Contents

List of Figures

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 Product Overview

• 1.1 Introduction to Oracle Internet Directory
• 1.2 Features of Oracle Authentication Services for Operating Systems
• 1.3 Components of Oracle Authentication Services for Operating Systems
• 1.4 How User Authentication Works With Oracle Internet Directory
• 1.5 Installation and Configuration Overview
• 1.6 Management Overview
• 1.7 Additional Documentation

2 Before You Install

• 2.1 Verify Your Client and Server Operating Systems
• 2.2 Install Oracle Internet Directory and Oracle Directory Integration Platform
• 2.3 Upgrade Oracle Internet Directory to 10g (10.1.4.2.0)
• 2.4 Apply the Oracle Internet Directory StartTLS and MD5 Crypt Library Patch
• 2.5 Determine Which Product Features You Will Use
• 2.6 Download NIS Migration Scripts
• 2.7 Download and Apply DIPASSISTANT Patch
• 2.8 Download SUDO Package
• 2.9 Create and Index New Custom Attributes (Optional)

3 Installing and Configuring Oracle Authentication Services for Operating Systems

• 3.1 Introduction
  • 3.1.1 SSL Support
    • 3.1.1.1 Self Signed Certificates
    • 3.1.1.2 Certificate Authority Signed Certificates
  • 3.1.2 Password Policy Enforcement
  • 3.1.3 Active Directory Integration
  • 3.1.4 Directory Plug-ins
  • 3.1.5 Tools Used During Configuration
• 3.2 Configuring Oracle Authentication Services for Operating Systems on the Server
• 3.3 Configuring Oracle Authentication Services for Operating Systems on the Client
• 3.4 Replacing Self-Signed Certificates with CA-Signed Certificates
• 3.5 Configuring Oracle Internet Directory for Centralized Password Policies
  • 3.5.1 Disabling Value Policies Local to the Operating System
  • 3.5.2 Disabling State Policies Local to the Operating System
• 3.6 Switching Between SSL Authentication and Non-SSL Configurations
• 3.7 Rerunning the Configuration Scripts
• 3.8 Restoring the Client and Server to Their Pre-Configuration State
  • 3.8.1 Restoring the Client
  • 3.8.2 Restoring the Server

4 Migrating Entries to Oracle Internet Directory

• 4.1 Migrating Entries
  • 4.1.1 Migrating from NIS to Oracle Internet Directory
  • 4.1.2 Migrating from Operating System Files to Oracle Internet Directory
  • 4.1.3 Migrating from Another LDAP Directory to Oracle Internet Directory
    • 4.1.3.1 Schema Migration
    • 4.1.3.2 Data Migration
• 4.2 Setting Access Control on User Entry Attributes
• 4.3 Using Custom Attributes in Oracle Internet Directory
• 4.4 Migrating SUDO
  • 4.4.1 Migrating SUDO Entries to Oracle Internet Directory on the Server
  • 4.4.2 Configuring a Client to Use LDAP for SUDO Information
  • 4.4.3 Reconfiguring a Client to Use /etc/sudoers

5 Configuring Active Directory Integration

• 5.1 Setting up a Plug-in to Augment Active Directory Entries for Linux Authentication
• 5.2 Configuring Oracle Directory Integration Platform
• 5.3 Configuring SSL Between Oracle Directory Integration Platform and Active Directory
• 5.4 Configuring SSL Between Oracle Directory Integration Platform and Oracle Internet Directory
• 5.5 Setting Up the External Authentication Plug-in

6 Managing Oracle Authentication Services for Operating Systems

• 6.1 Creating Home Directories
• 6.2 Managing Users and Groups With libuser Tools
• 6.3 Managing Oracle Internet Directory With Oracle Directory Manager and Command-Line Utilities
  • 6.3.1 Testing Whether a User Has Been Added
  • 6.3.2 Changing a User's Password by Using ldapmodify
  • 6.3.3 Adding a User by Using ldapadd
  • 6.3.4 Adding a Group by Using ldapadd
• 6.4 Managing Password Policies

A Troubleshooting

• A.1 Data Migration Errors
  • A.1.1 Sudo Conversion Script Errors
• A.2 Management Tool Problems
  • A.2.1 Error in system-config-users
  • A.2.2 The libuser Tools Fail with Python Errors
  • A.2.3 Linux Management Tools Cause Inconsistencies
  • A.2.4 ldapsearch Error
• A.3 Testing and Log File Messages
  • A.3.1 Enabling Log Messages for All Operations
  • A.3.2 Testing StartTLS
  • A.3.3 Password Syntax Errors
• A.4 User Login Errors
  • A.4.1 Users Cannot Log In
  • A.4.2 User's Home Directory Does Not Exist
  • A.4.3 User's Shell Does Not Exist
  • A.4.4 Password Policy Not Consistently Enforced

B Properties File for LDAP Migration

C Sample Mapfiles

• C.1 Template Mapfile
• C.2 Sample Mapfile 1
• C.3 Sample Mapfile 2
• C.4 Sample Mapfile 3
• C.5 Sun Java System Directory Server Mapfile 1
• C.6 Sun Java System Directory Server Mapfile 2
• C.7 eDirectory Mapfile

D Synchronization Profile for Active Directory Integration

Index