Tuesday, February 15, 2011

11g OID Concepts and Architecture - Part 3

How Oracle Internet Directory Processes a Search Request ?
  • The user or client enters a search request, it may be SSL or non-ssl connection, and it may be particular user connection or anonymous connection. The request can have search filters
  • The C API, using the LDAP protocol, sends a request to a directory server instance to connect to the directory.
  • The directory server authenticates the user, a process called binding. The directory server also checks the Access Control Lists (ACLs) to verify that the user is authorized to perform the requested search.
  • The directory server converts the search request from LDAP to Oracle Call Interface (OCI)/Oracle Net Services and sends it to the Oracle Database.
  • The Oracle Database retrieves the information and passes it back through the chain—to the directory server, then to the C API, and, finally, to the client.
Directory Entries

Each object in OID is called entry. An Entry can be a user, computer or network resources,etc....

Distinguished Names (DNs)
  • Each entry in OID is uniquely identified by a distinguished name (DN). The distinguished name tells you exactly where the entry resides in the directory hierarchy.
  • This hierarchy is represented by a directory information tree (DIT).
  • Exmaple DN: cn=Chuck voleti,ou=Server Development,c=ux,o=abcd
  • Lowest component is called the relative distinguished name (RDN)
  • RDN for above entry is cn=chuck voleti
  • To locate a particular entry within the overall DIT, a client uniquely identifies that entry by using the full DN—not simply the RDN—of that
Entry Caching
  • OID uses 'entry caching'to make operations on entries quick and efficient.
  • When this feature is enabled, OID assigns a unique identifier to each entry, then stores a specified number of those identifiers in cache memory.
  • During ldap operation on an entry, the directory server looks in the cache for the entry identifier, then retrieves the corresponding entry from the directory.
  • This method enhances Oracle Internet Directory performance, and is especially useful in smaller and medium-sized enterprises.
  • Entry caching can be used only in the case of a single server, single instance Oracle Internet Directory node.
  • The entry cache is a write-through cache. An LDAP operation first writes to the database and then invalidates the corresponding cache entry. A subsequent search of that entry causes the cache to be refreshed.
Attributes
  • Each entry in OID has multiple attributes which provides information about the entry.
  • Attribute are of two kinds i.e. Application Attributes and System Configuration Attributes.
  • Application attributes contains customaizable information like name,address,etc....
  • System Configuration attributes are managed by Directory server for its operation purpose.
  • Attributes can be single valued or multivalued.
Object Classes
  • An object class is a group of attributes that define the structure of an entry.
  • Each entry in directory has one or more object classes to it.
  • Some of the attributes in these object classes are mandatory and must have values, others are optional and can be empty.
  • There are three types of object classes:Structural,Auxiliary and Abstract
  • Structural object classes describe the basic aspects of an object. Every entry should belong to at least one structural object class. Examples of structural object classes are person and groupOfNames.
  • Auxiliary object classes are groupings of optional attributes that expand the existing list of attributes in an entry.
  • An abstract object class is a virtual object class. It is used only for convenience when specifying the highest levels of the object class hierarchy. It cannot be the only object class for an entry. For example, the object class top is an abstract object class. It is required as a superclass for all structural object classes, but it cannot be used alone.

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)