring the "remote-ldap-server-address" property

    Specifies the hostname or IP address of the remote LDAP server.

    This can be a resolvable hostname or an IP address.

    Syntax:  STRING

Enter a value for the "remote-ldap-server-address" property: localhost


>>>> Configure the properties of the LDAP Server Extension

        Property                    Value(s)
        -------------------------------------
    1)  enabled                     true
    2)  remote-ldap-server-address  localhost
    3)  remote-ldap-server-port     389

    ?)  help
    f)  finish - create the new LDAP Server Extension
    c)  cancel
    q)  quit

Enter choice [f]: 3 


>>>> Configuring the "remote-ldap-server-port" property

    Specifies the non-secured port to connect to the LDAP server.

    This must be a valid port number.

    Syntax:  0 <= INTEGER

Do you want to modify the "remote-ldap-server-port" property?

    1)  Keep the default value: 389
    2)  Change the value

    ?)  help
    q)  quit

Enter choice [1]: 2 


Enter a value for the "remote-ldap-server-port" property: 1389 

Press RETURN to continue


>>>> Configure the properties of the LDAP Server Extension

        Property                    Value(s)
        -------------------------------------
    1)  enabled                     true
    2)  remote-ldap-server-address  localhost
    3)  remote-ldap-server-port     1389

    ?)  help
    f)  finish - create the new LDAP Server Extension
    c)  cancel
    q)  quit

Enter choice [f]: f 

The LDAP Server Extension was created successfully

Press RETURN to continue


>>>> LDAP Server Extension management menu

What would you like to do?

    1)  List existing LDAP Server Extensions
    2)  Create a new LDAP Server Extension
    3)  View and edit an existing LDAP Server Extension
    4)  Delete an existing LDAP Server Extension

    b)  back
    q)  quit

Enter choice [b]:


>>>> Remote Data Source management menu

What would you like to do?

    1)  LDAP Server Extension        3)  RDBMS Extension
    2)  Proxy LDAP Workflow Element  4)  RDBMS Workflow Element

    b)  back
    q)  quit

Enter choice [b]: 2 


>>>> Proxy LDAP Workflow Element management menu

What would you like to do?

    1)  List existing Proxy LDAP Workflow Elements
    2)  Create a new Proxy LDAP Workflow Element
    3)  View and edit an existing Proxy LDAP Workflow Element
    4)  Delete an existing Proxy LDAP Workflow Element

    b)  back
    q)  quit

Enter choice [b]: 2 


>>>> Enter a name for the Proxy LDAP Workflow Element that you want to create: ProxyLDAPWorkFlowElement1 


>>>> Configuring the "client-cred-mode" property

    Specifies the way the proxy server binds to the remote LDAP server.

    Possible values are "use-specific-identity", "use-client-identity" and
    "use-proxy-auth". Note that the value "use-proxy-auth" is deprecated. Use
    the "use-specific-identity" mode instead, and set the "use-proxy-auth"
    flag to true.

Select a value for the "client-cred-mode" property:

    1)  use-client-identity
    2)  use-proxy-auth
    3)  use-specific-identity

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 1 


>>>> Configuring the "enabled" property

    Indicates whether the Workflow Element is enabled for use in the server.

    If a Workflow Element is not enabled, then its contents are not accessible
    when processing operations.

Select a value for the "enabled" property:

    1)  true
    2)  false

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 1 


>>>> Configuring the "ldap-server-extension" property

    Identifies the LDAP server extension configured for this Proxy LDAP
    Workflow Element.

    Specifies the remote server extension to forward requests to.

Select a Extension for the "ldap-server-extension" property:

    1)  Directory Integration Platform
    2)  global-index-catalogs-shared-cache
    3)  LDAPServerExtension1
    4)  Create a new Extension

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 3 


>>>> Configure the properties of the Proxy LDAP Workflow Element

        Property                          Value(s)
        ------------------------------------------------------
    1)  client-cred-mode                  use-client-identity
    2)  enabled                           true
    3)  ldap-server-extension             LDAPServerExtension1
    4)  remote-ldap-server-bind-dn        -
    5)  remote-ldap-server-bind-password  -
    6)  remote-root-dn                    -
    7)  remote-root-password              -
    8)  use-proxy-auth                    false

    ?)  help
    f)  finish - create the new Proxy LDAP Workflow Element
    c)  cancel
    q)  quit

Enter choice [f]: f 

The Proxy LDAP Workflow Element was created successfully

Press RETURN to continue


>>>> Proxy LDAP Workflow Element management menu

What would you like to do?

    1)  List existing Proxy LDAP Workflow Elements
    2)  Create a new Proxy LDAP Workflow Element
    3)  View and edit an existing Proxy LDAP Workflow Element
    4)  Delete an existing Proxy LDAP Workflow Element

    b)  back
    q)  quit

Enter choice [b]:


>>>> Remote Data Source management menu

What would you like to do?

    1)  LDAP Server Extension        3)  RDBMS Extension
    2)  Proxy LDAP Workflow Element  4)  RDBMS Workflow Element

    b)  back
    q)  quit

Enter choice [b]:


>>>> Oracle Unified Directory configuration console main menu

What do you want to configure?

    1)  General Configuration             6)   Remote Data Source
    2)  Authentication and authorization  7)   Virtualization
    3)  Schema                            8)   Load Balancing
    4)  Replication                       9)   Distribution
    5)  Local Data Source                 10)  Integration

    q)  quit

Enter choice: 7 


>>>> Virtualization management menu

What would you like to do?

    1)  Add Inbound Attribute             8)   Get Rid Of Duplicate Workflow
        Transformation                         Element
    2)  Add Outbound Attribute            9)   Hide Entries By Filter Workflow
        Transformation                         Element
    3)  DN Renaming Workflow Element      10)  Join Workflow Element
    4)  Dynamic Entry Tree Workflow       11)  Map Attribute Transformation
        Element
    5)  Filter Inbound Attribute          12)  RDN Changing Workflow Element
        Transformation
    6)  Filter Outbound Attribute         13)  Transformations Workflow
        Transformation                         Element
    7)  Flat Tree Workflow Element        14)  Virtual Member Of Workflow
                                               Element

    b)  back
    q)  quit

Enter choice [b]: 10 


>>>> Join Workflow Element management menu

What would you like to do?

    1)  List existing Join Workflow Elements
    2)  Create a new Join Workflow Element
    3)  View and edit an existing Join Workflow Element
    4)  Delete an existing Join Workflow Element
    5)  >>>> Join Participant management menu

    b)  back
    q)  quit

Enter choice [b]: 5 


>>>> Join Participant management menu

What would you like to do?

    1)  List existing Join Participants
    2)  Create a new Join Participant
    3)  View and edit an existing Join Participant
    4)  Delete an existing Join Participant

    b)  back
    q)  quit

Enter choice [b]: 2 


>>>> There is only one Join Workflow Element: "JoinWorkFlowElement1". Are you
sure that this is the correct one? (yes / no) [yes]:




>>>> Enter a name for the Join Participant that you want to create: JoinParticipant1 


>>>> Configuring the "participant-dn" property

    The real DN that is exposed by the participating workflow element

    Syntax:  DN

Enter a value for the "participant-dn" property: dc=example,dc=com


>>>> Configuring the "participating-workflow-element" property

    Name of the Participating WorkFlow Element

    Name of the participant for the Join WorkflowElement. It must always refer
    to any of the existing workflow only.

Select a Workflow Element for the "participating-workflow-element" property:

    1)  adminRoot             6)   ProxyLDAPWorkFlowElement1
    2)  ads-truststore        7)   schema
    3)  backup                8)   tasks
    4)  JoinWorkFlowElement1  9)   virtualAcis
    5)  monitor               10)  Create a new Workflow Element

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 6 


>>>> Configure the properties of the Join Participant

         Property                        Value(s)
         ----------------------------------------------------------------------
    1)   enabled-operation               compare, delete, modify, search
    2)   join-condition                  By default, no join condition is
                                         defined. That is all entries
                                         satisfying the original search filter
                                         are considered for join.
    3)   joiner-type                     one-to-one
    4)   non-retrievable-attribute       By default, the non-retrievable list
                                         is empty, which means that all
                                         attributes are retrievable.
    5)   non-storable-attribute          By default, the non-storable list is
                                         empty, which means that all attributes
                                         are storable.
    6)   participant-bind-priority       0
    7)   participant-criticality         true
    8)   participant-dn                  "dc=example,dc=com"
    9)   participants-join-rule          ""
    10)  participating-workflow-element  ProxyLDAPWorkFlowElement1
    11)  primary-participant             false
    12)  retrievable-attribute           By default, the retrievable list is
                                         empty, which means that all attributes
                                         are retrievable.
    13)  storable-attribute              By default, the storable list is
                                         empty, which means that all attributes
                                         are storable.

    ?)   help
    f)   finish - create the new Join Participant
    c)   cancel
    q)   quit

Enter choice [f]:

The Join Participant could not be created because of the following reason:

    *  [LDAP: error code 53 - The Directory Server is unwilling to add
       configuration entry
       cn=JoinParticipant1,cn=Participants,cn=JoinWorkFlowElement1,cn=Workflow
       elements,cn=config because one of the add listeners registered with the
       parent entry cn=Participants,cn=JoinWorkFlowElement1,cn=Workflow
       elements,cn=config rejected this change with the message: Primary
       participant must be configured first before secondary participants are
       configured! Edit this participant configuration to make this primary]

Would you like to edit the properties of the Join Participant again in order
to resolve this problem? (yes / no) [yes]:


>>>> Configure the properties of the Join Participant

         Property                        Value(s)
         ----------------------------------------------------------------------
    1)   enabled-operation               compare, delete, modify, search
    2)   join-condition                  By default, no join condition is
                                         defined. That is all entries
                                         satisfying the original search filter
                                         are considered for join.
    3)   joiner-type                     one-to-one
    4)   non-retrievable-attribute       By default, the non-retrievable list
                                         is empty, which means that all
                                         attributes are retrievable.
    5)   non-storable-attribute          By default, the non-storable list is
                                         empty, which means that all attributes
                                         are storable.
    6)   participant-bind-priority       0
    7)   participant-criticality         true
    8)   participant-dn                  "dc=example,dc=com"
    9)   participants-join-rule          ""
    10)  participating-workflow-element  ProxyLDAPWorkFlowElement1
    11)  primary-participant             false
    12)  retrievable-attribute           By default, the retrievable list is
                                         empty, which means that all attributes
                                         are retrievable.
    13)  storable-attribute              By default, the storable list is
                                         empty, which means that all attributes
                                         are storable.

    ?)   help
    f)   finish - create the new Join Participant
    c)   cancel
    q)   quit

Enter choice [f]: 11 


>>>> Configuring the "primary-participant" property

    Indicates that this participant is the primary participant.

Do you want to modify the "primary-participant" property?

    1)  Keep the default value: false
    2)  Change it to the value: true

    ?)  help
    q)  quit

Enter choice [1]: 2 

Press RETURN to continue


>>>> Configure the properties of the Join Participant

         Property                        Value(s)
         ----------------------------------------------------------------------
    1)   enabled-operation               compare, delete, modify, search
    2)   join-condition                  By default, no join condition is
                                         defined. That is all entries
                                         satisfying the original search filter
                                         are considered for join.
    3)   joiner-type                     one-to-one
    4)   non-retrievable-attribute       By default, the non-retrievable list
                                         is empty, which means that all
                                         attributes are retrievable.
    5)   non-storable-attribute          By default, the non-storable list is
                                         empty, which means that all attributes
                                         are storable.
    6)   participant-bind-priority       0
    7)   participant-criticality         true
    8)   participant-dn                  "dc=example,dc=com"
    9)   participants-join-rule          ""
    10)  participating-workflow-element  ProxyLDAPWorkFlowElement1
    11)  primary-participant             true
    12)  retrievable-attribute           By default, the retrievable list is
                                         empty, which means that all attributes
                                         are retrievable.
    13)  storable-attribute              By default, the storable list is
                                         empty, which means that all attributes
                                         are storable.

    ?)   help
    f)   finish - create the new Join Participant
    c)   cancel
    q)   quit

Enter choice [f]:

The Join Participant was created successfully

Press RETURN to continue


>>>> Join Participant management menu

What would you like to do?

    1)  List existing Join Participants
    2)  Create a new Join Participant
    3)  View and edit an existing Join Participant
    4)  Delete an existing Join Participant

    b)  back
    q)  quit

Enter choice [b]:


>>>> Join Workflow Element management menu

What would you like to do?

    1)  List existing Join Workflow Elements
    2)  Create a new Join Workflow Element
    3)  View and edit an existing Join Workflow Element
    4)  Delete an existing Join Workflow Element
    5)  >>>> Join Participant management menu

    b)  back
    q)  quit

Enter choice [b]:


>>>> Virtualization management menu

What would you like to do?

    1)  Add Inbound Attribute             8)   Get Rid Of Duplicate Workflow
        Transformation                         Element
    2)  Add Outbound Attribute            9)   Hide Entries By Filter Workflow
        Transformation                         Element
    3)  DN Renaming Workflow Element      10)  Join Workflow Element
    4)  Dynamic Entry Tree Workflow       11)  Map Attribute Transformation
        Element
    5)  Filter Inbound Attribute          12)  RDN Changing Workflow Element
        Transformation
    6)  Filter Outbound Attribute         13)  Transformations Workflow
        Transformation                         Element
    7)  Flat Tree Workflow Element        14)  Virtual Member Of Workflow
                                               Element

    b)  back
    q)  quit

Enter choice [b]:


>>>> Oracle Unified Directory configuration console main menu

What do you want to configure?

    1)  General Configuration             6)   Remote Data Source
    2)  Authentication and authorization  7)   Virtualization
    3)  Schema                            8)   Load Balancing
    4)  Replication                       9)   Distribution
    5)  Local Data Source                 10)  Integration

    q)  quit

Enter choice: 1 


>>>> General Configuration management menu

What would you like to do?

    1)  Administration Connector                  8)   Identity Mapper
    2)  Alert Handler                             9)   Log Publisher
    3)  Certificate Mapper                        10)  Log Retention Policy
    4)  Connection Handler                        11)  Log Rotation Policy
    5)  Directory Integration Platform Extension  12)  Network Group
    6)  Extended Operation Handler                13)  Work Queue
    7)  Global Configuration                      14)  Workflow

    b)  back
    q)  quit

Enter choice [b]: 1 


>>>> Administration Connector management menu

What would you like to do?

    1)  View and edit the Administration Connector

    b)  back
    q)  quit

Enter choice [b]: 1 


>>>> Configure the properties of the Administration Connector

        Property                Value(s)
        -----------------------------------------------------------------------
    1)  key-manager-provider    Administration
    2)  listen-address          0.0.0.0
    3)  listen-port             3444
    4)  ssl-cert-nickname       admin-cert
    5)  ssl-cipher-suite        Uses the default set of SSL cipher suites
                                provided by the server's JVM.
    6)  ssl-protocol            Uses the default set of SSL protocols provided
                                by the server's JVM.
    7)  trust-manager-provider  Administration

    ?)  help
    f)  finish - apply any changes to the Administration Connector
    c)  cancel
    q)  quit

Enter choice [f]: q 

$ dsconfig -X


>>>> Specify Oracle Unified Directory LDAP connection parameters

Directory server host name or IP address [den00acx]:

Directory server administration port number [3444]:

Administrator user bind DN [cn=Directory Manager]:

Password for user 'cn=Directory Manager':


>>>> Oracle Unified Directory configuration console main menu

What do you want to configure?

    1)  General Configuration             6)   Remote Data Source
    2)  Authentication and authorization  7)   Virtualization
    3)  Schema                            8)   Load Balancing
    4)  Replication                       9)   Distribution
    5)  Local Data Source                 10)  Integration

    q)  quit

Enter choice: 1


>>>> General Configuration management menu

What would you like to do?

    1)  Administration Connector                  8)   Identity Mapper
    2)  Alert Handler                             9)   Log Publisher
    3)  Certificate Mapper                        10)  Log Retention Policy
    4)  Connection Handler                        11)  Log Rotation Policy
    5)  Directory Integration Platform Extension  12)  Network Group
    6)  Extended Operation Handler                13)  Work Queue
    7)  Global Configuration                      14)  Workflow

    b)  back
    q)  quit

Enter choice [b]: 12 


>>>> Network Group management menu

What would you like to do?

    1)  List existing Network Groups
    2)  Create a new Network Group
    3)  View and edit an existing Network Group
    4)  Delete an existing Network Group
    5)  >>>> QOS Policy management menu

    b)  back
    q)  quit

Enter choice [b]: 3 


>>>> There is only one Network Group: "network-group". Are you sure that this
is the correct one? (yes / no) [yes]:


>>>> Configure the properties of the Network Group

         Property                            Value(s)
         ----------------------------------------------------------------------
    1)   allowed-auth-method                 All authorization methods are
                                             allowed.
    2)   allowed-bind-dn                     All bind DNs are allowed.
    3)   allowed-bind-id                     All bind IDs are allowed.
    4)   allowed-client                      All clients with addresses that do
                                             not match an address on the deny
                                             list are allowed. If there is no
                                             deny list, then all clients are
                                             allowed.
    5)   allowed-port                        All port numbers are allowed.
    6)   allowed-protocol                    All supported protocols are
                                             allowed.
    7)   certificate-mapper                  The global certificate mapper will
                                             be used.
    8)   denied-client                       If an allow list is specified,
                                             then only clients with addresses
                                             on the allow list are allowed.
                                             Otherwise, all clients are
                                             allowed.
    9)   enabled                             true
    10)  generic-identity-mapper             The global generic identity mapper
                                             will be used.
    11)  gssapi-identity-mapper              The global GSSAPI identity mapper
                                             will be used.
    12)  is-security-mandatory               false
    13)  priority                            1
    14)  relocated-rootdse-workflow-element  -
    15)  workflow                            No workflows will be accessible.

    ?)   help
    f)   finish - apply any changes to the Network Group
    c)   cancel
    q)   quit

Enter choice [f]: 15 


>>>> Configuring the "workflow" property

    Specifies a set of workflows which should be accessible from this Network
    Group .

Do you want to modify the "workflow" property?

    1)  Keep the default behavior: No workflows will be accessible.
    2)  Add one or more values

    ?)  help
    q)  quit

Enter choice [1]: 2 


Select the Workflows you wish to add:

    1)  WorkFlow1
    2)  Create a new Workflow

    ?)  help
    c)  cancel
    q)  quit

Enter one or more choices separated by commas [c]: 1

Press RETURN to continue


>>>> Configuring the "workflow" property (Continued)

Do you want to modify the "workflow" property?

    1)  Use the value: WorkFlow1
    2)  Remove one or more values
    3)  Reset to the default behavior: No workflows will be accessible.
    4)  Revert changes

    ?)  help
    q)  quit

Enter choice [1]:

Press RETURN to continue


>>>> Configure the properties of the Network Group

         Property                            Value(s)
         ----------------------------------------------------------------------
    1)   allowed-auth-method                 All authorization methods are
                                             allowed.
    2)   allowed-bind-dn                     All bind DNs are allowed.
    3)   allowed-bind-id                     All bind IDs are allowed.
    4)   allowed-client                      All clients with addresses that do
                                             not match an address on the deny
                                             list are allowed. If there is no
                                             deny list, then all clients are
                                             allowed.
    5)   allowed-port                        All port numbers are allowed.
    6)   allowed-protocol                    All supported protocols are
                                             allowed.
    7)   certificate-mapper                  The global certificate mapper will
                                             be used.
    8)   denied-client                       If an allow list is specified,
                                             then only clients with addresses
                                             on the allow list are allowed.
                                             Otherwise, all clients are
                                             allowed.
    9)   enabled                             true
    10)  generic-identity-mapper             The global generic identity mapper
                                             will be used.
    11)  gssapi-identity-mapper              The global GSSAPI identity mapper
                                             will be used.
    12)  is-security-mandatory               false
    13)  priority                            1
    14)  relocated-rootdse-workflow-element  -
    15)  workflow                            WorkFlow1

    ?)   help
    f)   finish - apply any changes to the Network Group
    c)   cancel
    q)   quit

Enter choice [f]:


The Network Group was modified successfully

Press RETURN to continue


>>>> Network Group management menu

What would you like to do?

    1)  List existing Network Groups
    2)  Create a new Network Group
    3)  View and edit an existing Network Group
    4)  Delete an existing Network Group
    5)  >>>> QOS Policy management menu

    b)  back
    q)  quit

Enter choice [b]:


>>>> General Configuration management menu

What would you like to do?

    1)  Administration Connector                  8)   Identity Mapper
    2)  Alert Handler                             9)   Log Publisher
    3)  Certificate Mapper                        10)  Log Retention Policy
    4)  Connection Handler                        11)  Log Rotation Policy
    5)  Directory Integration Platform Extension  12)  Network Group
    6)  Extended Operation Handler                13)  Work Queue
    7)  Global Configuration                      14)  Workflow

    b)  back
    q)  quit

Enter choice [b]:


>>>> Oracle Unified Directory configuration console main menu

What do you want to configure?

    1)  General Configuration             6)   Remote Data Source
    2)  Authentication and authorization  7)   Virtualization
    3)  Schema                            8)   Load Balancing
    4)  Replication                       9)   Distribution
    5)  Local Data Source                 10)  Integration

    q)  quit


Enter choice: q

-bash-3.2$ ldapsearch -p 3389 -D "cn=Directory Manager" -w "Welcome1" -b "dc=joinedsuffix" -s sub "uid=user.1"
dn: uid=user.1,ou=People,dc=joinedSuffix
postalAddress: Abagael Aasen$80905 Meadow Street$Salem, NJ  76132
postalCode: 76132
description: This is the description for Abagael Aasen.
uid: user.1
userPassword: {SSHA512}Xyg69SMUK/votVRruSt6GnTkBRPn8UC9D23rVBCMI2VV1v3nC42YRKq9u
 /zE1/6MtgUbqJ5L/CfFHLec4GdTMQL2Fjb05o8G
employeeNumber: 5
initials: AHA
givenName: Abagael
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: top
pager: +1 928 034 3047
mobile: +1 516 926 3480
cn: Abagael Aasen
sn: Aasen
telephoneNumber: +1 154 428 0080
street: 80905 Meadow Street
homePhone: +1 563 061 6916
l: Salem
mail: user.1@maildomain.net
st: NJ



-bash-3.2$ ldapsearch -p 1389 -D "cn=Directory Manager" -w "Welcome1" -b "dc=example,dc=com" -s sub "uid=user.1"
dn: uid=user.1,ou=People,dc=example,dc=com
postalAddress: Abagael Aasen$80905 Meadow Street$Salem, NJ  76132
postalCode: 76132
uid: user.1
description: This is the description for Abagael Aasen.
userPassword: {SSHA512}Xyg69SMUK/votVRruSt6GnTkBRPn8UC9D23rVBCMI2VV1v3nC42YRKq9u
 /zE1/6MtgUbqJ5L/CfFHLec4GdTMQL2Fjb05o8G
employeeNumber: 5
initials: AHA
givenName: Abagael
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: top
pager: +1 928 034 3047
mobile: +1 516 926 3480
cn: Abagael Aasen
sn: Aasen
telephoneNumber: +1 154 428 0080
street: 80905 Meadow Street
homePhone: +1 563 061 6916
l: Salem
mail: user.1@maildomain.net
st: NJ

-bash-3.2$ dsconfig -X


>>>> Specify Oracle Unified Directory LDAP connection parameters

Directory server host name or IP address [den00acx]:

Directory server administration port number [3444]:

Administrator user bind DN [cn=Directory Manager]:

Password for user 'cn=Directory Manager':


>>>> Oracle Unified Directory configuration console main menu

What do you want to configure?

    1)  General Configuration             6)   Remote Data Source
    2)  Authentication and authorization  7)   Virtualization
    3)  Schema                            8)   Load Balancing
    4)  Replication                       9)   Distribution
    5)  Local Data Source                 10)  Integration

    q)  quit

Enter choice: 7


>>>> Virtualization management menu

What would you like to do?

    1)  Add Inbound Attribute             8)   Get Rid Of Duplicate Workflow
        Transformation                         Element
    2)  Add Outbound Attribute            9)   Hide Entries By Filter Workflow
        Transformation                         Element
    3)  DN Renaming Workflow Element      10)  Join Workflow Element
    4)  Dynamic Entry Tree Workflow       11)  Map Attribute Transformation
        Element
    5)  Filter Inbound Attribute          12)  RDN Changing Workflow Element
        Transformation
    6)  Filter Outbound Attribute         13)  Transformations Workflow
        Transformation                         Element
    7)  Flat Tree Workflow Element        14)  Virtual Member Of Workflow
                                               Element

    b)  back
    q)  quit

Enter choice [b]: 10


>>>> Join Workflow Element management menu

What would you like to do?

    1)  List existing Join Workflow Elements
    2)  Create a new Join Workflow Element
    3)  View and edit an existing Join Workflow Element
    4)  Delete an existing Join Workflow Element
    5)  >>>> Join Participant management menu

    b)  back
    q)  quit

Enter choice [b]: 5


>>>> Join Participant management menu

What would you like to do?

    1)  List existing Join Participants
    2)  Create a new Join Participant
    3)  View and edit an existing Join Participant
    4)  Delete an existing Join Participant

    b)  back
    q)  quit

Enter choice [b]: 2


>>>> There is only one Join Workflow Element: "JoinWorkFlowElement1". Are you
sure that this is the correct one? (yes / no) [yes]:




>>>> Enter a name for the Join Participant that you want to create: JoinParticipant2


>>>> Configuring the "participant-dn" property

    The real DN that is exposed by the participating workflow element

    Syntax:  DN

Enter a value for the "participant-dn" property: dc=example,dc=com


>>>> Configuring the "participating-workflow-element" property

    Name of the Participating WorkFlow Element

    Name of the participant for the Join WorkflowElement. It must always refer
    to any of the existing workflow only.

Select a Workflow Element for the "participating-workflow-element" property:

    1)  adminRoot             6)   ProxyLDAPWorkFlowElement1
    2)  ads-truststore        7)   schema
    3)  backup                8)   tasks
    4)  JoinWorkFlowElement1  9)   virtualAcis
    5)  monitor               10)  Create a new Workflow Element

    ?)  help
    c)  cancel
    q)  quit

Enter choice [c]: 6


>>>> Configure the properties of the Join Participant

         Property                        Value(s)
         ----------------------------------------------------------------------
    1)   enabled-operation               compare, delete, modify, search
    2)   join-condition                  By default, no join condition is
                                         defined. That is all entries
                                         satisfying the original search filter
                                         are considered for join.
    3)   joiner-type                     one-to-one
    4)   non-retrievable-attribute       By default, the non-retrievable list
                                         is empty, which means that all
                                         attributes are retrievable.
    5)   non-storable-attribute          By default, the non-storable list is
                                         empty, which means that all attributes
                                         are storable.
    6)   participant-bind-priority       0
    7)   participant-criticality         true
    8)   participant-dn                  "dc=example,dc=com"
    9)   participants-join-rule          ""
    10)  participating-workflow-element  ProxyLDAPWorkFlowElement1
    11)  primary-participant             false
    12)  retrievable-attribute           By default, the retrievable list is
                                         empty, which means that all attributes
                                         are retrievable.
    13)  storable-attribute              By default, the storable list is
                                         empty, which means that all attributes
                                         are storable.

    ?)   help
    f)   finish - create the new Join Participant
    c)   cancel
    q)   quit

Enter choice [f]:

The Join Participant could not be created because of the following reason:

    *  [LDAP: error code 53 - The Directory Server is unwilling to add
       configuration entry
       cn=JoinParticipant2,cn=Participants,cn=JoinWorkFlowElement1,cn=Workflow
       elements,cn=config because one of the add listeners registered with the
       parent entry cn=Participants,cn=JoinWorkFlowElement1,cn=Workflow
       elements,cn=config rejected this change with the message: JoinRule
       cannot be empty for Secondary Participant]

Would you like to edit the properties of the Join Participant again in order
to resolve this problem? (yes / no) [yes]:


>>>> Configure the properties of the Join Participant

         Property                        Value(s)
         ----------------------------------------------------------------------
    1)   enabled-operation               compare, delete, modify, search
    2)   join-condition                  By default, no join condition is
                                         defined. That is all entries
                                         satisfying the original search filter
                                         are considered for join.
    3)   joiner-type                     one-to-one
    4)   non-retrievable-attribute       By default, the non-retrievable list
                                         is empty, which means that all
                                         attributes are retrievable.
    5)   non-storable-attribute          By default, the non-storable list is
                                         empty, which means that all attributes
                                         are storable.
    6)   participant-bind-priority       0
    7)   participant-criticality         true
    8)   participant-dn                  "dc=example,dc=com"
    9)   participants-join-rule          ""
    10)  participating-workflow-element  ProxyLDAPWorkFlowElement1
    11)  primary-participant             false
    12)  retrievable-attribute           By default, the retrievable list is
                                         empty, which means that all attributes
                                         are retrievable.
    13)  storable-attribute              By default, the storable list is
                                         empty, which means that all attributes
                                         are storable.

    ?)   help
    f)   finish - create the new Join Participant
    c)   cancel
    q)   quit

Enter choice [f]: 9


>>>> Configuring the "participants-join-rule" property

    The join rule defined between two participants, that is used to join
    entries between them. It is of the LDAPFilter syntax containing multiple
    components mixed with AND/OR/NOT, with each component of the form
    [ParticipantName].[attributeName]=[ParticipantName].[attributeName], where
    the [ParticipantName] and [attributeName] are substitued with actual
    values.

    Syntax:  STRING

Do you want to modify the "participants-join-rule" property?

    1)  Keep the default value: ""
    2)  Change the value

    ?)  help
    q)  quit

Enter choice [1]: 2


Enter a value for the "participants-join-rule" property [continue]: JoinParticipant1.uid=joinParticipant2.uid

Press RETURN to continue


>>>> Configure the properties of the Join Participant

         Property                        Value(s)
         ----------------------------------------------------------------------
    1)   enabled-operation               compare, delete, modify, search
    2)   join-condition                  By default, no join condition is
                                         defined. That is all entries
                                         satisfying the original search filter
                                         are considered for join.
    3)   joiner-type                     one-to-one
    4)   non-retrievable-attribute       By default, the non-retrievable list
                                         is empty, which means that all
                                         attributes are retrievable.
    5)   non-storable-attribute          By default, the non-storable list is
                                         empty, which means that all attributes
                                         are storable.
    6)   participant-bind-priority       0
    7)   participant-criticality         true
    8)   participant-dn                  "dc=example,dc=com"
    9)   participants-join-rule          JoinParticipant1.uid=joinParticipant2.
                                         uid
    10)  participating-workflow-element  ProxyLDAPWorkFlowElement1
    11)  primary-participant             false
    12)  retrievable-attribute           By default, the retrievable list is
                                         empty, which means that all attributes
                                         are retrievable.
    13)  storable-attribute              By default, the storable list is
                                         empty, which means that all attributes
                                         are storable.

    ?)   help
    f)   finish - create the new Join Participant
    c)   cancel
    q)   quit

Enter choice [f]:

The Join Participant was created successfully

Press RETURN to continue


>>>> Join Participant management menu

What would you like to do?

    1)  List existing Join Participants
    2)  Create a new Join Participant
    3)  View and edit an existing Join Participant
    4)  Delete an existing Join Participant

    b)  back
    q)  quit

Enter choice [b]:


>>>> Join Workflow Element management menu

What would you like to do?

    1)  List existing Join Workflow Elements
    2)  Create a new Join Workflow Element
    3)  View and edit an existing Join Workflow Element
    4)  Delete an existing Join Workflow Element
    5)  >>>> Join Participant management menu

    b)  back
    q)  quit

Enter choice [b]: q

-bash-3.2$ ldapsearch -p 1389 -D "cn=Directory Manager" -w "Welcome1" -b "dc=example,dc=com" -s sub "uid=user.1"
dn: uid=user.1,ou=People,dc=example,dc=com
postalAddress: Abagael Aasen$80905 Meadow Street$Salem, NJ  76132
postalCode: 76132
uid: user.1
description: This is the description for Abagael Aasen.
userPassword: {SSHA512}Xyg69SMUK/votVRruSt6GnTkBRPn8UC9D23rVBCMI2VV1v3nC42YRKq9u
 /zE1/6MtgUbqJ5L/CfFHLec4GdTMQL2Fjb05o8G
employeeNumber: 5
initials: AHA
givenName: Abagael
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: top
pager: +1 928 034 3047
mobile: +1 516 926 3480
cn: Abagael Aasen
sn: Aasen
telephoneNumber: +1 154 428 0080
street: 80905 Meadow Street
homePhone: +1 563 061 6916
l: Salem
mail: user.1@maildomain.net
st: NJ

-bash-3.2$ ldapsearch -p 2389 -D "cn=Directory Manager" -w "Welcome1" -b "dc=example,dc=com" -s sub "uid=user.1"
dn: uid=user.1,ou=People,dc=example,dc=com
postalAddress: Abagael Aasen$80905 Meadow Street$Salem, NJ  76132
postalCode: 76132
uid: user.1
description: This is the description for Abagael Aasen.
userPassword: {SSHA512}xlmxAmTscD7Bd4Fq+ffBnWtzH1xdBxQOHttaShVY0nbOP9/FsLmrDOvks
 BW54WAebi+fj8p7WmjVnJn5s5sEG6IqDByBy5h/
employeeNumber: 5
initials: AHA
givenName: Abagael
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: top
pager: +1 928 034 3047
mobile: +1 516 926 3480
cn: Abagael Aasen
sn: Aasen
telephoneNumber: +1 154 428 0080
street: 80905 Meadow Street
homePhone: +1 563 061 6916
l: Salem
mail: user.1@maildomain.net
st: NJ



-bash-3.2$ ldapmodify -p 2389 -D "cn=Directory Manager" -w "Welcome1"
dn: uid=user.1,ou=People,dc=example,dc=com
changetype:modify
delete: mail
Processing MODIFY request for uid=user.1,ou=People,dc=example,dc=com
MODIFY operation successful for DN uid=user.1,ou=People,dc=example,dc=com

-bash-3.2$ ldapsearch -p 2389 -D "cn=Directory Manager" -w "Welcome1" -b "dc=example,dc=com" -s sub "uid=user.1"
dn: uid=user.1,ou=People,dc=example,dc=com
postalAddress: Abagael Aasen$80905 Meadow Street$Salem, NJ  76132
postalCode: 76132
uid: user.1
description: This is the description for Abagael Aasen.
userPassword: {SSHA512}xlmxAmTscD7Bd4Fq+ffBnWtzH1xdBxQOHttaShVY0nbOP9/FsLmrDOvks
 BW54WAebi+fj8p7WmjVnJn5s5sEG6IqDByBy5h/
employeeNumber: 5
initials: AHA
givenName: Abagael
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: top
pager: +1 928 034 3047
mobile: +1 516 926 3480
cn: Abagael Aasen
telephoneNumber: +1 154 428 0080
sn: Aasen
street: 80905 Meadow Street
homePhone: +1 563 061 6916
l: Salem
st: NJ

-bash-3.2$ ldapsearch -p 3389 -D "cn=Directory Manager" -w "Welcome1" -b "dc=joinedsuffix" -s sub "uid=user.1"
dn: uid=user.1,ou=People,dc=joinedSuffix
postalAddress: Abagael Aasen$80905 Meadow Street$Salem, NJ  76132
postalCode: 76132
description: This is the description for Abagael Aasen.
uid: user.1
userPassword: {SSHA512}Xyg69SMUK/votVRruSt6GnTkBRPn8UC9D23rVBCMI2VV1v3nC42YRKq9u
 /zE1/6MtgUbqJ5L/CfFHLec4GdTMQL2Fjb05o8G
employeeNumber: 5
initials: AHA
givenName: Abagael
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: top
pager: +1 928 034 3047
mobile: +1 516 926 3480
cn: Abagael Aasen
sn: Aasen
telephoneNumber: +1 154 428 0080
street: 80905 Meadow Street
homePhone: +1 563 061 6916
l: Salem
mail: user.1@maildomain.net
st: NJ

Advertisements