Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Integration with the Microsoft Windows Environment, 6 of 13
If you are storing passwords in Microsoft Active Directory, then you must use the Active Directory external authentication plug-in to authenticate Microsoft Active Directory users from Oracle Internet Directory.
This section tells how to install, and enable the Active Directory external authentication plug-in.
For the most part, these instructions are the same for setting up the plug-in both single-domain and multiple-domain Microsoft Active Directory environments. There is, however, one difference: In a multiple-domain environment, the external authentication plug-in requires the Microsoft Active Directory Global Catalog Server.
This section contains these topics:
To install the plug-in:
$
ORACLE_HOME
/ldap/admin/oidspadi.sh
.
To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:
Note:
http://sources.redhat.com
http://www.datafocus.com/
To execute oidspadi.sh, enter:
cd $ORACLE_HOME/ldap/admin sh oidspadi.sh
If you are using the Windows operating system, then execute oidspadi.sh after you have installed the UNIX emulation utility by entering:
sh oidspadi.sh
.
orcladmin
). This value is required.
(&(objectclass=inetorgperson)(cn=orcladmin))
, then any entry under the user container specified in Step 7 that has the cn=orcladmin
and objectclass=inetorgperson
attribute values will not be authenticated to Microsoft Active Directory.
cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext
. If you enter this DN as the vale for the Plug-in Request Group DN, then only requests coming from members of the Oracle Application Server Single Sign-On administrators can trigger the external authentication plug-in. You can enter multiple DN values. Use a semicolon (;) to separate them. This value is not required, but, for security purposes, it should be specified.
When specifying the wallet location on the Microsoft Windows operating system, add an additional backslashes (\). For example, if the wallet location is D: storage\wallet
, then enter D:\\storage\\wallet
.
To enable the Active Directory external authentication plug-ins, use these two commands:
ldapmodify -h host -p port -D cn=orcladmin -w password <<EOF dn: cn=adwhencompare,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 1 EOF ldapmodify -h host -p port -D cn=orcladmin -w password <<EOF dn: cn=adwhenbind,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 1 EOF
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|