Oracle9i Net Services Administrator's Guide Release 1 (9.0.1) Part Number A90154-01 |
|
This chapter explains how to configure access to an LDAP-compliant directory server.
This chapter contains these topics:
"Directory Server Support" for an overview of directory server support of Oracle Net Services
See Also:
Many Oracle products have features that use an LDAP-compliant directory server to centrally store entries. Examples of features that use a directory are Oracle Net directory naming and Oracle Advanced Security enterprise user. If you want to use these features, you must establish a directory server for them, as well as enable your computers to use the directory server.
Directory server usage can be configured during or after installation, as described in the following sections:
Oracle Universal Installer launches Oracle Net Configuration Assistant during software installation. Oracle Net Configuration Assistant enables you to configure usage of a directory server. Directory server usage configuration varies depending upon the installation mode you selected during installation, as described in these topics:
After a Custom installation on the server, Oracle Net Configuration Assistant prompts you to configure usage to a directory server. Directory server usage configuration enables:
Directory usage configuration is not performed during a Enterprise Edition or Standard Edition installation on the server. For these installation types, Oracle Net Configuration Assistant can be run in standalone mode. See "Configuring Directory Usage After Installation" for details.
Note:
During directory server usage configuration, Oracle Net Configuration Assistant prompts you to:
The Oracle Context (cn=OracleContext
) is the root of a directory subtree under which all Oracle software relevant information is kept.
The configuration information is stored in an ldap.ora
file that the server reads to locate the directory server and access Oracle entries.
If an Oracle Context does not exist in the directory under the selected administrative context, then Oracle Net Configuration Assistant prompts you to create it. During Oracle Context creation, you are prompted for directory administrator authentication credentials. If the Oracle Context is created successfully, then the authenticated user is added to the following groups:
cn=OracleDBCreators,cn=OracleContext
)
As a member of OracleDBCreators, a user can use Oracle Database Configuration Assistant to register a database service entry.
cn=OracleNetAdmins,cn=OracleContext
)
As a member of OracleNetAdmins, a user can use Oracle Net Manager to create, modify, and delete net service names, as well as modify Oracle Net attributes of database services.
A directory administrator can add other users to these groups.
Note: Additional groups are created during Oracle Context creation, as described in the Oracle Directory Service Integration and Deployment Guide. |
In addition, Oracle Net Configuration Assistant verifies that the Oracle schema was created. The Oracle schema defines the Oracle entries and their attributes. If the schema does not exist or is an older version, you are prompted to create or upgrade it. During Oracle schema creation, you are prompted for authentication credentials.
After Oracle Net Configuration Assistant completes configuration, Oracle Database Configuration Assistant creates the database. The service name for the database is automatically created under the Oracle Context.
See Also:
|
During client installation, Oracle Net Configuration Assistant prompts you to configure the use of a directory server. Directory server usage configuration enables the client to look up connect identifier entries in the directory. If directory server access is not configured, the client cannot use directory naming.
Oracle Net Configuration Assistant typically performs the necessary directory server usage configuration during client installation and stores the following in a read-only ldap.ora
file.
During directory server access configuration, Oracle Net Configuration Assistant prompts you to:
This setting information is stored in a ldap.ora
file that the client reads to locate the directory server and to access Oracle entries.
In addition, Oracle Net Configuration Assistant verifies that the Oracle schema was installed. If an Oracle Context or the Oracle schema was not configured by the server, you cannot complete directory server usage configuration on the client.
Directory usage can be configured with Oracle Net Configuration Assistant at any time.
To configure directory server usage:
The Welcome page appears.
The Directory Usage Configuration page appears.
The Directory Usage Configuration page options are described in Table 8-1.
Table 8-1 Directory Usage Configuration Page in Oracle Net Configuration Assistant
Option | Description |
---|---|
Select the directory server you want to use |
Select this option to enable this computer to use a directory server that is already configured to use directory-enabled features. This option is ideal for clients that use a directory server that has already been configured for these features. Once configuration is complete, this option enables this computer to look up entries in the directory. This option prompts you to:
Note: If no Oracle Context or Oracle schema exists, then you cannot complete usage configuration using this option. You must first use the "Select the directory server you want to use, and configure the directory server for Oracle usage" option to create the Oracle Context and Oracle schema. |
Select the directory server you want to use, and configure the directory server for Oracle usage. |
Select this option to configure a directory server for directory-enabled features and enable this computer to use that directory. This option is designed for administrators when first configuring these features. Once configuration is complete, this computer can then look up entries in the directory server. This option prompts you to:
If an Oracle Context does not exist under the selected location, then Oracle Net Configuration Assistant prompts you to create one. Likewise, if the Oracle schema does not exist or is an older version, you are prompted to create or upgrade it. During Oracle Context or Oracle schema creation or upgrade, you are prompted for directory administrator authentication credentials. To create an Oracle Context, the following must exist in the directory server: If the Oracle Context is created successfully, then the authenticated user is added to the following groups:
See Also:
|
Create additional or upgrade existing Oracle Context |
Select this option to create an additional Oracle Context in the directory, or upgrade the Oracle Context to the current release. To create an Oracle Context, the following must exist in the directory server: During Oracle Context creation or upgrade, you are prompted for directory administrator authentication credentials. If the Oracle Context is created successfully, then the authenticated user is added to the following groups: |
Create or upgrade the Oracle Schema |
Select this option to create the Oracle schema in the directory, or upgrade the Oracle schema to the current release. During Oracle schema creation or upgrade, you are prompted for authentication credentials. |
The directory user who creates the Oracle Context is a member of the OracleNetAdmins (cn=OracleNetAdmins,cn=OracleContext
) group. Using directory tools, such as ldapmodify
, a directory administrator or the directory user who created the Oracle Context can add users to this group.
To add a user to the OracleNetAdmins group with ldapmodify
:
cn=OracleNetAdmins
and the user that you want to add.
dn: cn=OracleNetAdmins,cn=OracleContext,... changetype: modify add: uniquemember uniquemember: <DN of user being added to group>
ldapmodify
syntax to add a user:
ldapmodify -h directory_host -p port -D binddn -w password -f ldif_file
Table 8-2 ldapmodify Arguments
To remove a user from the OracleNetAdmins group with ldapmodify
:
cn=OracleNetAdmins
and the user that you want to add.
dn: cn=OracleNetAdmins,cn=OracleContext,... changetype: modify delete: uniquemember uniquemember: <DN of user being delete from group>
ldapmodify
syntax to delete the user:
ldapmodify -h directory_host
-p port -D binddn -w password -f ldif_file
|
![]() Copyright © 1996-2001, Oracle Corporation. All Rights Reserved. |
|