Skip Headers
Oracle® Fusion Middleware Deploying Logon Manager with a Directory-Based Repository
11
g
Release 2 (11.1.2.2)
Part Number E37700-01
Home
Contact Us
Next
PDF
·
Mobi
·
ePub
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Deploying Logon Manager with Microsoft Active Directory
1.1
Logon Manager and Active Directory Environments
1.1.1
How Logon Manager Extends Your Active Directory Schema
1.1.2
How Logon Manager Synchronizes with Active Directory
1.1.3
How Logon Manager Handles and Stores Application Credentials
1.1.4
Further Reading
1.2
Designing the Logon Manager Active Directory Sub-Tree
1.2.1
Guidelines for Structuring the Sub-Tree
1.2.2
Version Control and Pre-Flight Testing of Templates and Policies
1.2.3
Precautions for Configuring Object Access Control Lists Using the Console
1.2.4
Precautions for Upgrading the Agent and Console
1.3
Global Agent Settings vs. Administrative Overrides
1.4
Recommended Global Agent Settings
1.4.1
Data Storage Settings
1.4.1.1
Use Configuration Objects
1.4.1.2
Specify the Path to the Logon Manager Configuration Objects
1.4.1.3
Store User Credentials Under Respective User Objects
1.4.2
Repository Connection Settings
1.4.2.1
Let Logon Manager Find the Nearest Domain Controller
1.4.2.2
SSL Support
1.4.2.3
Select the Credentials to Use when Authenticating to the Directory
1.4.2.4
Decide Whether to Prompt the User when Disconnected from the Directory
1.4.2.5
Let Logon Manager Search for User Accounts
1.4.2.6
Add the Active Directory Synchronizer to the Synchronizer Order List
1.4.2.7
Make the Logon Manager Agent Wait for Synchronization on Startup
1.4.2.8
Use Optimized Synchronization
1.4.3
Restrict Disconnected Operation
1.5
Recommended Administrative Overrides
1.6
Overview of the Deployment Process
1.7
Preparing Active Directory for Logon Manager
1.7.1
Extending the Schema
1.7.2
Enabling the Storage of User Credentials under User Objects
1.7.3
Creating the Configuration Object Container and Sub-Tree Structure
1.8
Configuring the Active Directory Synchronizer
1.9
Testing the Logon Manager Configuration
2
Deploying Logon Manager
with Microsoft AD LDS (ADAM)
2.1
Logon Manager and AD LDS (ADAM) Environments
2.1.1
Benefits of AD LDS (ADAM)-Based Deployments
2.1.2
Active Directory vs. AD LDS (ADAM)
2.1.3
How Logon Manager Extends the AD LDS (ADAM) Schema
2.1.4
How Logon Manager Synchronizes with AD LDS (ADAM)
2.1.5
How Logon Manager Handles and Stores Application Credentials
2.1.6
Benefits of Load-Balancing an Logon Manager Deployment
2.1.7
Further Reading
2.2
Designing the AD LDS (ADAM) Directory Sub-Tree
2.2.1
Guidelines for Structuring the AD LDS (ADAM) Sub-Tree for Logon Manager
2.2.2
Version Control and Pre-Flight Testing of Templates and Policies
2.2.3
Precautions for Configuring Object Access Control Lists Using the Console
2.2.4
Precautions for Upgrading the Agent and Console
2.3
Global Agent Settings vs. Administrative Overrides
2.4
Recommended Global Agent Settings
2.4.1
Use Configuration Objects
2.4.2
Configure a Server List with Desired Failover Order
2.4.3
Specify the Path to the Logon Manager Configuration Objects
2.4.4
SSL Support
2.4.5
Select the Credentials to Use when Authenticating to the Repository
2.4.6
Configure Logon Manager to Use a Specific People OU
2.4.7
Choose Whether to Prompt the User when Disconnected from the Repository
2.4.8
Add the AD LDS (ADAM) Synchronizer to the Synchronizer Order List
2.4.9
Make the Logon Manager Agent Wait for Synchronization on Startup
2.4.10
Use Optimized Synchronization
2.4.11
Restrict Disconnected Operation
2.5
Recommended Administrative Overrides
2.6
Overview of the Deployment Process
2.7
Creating an AD LDS (ADAM) Instance
2.8
Preparing the AD LDS (ADAM) Instance for Logon Manager
2.8.1
Extending the Schema
2.8.2
Creating the People OU
2.8.3
Creating the Configuration Object Container and Sub-Tree Structure
2.8.4
Granting Required Permissions to Logon Manager Users
2.9
Configuring the AD LDS (ADAM) Synchronizer
3
Deploying Logon Manager with an LDAP Directory
3.1
Logon Manager and LDAP Environments
3.1.1
How Logon Manager Extends Your Directory Schema
3.1.2
How Logon Manager Synchronizes with Your Directory
3.1.3
Benefits of Load-Balancing a Logon Manager Deployment
3.1.4
How Logon Manager Handles and Stores Application Credentials
3.1.5
Further Reading
3.2
Designing the Logon Manager Directory Sub-Tree
3.2.1
Guidelines for Structuring the Logon Manager Sub-Tree
3.2.2
Special Directory Objects Required by Logon Manager
3.2.3
Version Control and Pre-Flight Testing of Templates and Policies
3.2.4
Precautions for Configuring Object Access Control Lists Using the Console
3.2.5
Precautions for Upgrading the Agent and Console
3.3
Global Agent Settings vs. Administrative Overrides
3.4
Recommended Global Agent Settings
3.4.1
Select the Correct Repository Type
3.4.2
Configure a Server List with Desired Failover Order
3.4.3
Specify the Path to the Logon Manager Configuration Objects
3.4.4
Use Configuration Objects
3.4.5
SSL Support
3.4.6
Specify the Path(s) to User Accounts
3.4.7
Enable Directory Search for Users
3.4.8
Set the Naming Attribute String
3.4.9
Decide Whether to Prompt the User when Disconnected from the Directory
3.4.10
Share LDAP Synchronizer Credentials with Authenticators
3.4.11
Add the LDAP Synchronizer to the Synchronizer Order List
3.4.12
Set the Authentication Prompt Window Title
3.4.13
Make the Logon Manager Agent Wait for Synchronization on Startup
3.4.14
Use Optimized Synchronization
3.4.15
Restrict Disconnected Operation
3.5
Recommended Administrative Overrides
3.6
Overview of the Deployment Process
3.7
Preparing the Directory for Logon Manager
3.7.1
Extending the Schema
3.7.2
Creating the Sub-Tree Root and the Configuration Object Container
3.7.3
Creating the People OU
3.7.4
Creating the vGOLocator Pointer Object
3.8
Selecting and Configuring an Authenticator
3.9
Configuring the LDAP Synchronizer
4
Appendix A: Minimum Administrative Rights for Logon Manager Repository Objects
4.1
Minimum Administrative Rights Required by Logon Manager Containers
4.2
Minimum Administrative Rights Required for Credential Auditing
4.3
Minimum Administrative Rights Required for Credential Deletion
5
Appendix B: Logon Manager Repository Object Classes and Attributes
5.1
vGOUserData
5.2
vGOSecret
5.3
vGOConfig
5.4
vGOLocatorClass
6
Appendix C: Troubleshooting Logon Manager on Microsoft Active Directory
6.1
Active Directory Schema Extension Failures
6.2
All Users Unable to Store Credentials Under User Objects
6.3
Select Users Unable to Store Credentials Under User Objects
7
Troubleshooting Logon Manager
on Microsoft AD LDS (ADAM)
7.1
The Target AD LDS (ADAM) Instance is Not Running
7.2
AD LDS (ADAM) Instance is Running on Non-Default Ports
7.3
Account Used to Connect to AD LDS (ADAM) Does Not Have the Required Privileges
8
Appendix E: Creating the Required User Groups on AD LDS (ADAM)
9
Appendix F: Configuring Oracle Internet Directory
10
Appendix G: Configuring Oracle Virtual Directory
Scripting on this page enhances content navigation, but does not change the content in any way.