Oracle Internet Directory Administrator's Guide Release 3.0.1 Part Number A90151-01 |
|
The Delegated Administration Service enables directory users to modify their own personal data--such as addresses, phone numbers, and photos--without the intervention of an administrator. It also enables users to search other parts of the directory to which they have access. This frees directory administrators for other tasks in the enterprise.
This chapter contains these topics:
The Delegated Administration Service relies on a Web server, that is, a program that delivers Web pages. More specifically, it uses an Apache Web server, one of the most widely used Web servers.
The Apache Web server is enabled for small Java programs, called servlets. Together, the Apache Web server and the servlets do the following:
Figure 10-1 shows the relationship between components of the Delegated Administration Service.
In the first tier, the user sends to the Apache server an HTTP request containing a query to Oracle Internet Directory.
In the second tier, the Apache server receives the request and launches the appropriate Delegated Administration Service servlet. The Delegated Administration Service servlet interprets the request, and sends it Oracle Internet Directory on the third tier.
After the Delegated Administration Service servlet receives the LDAP result from Oracle Internet Directory, it compiles that result into an HTML page, and sends it back to the client Web browser.
Start the Apache server by entering:
$ORACLE_HOME/Apache/Apache/bin/apachectl start
Stop the Apache server by entering:
$ORACLE_HOME/Apache/Apache/bin/apachectl stop
To install and configure the Delegated Administration Service, perform these tasks:
The Delegated Administration Service is installed along with Oracle Internet Directory release 3.0.1. If you want to enable Single Sign-On, then you must install and configure the login server.
See Also:
|
To configure the Delegated Administration Service, use a text editor to modify parameters in the oidprefs.properties
file located in the ORACLE_HOME/ldap/ssa
directory. The following sections discuss the parameters in that file.
The log file location for the Delegated Administration Service is located at $
ORACLE_HOME/ldap/ssa/logs/ssa.log
.
The Delegated Administration Service uses a special account to initialize and reset user passwords. If you are using IMAP authentication described in "Parameters for Registering and Resetting Passwords", then you need to configure this special account to initialize and reset user passwords. To do this, run the script setup_admin.sh in the directory $
ORACLE_HOME/ldap/ssa
. This script creates the default special administrator account and sets the privileges for it.
If Single Sign-On is enabled, then the Delegated Administration Service uses the Oracle Internet Directory proxy user feature. To use Single Sign-On, configure the parameters for the proxy user in Table 10-1.
Table 10-1 explains the fields for setting general parameters in the oidprefs.properties
file:
Entry | Description |
---|---|
|
Enter the fully qualified host name where the directory server is running and which you are using with the Delegated Administration Service. There is no default. |
|
Enter the corporation root entry. Modify this field to comply your deployment environment. All user entries must exist below this container. The default is |
|
Enter the attribute that stores the user login identifier. This attribute needs to be indexed. It should uniquely identify the user in the organization under the specified corporation root. The default is |
|
Enter the object class that contains the mailing list-specific attributes. The default is |
|
Enter the object class that contains the user specific attributes. The default is |
|
Enable or disable debug logging for the Delegated Administration Service. The default is |
|
Point this entry to the following URL: |
|
Enter the DN of the administration account for the user password population. This is used to populate user password for Oracle Internet Directory registration. You configure this account by running the script |
|
Enter the password of the administration account specified in the |
|
Within a Single Sign-On environment enabling the Delegated Administration Service, enter the DN for the proxy account used to switch the initial LDAP proxy connection to the login user connection. The default value is |
|
Enter the password of the proxy account. The default value is |
|
Enter the Apache image directory, that is, the local file system directory where the Apache server stores the images retrieved from the directory server to make them accessible to all HTTP connections to the Delegated Administration Service. For the Oracle Portal platform, it is located at |
|
Customize the password policy. You can enforce the minimum password length and the number of letters and numerals. The default is See Also: "Password Policies" for a conceptual discussion of password policies |
To enable users to self-register and reset their passwords, you configure these properties. In release 3.0.1, the Delegated Administration Service verifies user credentials by using IMAP authentication only. You may use this if you have an IMAP server and want to use it to authenticate users.
The link (initial registration/forgot password)
on the oidprefs login page:
If you do not want to use this feature, point the resetpasswordurl
parameter to an HTML page with instructions for users to register or reset their passwords.
Table 10-3 explains the parameters you set in order to integrate the Delegated Administration Service with Single Sign-On.
To do this, follow these steps:
To do this, check the log files for the Apache server. Enter:
ps -ef | grep http
This command generates the related log files under the following directories:
Using any browser, enter:
http://host_name:7777/servlets/oidprefs
where host_name is the name of the computer on which the Apache server is running. This displays the Delegated Administration Service logon screen.
|
Copyright © 1996-2001, Oracle Corporation. All Rights Reserved. |
|