8 LDAP Attribute Reference - Oracle Help Center

Có thể bạn quan tâm

8 LDAP Attribute Reference

This chapter provides reference information about the LDAP attributes used for Oracle Identity Management.

This chapter includes the following sections:

Section 8.1, "Standard LDAP Attributes"
Section 8.2, "Oracle Identity Management Attribute Reference"

For a list of attributes grouped by functional categories, see Section 6.2, "Overview of Oracle Identity Management Schema Elements."

8.1 Standard LDAP Attributes

Oracle Internet Directory supports the following standard LDAP attributes as defined in the Internet Engineering Task Force (IETF) Requests for Comments (RFC) specifications.

Details of RFC specifications can be found on the IETF Web site at: http://www.ietf.org.

Table 8-1 Standard LDAP Attributes Used By Oracle Internet Directory

Attribute Name	Specification
aliasedObjectName	RFC 2256
applicationEntity	RFC 2256
associatedDomain	RFC 1274
associatedName	RFC 1274
audio	RFC 1274
authorityRevocationList	RFC 2256
authPassword	RFC 3112
bootFile	RFC 2307
bootParameter	RFC 2307
businessCategory	RFC 2256
c	RFC 2256
caCertificate	RFC 2256
carLicense	RFC 2798
certificateRevocationList	RFC 2256
cn	RFC 2256
co	RFC 1274
crossCertificatePair	RFC 2256
dc	RFC 2247
deltaRevocationList	RFC 2256
departmentNumber	RFC 2798
description	RFC 2256
destinationIndicator	RFC 2256
displayName	RFC 2798
dITRedirect	RFC 1274
dmdName	RFC 2256
dNSRecord	RFC 1274
drink	RFC 1274
dSAQuality	RFC 1274
employeeNumber	RFC 2798
employeeType	RFC 2798
facsimileTelephoneNumber	RFC 2256
gecos	RFC 2307
gidNumber	RFC 2307
givenName	RFC 2798
homeDirectory	RFC 2307
homePhone	RFC 1274
homePostalAddress	RFC 1274
host	RFC 1274
initials	RFC 2256
internationalISDNNumber	RFC 2256
ipHostNumber	RFC 2307
ipNetmaskNumber	RFC 2307
ipNetworkNumber	RFC 2307
ipProtocolNumber	RFC 2307
ipServicePort	RFC 2307
ipServiceProtocol	RFC 2307
javaClassName	RFC 2713
javaClassNames	RFC 2307
javaCodebase	RFC 2307
javaDoc	RFC 2307
javaFactory	RFC 2307
javaReferenceAddress	RFC 2713
javaSerializedData	RFC 2713
janetMailbox	RFC 1274
jpegPhoto	RFC 1488
knowledgeInformation	RFC 2256
l	RFC 2256
labeledURI	RFC 2079
lastModifiedBy	RFC 1274
lastModifiedTime	RFC 1274
loginShell	RFC 2307
macAddress	RFC 2307
mail	RFC 2798
mailAlternateAddress	RFC 2256
mailHost	RFC 2256
mailPreferenceOption	RFC 1274
mailRoutingAddress	RFC 2256
manager	RFC 1274
member	RFC 2256
memberNisNetgroup	RFC 2307
memberUid	RFC 2307
mobile	RFC 1274
nisDomain	RFC 2307
nisMapEntry	RFC 2307
nisMapName	RFC 2307
nisNetgroupTriple	RFC 2307
nisPublicKey	RFC 2307
nisSecretKey	RFC 2307
o	RFC 2256
oncRpcNumber	RFC 2307
organizationalStatus	RFC 1274
otherMailbox	RFC 1274
ou	RFC 2256
owner	RFC 2256
pager	RFC 1274
personalSignature	RFC 1274
personalTitle	RFC 1274
photo	RFC 1274
physicalDeliveryOfficeName	RFC 2256
postalAddress	RFC 2256
postalCode	RFC 2256
postOfficeBox	RFC 2256
preferredDeliveryMethod	RFC 2256
preferredDeliveryMethod	RFC 2377
preferredLanguage	RFC 2798
presentationAddress	RFC 2256
protocolInformation	RFC 2256
ref	RFC 3296
registeredAddress	RFC 2256
roleOccupant	RFC 2256
roomNumber	RFC 1274
searchGuide	RFC 2256
secretary	RFC 1274
seeAlso	RFC 2256
serialNumber	RFC 2256
shadowExpire	RFC 2307
shadowFlag	RFC 2307
shadowInactive	RFC 2307
shadowLastChange	RFC 2307
shadowMax	RFC 2307
shadowMin	RFC 2307
shadowWarning	RFC 2307
sn	RFC 2256
st	RFC 2256
street	RFC 2256
subtreeMaximumQuality	RFC 1274
subtreeMinimumQuality	RFC 1274
supportedApplicationContext	RFC 2256
telephoneNumber	RFC 2256
teletexTerminalIdentifier	RFC 2256
telexNumber	RFC 2256
textEncodedORaddress	RFC 2377
title	RFC 2256
uid	RFC 2253
uidNumber	RFC 2307
uniqueIdentifier	RFC 1274
uniqueMember	RFC 2256
userCertificate;binary	RFC 2256
userClass	RFC 1274
userPassword	RFC 2256
userPKCS12	RFC 2798
userSMIMECertificate	RFC 2798
x121Address	RFC 2256
x500UniqueIdentifier	RFC 2256

8.2 Oracle Identity Management Attribute Reference

This section contains an alphabetical listing of the Oracle Identity Management attributes. These are the attributes used in entries pertaining to Oracle Internet Directory, Oracle Directory Integration Platform, Oracle Delegated Administration Services, and Oracle Single Sign-On.

Note:

Description

Allows Oracle Internet Directory server to restrict users who can bind to it. The administrator creates an LDAP group entry where only members of the group can bind to the server. Each user entry of users who are allowed to bind to the server must contain an bindAuthPriv attribute that points to the group. If a user is not a member of the group, bind requests are rejected. Several other considerations are:

The bindAuthPriv attribute can be a collective attribute that allows specific users to inherit it.
The LDAP group can be a nested group.
The administrator must ensure the proper ACL for the bindAuthPriv attribute, so that the attribute can be added to a user entry only by an administrator.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.641

Other

Single-valued attribute.

8.2.6 bindTimeLimit

Description

Maximum time in seconds a POSIX directory user agent (DUA) should allow for a search to complete.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.11.1.3.1.1.4

Other

Single-valued attribute.

8.2.7 c

Description

Specifies the country associated with a user's address.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.5.4.6

Other

Single-valued attribute.

8.2.8 changeloginfo

Description

Attribute that provides additional change log information, such as the value of the client IP address. For example:

changeloginfo=clientip=::ffff:10.229.116.104

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.510

Other

Single-valued attribute.

8.2.9 changestatus

Description

The last change number transported by the replication server.

Syntax

Matching Rule

DistinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.22

8.2.10 cn

Description

The common name (nickname) attribute which contains the name of an object. If the object corresponds to a user, it is typically the user's full name. A cn (common name) isn't unique, whereas a dn (distinguished name) is unique.

For example, if ABC corp employs two people with the name John Smith, one in HR and one in Finanace then they both would have a cn=John Smith, but they would have unique DNs because the DN would take the form:

cn=John Smith, ou=HR, o=ABC or cn=John Smith, ou=Finance, 0=ABC Where ou= organizational unit, and o=organization

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

Description

Identifies the type of credentials a POSIX directory user agent (DUA) should use when binding to the directory server.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseIgnoreIA5Match

Object ID

1.3.6.1.4.1.11.1.3.1.1.10

Other

Single-valued attribute.

8.2.15 defaultSearchBase

Description

The default base DN used by a POSIX directory user agent (DUA).

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

1.3.6.1.4.1.11.1.3.1.1.1

Other

Single-valued attribute.

8.2.16 defaultSearchScope

Description

User defined search scope used by a POSIX directory user agent (DUA).

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.11.1.3.1.1.12

Other

Single-valued attribute.

8.2.17 defaultServerList

Description

The IP addresses of the default servers that a directory user agent (DUA) should use in a space separated list. After the servers in preferredServerList are tried, those default servers on the client's subnet are tried, followed by the remaining default servers, until a connection is made. At least one server must be specified in either preferredServerList or defaultServerList. This attribute has no default value.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseIgnoreIA5Match

Object ID

1.3.6.1.4.1.11.1.3.1.1.0

Other

Description

A photograph file in JPEG format.

Syntax

1.3.6.1.4.1.1466.115.121.1.28 (Binary)

Matching Rule

octetStringMatch

Object ID

0.9.2342.19200300.100.1.60

8.2.23 krbPrincipalName

Description

Contains the Kerberos principal name.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

1.3.18.0.2.4.1091

Other

Single-valued attribute.

8.2.24 labeledURI

Description

Uniform Resource Locator (URL).

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

1.3.6.1.4.1.250.1.57

8.2.25 ldapSyntaxes

Description

Identifies the LDAP syntaxes implemented in the directory schema.

Syntax

1.3.6.1.4.1.1466.115.121.1.54 (LDAP Syntax Description)

Matching Rule

objectIdentifierFirstComponentMatch

Object ID

1.3.6.1.4.1.1466.101.120.16

Other

Directory operational attribute.

8.2.26 mail

Description

This attribute is defined in RFC 1274. Identifies a user's primary e-mail address (the e-mail address retrieved and displayed by "white-pages" lookup applications).

For example: mail: [email protected]

Syntax

1.3.6.1.4.1.1466.115.121.1.26{256} (IA5 String, 256 character maximum)

Matching Rule

caseIgnoreIA5Match

Object ID

0.9.2342.19200300.100.1.3

8.2.27 matchingRules

Description

Identifies the matching rules implemented in the directory schema.

Syntax

1.3.6.1.4.1.1466.115.121.1.30 (Matching Rule Description)

Matching Rule

objectIdentifierFirstComponentMatch

Object ID

Description

Top-level DNs for the naming contexts contained in this server. You must have superuser privileges to publish a DN as a naming context. There is no default value.

This attribute is part of the root DSE (DSA-Specific Entry). The root DSE contains a number of attributes that store information about the directory server itself.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.1466.101.120.5

Other

DSA operational attribute.

8.2.32 objectClass

Description

The list of object classes from which this object class is derived.

Syntax

1.3.6.1.4.1.1466.115.121.1.38 (Object Identifier)

Matching Rule

objectIdentifierMatch

Object ID

2.5.4.0

8.2.33 objectClasses

Description

Defines the object classes which are in force within a subschema.

Syntax

1.3.6.1.4.1.1466.115.121.1.37 (Object Class Description)

Matching Rule

objectIdentifierFirstComponentMatch

Object ID

2.5.21.6

Other

Directory operational attribute.

8.2.34 objectClassMap

Description

A mapping from an object class defined by a directory user agent (DUA) to an object class in an alternative schema used in the directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.11.1.3.1.1.11

8.2.35 orclACI

Description

Access control instructions are stored in the directory as attributes of entries. The orclACI attribute is an operational attribute; it is available for use on every entry in the directory, regardless of whether it is defined for the object class of the entry. It is used by the directory server to evaluate what rights are granted or denied when it receives an LDAP request from a client.

Syntax

1.3.6.1.4.1.1466.115.121.1.1 (Access Control Item)

Matching Rule

accessDirectiveMatch

Object ID

2.16.840.1.113894.1.1.42

8.2.36 orclACLResultsLatency

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.129

Other

Description

Replication agreement type: '0-OneWay 1-TwoWay, 2-LDAP Multimaster, 3-ASR Multimaster.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.511

8.2.44 orclAnonymousBindsFlag

Description

Specifies whether anonymous binds to the directory are allowed or not. If set to 2, anonymous binds are allowed, but only search operations on root DSE entry are allowed for anonymous users. If set to 1, then anonymous binds are allowed. If set to 0 (zero), then anonymous binds are not allowed. The default is 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.299

Other

Single-valued attribute.

8.2.45 orclAppFullName

Description

The full name of an application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.320

8.2.46 orclAppId

Description

The unique identifier of an application entry associated with a password verifier.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 characters maximum)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.207

Other

Single-valued attribute.

8.2.47 orclApplicationAddress

Description

The address of the application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.318

8.2.48 orclApplicationCommonName

Description

The common name (cn) of the application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.319

8.2.49 orclApplicationType

Description

Identifies the application type, such as Oracle Portal.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.280

Other

Single-valued attribute.

8.2.50 orclAssocDB

Description

Identifies the associated Oracle Database instance with the application or service.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Description

Replaces the audit levels used in 10g (10.1.4.0.1) and earlier releases. Values are None, Low, Medium, All, and Custom.

Syntax

IA5 String

Matching Rule

caseExactIAI5Match

Object ID

2.16.840.1.113894.1.1.372

8.2.55 orclAuditAttribute

Description

Identifies the audit attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Description

An IP address that causes Oracle Internet Directory server to reject any new connections and close any existing connections from that IP address.

Note:

You need to use the subtype property along with this attribute to configure DN or IP address that needs to be blocked. Use the following subtype:

For DN: dn

For IP address: ip

Consider the following examples:

orclblockdnip;dn: cn=jdoe,ou=abc,c=us orclblockdnip;ip: ffff:11.234.56.789

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.382

Other

Single-valued attribute.

8.2.60 orclcachenotifyip

Description

Configuration attribute that associates a port number with an IP address in order to allow Oracle Internet Directory servers to communicate with each other in a cluster environment when cached data is changed.

The servers communicate with each other using the LDAP protocol. For example, the following LDIF file, which you can load using the ldapmodify command, associates port number 5678 with IP address 10.10.10.4 for the oid1 instance:

dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry changetype: modify add: orclcachenotifyip;5678 orclcachenotifyip;5678: 10.10.10.4

When orclcachenotifyip is configured for an Oracle Internet Directory instance, the IP address must be local to the node where the instance is running.

Syntax

1.3.6.1.4.1.1466.115.121.1.44

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.640

8.2.61 orclCatalogEntryDN

Description

Contains the DN of the catalog entry.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.50

Other

Description

This is a special catalog attribute used for certificate matching. The value of this attribute is computed by calculating a hash of the user certificate when it is added to Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.184

Other

Single-valued attribute.

Not user modifiable.

8.2.66 orclCertificateMatch

Description

This is a special catalog attribute used for certificate matching. The value of this attribute contains the correct matching value to use for a user certificate based on the orclPKIMatchingRule setting.

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.183

Other

Single-valued attribute.

Not user modifiable.

Description

Specifies if auto-registration is enabled or disabled. Allowed values are 0 (disabled) or 1 (enabled).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.567

Other

Single-valued attribute.

8.2.71 orclCommonContextMap

Description

Stores the common context map.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.904

Other

Single-valued attribute.

8.2.72 orclCommonDefaultUserCreateBase

Description

Identifies the default user creation base where users are created.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.908

Other

Single-valued attribute.

8.2.73 orclCommonGroupCreateBase

Description

Identifies the group creation base under which Oracle Delegated Administration Services creates groups

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Description

Identifies the branch that contains user entries.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.7.1.10

8.2.78 orclCommonVerifierEnable

Description

If this attribute is enabled then the common verifier is used for all related applications. If this attribute is disabled then each application must setup their own verifier profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.214

Other

Single-valued attribute.

8.2.79 orclCommonVerifierEnable

Description

If this attribute is enabled then the common verifier is used for all related applications. If this attribute is disabled then each application must setup their own verifier profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.214

Other

Single-valued attribute.

8.2.80 orclCompatibleVersion

Description

The Oracle Internet Directory version. Do not modify this attribute. It must be present for Oracle Internet Directory 11.1.1.6 or later to work with the schema. Values can be:

orclcompatibleversion 11.1.1.6.0
orclcompatibleversion 11.1.1.7.0

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.1302

Other

Multi-valued attribute.

8.2.81 orclComputedAttribute

Description

Description

Specifies the display order of an attribute in Oracle Delegated Administration Services.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

Description

The list of values to display to users in the UI when the orclDASUIType=Predefined List.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreSubStringsMatch

Object ID

Description

Specifies the UI field type for an attribute when displayed in Oracle Delegated Administration Services. Options are:

Single Line Text
Multi Line Text
Predefined List
Date
Browse and Select
Number

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.327

Other

Single-valued attribute.

8.2.105 orclDASURL

Description

The corresponding URL of an Oracle Delegated Administration Services unit.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Description

Data Privacy mode. Sensitive attributes encrypted when returned.

0: Disabled, 1: Enabled

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.890

8.2.110 orclDateOfBirth

Description

Specifies the date on which a user was born.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

2.16.840.1.113894.1.1.307

Other

Single-valued attribute.

8.2.111 orclDBConnCreationFailed

Description

Indicates a connection failure to the database in an error log entry.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.155

Other

Single-valued attribute.

8.2.112 orclDBLatency

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.130

Other

Description

To make logging more focused, limits logged information to particular directory server operations by specifying the debug dimension to those operations. Values for operations are:

1 - ldapbind
2 - ldapunbind
4 - ldapadd
8 - ldapdelete
16 - ldapmodify
32 - ldapmodrdn
64 - ldapcompare
128 - ldapsearch
264 - ldapabandon
511 - all operations

To log more than one operation, add the values of their dimensions. For example, if you want to trace ldapbind (1), ldapadd (4) and ldapmodify (16) operations, then the value would be 21 (1 + 4 + 16 = 21).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.601

Other

Single-valued attribute.

8.2.119 orclDefaultProfileGroup

Description

Holds the DN of the group to designate the default group for a user, such that a default profile can be built for the user based on this attribute value.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.309

Other

Description

Number of dispatcher threads per server process.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.613

8.2.128 orclDITRoot

Description

The root of the directory information tree (DIT). This attribute is part of the root DSE (DSA-Specific Entry). The root DSE contains a number of attributes that store information about the directory server itself.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.7

Other

Single-valued attribute.

8.2.129 orclDNSUnavailable

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.161

Other

Single-valued attribute.

8.2.130 orclcachemaxsize

Description

Specifies the size in bytes of the result set cache or the metadata cache, depending on the subtype:

rs: Result set cache. Default and minimum cache size is 64 MB.
md: Metadata cache. Default and minimum cache size is 128 MB.

Specify the size as M or G, indicating megabytes or gigabytes, respectively. To set a subtype, specify:

orclcachemaxsize; subtypename: value

For example:

orclcachemaxsize; md: 256M

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.642

Other

Single-valued attribute.

8.2.131 orclEcacheEnabled

Description

Specifies whether to enable or disable the Entry Cache or Result Set Cache. Values can be:

0: Disable both the Entry Cache and Result Set Cache.
1: Enable the Entry Cache only (default value).
2: Enable both the Entry Cache and Result Set Cache.

If you change the attribute value, restart the Oracle Internet Directory server instance for the new value to take effect.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.400

Other

Single-valued attribute.

8.2.132 orclEcacheHitRatio

Description

Stores the cache hit ratio.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.170

Other

Single-valued attribute.

8.2.133 orclEcacheMaxEntries

Description

Maximum number of entries that can be present in the entry cache. The default is 25,000.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.402

Other

Single-valued attribute.

8.2.134 orclEcacheMaxSize

Description

Size of shared memory that can be used for the entry cache. The default is 100 MB.

Specify the size as M or G, indicating megabytes or gigabytes, respectively.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.401

Other

Single-valued attribute.

8.2.135 orclEcacheNumEntries

Description

The number of entries currently in the entry cache.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.171

Other

Single-valued attribute.

8.2.136 orclEcacheSize

Description

The current size of the entry cache.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.172

Other

Single-valued attribute.

8.2.137 orclEnabled

Description

Determines whether an application is enabled or disabled for use.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.1008

Other

Single-valued attribute.

8.2.138 orclEnableGroupCache

Description

Whether to cache privilege groups and ACL groups. Using this cache improves the performance of access control evaluation for users.

Use the group cache when a privilege group membership does not change frequently. If a privilege group membership does change frequently, then it is best to turn off the group cache. This is because, in such a case, computing a group cache increases overhead. The default is 1 (enabled). Change to 0 (zero) to disable.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.403

Other

Single-valued attribute.

8.2.139 orclencryptedattributes

Description

List of attributes to be stored in an encrypted form.

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.419

8.2.140 orclEntryACLEvalLatency

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.136

Other

Single-valued attribute.

8.2.141 orclEntryLevelACI

Description

Specifies the ACI that holds object level ACL.

Syntax

1.3.6.1.4.1.1466.115.121.1.1 (Access Control Item)

Matching Rule

accessDirectiveMatch

Object ID

2.16.840.1.113894.1.1.43

8.2.142 orclEventLevel

Description

Specifies critical events related to security and system resources to be recorded for server manageability statistics. The default value is 0. Table 8-2 lists the level values.

Table 8-2 Event Levels

Level Value	Critical Event	Information It Provides
1	Superuser login	Super uses bind (successes or failures)
2	Proxy user login	Proxy user bind (failures)
4	Replication login	Replication bind (failures)
8	Add access	Add access violation
16	Delete access	Delete access violation
32	Write access	Write access violation
64	ORA 3113 error	Loss of connection to database
128	ORA 3114 error	Loss of connection to database
256	ORA 28 error	ORA-28 Error
512	ORA error	ORA errors other an expected 1, 100, or 1403
1024	Oracle Internet Directory server termination count
2047	All critical events

For events other than superuser, proxy user, and replication login, set the value of the orclStatsFlag attribute to 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.195

Other

Single-valued attribute.

8.2.143 orclEventTime

Description

The time that a logged directory event occurred.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Description

An additional attribute for storing more information about a resource, service, or component.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.355

8.2.150 orclFlexAttribute2

Description

An additional attribute for storing more information about a resource, service, or component.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

Description

Enables change log generation 1-generate change log, 0-Do not generate change log

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.617

8.2.155 orclGenObjLatency

Description

Stores the general object latency.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.133

Other

Single-valued attribute.

8.2.156 orclGetNearACLLatency

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.135

Other

Single-valued attribute.

8.2.157 orclGlobalID

Description

Specifies the attribute that is used to identify the global ID of a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.7.1.8

Other

Single-valued attribute.

8.2.158 orclGUID

Description

This is the global unique identifier for an entry within Oracle Internet Directory. The value for this attribute is automatically generated when an entry is created and remains constant, even if an entry is moved.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.37

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.159 orclGUPassword

Description

Password for the guest user account in Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.1.1.12

Other

Single-valued attribute.

8.2.160 orclHashedAttributes

Description

List of attributes whose values are hashed, using the crypto scheme set in the root DSE attribute orclcryptoscheme.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (caseIgnoreSubstringsMatch)

Matching Rule

caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.376

Other

Multi-valued attribute

Notes:

Never include the same attribute in both orclhashedattributes and orclencryptedattributes.
Only single-valued attributes can be hashed attributes.

8.2.161 orclHIQSchedule

Description

The interval, in seconds, at which the directory replication server repeats the change application process.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

N/A

Object ID

2.16.840.1.113894.1.1.98

Other

Single-valued attribute.

DSA operational attribute.

8.2.162 orclHireDate

Description

Specifies the date on which a user was hired by the organization.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

2.16.840.1.113894.1.1.308

Other

Single-valued attribute.

8.2.163 orclHostedCreditCardExpireDate

Description

The credit card expiration date for a subscriber.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.338

Other

Single-valued attribute.

8.2.164 orclHostedCreditCardNumber

Description

The credit card number for a subscriber.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.337

Other

Single-valued attribute.

8.2.165 orclHostedCreditCardType

Description

The credit card type for a subscriber.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.336

Other

Single-valued attribute.

8.2.166 orclHostedDunsNumber

Description

The DUNS number of a business subscriber. DUNS (Data Universal Numbering System) is a unique nine character company identification number issued by Dun and Bradstreet Corporation used to identify a US corporate entity.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.334

Other

Single-valued attribute.

8.2.167 orclHostedPaymentTerm

Description

Payment terms for a subscriber account.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.335

Other

Single-valued attribute.

8.2.168 orclHostname

Description

The host name of the Oracle Internet Directory server.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.41

Other

Single-valued attribute.

8.2.169 orclIdleConn

Description

The number of open connections that are currently inactive. Oracle Internet Directory tracks the idle connections for server manageability statistics.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.151

Other

Single-valued attribute.

8.2.170 orclIdleThreads

Description

The number of Oracle Internet Directory server process threads that are currently inactive. Oracle Internet Directory tracks the idle threads for server manageability statistics.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.141

Other

Single-valued attribute.

8.2.171 orclIncludedNamingContexts

Description

The naming context included in a partial replica. For each naming context object, you can specify only one unique subtree.

In partial replication, except for subtrees listed in the orclExcludedNamingContexts attribute, all subtrees in the specified included naming context are replicated.

Only LDAP-based replication agreements respect this attribute to define one or more partial replicas. If this attribute contains any values in an Oracle Database Advanced Replication-based replication agreement, then it is ignored.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

N/A

Object ID

2.16.840.1.113894.1.1.819

Other

Single-valued attribute.

Description

Time interval in seconds between executions of Oracle Directory Integration and Provisioning profiles.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

Description

The maiden name of a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.306

8.2.186 orclMappedDN

Description

Holds the required information for generating the mapped identity.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.704

Other

Single-valued attribute.

8.2.187 orclMaskFilter

Description

LDAP filter specifying entries to be exposed. Others are masked.

Syntax

1.3.6.1.4.1.1466.115.121.1.44 (Printable String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.427

Other

Multivalued, User-modifiable

8.2.188 orclMaskRealm

Description

List of DIT subtrees that are exposed or hidden:

orclMaskRealm contains the DIT subtrees that are exposed in an instance. This attribute is configured in the instance level. The DN configured and its children are visible in the instance. Other entries in the DIT are masked (hidden) for all LDAP operations.
orclMaskRealm;disallowed contains the DIT subtrees that are hidden in a container for an entire directory for all LDAP operations. This attribute is configured in the DSA configuration entry.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (DN)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.426

Other

Multivalued, User-modifiable.

8.2.189 orclMasterNode

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.1010

Other

Single-valued attribute.

8.2.190 orclMatchDnEnabled

Description

If the base DN of a search request is not found, then the directory server returns the nearest DN that matches the specified base DN. Whether the directory server tries to find the nearest match DN is controlled by this attribute. If set to 1, then match DN processing is enabled. If set to 0, then match DN processing is disabled. The default is 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.404

Other

Single-valued attribute.

8.2.191 orclMaxCC

Description

The number of connections established by the Oracle Internet Directory server to its backend data base. The default value is 2.

Syntax

Description

Maximum number of connections allowed for LDAP persistent search operations. Because persistent search operations keep connections from an LDAP client to the Oracle Internet Server server alive, this attribute can prevent the LDAP connection limit from being reached. Default is 0 (disabled).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.383

Other

Single-valued attribute.

8.2.201 orclMaxProcessLimitReached

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.164

Other

Single-valued attribute.

8.2.202 orclMaxServerRespTime

Description

Maximum Time in seconds for Server process to respond back to Dispatcher process

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.620

8.2.203 orclMemAllocError

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.162

Other

Single-valued attribute.

8.2.204 orclMemberOf

Description

This attribute contains the groups to which the entry belongs. This includes static groups and dynamic groups of objectclass orclDynamicGroup, using labeleduri attribute, which are cached. The membership includes both direct groups and nested groups. The attribute values are computed during search and are not stored. As of Oracle Internet Directory 11g Release 1 (11.1.1.7.0), this attribute can be used in search filters.

orclMemberOf is an operational attribute and is returned by a search only when explicitly requested in the required attributes list.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.424

Other

Directory operational attribute.

Not user modifiable.

Aliases: memberof, ismemberof.

8.2.205 orclNetDescName

Description

The DN of an Oracle Net Service description entry. Oracle Net directory naming allows net service names to be stored in and retrieved from Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.3.1.12

Other

Single-valued attribute.

8.2.206 orclNetDescString

Description

The description string for an Oracle Net Service. For example:

(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP) (HOST = hostname)(PORT =1521))) (CONNECT_DATA = (SID = ORCL)))

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.3.1.13

Other

Single-valued attribute.

8.2.207 orclNonSSLPort

Description

The non-SSL LDAP listening port for Oracle Internet Directory server.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.102

Other

Single-valued attribute.

8.2.208 orclNormDN

Description

Identifies the normalized DN of an entry.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.1000

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.209 orclNWCongested

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.160

Other

Single-valued attribute.

8.2.210 orclNwrwTimeout

Description

Stores the network read/write time out. When an LDAP client initiates an operation, then does not respond to the server for a configured number of seconds, the server closes the connection. The number of seconds is controlled by the attribute orclnwrwtimeout in the DSA configuration entry. The default is 300 seconds.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.603

Other

Single-valued attribute.

8.2.211 orclNwUnavailable

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.159

Other

Single-valued attribute.

8.2.212 orclObjectGUID

Description

Stores Microsoft Active Directory's OBJECTGUID attribute value for users and groups migrated to Oracle Internet Directory from Active Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.901

Other

Single-valued attribute.

8.2.213 orclObjectSID

Description

Stores Microsoft Active Directory's OBJECTSID attribute value for users and groups migrated to Oracle Internet Directory from Active Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.902

Other

Single-valued attribute.

8.2.214 orclODIPAgent

Description

The DN of a provisioning profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.9.1.6

8.2.215 orclODIPAgentConfigInfo

Description

Any configuration information that you want the connector to store in Oracle Internet Directory. It is passed by the Directory Integration Platform server to the connector at time of connector invocation. The information is stored as an attribute and the Directory Integration Platform server does not have any knowledge of its content. When the connector is scheduled for execution, the value of the attribute is stored in the file, ORACLE_HOME/ldap/odi/conf/profile_name.cfg that can be processed by the connector.

Upload the file by using:

manageSyncProfiles update -h host -p port -D WLS_userid -profile profile_name -params "odip.profile.configfile ORACLE_HOME/ldap/odi/conf/profile_name.cfg"

manageSyncProfiles update -h host -p port -D WLS_userid -profile profile_name -file properties_file

where properties_file specifies odip.profile.configfile=ORACLE_HOME/ldap/odi/conf/profile_name.cfg.

Do this for both import and export agents.

See Chapter 5, "Oracle Directory Integration Platform Tools" and the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform for more information

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.24

8.2.216 orclODIPAgentControl

Description

Whether a synchronization profile is enabled or disabled. Valid values are ENABLE or DISABLE. The default is DISABLE.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.3

Other

Single-valued attribute.

8.2.217 orclODIPAgentExeCommand

Description

The executable name and argument list used by the Directory Integration Platform server to invoke a connector. It can be passed as a command-line argument when the connector is invoked. For example, here is a command to invoke the Oracle HR connector:

odihragent OracleHRAgent connect=hrdb login=%orclodipConDirAccessAccount pass=%orclodipConDirAccessPassword date=%orclODIPLastSuccessfulExecutionTime

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.21

Other

Single-valued attribute.

8.2.218 orclODIPAgentHostName

Description

The host name of the Oracle Directory Integration and Provisioning server where the synchronization profile is run.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.5

Other

Single-valued attribute.

8.2.219 orclODIPAgentName

Description

The name of a third-party synchronization profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.1

Other

Single-valued attribute.

8.2.220 orclODIPAgentPassword

Description

Password that the synchronization profile uses to bind to the directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.4

Other

Single-valued attribute.

8.2.221 orclODIPApplicationName

Description

The name of an application to which a provisioning subscription belongs.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.9.1.7

8.2.222 orclODIPApplicationsLocation

Description

The DN of the application to which a provisioning subscription belongs.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.918

Other

Single-valued attribute.

8.2.223 orclODIPAttributeMappingRules

Description

Attribute for storing the mapping rules used by a synchronization profile. Store the mapping rules in a file by using the Directory Integration Platform Assistant. See Chapter 5, "Oracle Directory Integration Platform Tools" and the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform for more information about mapping rules.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.41

8.2.224 orclODIPBootStrapStatus

Description

The bootstrap status of a synchronization profile (the initial migration of data between a connected directory and Oracle Internet Directory).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.101

Other

Single-valued attribute.

8.2.225 orclODIPCommand

Description

The command to invoke a provisioning profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.9.1.5

8.2.226 orclODIPConDirAccessAccount

Description

Valid user account in the connected directory to be used by the connector for synchronization. The value is specific to the connected directory with which you are integrating. For instance, for the SunONE synchronization connector, it is the valid bind DN in the SunONE Directory Server. For the Human Resources Connector, it is a valid user identifier in the Oracle Human Resources database. For other connectors, it can be passed as a command-line argument when the connector is invoked.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.22

Other

Single-valued attribute.

8.2.227 orclODIPConDirAccessPassword

Description

Password to be used by the user specified in the orclODIPConDirAccessAccount attribute to connect to the connected directory. The value is specific to the third-party directory with which you are integrating. For instance, for the SunONE synchronization connector, it is the valid bind password in the SunONE Directory Server. For the Human Resources Agent, it is the Oracle Human Resources database password.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.23

8.2.228 orclODIPConDirLastAppliedChgNum

Description

For Oracle Directory Integration and Provisioning import operations, the last change from the connected directory that was applied to Oracle Internet Directory. The default value is 0. If you have used the Directory Integration Platform Assistant to bootstrap the connected directory, then this value is set automatically. See Chapter 5, "Oracle Directory Integration Platform Tools" and the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform for more information about the bootstrap operation. This is valid only in the import profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.65

Other

Single-valued attribute.

8.2.229 orclODIPConDirMatchingFilter

Description

This attribute specifies the filter to apply to the third-party directory change log. It is used in the Oracle Directory Integration and Provisioning import profile. The filter must be set in the import profile when both the import and export integration profiles are enabled, as follows:

Modifiersname != connected_directory_account

This prevents the same change from being exchanged between the two directories indefinitely. To avoid confusion, make this account specific to synchronization.

See Also: Note 280474.1, "Setting Up Filtering in a DIP Synchronization Profile" available at My Oracle Support (formerly MetaLink) at http://metalink.oracle.com/.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.42

8.2.230 orclODIPConDirURL

Description

Connection string required to connect to the third-party connected directory. This value refers to the host name and port number as host:port:[sslmode].

To connect by using SSL, enter host:port:1.

Make sure the certificate to connect to the directory is stored in the wallet, the location of which is specified in the file odi.properties.

Note: To connect to SunONE Directory Server by using SSL, the server certificate needs to be loaded into the wallet.

See Also: The chapter on Oracle Wallet Manager in Oracle Database Advanced Security Administrator's Guide.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.25

Other

Single-valued attribute.

8.2.231 orclODIPConfigDNs

Description

Stores the DNs of integration profiles for a particular configuration set in Oracle Directory Integration Platform.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.72

8.2.232 orclODIPConfigRefreshFlag

Description

Stores a flag which indicates whether any integration profiles have been added, deleted, or modified. Used in association with a configuration set.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.71

Other

Single-valued attribute.

8.2.233 orclODIPDbConnectInfo

Description

The connection string for the database of a provisioning profile subscriber. The format of the string is host:port:sid:username:password.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubStringsMatch

Object ID

2.16.840.1.113894.9.1.2

8.2.234 orclODIPEncryptedAttrKey

Description

Stores a key which is used to encrypt and decrypt sensitive data that is transmitted by the Oracle directory integration platform server to other applications.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.215

Other

Single-valued attribute.

8.2.235 orclODIPEventFilter

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Description

The data format or protocol used in synchronization with a third-party directory. Supported values are:

LDIF—Import or export from a LDIF File.
Tagged—Import or export from a tagged file—a proprietary format supported by the Oracle Directory Integration Platform server, similar to LDIF format.
LDAP—Import from or export to an LDAP-compliant directory.
DB —Import from or export to an Oracle Database directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.28

Other

Single-valued attribute.

8.2.241 orclODIPLastExecutionTime

Description

Status attribute set to the last time the integration profile was executed by the Oracle Directory Integration and Provisioning server. Its format is dd-mon-yyyy hh:mm:ss, where hh is the time of day in 24-hour format. This attribute is initialized during profile creation.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.61

Other

Single-valued attribute.

8.2.242 orclODIPLastSuccessfulExecutionTime

Description

Status attribute set to the last time the integration profile was executed successfully by the Oracle Directory Integration and Provisioning server. Its format is dd-mon-yyyy hh:mm:ss, where hh is the time of day in 24-hour format. This attribute is initialized during profile creation.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.62

Other

Single-valued attribute.

8.2.243 orclODIPMustAttrCriteria

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.603

Other

Single-valued attribute.

8.2.244 orclODIPObjectCriteria

Description

Used in an object definition to identify and classify a particular type of object.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.602

8.2.245 orclODIPObjectDefnLocation

Description

Identifies the location of the various object definitions used by the Oracle directory integration platform server.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.917

Other

Single-valued attribute.

8.2.246 orclODIPObjectEvents

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.432

8.2.247 orclODIPObjectName

Description

Used in an object definition to store the name of an object.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.601

Other

Single-valued attribute.

8.2.248 orclODIPObjectSyncBase

Description

The search base in the directory for an object associated with an Oracle Directory Integration and Provisioning synchronization profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.431

8.2.249 orclODIPOIDMatchingFilter

Description

In export profiles, this attribute specifies the filter to apply to the Oracle Internet Directory change log container. It is used in the export profile. It must be set in the export profile when both the import and export integration profiles are enabled, as in the following example:

Modifiersname !=orclodipagentname=iPlanetImport,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory

This prevents the same change from being exchanged between the two directories indefinitely.

In import profiles, this attribute specifies a key for mapping entries between Oracle Internet Directory and the connected directory. This is useful when the DN cannot be used as the key.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

Description

The debugging level for an Oracle Directory Integration and Provisioning synchronization profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.251

Other

Single-valued attribute.

Note:

To log all information for a synchronization profile, including entries that are synchronized, set the orclODIPProfileDebugLevel to a value of 63 for 10g and to a value of 64 for 11g.

The orclodipprofiledebuglevel attribute corresponds to the odip.profile.debuglevel configuration property. The odip.profile.debuglevel property refers to the following log levels, which you can set in the Oracle Enterprise Manager Fusion Middleware Control by editing the Log Level under the Advanced tab:

Off = 0
Error = 8
Info = 16
Trace = 32
All = 64 (recommended for most sync/profile mapping troubleshooting)

8.2.259 orclODIPProfileExecGroupID

Description

Associates a group number with a particular provisioning profile.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.250

Other

Description

Contains errors raised during event propagation by the Oracle directory integration platform server for a particular provisioning-integrated application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.231

8.2.274 orclODIPProfileProcessingStatus

Description

Contains the Oracle directory integration platform server's event propagation status for a particular provisioning-integrated application.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.230

Other

Description

Used with version 2.0 provisioning profiles to convert a change in Oracle Internet Directory to an event before propagating it to a provisioning-integrated application. This attribute is used to identify a particular type of event.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.503

8.2.279 orclODIPProvEventLDAPChangeType

Description

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.502

Description

The number of the corresponding SSL mode. The default is 0. The modes are as follows:

0 — SSL is not used.
1 — SSL is used for encryption only, not for authentication.
2 — SSL is used for one-way authentication. With this mode you must also specify the complete path and file name of the server's Oracle Wallet.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.513

Other

Single-valued attribute.

8.2.303 orclODIPServerWalletLoc

Description

The complete path and file name of the Oracle Directory Integration and Provisioning server's Oracle Wallet.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.517

Other

Description

Name of OID component where replication server is started.

Syntax

Directory String

Matching Rule

caseIgnoreMatch

Object ID

Description

Stores the operation result.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.64

8.2.319 orclOpSucceeded

Description

Specifies the number of successful LDAP operations.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.189

Other

Single-valued attribute.

8.2.320 orclOpTimedOut

Description

Specifies the number of LDAP search operations that timed out.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.169

Other

Single-valued attribute.

8.2.321 orcloptracklevel

Description

Security event tracking level.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.180

8.2.322 orcloptrackmaxtotalsize

Description

Maximum number of bytes of RAM that security events tracking can use for each type of operation.

Syntax

Integer

Matching Rule

integerMatch

Object ID

Description

The global unique identifier of the user who owns an application or resource.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

Description

The answer related to the password hint question stored in orclPasswordHint.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.315

Other

Single-valued attribute.

Note:

orclPasswordHintAnswer is hashed using the SHA-1 algorithm. The hexadecimal value of this is Base64 encoded.

Oracle Internet Directory hashes the value only if it is provided as plaintext. Prehashed values are not hashed again.

8.2.333 orclPasswordVerifier

Description

Attribute for storing a password to an Oracle component when that password is different from that used to authenticate the user to the directory, namely, userPassword. The value in this attribute is not synchronized with that in the userPassword attribute.

Like authPassword, this attribute is multivalued and can contain all the other verifiers that different applications use for this user's clear text password.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.210

8.2.334 orclPilotMode

Description

Whether to BEGIN or END pilot mode for a replica.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch, equality integermatch

Object ID

2.16.840.1.113894.1.1.824

Other

Single-valued attribute.

8.2.335 orclPKCS12Hint

Description

Password hint for the user's PKCS12 private key store.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.7.1.11

8.2.336 orclPKIMatchingRule

Description

This is used to specify the matching rule for mapping a user's PKI certificate DN to the user's entry DN in Oracle Internet Directory. The following matching rule values are allowed:

0 - Exact match. The PKI certificate DN must match the user entry DN.
1 - Certificate search. Check to see if the user has a PKI certificate provisioned into Oracle Internet Directory.
2 - A combination of exact match and certificate search. If the exact match fails, then a certificate search is performed.
3 - Mapping rule only. Use a mapping rule to map user PKI certificate DNs to Oracle Internet Directory DNs.
4 - Try in order: 1 (mapping rule), 2 (certificate search), 3 (exact match).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.703

Other

Single-valued attribute.

8.2.337 orclPKINextUpdate

Description

The universal time when the certificate revocation list (CRL) should be updated.

Syntax

1.3.6.1.4.1.1466.115.121.1.53 (UTC Time)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.2.1.300.1

8.2.338 orclPKIValMecAttr

Description

Contains the certificate validation mechanism supported. Currently, only validation with crls is supported, hence the value of this attribute is CRL.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.2.1.300.2

8.2.339 orclPluginAttributeList

Description

A semicolon-separated attribute name list that controls whether the plug-in takes effect. If the target attribute is included in the list, the plug-in is invoked.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.563

Other

Single-valued attribute.

8.2.340 orclPluginCheckEntryExist

Description

If enabled, then the Plug-in is invoked when the base entry does not exist. This only applies to search operation with scope base.

Allowed values are 0 (disabled) or 1 (enabled).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.569

Other

Single-valued attribute.

8.2.341 orclPluginEnable

Description

Whether a plug-in is enabled or disabled. Allowed values are 0 (disabled) or 1 (enabled). The default is 0 (disabled).

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.554

Other

Single-valued attribute.

8.2.342 orclPluginEntryProperties

Description

An LDAP search filter that specifies entry criteria that will cause the plug-in to not be invoked. For example, if the following filter is used, the plug-in will not be invoked if the target entry has objectclass equal to inetorgperson and sn equal to Cezanne.

(&(objectclass=inetorgperson)(sn=Cezanne))

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.568

Other

Single-valued attribute.

8.2.343 orclPluginIsReplace

Description

For plug-ins that use WHEN timing only. 0 is disabled (default). 1 is enabled. This attribute can be set to enabled only if the orclPluginLDAPOperation attribute value is ldapbind, ldapcompare, or ldapmodify.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.559

Other

Single-valued attribute.

8.2.344 orclPluginBinaryFlexfield

Description

Custom binary information (Java only)

Syntax

1.3.6.1.4.1.1466.115.121.1.5

Object ID

2.16.840.1.113894.1.1.574

Other

Single-valued attribute.

8.2.345 orclPluginFlexfield

Description

Custom text information (Java only). To indicate a subtype, specify orclPluginFlexfield; subtypename, for example, orclPluginFlexfield; minPwdLength: 8

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.573

Other

Single-Valued attribute.

8.2.346 orclPluginSecuredFlexfield

Description

Syntax

1.3.6.1.4.1.1466.115.121.1.15

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.577

Other

Single-Valued attribute.

8.2.347 orclPluginKind

Description

The kind of plug-in. PL/SQL is the only allowed value.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.562

Other

Single-valued attribute.

8.2.348 orclPluginLDAPOperation

Description

The LDAP operation that this plug-in supplements. Allowed values are:

ldapcompare
ldapmodify
ldapbind
ldapadd
ldapdelete
ldapsearch

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.557

Other

Single-valued attribute.

8.2.349 orclPluginName

Description

The plug-in package name.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.552

Other

Single-valued attribute.

8.2.350 orclPluginPort

Description

The port that the plug-in is using.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.566

Other

Single-valued attribute.

8.2.351 orclPluginRequestGroup

Description

A semicolon-separated group list that controls if the plug-in takes effect. You can use this group to specify who can actually invoke the plug-in. For example, if you specify orclpluginrequestgroup:cn=security,cn=groups,dc=oracle,dc=com, when you register the plug-in, then the plug-in will not be invoked unless the ldap request comes from the person who belongs to the group cn=security,cn=groups,dc=oracle,dc=com.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.564

Other

Single-valued attribute.

8.2.352 orclPluginRequestNegGroup

Description

A semicolon-separated group list that controls if the plug-in takes effect. You can use this group to specify who cannot invoke the plug-in. For example, if you specify orclpluginrequestneggroup: cn=security,cn=groups,dc=oracle,dc=com, when you register the plug-in, then the plug-in will not be invoked if the ldap request comes from the person who belongs to the group cn=security,cn=groups,dc=oracle,dc=com.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.571

Other

Single-valued attribute.

8.2.353 orclPluginResultCode

Description

An integer value to specify the LDAP result code. If this value is specified, then the plug-in is invoked only if the ldap operation is in that result code scenario. This only applies if the value for the orclPluginTiming attribute is POST.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.565

Other

Single-valued attribute.

8.2.354 orclPluginSASLCallBack

Description

Controls the type of bind used when the LDAP_PLUGIN package connects back to the same Oracle Internet Directory server.

1= SASL bind (default).
0= Simple bind.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.572

Other

Single-valued attribute.

8.2.355 orclPluginSearchNotFound

Description

This only applies if the value for the orclPluginTiming attribute is POST. Brings in the external entries if the entry is not found in Oracle Internet Directory. Provides additional plug-in invocation checking and ensures that the plug-in will only be invoked when the entry is not present in Oracle Internet Directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.570

Other

Single-valued attribute.

8.2.356 orclPluginShareLibLocation

Description

File location of the program libraries for the plug-in. If this value is not present, then the Oracle Internet Directory server assumes the plug-in language is PL/SQL.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.556

Other

Single-valued attribute.

8.2.357 orclPluginSubscriberDNList

Description

A semicolon-separated DN list that controls if the plug-in takes effect. For example:

dc=COM,c=us;dc=us,dc=oracle,dc=com;dc=org,dc=us;o=IMC,c=US

If the target DN of an LDAP operation is included in the list, then the plug-in is invoked.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.561

Other

Single-valued attribute.

8.2.358 orclPluginTiming

Description

Specifies when the plug-in is to be invoked in relation to the LDAP operation it supplements. The following values are allowed:

PRE
WHEN
POST

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.558

Other

Single-valued attribute.

8.2.359 orclPluginType

Description

Valid value is operational — Operational plug-ins augment existing LDAP operations. The work they perform depends on whether they execute before, after, or in addition to normal directory server operations.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.553

Other

Single-valued attribute.

8.2.360 orclPluginVersion

Description

The supported version number of the plug-in.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.555

Other

Single-valued attribute.

8.2.361 OrclPluginWorkers

Description

Number of plug-in threads per server process.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.612

8.2.362 orclPrName

Description

Stores a process name.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.55

Other

Description

Specifies the schedule for purging directory objects.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integermatch

Object ID

2.16.840.1.113894.1.1.24

Other

Single-valued attribute.

DSA operational attribute.

8.2.375 orclPurgeStart

Description

The time when the garbage collector starts to run. The format is yyyymmddhhmmss. Default value is 12:00 a.m. of the day Oracle Internet Directory is installed.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.813

Other

Single-valued attribute.

8.2.376 orclPurgeTargetAge

Description

This attribute enables time-based purging of change log records. Set this to the number of hours after which old change logs are purged. Time-based purging respects the change status of replication, but not the change status of other consumers. When time-based purging is enabled, the change log garbage collector purges all change logs that are not needed by replication and that are at least the specified number of hours old.

The default behavior is change number-based purging, meaning this attribute is NULL or set to a value less than zero. Change number-based purging respects the change status of all change log consumers. That is, it does not purge change logs unless they have been consumed by all consumers. In addition, it does not purge change logs until they are 10 days old.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.800

Other

Single-valued attribute.

8.2.377 orclPurgeTranSize

Description

The number of objects to be purged in one commit transaction. The default value is 1000.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.802

Other

Single-valued attribute.

8.2.378 orclPwdAccountUnlock

Description

It allows a user with the appropriate admininstration rights and priviledges to unlock an already locked account. However, it doesn't necessarily imply that the user affected (that is, who's account was locked) can unlock it by changing this attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.203

Other

Single-valued attribute.

8.2.379 orclPwdAllowHashCompare

Description

Whether to allow password validations by comparing the hash values of encrypted passwords. Allowed values are TRUE or FALSE.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.218

Other

Single-valued attribute.

8.2.380 orclPwdAlphaNumeric

Description

Number of numeric characters required in a password. The default value is 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.205

Other

Single-valued attribute.

8.2.381 orclPwdEncryptionEnable

Description

If the value is 1, then the user password is stored in reversible encrypted form. If the value is 0, then the user password is stored in plain text.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.215

Description

Whether to enable account lockouts for a specific IP address. The value can be are 1 (for true) or 0 (for false).

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.200

Other

Single-valued attribute.

8.2.386 orclPwdIPLockoutDuration

Description

The number of seconds you want to enforce account lockout for a specific IP address. A user account stays locked even after the lockout duration has passed unless the user binds with the correct password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.201

Other

Single-valued attribute.

8.2.387 orclPwdIPMaxFailure

Description

The maximum number of failed logins from a specific IP address after which the account is locked.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.202

Other

Single-valued attribute.

8.2.388 orclpwdmaxinactivitytime

Description

Maximum period of time in seconds after which an inactive account is automatically locked.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.379

Other

Single-valued attribute.

8.2.389 orclPwdMaxRptchars

Description

Maximum number of times a single character type can be repeated in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.415

Other

Single-valued attribute.

8.2.390 orclPwdMinAlphachars

Description

Minimum number of alphabetic characters required in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.411

Other

Single-valued attribute.

8.2.391 orclPwdMinSpecialchars

Description

Minimum number of non-alphanumeric characters required in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.412

Other

Single-valued attribute.

8.2.392 orclPwdMinUppercase

Description

Minimum number of uppercase characters required in a password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.413

Other

Single-valued attribute.

8.2.393 orclpwdminlowercase

Description

orclpwdminlowercase

Syntax

Minimum number of lowercase characters required in a password.

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.414

Other

Single-valued attribute.

8.2.394 orclPwdPolicyEnable

Description

Whether to enable or disable the password policy. The value can be are 1 (for enable) or 0 (for disable).

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.213

Other

Single-valued attribute.

8.2.395 orclPwdTrackLogin

Description

Enables or disables tracking of user's last login time; 1 for enabling and 0 for disabling (default).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.377

Other

Single-valued attribute

8.2.396 orclPwdVerifierParams

Description

This attribute contains the values of different password verifier types, such as:

orclpwdverifierparams;authpassword: crypto:SASL/MDS $ realm:dc=com

orclpwdverifierparams;orclpasswordverifier: crypto:ORCLLM

orclpwdverifierparams;authpassword: crypto:ORCLWEBDAV $ realm:dc=com

Syntax

1.3.6.1.4.1.1466.115.121.1.15{256} (Directory String, 256 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.209

8.2.397 orclQueueDepth

Description

Indicates the queue depth.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.144

Other

Single-valued attribute.

8.2.398 orclQueueLatency

Description

Defines the queue latency.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.145

Other

Single-valued attribute.

8.2.399 orclReadWaitThreads

Description

Specifies the number of Oracle Internet Directory server threads waiting to read from the network.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.142

Other

Single-valued attribute.

8.2.400 orclReqAttrCase

Description

Disables or enables preserving the letter case of required attributes in search result. Allowed values are 0 (disable) or 1 (enable). The default value is 0.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.423

Other

Single-valued attribute

8.2.401 orclrefreshdgrmems

Description

Refresh Dynamic Group Memberships.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch (Integer)

Object ID

2.16.840.1.113894.1.1.416

Other

Single-valued attribute

8.2.402 orclReplAgreements

Description

The DNs of the replication agreement entries.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.105

8.2.403 orclReplAttrConfl

Description

Specifies whether timestamp or attribute version should be honored first during attribute level conflict resolution. 0 (default): timestamp first, 1: version number first

Syntax

1.3.6.1.4.1.1466.115.121.1.27(Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.899

Other

Single valued attribute

8.2.404 orclreplautotune

Description

Dynamically vary the number of threads assigned to transport and apply tasks based on load. 0: Off, 1: On.

If you set the server to auto tune, you must specify the number of maximum number of threads to be shared between these tasks. Restart server after changing.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.827

8.2.405 orclReplicaDN

Description

For LDAP-based replication only. The DN of the consumer replica in the replication agreement.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.817

8.2.406 orclReplicaID

Description

Naming attribute for the replica subentry. Its value is unique to each directory server node that is initialized at installation. The value of this attribute, assigned during installation, is unique to each directory node, and matches that of the orclreplicaID attribute at the root DSE. You cannot modify this value.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.106

Other

Single-valued attribute.

8.2.407 orclReplicaSecondaryURI

Description

Contains the set of ldapURI formatted addresses that can be used if the orclReplicaURI values cannot be used.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

2.16.840.1.113894.1.1.815

8.2.408 orclReplicaState

Description

Defines the state of the replica. Possible values are:

0 (boot strapping)
1 (online)
2 (offline)
3 (bootstrap in progress)
4 (bootstrap in progress, cn=oraclecontext bootstrap has completed)
5 (bootstrap completed, failure detected for one or more naming contexts)
6 (database copy based add node)
7 (sync schema)
8 (boot strap without schema sync)

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.818

Other

Single-valued attribute.

8.2.409 orclreplicationid

Description

Unique identifier of a one-way, two-way, or peer-to-peer replication group

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.509

8.2.410 orclReplicationProtocol

Description

Defines the replication protocol for change propagation to replica. Values are:

ODS_ASR_1.0 (Oracle Database Advanced Replication-based protocol)
ODS_LDAP_1.0 (LDAP-based replication)

You cannot modify this attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.29

Other

Single-valued attribute.

8.2.411 orclReplicationState

Description

Activation state of the replication server. 0-Inactive, 1-Active

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.831

8.2.412 orclReplicaType

Description

Defines the type of replica such as read-only or read/write. Possible values are:

0 (Read/Write)
1 (Read-Only)

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.816

Other

Single-valued attribute.

8.2.413 orclReplicaURI

Description

Contains information in ldapURI format that can be used to open a connection to this replica.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

2.16.840.1.113894.1.1.814

Other

Single-valued attribute.

8.2.414 orclReplicaVersion

Description

Oracle Internet Directory version of the replica.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.820

Other

Single-valued attribute.

8.2.415 orclreplmaxworkers

Description

Maximum number of worker threads. Required if orclreplautotune is set.

Syntax

Integer

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.826

8.2.416 orclreplusesasl;digest-md5

Description

Use SASL for replication binds. Values are auth, auth-int, and auth-conf.

Syntax

Directory String

Matching Rule

caseIgnoreMatch; caseIgnoreSubstringMatch

Object ID

2.16.840.1.113894.1.1.829

8.2.417 orclResourceIdentifier

Description

Stores the resource identifier.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.348

8.2.418 orclResourceName

Description

Specifies the name of the resource for which the connection information is being maintained.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.350

8.2.419 orclResourceTypeName

Description

Specifies the name of the resource, for example, database, XMLPDS, JDBCPDS.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.351

8.2.420 orclResourceViewers

Description

Lists the users or groups of users who can view a Resource Access Descriptor.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.366

8.2.421 orclRevPwd

Description

Reversible encrypted value of the user password. This attribute is generated only if the attribute value of orclPwdEncryptionEnable in the password policy entry is set to 1. This attribute cannot be queried.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.216

Other

Directory operational attribute.

Not user modifiable.

8.2.422 orclrienabled

Description

Enables referential integrity. 0: disabled, 1: enabled.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.1300

Other

Single-valued attribute

8.2.423 orclrscacheattr

Description

Multi-valued attribute that specifies the Result Set Cache attributes. Default values are:

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
orclrscacheattr: uid
orclrscacheattr: mail
orclrscacheattr: cn
orclrscacheattr: orclguid

Note:

Typically these attributes are not modified for the life of the entry. If an attribute has referential integrity enabled, that attribute should not be used.

Syntax

1.3.6.1.4.1.1466.115.121.1.44

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.624

Other

Multi-valued attribute.

8.2.424 orclTraceConnDN

Description

If orclDebugFlag is set to a value other than zero (0) and orclTraceConnDN specifies one or more connection DNs, Oracle Internet Directory server logs messages only for connections with specified DNs. Other messages are ignored.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.1051

Other

Multi-valued attribute.

8.2.425 orclTraceConnIP

Description

If orclDebugFlag is set to a value other than zero (0) and orclTraceConnIP specifies one or more connection IP addresses, Oracle Internet Directory server logs messages only for operations performed by the specified connection IP addresses. Other messages are ignored.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.1052

Other

Multi-valued attribute.

8.2.426 orclSAMAccountName

Description

Stores the value of Active Directory's SAMAccountName attribute. In Oracle Internet Directory, this attribute is defined as a directory string type. However, in Active Directory this attribute cannot accept any special or non-printable characters. If any entry is added in Oracle Internet Directory with this attribute, it can only contain a simple text string or synchronization from Oracle Internet Directory to Active Directory will fail.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.8.1.903

Other

Single-valued attribute.

8.2.427 orclSASLAuthenticationMode

Description

SASL authentication mode indicates different modes depending on the type of authentication required and the level of security, such as, auth-only, auth-int, or auth-conf.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.700

Other

Single-valued attribute.

8.2.428 orclSASLCipherChoice

Description

Contains the SASL cipher choice. when the authentication mode is auth-conf, the SASL cipher choices can be 3DES, DES, RC4, RC4-56, or RC4-40.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

Description

Indicates the secondary UID of a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.360

8.2.435 orclSequence

Description

Specifies the sequence number for audit log entries.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.62

8.2.436 orclServerAvgMemGrowth

Description

Specifies the Oracle Internet Directory server process memory growth as a percentage.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.148

Other

Single-valued attribute.

8.2.437 orclServerMode

Description

Specifies if data can be written to the server. Valid values are:

r (read-only)
rw (read/write)
rm (read-modify, that is, to read and modify, but not to add or delete)

The default value is rw.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.51

Other

Single-valued attribute.

8.2.438 orclServerProcs

Description

Number of server processes to start. The default for configset0 is 1. You cannot use a negative value for this attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.364

Other

Single-valued attribute.

8.2.439 orclServiceInstanceLocation

Description

Specifies the DN of an instance of a service.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseExactMatch

Object ID

2.16.840.1.113894.1.1.1102

Other

Description

List of multivalued attributes that, when changed, cause a simplified change log to be generated.

Syntax

Matching Rule

DistinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.823

8.2.446 orclSizeLimit

Description

Maximum number of entries to be returned by a search.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.10

Other

Single-valued attribute

8.2.447 orclSkewedAttribute

Description

Attribute that contains names of attributes which are skewed. A skewed attribute has very different search response times depending on its value. You can uniform the response times for searches for such an attribute by adding it as a value of the orclskewedattribute attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.405

8.2.448 orclSkipRefInSQL

Description

Specifies whether to skip referral in SQL generated for searches. Its default value is 0. Set it to 1 if there are no referral entries in the directory; this will help optimizing search performance.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.410

Other

Single-valued attribute

8.2.449 orclSkipSpecialInFilter

Description

Evaluates whether Oracle Internet Directory should skip the processing of special characters specified in filter values during a search operation. Its default value is 0.

0: Process the special characters specified in the filter value.

1: Do not process the special characters specified in the filter value.

Syntax

1.3.6.1.4.1.1466.115.121.1.44

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.629

Other

Description

Type of SSL authentication to use for this instance of Oracle Internet Directory server. The default value of 1, specifies no SSL authentication. Different instances can have different values. One-way and two-way SSL authentication requires a wallet. You may use one of the following three values:

1 = Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. If you selected the SSL Enabled check box on the Credentials tab, and choose this option, then only SSL encryption/decryption is used.
32 = One-way authentication. Only the directory server authenticates itself to the client by sending its certificate to the client.
64 = Two-way authentication. Both client and server send certificates to each other.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.13

Other

Single-valued attribute

8.2.454 orclSSLCipherSuite

Description

A cipher suite is a set of authentication, encryption, and data integrity algorithms used for exchanging messages between network nodes. During an SSL handshake, the two nodes negotiate to see which cipher suite they will use when transmitting messages back and forth. The following cipher suites are supported:

Table 8-3 SSL Cipher Suites Supported in Oracle Internet Directory

Cipher Suite	Authentication	Encryption	Data Integrity
SSL_RSA_WITH_3DES_EDE_CBC_SHA	RSA	3DES	SHA
SSL_RSA_WITH_RC4_128_SHA	RSA	RC4	SHA
SSL_RSA_WITH_RC4_128_MD5	RSA	RC4	MD5
SSL_RSA_WITH_DES_CBC_SHA	RSA	DES	SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5	RSA	RC4_40	MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	RSA	DES40	SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA	None	3DES	SHA
SSL_DH_anon_WITH_RC4_128_MD5	None	RC4	MD5
SSL_DH_anon_WITH_DES_CBC_SHA	None	DES	SHA
SSL_RSA_WITH_AES_128_CBC_SHA	RSA	AES	SHA
SSL_RSA_WITH_AES_256_CBC_SHA	RSA	AES	SHA

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum.

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.19

8.2.455 orclSSLEnable

Description

Flag for enabling or disabling SSL. Use this flag when you use different instances of the same server for either SSL or non-SSL. Allowed values are:

0—for non-secure operation only
1—for SSL authentication only
2— for both non-secure operation and SSL authentication

The default value is 2.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.14

Other

Single-valued attribute

8.2.456 orclsslinteropmode

Description

Enable SSL interoperability with Oracle legacy applications using no-auth mode.

Starting with Oracle Internet Directory 11g Release 1 (11.1.1.7.0), the default value is disabled (orclsslinteropmode = 0), in order to be fully compliant with the JDK SSL.

In no-auth mode, Oracle legacy components developed before 11g Release 1 (11.1.1) such as legacy LDAP C clients can connect with Oracle Internet Directory only by using an instance that has interoperability mode enabled (orclsslinteropmode = 1).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.422

Other

Single-valued attribute

8.2.457 orclSSLPort

Description

The default SSL default port for the directory server. Default value is 3133. When you run the directory in the secure mode, it listens at default port 3133 and accepts only SSL-based TCP/IP connections. (When you run the directory in the normal mode, it listens at default port 389, accepting normal TCP/IP connections.) You might want to change this port when you add multiple LDAP server instances.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.17

Other

Single-valued attribute

8.2.458 orclSSLVersion

Description

SSL version. The default value is 3.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.18

Other

Single-valued attribute

8.2.459 orclSSLWalletURL

Description

Sets the location of the Oracle Wallet. You initially set this value when you create the wallet. If you elect to change the location of the Oracle Wallet, you must change this parameter. You must set the wallet location on both the client and the server. For example, on UNIX, you could set this parameter as follows:

file:/home/my_dir/my_wallet

On Microsoft Windows, you could set this parameter as follows:

file:C:\my_dir\my_wallet

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.15

Other

Description

Depending on the context of the object that it is applied to, like a service, it indicates if the service is available or not.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.9.1.9

8.2.466 orclSUAccountLocked

Description

Determines whether a superuser account is locked.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.192

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.467 orclSubscriberDisable

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.100

Other

Single-valued attribute.

8.2.468 orclSubscriberFullName

Description

Stores the full name of the configured realm.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.333

Other

Single-valued attribute.

8.2.469 orclSubscriberNickNameAttribute

Description

Stores a name of an attribute that holds the unique identifier of a realm.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.302

Other

Description

The number of failed login attempts for the directory superuser.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.191

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.475 orclSUName

Description

The distinguished name of the directory superuser account, for example, cn=orcladmin.

Syntax

1.3.6.1.4.1.1466.115.121.1.12

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.8

Other

Single-valued attribute.

8.2.476 orclSUPassword

Description

Oracle Internet Directory superuser password.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{128} (Directory String, 128 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.9

Other

Single-valued attribute.

8.2.477 orclSystemName

Description

Identifies the host name on which a particular instance of a service is running.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.7.1.3

Other

Single-valued attribute.

8.2.478 orclTcpConnToClose

Description

Specifies the number of clients for which the Oracle Internet Directory server will close TCP connections.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.153

Other

Single-valued attribute.

8.2.479 orclTcpConnToShutDown

Description

Specifies the number of clients for which the Oracle Internet Directory server will shut down TCP connections.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.152

Other

Single-valued attribute.

8.2.480 orclThreadSpawnFailed

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.154

Other

Single-valued attribute.

8.2.481 orclThreadsPerSupplier

Description

Specifies the number of threads per supplier for the Oracle directory replication server.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integermatch

Object ID

2.16.840.1.113894.1.1.31

Other

DSA operational attribute.

8.2.482 orclTimeLimit

Description

Maximum number of seconds allowed for a search to be completed. The default value is 3600.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.65

Other

Description

Identifies the DN of the group that list all the applications that specific application trusts for Service to Service Authentication.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.368

8.2.492 orclTraceMode

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.175

Other

Single-valued attribute.

8.2.493 orclTxnMaxOperations

Description

Maximum number of operations allowed in a transaction.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.381

Other

Single-valued attribute

8.2.494 orclTxnTimeLimit

Description

Maximum allowed time in a transaction (sec).

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.380

Other

Single-valued attribute

8.2.495 orclUIAccessibilityMode

Description

Set to TRUE to display a user interface that is accessible to people with impaired vision.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

2.16.840.1.113894.1.1.367

Other

Single-valued attribute.

8.2.496 orclUniqueAttrName

Description

The name of an attribute that you want to be unique. Autoboot uniqueness means that each entry must have a unique value for this attribute type.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.500

Other

Single-valued attribute.

8.2.497 orclUniqueEnable

Description

Disables or enables attribute uniqueness constraints. Allowed values are 0 (disable) or 1 (enable). The default value is 0.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.508

Other

Single-valued attribute.

8.2.498 orclUniqueObjectClass

Description

Specifies an object class filter for an attribute uniqueness constraint entry. This means the attribute specified in orclUniqueAttrNamemust be unique in an instance of this object class.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.503

Other

Single-valued attribute.

8.2.499 orclUniqueScope

Description

The scope of the attribute uniqueness constrain in the DIT. Allowed values are:

base—Searches the root entry only
onelevel—Searches one level only
sub—Searches the entire directory

The default value is sub.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.501

Other

Single-valued attribute.

8.2.500 orclUniqueSubtree

Description

When multiple attribute uniqueness constraints have the same values in orclUniqueAttrName, orclUniqueScope and orclUniqueObjectClass, but different values in orcluniquesubtree, the union of subtree scopes specified by those attribute uniqueness constraints is checked.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.502

Other

Single-valued attribute.

8.2.501 orclUnsyncRevPwd

Description

This attribute stores a password that is not synchronized with the entry in the userpassword.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.16.840.1.113894.1.1.217

Other

Directory operational attribute.

Not user modifiable.

8.2.502 orclUpdateSchedule

Description

Replication update interval for new changes and those being retried. The value is in seconds.

Syntax

1.3.6.1.4.1.1466.115.121.1.27

Matching Rule

integermatch

Object ID

2.16.840.1.113894.1.1.30

Other

Directory operational attribute.

Not user modifiable.

Single-valued attribute.

8.2.503 orclUpgradeInProgress

Description

Indicates whether rolling upgrade is in progress.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.104

Other

Single-valued attribute.

8.2.504 orclUserDN

Description

The distinguished name (DN) of the user who performed an operation.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.61

8.2.505 orclUserIDAttribute

Description

Specifies the attribute to use as the user identifier value when accessing the resource.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.16.840.1.113894.1.1.352

Other

Single-valued attribute.

8.2.506 orclUserModifiable

Description

Specifies if the data is modifiable by the user that this resource access descriptor entry is created for.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

Description

Identifies workflow notification preferences for a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

Object ID

2.16.840.1.113894.1.1.313

8.2.512 orclWriteWaitThreads

Description

Specifies the number of Oracle Internet Directory server threads waiting to write to the network.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.143

Other

Single-valued attribute.

8.2.513 owner

Description

Specifies the distinguished name (DN) of some object which has some responsibility for the associated object.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.5.4.32

8.2.514 pilotStartTime

Description

The time stamp of when pilot mode was started for a replica.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

2.16.840.1.113894.1.1.825

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.515 preferredServerList

Description

The IP addresses of the preferred servers that a directory user agent should use in a space separated list. The servers in this list are tried in order before those in the defaultServerList until a successful connection is made. This has no default value. At least one server must be specified in either preferredServerList or defaultServerList.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (Printable String)

Matching Rule

caseIgnoreIA5Match

Object ID

1.3.6.1.4.1.11.1.3.1.1.2

Other

Single-valued attribute.

8.2.516 profileTTL

Description

The time to live before a client directory user agent (DUA) should re-read this configuration profile. The values for profileTTL can be zero, to indicate no expiration, or a positive integer combined with one of the following letters to indicate the unit of measure:

d: indicates days

h: indicates hours

m: indicates minutes

s: indicates seconds

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.11.1.3.1.1.7

Other

Single-valued attribute.

8.2.517 protocolInformation

Description

This attribute is used in conjunction with the presentationAddress attribute, to provide additional information to the Open System Interconnection (OSI) network service.

Syntax

1.3.6.1.4.1.1466.115.121.1.42 (Protocol Information)

Matching Rule

protocolInformationMatch

Object ID

2.5.4.48

8.2.518 pwdAccountLockedTime

Description

The time stamp of when a user's account was locked.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.17

Other

Single-valued attribute.

Directory operational attribute.

No user modification.

8.2.519 pwdAllowUserChange

Description

Reserved for future use.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.14

Other

Single-valued attribute.

8.2.520 pwdChangedTime

Description

The time stamp indicating when the user's current password was created or modified.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.16

Other

Single-valued attribute.

Directory operational attribute.

No user modification.

Description

The number of seconds after which the password failure times are purged from the user entry. If this attribute is not present, or if it has a value of 0, then failure times are never purged. The default value is 0.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.12

Other

Single-valued attribute.

8.2.525 pwdFailureTime

Description

The time stamp of consecutive failed login attempts by the user.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.19

Other

Directory operational attribute.

No user modification.

8.2.526 pwdGraceLoginLimit

Description

Maximum number of grace logins allowed after a password expires. The default value is 0 (no grace logins allowed). The recommended value is 3.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.8

Other

Single-valued attribute.

8.2.527 pwdGraceLoginTimeLimit

Description

Number of seconds after account lockout to allow grace logins.

Syntax

1.3.6.1.4.1.1466.115.121.1.27(Integer)

Matching Rule

integerMatch

Object ID

2.16.840.1.113894.1.1.418

Other

Single-valued attribute.

8.2.528 pwdGraceUseTime

Description

The time stamps of each grace login for a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time)

Matching Rule

generalizedTimeMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.21

Other

Directory operational attribute.

No user modification.

8.2.529 pwdHistory

Description

A history of a user's previous passwords. The number of passwords stored in the history is determined by the pwdInHistory attribute.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.20

Other

Single-valued attribute.

Directory operational attribute.

No user modification.

8.2.530 pwdInHistory

Description

Number of previous passwords to be stored in the password history (pwdHistory). If a user attempts to reuse one of the passwords stored in the history, then the password is rejected. The default value is 0 (no previous passwords stored in the history).

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.4

Other

Single-valued attribute.

8.2.531 pwdLockout

Description

Specification for whether users are locked out of the directory after the number of consecutive failed bind attempts specified by pwdMaxFailure. If the value of this policy attribute is TRUE, then users are locked out. If this attribute is not present, or if the value is FALSE, then users are not locked out and the value of pwdMaxFailure is ignored. By default, account lockout is enforced.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.9

Other

Single-valued attribute.

8.2.532 pwdLockoutDuration

Description

The number of seconds a user is locked out of the directory if both of the following are true:

Account lockout is enabled.
The user has been unable to bind successfully to the directory for at least the number of times specified by pwdMaxFailure.

You can set user lockout for a specific duration, or until the administrator resets the user's password. A default value of 0 (zero) means that the user is locked out forever. A user account stays locked even after the lockout duration has passed unless the user binds with the correct password.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.10

Other

Single-valued attribute.

8.2.533 pwdMaxAge

Description

The maximum number of seconds that a given password is valid. If this attribute is not present, or if the value is 0 (zero), then the password does not expire. By default, the passwords expire in 60 days.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.3

Other

Single-valued attribute.

8.2.534 pwdMaxFailure

Description

The number of consecutive failed bind attempts after which a user account is locked. If this attribute is not present, or if the value is 0 (zero), then the account is not locked due to failed bind attempts, and the value of the password lockout policy is ignored. The default is 4.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.11

Other

Single-valued attribute.

8.2.535 pwdMinAge

Description

This attribute holds the number of seconds that must elapse between modifications to the password. If this attribute is not present, 0 seconds is assumed.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.2

Other

Single-valued attribute.

8.2.536 pwdMinLength

Description

The minimum number of characters required in a password. The default is 5. The value for this attribute must be at least 1.

Syntax

1.3.6.1.4.1.1466.115.121.1.27 (Integer)

Matching Rule

integerMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.6

Other

Single-valued attribute.

8.2.537 pwdMustChange

Description

Indicator of whether users must change their passwords after the first login, or after the password is reset by the administrator. Enabling this option requires users to change their passwords even if user-defined passwords are disabled. By default, users need not change their passwords after reset. Allowed values are 1 (true) or 0 (false).

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.13

Other

Single-valued attribute.

8.2.538 pwdpolicysubentry

Description

DN of the password policy applicable at the subtree rooted at this DN.

Syntax

1.3.6.1.4.1.1466.115.121.1.34

Matching Rule

distinguishedNameMatch

Object ID

2.16.840.1.113894.1.1.417

8.2.539 pwdReset

Description

Indicator that the password has been reset and must be changed by the user on first authentication. Allowed values are TRUE or FALSE.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.22

Other

Single-valued attribute.

Directory operational attribute.

Not user modifiable.

8.2.540 pwdSafeModify

Description

Indicator of whether user must supply old password with new one when modifying password. By default, the old password is not required. Allowed values are TRUE or FALSE.

Syntax

1.3.6.1.4.1.1466.115.121.1.7 (Boolean)

Matching Rule

booleanMatch

Object ID

1.3.6.1.4.1.42.2.27.8.1.15

Other

Single-valued attribute.

8.2.541 ref

Description

A named reference. Values placed in the attribute must conform to the specification given for the labeledURI attribute (RFC 2079).

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

2.16.840.1.113730.3.1.34

Other

DSA operational attribute.

8.2.542 seeAlso

Description

Specifies the distinguished names of other directory objects which may be other aspects (in some sense) of the same real world object.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.5.4.34

8.2.543 serverName

Description

The name of the server involved in an Oracle Directory Integration and Provisioning change subscription.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

caseIgnoreMatch

caseignoresubstringsmatch

Object ID

2.16.840.1.113894.1.1.34

8.2.544 serviceAuthenticationMethod

Description

The authentication method for the service.

Syntax

1.3.6.1.4.1.1466.115.121.1.15 (Directory String)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.11.1.3.1.1.15

8.2.545 serviceCredentialLevel

Description

The credential level to be used by a service. The default value for all services is NULL. The supported credential levels are anonymous or proxy.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

N/A

Object ID

1.3.6.1.4.1.11.1.3.1.1.13

8.2.546 serviceSearchDescriptor

Description

Defines how and where an LDAP naming service client should search for information for a particular service. Contains a service name, followed by one or more semicolon-separated base-scope-filters.

Syntax

1.3.6.1.4.1.1466.115.121.1.26 (IA5 String)

Matching Rule

caseExactIA5Match

Object ID

1.3.6.1.4.1.11.1.3.1.1.8

8.2.547 sn

Description

The surname or last name of a user.

Syntax

1.3.6.1.4.1.1466.115.121.1.15{32768} (Directory String, 32768 character maximum)

Matching Rule

caseIgnoreMatch, caseIgnoreSubstringsMatch

Object ID

2.5.4.4

8.2.548 supportedcontrol

Description

List of controls supported by directory server.

Syntax

OID

Object ID

1.3.6.1.4.1.1466.101.120.13

8.2.549 supportedextension

Description

List of extended operation supported

Syntax

OID

Object ID

1.3.6.1.4.1.1466.101.120.7

8.2.550 supportedldapversion

Description

LDAP versions supported.

Syntax

Integer

Object ID

1.3.6.1.4.1.1466.101.120.15

8.2.551 uniqueMember

Description

The distinguished name for the member of a group.

Syntax

1.3.6.1.4.1.1466.115.121.1.34 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

2.5.4.50

8.2.552 supportedsaslmechanisms

Description

List of SASL mechanism supported.

Syntax

Directory String

Matching Rule

Object ID

1.3.6.1.4.1.1466.101.120.14

8.2.553 userCertificate;binary

Description

The user's certificate.

Syntax

1.3.6.1.4.1.1466.115.121.1.8 (Certificate)

Matching Rule

octetStringMatch

Object ID

2.5.4.36

8.2.554 userPassword

Description

The password used to authenticate a user to the directory.

Syntax

1.3.6.1.4.1.1466.115.121.1.44{128} (Printable String, 128 character maximum)

Matching Rule

octetStringMatch

Object ID

2.5.4.35

Other

Single-valued attribute.

8.2.555 userPKCS12

Description

PKCS#12 PFX PDU for exchange of personal identity information.

Syntax

1.3.6.1.4.1.1466.115.121.1.5 (Binary)

Matching Rule

N/A

Object ID

2.16.840.1.113730.3.1.216

8.2.556 x509issuer

Description

The DN of the certificate authority who issued the X.509 certificate revocation list.

Syntax

1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name)

Matching Rule

distinguishedNameMatch

Object ID

1.3.6.1.4.1.10126.1.5.3.4

Từ khóa » Cn 2256