MINI MINI MANI MO
#
# File: oidSchemaUpgradeFrom90110ODIP.sbs
#
# Description:
# Contains DIP specific LDAP schema extensions required by
# all Oracle Products for release iAS Rel 904
# Modified:
#
# 09/23/02 btridip Creation
#
#
# Notes:
#
# This LDIF file will only work with Oracle Internet Directory
# version Marconi and above
#
# This file should be loaded by 'ldapmodify' with the following
# options "-a -v"
#
#
###########################################################################
# Changes in Provisioning Profiles From Release 9.0.2
###########################################################################
###########################################################################
# Common Attributes
###########################################################################
######################
# Generic Attributes - NONE
######################
###############################
# Scheduling Attributes
###############################
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.212 NAME
'orclODIPProfileMaxEventsPerInvocation' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.213 NAME
'orclODIPProfileMaxEventsPerSchedule' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.214 NAME
'orclODIPProfileMaxErrors' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.215 NAME
'orclODIPEncryptedAttrKey' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
######################
# Interface Attributes-NONE
######################
######################
# Status Attributes-NONE
######################
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.234 NAME
'orclODIPProfileLastAppliedAppEventID' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
######################################################
# MISC attributes-NONE
######################################################
###########################################################################
# Provisioning Attributes
###########################################################################
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.406 NAME
'orclODIPProvisioningEventMappingRules' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.407 NAME
'orclODIPProvisioningEventPermittedOperations' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
############################################
# Attribute Modifications to change the Typo
############################################
# Delete the existing definitions
############################################
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.201 NAME
'orclODIPProfileName' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.210 NAME
'orclODIPProfileSchedule' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.211 NAME
'orclODIPProfileMaxRetries' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.220 NAME
'orclODIPProfileInterfaceName' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.221 NAME
'orclODIPProfileInterfaceType' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.222 NAME
'orclODIPProfileInterfaceConnectInformation' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.223 NAME
'orclODIPProfileInterfaceAdditionalInformation' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.224 NAME
'orclODIPProfileInterfaceVersion' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.230 NAME
'orclODIPProfileProcessingStatus' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.232 NAME
'orclODIPProfileLastProcessingTime' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.233 NAME
'orclODIPProfileLastSuccessfulProcessingTime' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.250 NAME
'orclODIPProfileExecGroupID' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
dn: cn=subschemasubentry
changetype: modify
delete: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.251 NAME
'orclODIPProfileDebugLevel' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
###############################################
# Recreate the Attribute Definitions
###############################################
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.201 NAME
'orclODIPProfileName' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.210 NAME
'orclODIPProfileSchedule' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.211 NAME
'orclODIPProfileMaxRetries' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.220 NAME
'orclODIPProfileInterfaceName' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.221 NAME
'orclODIPProfileInterfaceType' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.222 NAME
'orclODIPProfileInterfaceConnectInformation' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.223 NAME
'orclODIPProfileInterfaceAdditionalInformation' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.224 NAME
'orclODIPProfileInterfaceVersion' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.230 NAME
'orclODIPProfileProcessingStatus' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.232 NAME
'orclODIPProfileLastProcessingTime' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.233 NAME
'orclODIPProfileLastSuccessfulProcessingTime' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.250 NAME
'orclODIPProfileExecGroupID' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.251 NAME
'orclODIPProfileDebugLevel' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
################################
# ObjectClases
################################
# Update The core integration profile class. Not have orclchangesubscriber
# a Mandatory objectclass in the Core Profile But in the Provisoning Profile OC.
# Also Add the new Common Attribute To the Core Integration Profile.
dn: cn=subschemasubentry
changetype: modify
delete: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.200 NAME
'orclODIPIntegrationProfile' SUP ( top $ orclchangesubscriber) STRUCTURAL
MUST ( orclODIPProfileName $ orclVersion )
MAY (
orclStatus $ orclPasswordAttribute $ userPassword $
orclODIPProfileSchedule $ orclODIPProfileMaxRetries $
orclODIPProfileInterfaceName $ orclODIPProfileInterfaceType $
orclODIPProfileInterfaceConnectInformation $
orclODIPProfileInterfaceAdditionalInformation $
orclODIPProfileInterfaceVersion $
orclODIPProfileProcessingStatus $ orclODIPProfileProcessingErrors $
orclODIPProfileLastProcessingTime $
orclODIPProfileLastSuccessfulProcessingTime $
orclODIPProfileExecGroupID $
orclODIPProfileDebugLevel ) )
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.200 NAME
'orclODIPIntegrationProfile' SUP ( top ) STRUCTURAL
MUST ( orclODIPProfileName $ orclVersion )
MAY (
orclStatus $ orclPasswordAttribute $ userPassword $
orclODIPProfileSchedule $ orclODIPProfileMaxRetries $
orclODIPProfileMaxEventsPerInvocation $ orclODIPProfileMaxEventsPerSchedule $
orclODIPProfileInterfaceName $ orclODIPProfileInterfaceType $
orclODIPProfileInterfaceConnectInformation $
orclODIPProfileInterfaceAdditionalInformation $
orclODIPProfileInterfaceVersion $
orclODIPProfileProcessingStatus $ orclODIPProfileProcessingErrors $
orclODIPProfileLastProcessingTime $
orclODIPProfileLastSuccessfulProcessingTime $
orclODIPProfileExecGroupID $ orclODIPProfileMaxErrors $
orclODIPEncryptedAttrKey $
orclODIPProfileDebugLevel ) )
# the provisioning specific profile class
dn: cn=subschemasubentry
changetype: modify
delete: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.400 NAME
'orclODIPProvisioningIntegrationProfile'
SUP ( top $ orclODIPIntegrationProfile ) STRUCTURAL
MUST ( orclODIPProvisioningAppName $ orclODIPProvisioningAppGUID $
orclODIPProvisioningOrgName $ orclODIPProvisioningOrgGUID $
orclODIPProvisioningEventSubscription ) )
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.400 NAME
'orclODIPProvisioningIntegrationProfile'
SUP ( top $ orclODIPIntegrationProfile $ orclchangesubscriber ) STRUCTURAL
MUST ( orclODIPProvisioningAppName $ orclODIPProvisioningAppGUID $
orclODIPProvisioningOrgName $ orclODIPProvisioningOrgGUID $
orclODIPProvisioningEventSubscription ) )
# NOW , The provisioning specific profile v2.0 class
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.401 NAME
'orclODIPProvisioningIntegrationProfileV2'
SUP ( top $ orclODIPIntegrationProfile ) STRUCTURAL
MUST ( orclODIPProvisioningAppName $ orclODIPProvisioningAppGUID $
orclODIPProvisioningOrgName $ orclODIPProvisioningOrgGUID ) )
# NOW , The provisioning specific profile v2.0 InBound class
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.402 NAME
'orclODIPProvisioningIntegrationInBoundProfileV2'
SUP ( top ) STRUCTURAL
MUST ( cn $ orclODIPProvisioningAppGUID $
orclODIPProfileLastAppliedAppEventID $
orclODIPProvisioningEventMappingRules $
orclODIPProvisioningEventPermittedOperations )
MAY ( orclstatus $ orclODIPProfileProcessingStatus $
orclODIPProfileProcessingErrors $
orclODIPProfileLastProcessingTime $
orclODIPProfileLastSuccessfulProcessingTime ) )
# NOW , The provisioning specific profile v2.0 OutBound class
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.403 NAME
'orclODIPProvisioningIntegrationOutBoundProfileV2'
SUP ( top $ orclchangesubscriber ) STRUCTURAL
MUST ( cn $ orclODIPProvisioningAppGUID $
orclODIPProvisioningEventSubscription )
MAY ( orclstatus $ orclODIPProfileProcessingStatus $
orclODIPProfileProcessingErrors $
orclODIPProfileLastProcessingTime $
orclODIPProfileLastSuccessfulProcessingTime ) )
#########################################################
# Set the ACLs on the Provisioning Profile Container
#########################################################
dn: cn=Provisioning Profiles,cn=changelog subscriber,
cn=oracle internet directory
changetype: modify
replace: orclaci
orclaci: access to entry by group="cn=odisgroup,cn=odi,cn=oracle
internet directory" (browse,noadd,delete)
by group="cn=Provisioning Admins,cn=changelog subscriber,
cn=oracle internet directory" (browse,add,delete)
by guidattr=(orclODIPProvisioningAppGUID) (browse,noadd,delete)
by self (browse,noadd,nodelete) by * (none)
orclaci: access to attr=(orclStatus,userpassword,orclPasswordAttribute,
orclODIPProfileInterfaceConnectInformation,
orclODIPProfileInterfaceAdditionalInformation,
orclODIPProvisioningEventMappingRules,
orclODIPProvisioningEventPermittedOperations,
orclODIPProvisioningEventSubscription )
by group="cn=odisgroup,cn=odi,cn=oracle internet directory"
(read,search,nowrite,compare)
by group="cn=Provisioning Admins,cn=changelog subscriber,
cn=oracle internet directory" (read,search,write,compare)
by guidattr=(orclODIPProvisioningAppGUID) (read,search,write,compare)
by self (read,search,nowrite,nocompare) by * (none)
orclaci: access to attr!=(orclStatus,userpassword,orclPasswordAttribute,
orclODIPProfileInterfaceConnectInformation,
orclODIPProfileInterfaceAdditionalInformation,
orclODIPProvisioningEventMappingRules,
orclODIPProvisioningEventPermittedOperations,
orclODIPProvisioningEventSubscription )
by group="cn=odisgroup,cn=odi,cn=oracle internet directory"
(read,search,write,compare)
by group="cn=Provisioning Admins,cn=changelog subscriber,
cn=oracle internet directory" (read,search,write,compare)
by guidattr=(orclODIPProvisioningAppGUID) (read,search,write,compare)
by self (read,search,write,compare) by * (none)
##########################################################
# Now, The Provisioning Event Configuration Schema Elements
##########################################################
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.501 NAME
'orclODIPProvEventObjectType' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.502 NAME
'orclODIPProvEventLDAPChangeType' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.503 NAME
'orclODIPProvEventCriteria' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
################################
# ObjectClases
################################
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.500 NAME
'orclODIPProvEventTypeConfig' SUP ( top ) STRUCTURAL
MUST ( orclODIPProvEventObjectType )
MAY ( orclODIPProvEventLDAPChangeType $ orclODIPProvEventCriteria ) )
################################
# Event Type Configuration
################################
dn: cn=ProvisioningEventTypeConfig,cn=odi,cn=oracle internet directory
changetype: add
cn: ProvisioningEventTypeConfig
orclaci: access to entry by group="cn=Provisioning Admins,
cn=changelog subscriber,cn=oracle internet directory" (browse,add,delete)
orclaci: access to attr=(*) by group="cn=Provisioning Admins,
cn=changelog subscriber,cn=oracle internet directory"
(read,search,write,compare)
objectclass: orclContainer
dn: orclODIPProvEventObjectType=ENTRY,cn=ProvisioningEventTypeConfig,cn=odi,
cn=oracle internet directory
changetype: add
orclODIPProvEventObjectType: ENTRY
orclODIPProvEventLDAPChangeType: Add
orclODIPProvEventLDAPChangeType: Modify
orclODIPProvEventLDAPChangeType: Delete
orclODIPProvEventCriteria: objectclass=*
objectclass: orclODIPProvEventTypeConfig
dn: orclODIPProvEventObjectType=USER,cn=ProvisioningEventTypeConfig,cn=odi,
cn=oracle internet directory
changetype: add
orclODIPProvEventObjectType: USER
orclODIPProvEventLDAPChangeType: Add
orclODIPProvEventLDAPChangeType: Modify
orclODIPProvEventLDAPChangeType: Delete
orclODIPProvEventCriteria: objectclass=InetOrgPerson
orclODIPProvEventCriteria: objectclass=orclUserV2
objectclass: orclODIPProvEventTypeConfig
dn: orclODIPProvEventObjectType=IDENTITY,cn=ProvisioningEventTypeConfig,cn=odi,
cn=oracle internet directory
changetype: add
orclODIPProvEventObjectType: IDENTITY
orclODIPProvEventLDAPChangeType: Add
orclODIPProvEventLDAPChangeType: Modify
orclODIPProvEventLDAPChangeType: Delete
orclODIPProvEventCriteria: objectclass=InetOrgPerson
orclODIPProvEventCriteria: objectclass=orclUserV2
objectclass: orclODIPProvEventTypeConfig
dn: orclODIPProvEventObjectType=GROUP,cn=ProvisioningEventTypeConfig,cn=odi,
cn=oracle internet directory
changetype: add
orclODIPProvEventObjectType: GROUP
orclODIPProvEventLDAPChangeType: Add
orclODIPProvEventLDAPChangeType: Modify
orclODIPProvEventLDAPChangeType: Delete
orclODIPProvEventCriteria: objectclass=orclGroup
orclODIPProvEventCriteria: objectclass=orclPrivilegeGroup
orclODIPProvEventCriteria: objectclass=groupOfUniqueNames
orclODIPProvEventCriteria: objectclass=groupofNames
objectclass: orclODIPProvEventTypeConfig
dn: orclODIPProvEventObjectType=SUBSCRIPTION,cn=ProvisioningEventTypeConfig,
cn=odi,cn=oracle internet directory
changetype: add
orclODIPProvEventObjectType: SUBSCRIPTION
orclODIPProvEventLDAPChangeType: Add
orclODIPProvEventLDAPChangeType: Modify
orclODIPProvEventLDAPChangeType: Delete
orclODIPProvEventCriteria: objectclass=orclServiceSubscriptionDetail
objectclass: orclODIPProvEventTypeConfig
dn: orclODIPProvEventObjectType=SUBSCRIBER,cn=ProvisioningEventTypeConfig,
cn=odi,cn=oracle internet directory
changetype: add
orclODIPProvEventObjectType: SUBSCRIBER
orclODIPProvEventLDAPChangeType: Add
orclODIPProvEventLDAPChangeType: Modify
orclODIPProvEventLDAPChangeType: Delete
orclODIPProvEventCriteria: objectclass=orclSubscriber
objectclass: orclODIPProvEventTypeConfig
###########################################################################
# Changes in Synchronization Profiles From Release 9.0.2
###########################################################################
################################################
# Add the Wallet Attribute in Subscriber profile
################################################
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.100 NAME
'orclODIPWallet;binary' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113894.8.1.101 NAME
'orclodipBootStrapStatus' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
delete: objectClasses
objectClasses: ( 2.16.840.1.113894.8.2.1 NAME
'orclODIProfile'
SUP ( top ) STRUCTURAL
MAY ( cn $ orclODIPAgentName $ orclODIPSynchronizationMode $
orclODIPAgentControl $ orclODIPAgentPassword $
orclODIPAgentHostName $ orclODIPSchedulingInterval $
orclODIPSyncRetryCount $ orclODIPAgentExeCommand $
orclODIPConDirAccessAccount $ orclODIPConDirAccessPassword $
orclODIPConDirURL $ orclODIPAgentConfigInfo $ orclODIPInterfaceType $
orclODIPAttributeMappingRules $ orclODIPConDirMatchingFilter $
orclODIPOIDMatchingFilter $ orclODIPLastExecutionTime $
orclODIPLastSuccessfulExecutionTime $ orclODIPSynchronizationStatus $
orclODIPSynchronizationErrors $ orclODIPConDirLastAppliedChgNum $
userpassword $ orclVersion ) )
dn: cn=subschemasubentry
changetype: modify
delete: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.3 NAME
'orclODISConfig' SUP ( top $ orclConfigSet ) STRUCTURAL MUST ( cn )
MAY ( orclsslAuthentication $ orclsslEnable $
orclsslWalletURL $ orclsslWalletPasswd $
orclsslVersion $ orclODIPConfigRefreshFlag $ orclODIPConfigDNs ) )
dn: cn=subschemasubentry
changetype: modify
delete: objectClasses
objectclasses: (
2.16.840.1.113894.8.2.4 NAME
'orclODISInstance' SUP ( top $ orclODISConfig ) STRUCTURAL
MUST ( cn $
orclconfigsetnumber $ orclhostname $ orclODIPInstanceStatus )
MAY ( seeAlso $ description ) )
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.1 NAME
'orclODIProfile' SUP ( top ) STRUCTURAL
MUST ( orclODIPAgentName $ orclVersion )
MAY (
orclODIPSynchronizationMode $ orclODIPAgentControl $
orclODIPAgentPassword $ orclODIPAgentHostName $
orclODIPSchedulingInterval $
orclODIPSyncRetryCount $ orclODIPAgentExeCommand $
orclODIPConDirAccessAccount $ orclODIPConDirAccessPassword $
orclODIPConDirURL $ orclODIPAgentConfigInfo $ orclODIPInterfaceType $
orclODIPAttributeMappingRules $ orclODIPConDirMatchingFilter $
orclODIPLastSuccessfulExecutionTime $ orclODIPSynchronizationStatus $
orclODIPOIDMatchingFilter $ orclODIPLastExecutionTime $
orclODIPLastSuccessfulExecutionTime $ orclODIPSynchronizationStatus $
orclODIPSynchronizationErrors $ orclODIPConDirLastAppliedChgNum $
userpassword $ orclODIPProfileDebugLevel $
orclodipBootStrapStatus ) )
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: (
2.16.840.1.113894.8.2.3 NAME
'orclODISConfig' SUP ( top ) STRUCTURAL
MUST ( cn )
MAY ( orclODIPConfigRefreshFlag $ orclODIPConfigDNs ) )
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectclasses: (
2.16.840.1.113894.8.2.4 NAME
'orclODISInstance' SUP ( top $ orclODISConfig ) STRUCTURAL
MUST ( cn $
orclconfigsetnumber $ orclhostname $
orclODIPInstanceStatus )
MAY ( orclSSLEnable $ seeAlso $ description ) )
########################################
# Active Directory Specific Attributes
#######################################
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: ( 2.16.840.1.113894.8.1.902 NAME
'orclObjectSid' EQUALITY caseIgnoreMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: ( 2.16.840.1.113894.8.1.903 NAME
'orclSAMAccountName' EQUALITY caseIgnoreMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
dn: cn=subschemasubentry
changetype: modify
add: attributeTypes
attributeTypes: ( 2.16.840.1.113894.8.1.904 NAME
'orclUserPrincipalName' EQUALITY caseIgnoreMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
####################################################
# Active Directory Integration Specific ObjectClases
####################################################
# The Active Directory Specific Object Class
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: ( 2.16.840.1.113894.8.2.900 NAME
'orclADUser' SUP ( top ) STRUCTURAL
MUST ( orclSAMAccountName )
MAY ( orclUserPrincipalName $
displayName $ orclObjectGUID $ orclObjectSID ) )
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: ( 2.16.840.1.113894.8.2.899 NAME
'orclADGroup' SUP ( top ) STRUCTURAL
MUST
( orclSAMAccountName )
MAY ( orclObjectGUID $ orclObjectSID $ displayName ) )
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: ( 2.16.840.1.113894.8.2.898 NAME
'orclNTUser' SUP ( top ) STRUCTURAL
MUST
( orclSAMAccountName )
MAY ( orclObjectGUID $ orclObjectSID $ displayName ) )
##############################################################
# Catalog attributes specific to Active Directory Integration
##############################################################
dn: cn=catalogs
changetype: modify
add: orclindexedAttribute
orclindexedAttribute: orclsamaccountname
dn: cn=catalogs
changetype: modify
add: orclindexedAttribute
orclindexedAttribute: orclobjectguid
######################################################################
# DIPADMIN Account
######################################################################
dn: cn=dipadmin,cn=odi,cn=oracle internet directory
changetype: add
cn: dipadmin
sn: dipadmin
description: DIP Administrator Idenitity in OID
objectclass: person
######################################################################
# DIPADMIN Group
######################################################################
dn: cn=dipadmingrp,cn=odi,cn=oracle internet directory
changetype: add
cn: dipadmin
owner: cn=dipadmin,cn=odi,cn=oracle internet directory
uniquemember: cn=orcladmin
uniquemember: cn=dipadmin,cn=odi,cn=oracle internet directory
description: DIP Administrator Group in OID
objectclass: groupOfUniqueNames
objectclass: orclprivilegegroup
######################################################################
# ODIPGROUP getting recreated here from 904 (Had been removed in 902*)
######################################################################
dn: cn=odipgroup,cn=odi,cn=oracle internet directory
changetype: add
cn: odipgroup
objectclass: top
objectclass: groupofUniquenames
objectclass: orclprivilegegroup
uniquemember: cn=orcladmin
orclaci: access to entry by group="cn=dipadmingrp,cn=odi,cn=oracle internet
directory" (browse) by * (none)
orclaci: access to attr=(uniquemember) by group="cn=dipadmingrp,cn=odi,
cn=oracle internet directory" (search,read,write,compare) by * (none)
######################################################################
# Alter "subscriber profile" container to give permissions to the
# dipadmingrp
######################################################################
dn: cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory
changetype: modify
replace: orclaci
orclaci: access to entry by group="cn=odisgroup,cn=odi,cn=oracle internet
directory" (browse,noadd,nodelete)
by group="cn=dipadmingrp,cn=odi,cn=oracle internet directory"
(browse,add,delete)
by self (browse, noadd, nodelete) by * (none)
orclaci: access to attr=(orclODIPConDirAccessPassword,
orclODIPAgentPassword) by group="cn=odisgroup,cn=odi,
cn=oracle internet directory" (read,search,nowrite,compare)
by group="cn=dipadmingrp,cn=odi,cn=oracle internet directory"
(read,search,write,compare)
by self (read,search,nowrite,nocompare) by * (none)
orclaci: access to attr!=(orclODIPConDirAccessPassword,orclODIPAgentPassword)
by group="cn=odisgroup,cn=odi,cn=oracle internet directory"
(read,search,write,compare)
by group="cn=dipadmingrp,cn=odi,cn=oracle internet directory"
(read,search,write,compare)
by self (read,search,write,compare) by * (none)
######################################################################
# Alter "configsets for DIP" container to give permissions to the
# dipadmingrp
######################################################################
dn: cn=metadird,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclaci
orclaci: access to entry by group="cn=odisgroup,cn=odi,cn=oracle internet
directory" (browse,noadd,nodelete)
by group="cn=dipadmingrp,cn=odi,cn=oracle internet directory"
(browse,add,delete) by * (none)
orclaci: access to attr=(*) by group="cn=odisgroup,cn=odi,
cn=oracle internet directory" (read,search,nowrite,compare)
by group="cn=dipadmingrp,cn=odi,cn=oracle internet directory"
(read,search,write,compare) by * (none)
######################################################################
# Change the orclODISInstance objectclass . Add the profile Exec Group
######################################################################
dn: cn=subschemasubentry
changetype: modify
delete: objectclasses
objectclasses: ( 2.16.840.1.113894.8.2.4 NAME 'orclODISInstance' SUP ( top $ orclODISConfig ) STRUCTURAL MUST ( cn $ orclconfigsetnumber $ orclhostname $ orclODIPInstanceStatus ) MAY ( orclSSLEnable $ seeAlso $ description ) )
-
add: objectclasses
objectclasses: ( 2.16.840.1.113894.8.2.4 NAME 'orclODISInstance' SUP ( top $ orclODISConfig ) STRUCTURAL MUST ( cn $ orclconfigsetnumber $ orclODIPProfileExecGroupID $ orclhostname $ orclODIPInstanceStatus ) MAY ( orclSSLEnable $ seeAlso $ description ) )
OHA YOOOO