Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Integration with the Microsoft Windows Environment, 11 of 13
The SQL script oidspnti.sql
installs the plug-ins that enable Oracle Internet Directory for external authentication against the Microsoft Windows primary domain controller and auto provisioning.
To install the script:
cd $ORACLE_HOME/ldap/admin sh oidpnti.sh
orcladmin
), the directory super user.
cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext
. If you enter this value for the plug-in request group DN, then only the requests coming from Oracle Application Server Single Sign-On administrators can trigger the external authentication plug-in. You can enter multiple DN values. Use a semicolon (;) to separate them. This value is not required, but, for security purposes, should be specified.
orclNTUser
.
At the completion of these steps, the plug-in is installed and enabled.
To enable external authentication, enter these two commands:
ldapmodify -h host -p port -D cn=orcladmin -w password <<EOF dn: cn=ntwhencompare,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 1 EOF ldapmodify -h host -p port -D cn=orcladmin -w password <<EOF dn: cn=ntwhenbind,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 1 EOF
To disable the external authentication plug-ins, set the value of the attribute orclpluginenable
to 0 in each of the preceding command.
To enable auto provisioning, enter the following command:
ldapmodify -h host -p port -D cn=orcladmin -w password <<EOF dn: cn=ntpostsearch,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 1 EOF
To disable auto provisioning, set the value of the attribute orclpluginenable
to 0 in the preceding command.
To remove external authentication and auto-registration, delete the two plug-in entries from Oracle Internet Directory:
ldapdelete -h host -p port D cn=orcladmin -w password "cn=ntwhencompare,cn=plugin,cn=subconfigsubentry" ldapdelete -h host -p port -D cn=orcladmin -w password "cn=ntwhenbind,cn=plugin,cn=subconfigsubentry" ldapdelete -h host -p port -D cn=orcladmin -w password "cn=ntpostsearch,cn=plugin,cn=subconfigsubentry"
If you are experiencing unknown errors, then you can enable the plug-in debugging. To do this:
sqlplus ods/odspassword @$ORACLE_HOME/ldap/admin/oidspdon.pls
To check the plug-in debugging log:
sqlplus ods/ods select * from plg_debug_log order by id;
To delete the plug-in debugging log:
sqlplus ods/ods truncate table plg_debug_log
To disable the plug-in debugging:
sqlplus ods/ods @$ORACLE_HOME/ldap/admin/oidspdof.pls
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|