Overview (Oracle Unified Directory)

Content Cortex supports Oracle Unified Directory as a Lightweight Directory Access Protocol (LDAP) directory service.

Oracle Unified Directory is functionally equivalent to Oracle Directory Server Enterprise Edition. For this reason, Oracle Unified Directory uses the same Content Cortex directory service provider as Oracle Directory Server Enterprise Edition. Therefore, if you use Oracle Unified Directory as the directory service, configure the DirectoryConfigurationSunOne provider as the directory service provider type.
Important: Additional directory service provider configuration is needed to use Oracle Unified Directory as the directory service.
  • By default, the DirectoryConfigurationSunOne provider uses the nsUniqueId LDAP attribute as the value for its UserUniqueIDAttribute and GroupUniqueIDAttribute properties. This default value is appropriate for Oracle Directory Server Enterprise Edition; however, this default value is not recommended for use with Oracle Unified Directory. Instead, change the default value for the unique ID during the configuration of DirectoryConfigurationSunOne as the directory service provider. To set the unique ID to the entryUUID LDAP attribute, set the DirectoryConfigurationSunOne properties UserUniqueIDAttribute and GroupUniqueIDAttribute to a value of entryUUID.
  • Server-side sorting is not supported for Oracle Unified Directory. Therefore, you must configure the application server with the following Java™ Virtual Machine (JVM) argument:
    -Dcom.filenet.security.ldap.serversidesortcontrol.usage=false
    The How to add system properties and FileNet.properties properties External link opens a new window or tab technical support document provides more information about setting properties, including a JVM argument, on the application server.

One instance of Oracle Unified Directory can have multiple data naming contexts. Because each Oracle Unified Directory data naming context is mapped to a Content Platform Engine realm, one Oracle Unified Directory can be mapped to multiple Content Platform Engine realms.

For each realm, create an application server authentication provider and a DirectoryConfigurationSunOne object. This action ensures that there is a one-to-one relationship between the realm object and the authentication provider and a one-to-one relationship between the realm object and the DirectoryConfigurationSunOne object.

For each DirectoryConfiguration object, Content Cortex extracts the realm name from the specified UserBaseDN property value by comparing it with each data naming context. For example, if the UserBaseDN for this DirectoryConfiguration object is ou=people, o=isp , and there are two data naming contexts: o=isp and dc=filenet,dc=com, then you know the realm name for this DirectoryConfiguration object is o=isp.