You can add directory servers to Exalogic Control. Users and roles are added to Exalogic Control from the directory server. Users that are added from a directory server begin with complete privileges for each of their roles.
You must configure the remote directory server before adding it to Oracle Exalogic Control as follows:
Create the following user groups on the directory server:
EXALOGIC_ADMIN
CLOUD_ADMIN
CLOUD_USER
Add users to these groups. The users within each group are given the role corresponding to the group.
Adding a Directory Server
To add a directory server in Exalogic Control, complete the following steps:
Access the browser UI of Exalogic Control as described in Accessing the Exalogic Control Browser User Interface, and log in as a user with the Exalogic Systems Admin
role.
In the Navigation pane, select Administration.
Select Directory Servers.
In the Actions pane, click Add Directory Server icon.
The Add Directory Server wizard is displayed, as shown in Figure 6-5.
Enter the following connection settings:
Name - Enter the name of the directory server
Hostname - Enter the host name of the directory server
Port - Enter the port number to be used to access the directory server
Use SSL - Select this option to use SSL to connect to the directory server
Username - Enter the user name used to access the directory server
Password - Enter the password used to access the directory server
Click Next. The Remote Directory Server Schema Settings page is displayed.
Enter the following schema settings:
Root suffix - The root node of the directory tree for the user search
User search DN - The subnode in which to search for users
User search scope - The scope of the user search. Acceptable values are base, one, subtree, baseObject, singleLevel, wholeSubtree, or subordinateSubtree.
User search filter -An LDAP search filter which users must meet for inclusion
Click Next. The Summary page is displayed.
Review the summary, and click Add Directory Server.
Synchronizing Remote Users and Roles
You can synchronize Exalogic Control with one or all directory servers. This updates the list of users and roles to match the directory server's current information.