|Oracle9i Directory Service Integration and Deployment Guide
Release 2 (9.2)
Part Number A96579-01
This chapter describes the configuration steps that enable your Oracle home to use an Oracle Internet Directory server. The chapter describes the configuration steps common to all Oracle products; then it directs you to resources that describe directory configuration tasks particular to each Oracle product.
The chapter covers the following topics:
Conceptually, there are five major prerequisites for an Oracle RDBMS to communicate with the directory:
The first two prerequisites are met by default if you are using the latest version of Oracle Internet Directory. If you are not using the latest version, Oracle Net Configuration Assistant updates both the Oracle Schema and the Oracle Context. This tool also creates the ldap.ora file. Database Configuration Assistant satisfies the fourth requirement: it creates an entry for the database in the directory, a process called database registration. Both tools must be run to complete directory usage configuration. The sections that follow explain how to run them.
To learn how to create and upload and download wallets from the directory, see Chapter 17, "Using Oracle Wallet Manager" in Oracle Advanced Security Administrator's Guide. To learn how to create and start an SSL instance when the directory is Oracle Internet Directory, see "Task 2: Start a Server Instance" in Chapter 3 of Oracle Internet Directory Administrator's Guide.
There are three methods for completing directory usage configuration:
Oracle Net Configuration Assistant and Database Configuration Assistant can be used to complete directory usage configuration at any time. If you choose this option, both tools must be run in standalone mode. The first tool enables you to choose a directory server. The second registers your database--that is, it creates an entry for the database in the directory. Without this entry, your Oracle home cannot access the directory.
This section covers the following topics:
To configure directory server usage:
$ORACLE_HOME/bin; then enter the command
The Welcome page appears.
The Directory Usage Configuration page is shown in Figure 5-1.
The options are as follows:
Select this option to enable your Oracle home to use a directory server that is already configured to use directory-enabled features.
Once configuration is complete, this option enables your computer to look up entries in the directory. It prompts you to do the following:
Select this option to configure a directory server for directory-enabled features and to enable your Oracle home to use that directory. This option is designed for administrators who are configuring these features for the first time.
Once configuration is complete, this Oracle home can look up entries in the directory.
The options are the same as those for Option 1. The difference is that, if the Oracle Schema does not exist or is an older version, you are prompted to create it or upgrade it. Having the correct schema version is a prerequisite for creating or designating an Oracle Context. There are three possible options for choosing an Oracle Context:
You must select this option to add an Oracle Context to your directory if it already contains an Oracle Context. In addition, this option can be used to upgrade an old version of the context.
To create an Oracle Context, the following must exist in the directory server:
If the Oracle Context is an older version, you are prompted to upgrade it. This is important because an Oracle9i database will not work with an Oracle8i Oracle Context or an earlier one. You can use the upgraded Oracle Context to register any Oracle8i databases that are created in the future.
In the unusual event that Oracle Internet Directory contains no Oracle Schema, you can use Option 4 to create the Schema without having to resort to the full directory usage configuration explained in Options 1 and 2. In addition, Option 4 can be used to upgrade the Oracle Schema.
After running the Oracle Net Configuration Assistant, run the Database Configuration Assistant to register your database in the directory. To register a database, you must be a member of either the Database Registration group or the OracleContextAdmins group, or you must be the directory superuser. Use Oracle Enterprise Security Manager to add administrators to these two groups. To learn how to use this tool see Chapter 18, "Using Oracle Enterprise Security Manager", in Oracle Advanced Security Administrator's Guide. Note that, if you are using Enterprise User Security, you can use Enterprise Security Manager to register a database.
To register a database in the directory, using Database Configuration Assistant in standalone mode:
If you execute these steps correctly, Database Configuration Assistant does the following:
RDBMS_SERVER_DNinitialization parameter value
After installing database server software, Oracle Universal Installer launches Oracle Net Configuration Assistant, which gives you the option of completing directory usage configuration. Completing configuration consists of the following:
If the required Oracle Schema is already installed, Oracle Net Configuration Assistant prompts you to select an Oracle Context from a drop-down list of directory entries. If it was created during directory setup, one of the entries in the list is a root Oracle Context. The root Oracle Context is at the root entry, or top entry, of a directory.
If only the root context is present, you can either use this context or create a new Oracle Context by running Oracle Net Configuration Assistant in standalone mode. (See "Option 3: Create additional or upgrade existing Oracle Context".)
If no root Oracle Context is present, you can create one by selecting "root entry" from the drop-down list of directory entries. Note that some Oracle features require that a root Oracle Context be present.
If the required Oracle Schema is not installed, Oracle Net Configuration Assistant gives you the option of installing the correct schema or deferring directory configuration until a later time.
If you perform a custom database installation, Database Configuration Assistant runs automatically, after Oracle Net Configuration Assistant. It prompts you to register the database. Choose Yes, Register the Database, and then follow steps 4 through 7 in "Using Database Configuration Assistant to Register a Database".
The administrator who successfully creates or updates an Oracle Context in the course of completing directory configuration is automatically added to five administrative groups:
This group has full privileges for the entire Oracle Context.
This group enables you to use Database Configuration Assistant to register a database service entry in the directory together with its connect descriptor.
This group can use Oracle Net Manager to create, modify, and delete net service names and to modify Oracle Net attributes of database services.
This group has full privileges over directory objects in the container
OracleDBSecurity. These objects consist of enterprise domains, enterprise roles, and mappings between users and shared database schemas.
This group has read and write privileges for wallet password hints and passwords.
A client installation gives you the option of using database services, net service names, or net service aliases stored in the directory to connect to a database. This feature is called directory naming. If you choose to use the directory to connect to a database, Oracle Net Configuration Assistant prompts you to do the following:
If the Oracle Schema is incorrect or was not installed or no Oracle Context is present, you cannot complete directory usage configuration on the client. To complete configuration, run Oracle Net Configuration Assistant in standalone mode after installing the database.
For more about database services, net service names, and net service aliases, see "Oracle Net Services Entries Under the Oracle Context" in Chapter 4, "Deploying Oracle Products with Oracle Internet Directory."
Oracle Net Configuration Assistant performs only the minimal directory configuration tasks necessary for most Oracle products. As such, many directory-enabled Oracle products may require additional configuration. Table 5-1 lists each product described in this book and provides links to documents that describe product-specific configuration tasks.
Oracle Net Services
Oracle9i Net Services Administrator's Guide, Chapter 8, "Setting Up Directory Server Usage"
Oracle Advanced Security
Oracle Advanced Security Administrator's Guide, Chapter 15, "Managing Enterprise User Security"
Oracle9i Application Developer's Guide - Fundamentals, "Application Context Initialized Globally", in Chapter 12, "Policy-Based Security"
Oracle Advanced Queuing
Oracle9i Application Developer's Guide - Advanced Queuing, Chapter 12, "Creating Applications Using JMS"
Oracle Dynamic Services
Oracle Dynamic Services User's and Administrator's Guide, "Using Lightweight Directory Access Protocol (LDAP) as a Master Registry," in Chapter 4, "Advanced Installation Options"