|Oracle® Fusion Middleware Administrator's Guide for Oracle Unified Directory
11g Release 2 (11.1.2)
Part Number E22648-02
|PDF · Mobi · ePub|
Integrating Oracle Unified Directory with Oracle's Enterprise User Security (EUS) enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.
Users connect to Oracle Database by providing credentials that are stored in Oracle Unified Directory. The EUS module queries the user entry and performs the authentication based on the credentials in directory server. This functionality simplifies Oracle Database authentication, since a single set of credentials can be shared by several databases.
In this release, support for EUS is limited to password authentication (certificate authentication and integration with Kerberos are not supported at this stage).
This chapter describes how to configure an Oracle Unified Directory instance to integrate with EUS, and includes the following topics:
For information about configuring Enterprise User Security, see the Oracle Database Enterprise User Administrator's Guide.
You can enable an OUD directory server instance for integration with EUS while you are setting up the server instance, whether you use the GUI setup or the CLI setup. For more information, see Setting up Directory Server in the Install Guide.
On an existing directory server instance, you can enable a new suffix for EUS by using ODSM. There is no command-line equivalent for this functionality.
To enable a suffix for EUS by using ODSM, perform the following steps:
Ensure that the server instance has an LDAP connection handler that is enabled for SSL.
If SSL is not enabled, add an LDAPS connection handler, as described in Section 13.2, "Managing the Server Configuration With Oracle Directory Services Manager".
Connect to the directory server from ODSM, as described in Section 17.2, "Connecting to the Server From Oracle Directory Services Manager".
Select the Home tab.
Under the Configuration menu, select Create Base DN.
On the Configuration Wizard, enter the details of the new suffix.
Select the EUS Enabled check box.
Click Create to add the new, EUS-enabled suffix.
You cannot enable EUS on an existing suffix that has already been populated with user data.
After OUD has been enabled for EUS, you must update the realm information in the OUD configuration by performing the following steps:
Locate the LDIF template file at
modifyRealm.ldif file as follows:
dc=example,dc=com with the correct naming context for your server instance.
ou=groups with the correct location of the user and group entries in your DIT.
Use the ldapmodify command to update the configuration with the edited LDIF template file, for example:
$ ldapmodify -h localhost -p 4444 -D "cn=directory manager" -j pwd-file -v -f modifyRealm.ldif