Skip Headers

Oracle Internet Directory Administrator's Guide
Release 9.2

Part Number A96574-01
Go To Documentation Library
Home
Go To Product List
Book List
Go To Table Of Contents
Contents
Go To Index
Index

Master Index

Feedback

Go to previous page Go to next page

26
Oracle Internet Directory Plug-in Framework

This chapter describes how you can extend the capabilities of the Oracle directory server by using plug-ins developed by either Oracle Corporation or third-party vendors.

This chapter contains these topics:

About Directory Server Plug-ins

Oracle Internet Directory supports a directory server plug-in a PL/SQL package. It can add the following kinds of functionality to the directory server, to mention just a few:

On startup, the directory server loads your plug-in configuration and library. Then, when it processes requests, it calls your plug-in functions whenever the specified event takes place.

Figure 26-1 Oracle Internet Directory Server Plug-in Framework

Text description of oiddg010.gif follows
Text description of the illustration oiddg010.gif


Operation-Based Plug-ins

This section describes the operation-based plug-ins that the Oracle Internet Directory plug-in framework supports. These plug-ins execute before, after, or in addition to normal directory server operations.

Table 26-1  Types of Operation-Based Plug-ins
Type of Plug-in Description

Pre-operation

Plug-ins that the directory server calls before performing an LDAP operation. Typically, these plug-ins validate data before using it in an LDAP operation. If validation fails, then depending on the error or warning returned from the plug-in, the LDAP operation can decide to proceed or not. However, if the associated LDAP request fails later on, then Oracle Internet Directory does not roll back whatever the plug-in has already committed.

Post-operation

Plug-ins that the directory server calls after performing an LDAP operation. Typically, these plug-ins invoke a function, such as logging or notification, when the directory server performs a particular operation. If the plug-in fails, then the directory server does not roll back the associated LDAP operation. The plug-in executes regardless of whether the associated LDAP request fails.

When-operation

Plug-ins that the directory server calls in addition to standard processing. Typically, these plug-ins augment existing functionality, performing extra operations in the same transactions as the corresponding LDAP operations. If either the LDAP operation or the plug-in fails, then the directory server rolls back the changes.

Registering Plug-ins

To enable the directory server to call a plug-in at the right moment, you must register the plug-in with the directory server. Do this by creating an entry for the plug-in under cn=plugin,cn=subconfigsubentry.

The orclPluginConfig Object Class

A plug-in must have orclPluginConfig as one of its object classes. This is a structural object class, and its super class is top. Table 26-2 lists and describes its attributes.

Table 26-2  Plug-in Attribute Names and Values
Attribute Name Attribute Value Mandatory Optional

Cn

Plug-in entry name

X

orclPluginName

Plug-in package name

X

orclPluginType

One of the following values:

operational
attribute
password_policy
syntax
matchingrule

See Also: The chapter about the Oracle Internet Directory server plug-in framework in Oracle Internet Directory Application Developer's Guide

X

orclPluginKind

PL/SQL

X

orclPluginEnable

0 = disable (default)

1 = enable

X

orclPluginVersion

Supported plug-in version number

X

orclPluginShareLibLocation

File location of the dynamic linking library. If this value is not present, then Oracle Internet Directory server assumes the plug-in language is PL/SQL.

X

orclPluginLDAPOperation

One of the following values:

ldapcompare
ldapmodify
ldapbind
ldapadd
ldapdelete
ldapsearch

X

orclPluginTiming

One of the following values:

pre
when
post

X

orclPluginIsReplace

0 = disable (default)

1 = enable

For WHEN timing plug-in only

X

orclPluginSubscriberDNList

A semicolon separated DN list that controls if the plug-in takes effect. If the target DN of an LDAP operation is included in the list, then the plug-in is invoked.

X

Adding a Plug-in Configuration Entry by Using Command-Line Tools

Plug-ins must be added to Oracle Internet Directory server so that the server is aware of additional operations that must be performed at the correct time.

When the plug-in successfully compiles against the Oracle Internet Directory backend database, create a new entry and place it under cn=plugin,cn=subconfigsubentry.

In the following examples, an entry is created for an operation-based plug-in called my_plugin1. The LDIF file, my_ldif_file.ldif, is as follows:

Example 1: Creating an Operation-Based Plug-in Entry

The following is an example LDIF file to create such an object:

cn=when_comp,cn=plugin,cn=subconfigsubentry
objectclass=orclPluginConfig
objectclass=top
orclPluginName=my_plugin1
orclPluginType=operational
orclPluginTiming=when
orclPluginLDAPOperation=ldapcompare
orclPluginEnable=1
orclPluginVersion=1.0.1
orclPluginIsReplace=1
cn=when_comp
orclPluginKind=PLSQL
orclPluginSubscriberDNList=dc=COM,c=us;dc=us,dc=oracle,dc=com;dc=org,dc=us;
o=IMC,c=US

Example 2: Creating an Operation-Based Plug-in Entry

cn=post_mod_plugin, cn=plugin,cn=subconfigsubentry
objectclass=orclPluginConfig
objectclass=top
orclPluginName=my_plugin1
orclPluginType=operational
orclPluginTiming=post
orclPluginLDAPOperation=ldapmodify
orclPluginEnable=1
orclPluginVersion=1.0.1
cn=post_mod_plugin
orclPluginKind=PLSQL

Add this file to the directory with the following command:

ldapadd -p 389 -h myhost -D binddn -w password -f my_ldif_file.ldif

When you have added this entry to the directory, the directory server validates the plug-in by quickly executing it and checking for compilation or access privilege errors. It then gathers more information about this plug-in--such as timing and the type of LDAP operation related to the plug-in.


Notes:

To avoid creating inconsistent state, the plug-in configuration entry--for example, cn=plugin,cn=subconfigsubentry metadata--is not replicated in the replication environment.



Go to previous page Go to next page
Oracle
Copyright © 1999, 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Home
Go To Product List
Book List
Go To Table Of Contents
Contents
Go To Index
Index

Master Index

Feedback