Oracle® Student Learning Installation and Deployment Guide Release 3.1.3 Part Number E20664-04 |
|
|
PDF · Mobi · ePub |
Oracle Internet Directory (OID) is the default LDAP mechanism used by OSL Learning Tool (OSL LT) components for authentication and authorization.
OID is an LDAP Version 3 certified directory. Users are granted access and privileges within OSL based on the groups they are assigned in OID.
There are two possible deployment scenarios.
This scenario applies when the deployment uses an OID instance with existing users assigned to predefined groups. In this scenario, creating new groups is not required. However, customization is required to map existing groups to OSL application-specific roles. For more information about mapping OID groups, see Section 9.1.4, "Updating Security Role Mappings".
This scenario applies when the deployment uses an OID instance where users must be assigned to new groups. The following groups should be created:
DeptAdminGroup
DeptCurrAdminGroup
SchAdminGroup
SchCurrAdminGroup
TeacherGroup
StudentGroup
ParentGroup
DataLoadingGroup
ContentIntegrationGroup
One institution and three users are pre-seeded into the OSL database during installation. These are described below:
Department
This is a special institution and is the root of the institution hierarchy. It is pre-seeded with a name of "Department Of Education" and organization type of "DEPARTMENT".
You can change the name Department after installation and deployment of OSL.
DataLoading
This is a user with access to the OSL LT DataLoading service.
ContentIntegration
This is a user with access to the OSL Content Management System (CMS) integration service.
For related information about configuring the two pre-seeded users in OID, see Section 5.4, "Assigning Content Integration User".
For related information about updating the name of Department, see Section 5.6, "Updating the Name of Department".
The user named DataLoading is created as part of database initialization during OSL installation. See Step 15 of the installation process in Chapter 2, "Installation Tasks". Access to the OSL LT DataLoading service is granted to an OID user belonging to the DataLoadingGroup
(or the equivalent, mapped OID Group, as described in Scenario 1 of Section 5.1, "Creating Groups in OID"). This user has the DataLoading role in OSL.
Create a user named DataLoading as a member of the DataLoadingGroup of OID. See Section 5.1, "Creating Groups in OID" for detailed information.
Alternatively, create and assign a DataLoading user to the DataLoadingGroup in the WebLogic embedded LDAP server. Detailed instructions for creating users and groups in the embedded LDAP server are available at: http://download.oracle.com/docs/cd/E14571_01/apirefs.1111/e13952/taskhelp/security/ManageUsersAndGroups.html
If an LDAP server is also set up as a Security Provider (See Section 8.5, "Configuring OID as Security Provider" for more information), then the order of the providers must be as follows:
LDAP Authenticator (SUFFICIENT)
Default Authenticator (SUFFICIENT)
The user named ContentIntegration is created as part of database initialization during OSL installation. See Step 15 of the installation process in Chapter 2, "Installation Tasks". Access to the OSL CMS integration service is granted to an OID user belonging to the ContentIntegrationGroup (or the equivalent, mapped OID Group, as described in Scenario 1 of Section 5.1, "Creating Groups in OID".) This user has the ContentIntegration role in OSL.
Create a user named ContentIntegration as a member of the ContentIntegrationGroup of OID. See Section 5.1, "Creating Groups in OID" for detailed information.
Alternatively, create and assign a ContentIntegration user to the ContentIntegrationGroup in the WebLogic embedded LDAP server as explained in Section 5.3, "Assigning Data Loading User".
To create and load users, use the createPersons
method in DataLoadingpartyService
of the OSL LT Data Loading service. At least one user must be the Department Administrator to access the department administration functionality in the OSL LT Admin user interface (UI). This user can assign other application roles and configure the OSL system in OSL LT Admin.
Following these steps to create a Department Administrator:
Use the createPersons
method in DataLoadingpartyService
.
Enter appropriate information for the following parameters:
firstName: for example, Robert
lastName: for example, Brown
Relationship action: Create
RelationshipType: DEPARTMENT_ADMIN_OF
TargetPartyId: ID of Department (Department in OSL database normally has an ID of 2)
The OSL LT Data Loading service assigns a login ID in the firstName.lastName
format, for example, Robert.Brown
.
A default password welcome1
is assigned. Use OID to manually replace this password with a secure password.
For information about deploying the OSL Learning Tool, see Part II, "Deploying the OSL Learning Tool".
For information about using the createPersons
method, see Section 2.1.6, "createPersons," in Oracle Student Learning Programmer's Guide.
The pre-seeded institution in the OSL database has the default organization type DEPARTMENT
and default name Department Of Education
. After OSL installation and deployment, you can change the name.
Log in to OSL LT Admin as the Department Administrator to change the institution name.
For information about creating the user with the role of Department Administrator, see Section 5.5, "Creating a User and Assigning Department Administrator Role".
For information about changing the name of Department using LT Admin, see Chapter 3, How to Manage Institutions, in Oracle Student Learning Learning Tool Admin User's Guide.