Oracle® Collaboration Suite Installation Guide 10g Release 1 (10.1.2) for AIX 5L Based Systems (64-Bit) Part Number B25471-10 |
|
|
View PDF |
When you install certain Oracle Collaboration Suite 10g Applications or infrastructure components, the installer prompts you for a user name to log in to Oracle Internet Directory. For the installation to end successfully, this user must belong to certain groups in Oracle Internet Directory. The groups that are required for installation depend on the components that you are installing.
The cn=orcladmin
user is the superuser, who has rights to perform all operations, including installation. Users need not log in as the superuser to perform installations. To enable other users to perform installations, add users to specific groups.
This chapter contains the following sections:
Section B.3, "Groups Required to Configure or Deinstall Components"
Section B.4, "Groups Required to Install Oracle Collaboration Suite 10g Database"
Section B.6, "Adding Users to Groups in Oracle Internet Directory"
Section B.8, "User Name and Realm for Logging In to Oracle Internet Directory"
When you install Oracle Internet Directory, the following users are automatically created:
cn=orcladmin
The cn=orcladmin
user is the Oracle Internet Directory superuser. This user has all the privileges to perform all tasks in Oracle Internet Directory. The initial password for the cn=orcladmin
user is the same as the password for the ias_admin
user for the Oracle Collaboration Suite instance, which you specified during installation.
The cn=orcladmin
user is the owner of the objects created during the same installation session. For example, when you install Oracle Internet Directory, Oracle Collaboration Suite 10g Database, and Oracle Delegated Administration Services, the cn=orcladmin
user is automatically created and made a member of the Repository Owners group, the DAS Component Owners group, and the IAS Admins group.
Note: You cannot log in to Oracle Internet Directory as thecn=orcladmin user by using Oracle Delegated Administration Services. To log in as the cn=orcladmin user, you must use the Oracle Directory Manager. |
orcladmin
The DN for the orcladmin user is: cn=orcladmin,cn=users,[default realm DN]
. The initial password for the orcladmin
user is the same as the password for the ias_admin
user for the Oracle Collaboration Suite instance, which you specify during installation.
To manage other Oracle Internet Directory users, you can log in to Oracle Internet Directory as the orcladmin
user by using Oracle Delegated Administration Services. You can do this because the orcladmin
user is a valid Oracle Application Server Single Sign-On user.
Groups in Oracle Internet Directory can be classified in to these categories:
Table B-1 describes the groups that concern all Oracle Collaboration Suite instances and components registered with Oracle Internet Directory.
Table B-1 Global Groups
Group | Description |
---|---|
IAS Admins
|
Members of the IAS Admins group have the privileges required to:
|
Trusted Application Admins
|
To install OracleAS Portal, Collaborative Portlets, or Oracle Mail, you must belong to several groups, one of which is the Trusted Application Admins group. Table B-4 lists the groups required for each component. |
User Management Application Admins
|
To install Identity Management, OracleAS Portal, Collaborative Portlets, Oracle Mobile Collaboration, Oracle Content Services, Oracle Calendar, or Oracle Mail, or you must belong to several groups, one of which is User Management Application Admins group. Table B-4 lists the groups required for each component. |
Each Oracle Collaboration Suite 10g Database registered with Oracle Internet Directory has its own groups, which are described in Table B-2. This enables you to assign different owners and users for each repository.
Table B-2 Metadata Repository Groups That Are Registered with Oracle Internet Directory
Group | Description |
---|---|
Repository Owners
|
The user who installs Oracle Collaboration Suite 10g Database becomes a member of this group. Members of the Repository Owners group have the privileges required to:
The group also has all the privileges of the Application-Tier Administrators group. |
Application-Tier Administrators
|
Members of the Mid-Tier Administrators group have the privileges required to:
|
Associated Application Tiers
|
Members of this group are Applications instances associated with this database. Instances of Applications are added to this group during installation. You do not need to manually add the instances to this group. Members of the Associated Middle Tiers group have the privileges required to access metadata for the repository database object and its schemas. |
Oracle Collaboration Suite components also have groups in Oracle Internet Directory. Each component has a Component Owners group and an Associated Middle Tiers group. These groups are described in Table B-3.
Table B-3 Groups Associated with Each Oracle Collaboration Suite Component
Group | Description |
---|---|
Component Owners |
Members of the Component Owners group have the privileges required to:
|
Associated Application Tiers |
Members of Associated Middle Tiers group are Oracle Collaboration Suite 10g Applications instances. |
You must belong to specific groups to configure or deinstall Oracle Collaboration Suite components. These groups are described in Table B-4. You become the owner of the components that you install.
Table B-4 Oracle Internet Directory Groups Required to Configure Components
To Configure This Component | User Must Be a Member of All the Listed Groups: |
---|---|
Infrastructure Components |
|
Oracle Collaboration Suite 10g Database |
To register Oracle Collaboration Suite 10g Database with Oracle Internet Directory, you must log in to Oracle Internet Directory as a user who belongs to the IAS Admins group. |
Oracle Internet Directory |
In OracleAS Cluster (Identity Management) environments, to install subsequent Oracle Internet Directory instances after the first one, you must be the Oracle Internet Directory superuser, |
Oracle Delegated Administration Services |
|
OracleAS Single Sign-On |
You must install Oracle Application Server Single Sign-On as the |
Oracle Directory Integration and Provisioning |
|
Oracle Application Server Certificate Authority, configured against an existing Oracle Collaboration Suite 10g Database |
|
Oracle Application Server Certificate Authority, configured against a new Oracle Collaboration Suite 10g Database |
|
Identity Management Access only |
|
Identity Management Access and OracleAS Cluster (Database-Based or File-Based) |
|
OracleAS Portal |
|
OracleAS Wireless |
|
Application Tier Components |
|
Oracle Calendar Server |
|
Oracle Mail |
|
Oracle Content Services |
User Management Application Admins |
Oracle Real-Time Collaboration |
IAS Admin |
Oracle Search |
IAS Admin |
Oracle Voicemail & Fax |
IAS Admin |
Oracle Wireless and Voice |
|
To Determine the Database Used by OracleAS Single Sign-On
Enter the following command (all on one line):
# $ORACLE_HOME/bin/ldapsearch -h oidhostname -p oidport -D cn=orcladmin -w password -b "orclapplicationcommonname=orasso_ssoserver,cn=sso,cn=products, cn=oraclecontext" -s base "objectclass=*" seealso
The values that you must provide are:
oidhostname - name of the computer running Oracle Internet Directory Example: dbmachine.mydomain.com
oidport - port number on which Oracle Internet Directory is listening
Example: 389
password - password for the cn=orcladmin
user
If the command in Step 1 does not return the name of the database, then enter the following commands:
Enter the following command first to get the orclreplicaid
value:
# $ORACLE_HOME/bin/ldapsearch -h oidhostname -p oidport -D cn=orcladmin -w password -b "" -s base "objectclass=*" orclreplicaid This returns something like: orclreplicaid=broeser-sun_iocsdb
Use the orclreplicaid
value obtained by running the preceding command when you run the following command:
# $ORACLE_HOME/bin/ldapsearch -h oidhostname -p oidport -D cn=orcladmin -w password -b "orclreplicaid=value_from_previous_command,cn=replication configuration" -s base "objectclass=*" seealso
This command returns a seealso
value in the format: cn=
Metadata repository DB Name
,cn=oraclecontext
.
This returns something like:
orclreplicaid=broeser-sun_ocsdb,cn=replication configuration seealso=cn=OCSDB,cn=OracleContext
To install additional databases, a user must be a member of the IAS Admins group. After installation, the user then becomes a member of the Repository Owners group for that database.
You can create users in Oracle Internet Directory by using Self-Service Console, which is part of Oracle Delegated Administration Services.
See Also: Oracle Internet Directory Administrator's Guide for details |
Note: You cannot connect to Oracle Internet Directory as thecn=orcladmin superuser using Oracle Delegated Administration Services. To connect to Oracle Internet Directory as the superuser, use Oracle Directory Manager. |
To add users to groups in Oracle Internet Directory, you can use one of the following tools:
Oracle Directory Manager
This is a Java-based tool for managing Oracle Internet Directory.
Oracle Delegated Administration Services
This is a Web-based tool intended to enable end users to perform tasks such as changing their passwords and editing their personal information. If users have the proper privileges, then they can also use this tool to create groups and users.
Note: You cannot log in to Oracle Internet Directory as thecn=orcladmin superuser by using Oracle Delegated Administration Services. When you log in as the superuser to add users to groups (or to perform other Oracle Internet Directory-related tasks), you must use Oracle Directory Manager. |
When you must log in as the cn=orcladmin
superuser to add users to groups, you must use Oracle Directory Manager, instead of Oracle Delegated Administration Services.
To add users to groups using Oracle Directory Manager:
Use the following commands to start Oracle Directory Manager:
# cd $ORACLE_HOME/bin # ./oidadmin
In the preceding command, ORACLE_HOME refers to the home directory where Oracle Internet Directory is installed.
In the Oracle Directory Manager Connect screen, enter the connect information for Oracle Internet Directory:
Enter cn=orcladmin
in the User field.
Enter the password for cn=orcladmin
in the Password field.
Click the icon at the right of the field to enter the name of the computer running Oracle Internet Directory in the Server field.
Enter the port number on which Oracle Internet Directory is listening, in the Port field.
Click Login.
On the left side, navigate to the group to which you want to add users. Select the group on the left side to display its attributes on the right side.
For instructions on navigation to global groups, refer to Section B.6.1.1.
For instructions on navigation to repository groups, refer to Section B.6.1.2.
For instructions on navigation to, refer to Section B.6.1.3.
Add the DNs of the users to the uniquemember
attribute.
The global groups are listed in Table B-1. The general navigation path is as follows:
Click the top-level entry, Oracle Internet Directory Servers, then click the specific Oracle Internet Directory.
Click Entry Management and then click cn=OracleContext.
Click cn=Groups.
Click the group to which you want to add users.
The database groups are listed in Table B-2. The general navigation path is as follows:
Click the top-level entry, Oracle Internet Directory Servers, then click the specific Oracle Internet Directory.
Click Entry Management and then click cn=OracleContext.
Click cn=Products and then click cn=IAS.
Click cn=IAS Infrastructure Databases.
Click orclReferenceName=dbName, where dbName is the name of the database.
Click the group to which you want to add users.
The component groups are listed in Table B-3.
The general navigation path is as follows:
Click the top-level entry, Oracle Internet Directory Servers and then click the specific Oracle Internet Directory.
Click Entry Management and then click cn=OracleContext.
Click cn=Products.
Click the particular component, for example, cn=DAS
or cn=Apps
, to whose groups you want to add users.
Click orclApplicationCommonName=appName, where appName is specific to the component and Collaboration Suite instance. If you have installed multiple instances of a component, then multiple instances of this entry appear on the screen.
Click the group to which you want to add users.
Using the Deployment Delegation Console, which is installed as part of Oracle Delegated Administration Services, you can add users to, or remove users from the following groups:
Repository Owners
Mid-Tier Administrators
Component Owners
Note: You can add users to these groups only if these groups have existing members other than thecn=orcladmin superuser. If the only member of these groups is the superuser, then you must use Oracle Directory Manager to add users to these groups. Refer to Section B.6.1 for more information. |
To add users to these groups:
Ensure that Oracle Delegated Administration Services and Oracle Internet Directory are running.
Display the Deployment Delegation Console page.
The URL is:
http://hostname:port/oiddas/ui/oidinstallhome
Here, hostname specifies the name of the computer where you installed Oracle Delegated Administration Services and port specifies the port on which Oracle HTTP Server is listening.
Click Login.
Enter a user name and password to log in to Oracle Internet Directory, and click Login.
The login user must have sufficient privileges to enable you to add users to the desired group:
To Add Users to This Group: | Log in as a User Who Belongs to: |
---|---|
Repository Owners | The same Repository Owners group |
Mid-Tier Administrators | The Repository Owners group for the same repository |
Component Owners | The same Component Owners group |
Perform these steps to add users to the desired group:
To Add Users to the Repository Owners Group | To Add Users to the Mid-Tier Administrators Group | To Add Users to the Component Owners Group |
---|---|---|
|
|
|
When you install Oracle Collaboration Suite 10g Infrastructure with Oracle Internet Directory, Oracle Collaboration Suite 10g Database, and Oracle Delegated Administration Services, the Oracle Internet Directory contains the following objects:
The Global groups, which are listed in Table B-1
The cn=orcladmin
superuser
The orcladmin
user belonging to the default realm
An entry for the instance of Oracle Collaboration Suite 10g Database registered with the Oracle Internet Directory
This database is associated with the groups listed in Table B-2. The cn=orcladmin
superuser is a member of the Repository Owners group.
An application entity entry for the Oracle Delegated Administration Services component
This component is associated with the groups listed in Table B-3. The cn=orcladmin
superuser is a member of the Component Owners group.
To enable other users to install additional instances of Oracle Delegated Administration Services, log in as cn=orcladmin
in Oracle Directory Manager and add the users to the Component Owners group. Refer to Section B.6.1.
The installer displays the Specify Login for Oracle Internet Directory screen in each of the following scenarios:
You are installing Oracle Collaboration Suite 10g Infrastructure and using an existing Oracle Internet Directory.
You are installing an Applications tier that requires an Infrastructure.
This screen prompts you to enter the login details and realm required to log in to Oracle Internet Directory.
Username
Enter either the simple user name or the DN of the user in the Username field.
Example of a simple user name: jdoe
Example of a DN: cn=ocsadmin
The user must belong to specific groups for installing and configuring certain components. Refer to Table B-4 for details.
To specify the superuser, enter cn=orcladmin
instead of orcladmin
in the Username field.
Realm
The Realm field appears only if your Oracle Internet Directory contains more than one realm. The user name that you enter is authenticated against the specified realm. If you are not sure about the name of the realm, then contact your Oracle Internet Directory administrator.
Examples of names of realms are:
In a hosted deployment, the realm name might be similar to the name of the hosted company: XYZCorp
.
Within an enterprise, you might have separate realms for internal users and external users. The realm name for the external users could be externalUsers
.