Creating Users in LDAP-based Authentication Databases
When user entries are added to an LDAP-based directory service, the services of an underlying LDAP-based directory server are used to authenticate and authorize users. This section lists guidelines to consider when using an LDAP-based authentication database, and describes how to add users through the Proxy Server Administration Server.
Guidelines for Creating LDAP-based User Entries
Consider the following guidelines when using the Proxy Server administration console to create new user entries in an LDAP-based directory service:
-
If you enter a given name (or first name) and a surname, the user’s full name and user ID are automatically completed. The user ID is generated as the first initial of the user’s first name followed by the user’s last name. For example, if the user’s name is Billie Holiday, the user ID is automatically set to bholiday. You can replace this user ID with an ID of your own choosing if you wish.
-
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use. Be aware, however, that if you use the directory server ldapmodify command line utility (if available) to create a user, unique user IDs are not ensured. If duplicate user IDs exist in your directory, the affected users will not be able to authenticate to the directory.
-
The base DN specifies the distinguished name where directory lookups occur by default, and where all Proxy Server Administration Server entries are placed in your directory tree. A DN is the string representation for the name of an entry in a directory server.
-
At a minimum, you must specify the following user information when creating a new user entry:
-
Surname or last name
-
Full name
-
User ID
If any organizational units are defined for your directory, you can specify where you want the new user to be placed using the Add New User To list on the Create User page in the Administration Server. The default location is your directory’s base DN, or root point.
-
Creating LDAP-based User Entries
To create a user entry, read the guidelines outlined in Guidelines for Creating LDAP-based User Entries, then perform the following procedure.
To create users in LDAP-based authentication databases
Steps
-
Access the Administration Server and click the Users and Groups tab.
-
Click the Create User link.
-
Select the LDAP directory service from the drop-down list and click Select.
-
Enter the information on the page that displays. For more information about specific fields, see the online Help. Also see Directory Server User Entries.
-
Click Create to create the user entry, or Create and Edit to create the user entry and proceed to the edit page for the entry just created.
Directory Server User Entries
Notes about directory server user entries:
-
User entries use the inetOrgPerson, organizationalPerson, and person object classes.
-
By default, the distinguished name for users is of the form:
cn=full name,ou=organization,...,o=base organization,c=country
For example, if a user entry for Billie Holiday is created within the organizational unit Marketing, and the directory’s base DN is o=Ace Industry, c=US, then the DN is:
cn=Billie Holiday,ou=Marketing,o=Ace Industry,c=US
However, note that this format can be changed to a user ID (uid)-based distinguished name.
-
The values on the user form fields are stored as LDAP attributes.
The following table lists the fields and corresponding LDAP attributes that display when creating a new user in the Proxy Server interface.
|
User Field |
LDAP Attribute |
|---|---|
|
Given Name | |
|
Surname | |
|
Full Name | |
|
User ID | |
|
Password | |
|
E-mail Address |
The following table lists the fields and corresponding LDAP attributes that also display when editing the user entry.
Table 4–2 LDAP Attributes - Editing User Entries|
User Field |
LDAP Attribute |
|---|---|
|
Title | |
|
Phone Number |
- © 2010, Oracle Corporation and/or its affiliates