Skip Headers
Oracle Internet Directory Administrator's Guide
10g (

Part Number B15991-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

J UNIX Authentication and User Provisioning with Oracle Internet Directory

You can use Oracle Internet Directory as a centralized directory for user authentication and authorization in a UNIX or Linux environment. The advantages of doing so include:

The Oracle White Paper Centralizing UNIX Authentication and User Provisioning with Oracle Internet Directory describes, in detail, the steps required to implement this solution. That document provides nearly complete information on using Oracle Internet Directory with Pluggable Authentication Modules (PAM). You should, however, read this appendix in addition to the white paper. This appendix includes the following sections:

J.1 Schema Customization

In 10g Release 2 (10.1.2) and later releases, you need not customize the schema as described in the white paper. The necessary attributes and object classes are available in a standard Oracle Internet Directory installation. One potential exception is the customized login attribute. You might need to add a custom login attribute to the schema, as explained in the next section.

J.2 UID Attribute Issues

By default, Oracle products, such as OracleAS Portal, use the Oracle Internet Directory attribute uid for authentication and authorization. Also by default, UNIX-based operating systems and PAM use the attribute uid for authentication and authorization. Unfortunately, Oracle and UNIX have different requirements for acceptable uid strings. For example, the email address, user@address is a common uid format in Oracle Internet Directory installations. UNIX, however, does not allow the @ character in a uid. There are two ways to deal with this discrepancy: