|Oracle® Database Enterprise User Security Administrator's Guide
11g Release 1 (11.1)
|PDF · Mobi · ePub|
This appendix discusses upgrading Oracle9i Database to Oracle Database 11g Release 1 (11.1) with respect to Enterprise User Security. It includes the following sections:
Oracle9i Database Release 2 can work with Oracle Internet Directory Release 9.2 or Release 9.0.4. Oracle Database 11g Release 1 (11.1) requires Oracle Internet Directory 9.0.4 or later. In case you are using Oracle Internet Directory Release 9.2, you need to upgrade it to Release 9.0.4.
The following list discusses upgrading Oracle Internet Directory Release 9.2 to Oracle Internet Directory Release 9.0.4:
Use Oracle Internet Directory Configuration Assistant to upgrade Oracle Internet Directory. This is required if you want to register Oracle Database 11g Release 1 (11.1) instances in the directory.
Upgrade Oracle Contexts used for Enterprise User Security to Identity Management Realms, if they are not root contexts. Use the Oracle Internet Directory Configuration Assistant command-line utility as follows:
This step is required if you want to register an Oracle Database 11g Release 1 (11.1) instance in a realm.
You cannot use the root Oracle Context for Oracle Database 11g Release 1 (11.1) databases because it is not an Identity Management Realm.
Use Oracle Internet Directory tools, such as
bulkmodify, to add the
objectclass to existing user entries. This
objectclass is required for users to change their database passwords, and for kerberos authentication to the database.
In a realm that contains both Oracle9i Database (Release 9.1 or Release 9.2) and Oracle Database 11g Release 1 (11.1), use a DAS-based tool in Oracle Internet Directory Release 9.0.4 to create and manage users. You can use either Oracle Internet Directory Self-Service Console or Enterprise Security Manager Console. Do not use Enterprise Security Manager or Enterprise Login Assistant from Oracle9i installations.
For each Oracle9i Database instance that you upgrade to Oracle Database 11g Release 1 (11.1), perform the following steps:
Use Oracle Wallet Manager to disable automatic login for the database wallet.
Copy the database distinguished name (DN) from the initialization parameter
rdbms_server_dn to a file in a secure location.
Upgrade the database to Oracle Database 11g Release 1 (11.1).
Depending on where your database
admin directory is stored, move the database wallet either to
/wallet. Note that
$ORACLE_HOME is for the new Oracle Database 11g Release 1 (11.1). You may have to create the
Copy the old
$ORACLE_HOME/network/admin/ldap.ora file to the new
$ORACLE_HOME/ldap/admin/ldap.ora file. Alternatively, you can use Oracle Net Configuration Assistant to create a new
Use the command-line utility,
mkstore, to put the database DN (from the file in the previously created secure directory location) into the wallet by using the following syntax:
mkstore -wrl database_wallet_location -createEntry ORACLE.SECURITY.DN database_DN
You will be prompted for the wallet password.
If you make a mistake in the
mkstore command, then you can use the
-modifyEntry option to correct it.
Use Database Configuration Assistant to generate the database-to-directory password in the database wallet. Choose the Modify Database option.
Use Oracle Wallet Manager to re-enable automatic login for the database wallet.
Use Oracle Net Manager to set the new wallet location in the
sqlnet.ora file to the directory specified in step 4.
The default for the nickname attribute, such as CN, remains unchanged. The upgrade process does not change the default nickname attribute setting. After upgrading from Oracle Internet Directory Release 9.2 to Release 9.0.4, if you are unable to log in to Oracle Database 11g Release 1 (11.1), then you must use the DAS-based Oracle Internet Directory Self-Service Console to reset your password.