JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Analytics System Integrator's Guide 11g Release 1
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Integrating With Oracle Identity Manager, Preferred Method

2.  Integrating With Oracle Identity Manager, Deprecated Method

3.  Integrating With Oracle Waveset (Sun Identity Manager)

4.  Integrating With Other Provisioning Servers

5.  Authenticating With LDAP

Configuring ldap.properties

To Configure the LDAP URL and BASE_DN

To Configure the Domain Name

To Configure User Context Search

To Configure the User Account Search Key

To Configure a First Name Search Key

To Configure a Last Name Search Key

Example of ldap.properties

6.  Integrating With Intellitactics Security Manager

7.  Configuring Oracle Identity Analytics For Web Access Control

8.  Customizing The Oracle Identity Analytics User Interface

A.  Oracle Waveset Sample Workflows

Configuring ldap.properties

The ldap.properties file is located in the $RBACX_HOME/conf folder.

To Configure the LDAP URL and BASE_DN

The LDAP URL specifies how to connect to and search the LDAP server. The URL takes the following form:

ldap://hostname:portnumber/ or

ldaps://hostname:portnumber/ - (For SSL)

where:

The LDAP URL is identified by the ldapAuthentication.url field in the ldap.properties file. Multiple URLs can be specified by using a semicolon (;) as a delimiter.

For example: ldap://vaau1123:389/;ldap://vaau1398:389/

The Base_DN is identified by the ldapAuthentication.rootContext field in the ldap.properties file. If Multiple URLs are used, for each URL a corresponding Base_DN must be defined using a semicolon (;) as a delimiter.

For example: DC=vaau,DC=corp,DC=net{}; {}DC=vaau,DC=corp,DC=net

To Configure the Domain Name

If Active Directory (AD) is being utilized as an LDAP server, the full Windows name of an AD object is in the form NetBIOSDomain\sAMAccountName.

For example: Vaau\rbacxadmin

The domain name can be configured such that users do not need to type the domainName\username sAMAccountName prefix. To do this, uncomment the ldapAuthentication.userContextPrefix field in ldap.properties and set it to the correct domain name.

For example:

If users log in using Vaau as the domain, and Vaau\rbacxadmin as the user's log in, then uncomment the ldapAuthentication.userContext field and edit it as follows: ldapAuthentication.userContext=Vaau//

If Multiple URLs are used, a userContext must be specified for each of the URL separated by a semicolon ( ; ).ldapAuthentication.userContext=Vaau//;Vaau//

Note 1 - For AD

  1. Oracle Identity Analytics users need to be created using the format domain/username in the Oracle Identity Analytics database. In order to create the user as just username in the RM database the following parameter needs to be set to false. Uncomment the ldapAuthentication.keepContextPrefix field in ldap.properties and set it to false.

  2. A double slash at the end of the domain name is mandatory. The above settings are specific to AD. For all other LDAP only the following have to be configured correctly.

Note 2 - For Non-AD

  1. Uncomment the ldapAuthentication.keepContextPrefix field in ldap.properties and set it to false.

  2. Uncomment the ldapAuthentication.isAD field in ldap.properties and set it to false.

  3. If LDAP does not allow anonymous login, the following parameters should be uncommented and set with the values received from the LDAP administrator for the service account.

    ldapAuthentication.securityPrincipal=CN=User,DC=vaau,DC=corp,DC=net

    ldapAuthentication.securityCredential=password

If Multiple URLs are used, above parameters must be specified for each of the URL separated by a semicolon ( ; ).

To Configure User Context Search

The ldapAuthentication.userContext field can be used as a filter to look for authorized users.

In the event of AD acting as the directory server, ldapAuthentication.userContext is specified as {0}. If multiple AD URLs are utilized, then a filter has to be specified for each URL separated by a semicolon ( ; ).

For example:

ldapAuthentication.url=ldap://vaau1123:389/DC=vaau,DC=corp,DC=net; ldap://vaau1398:389/DC=vaau,DC=corp,DC=net

Next, set ldapAuthentication.userContext={0};{0}.

To Configure the User Account Search Key

The ldapAuthentication.userAccountSearchKey field specifies the user account search key. This field is used to retrieve the user name and is set to the default value sAMAccountName.

If sAMAccountName is not utilized (AD), then set ldapAuthentication.userAccountSearchKey to the starting value of user object usually "cn" (Sometimes this value could be "uid").

To Configure a First Name Search Key

ldapAuthentication.firstNameSearchKey specifies the first name search key and is set to givenName by default.

To Configure a Last Name Search Key

ldapAuthentication.lastNameSearchKey specifies the last name search key and is set to sn by default.

Note:

If Multiple URLs are used, above parameters must be specified for each of the URL separated by a semicolon ( ; ).

Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next