Configuring an OUD 12c Directory Server
for EUS
Before You Begin
This tutorial provides a step-by-step example of how to create an Oracle Unified Directory (OUD) 12c PS3 Directory Server for Oracle Enterprise Security (EUS) integration. This tutorial takes approximately 15 minutes to complete.
This is the third tutorial in the series Integrating Oracle Unified Directory 12c with Oracle Enterprise User Security. Read them sequentially.
- Installing Oracle Unified Directory 12c for EUS
- Configuring OUDSM 12c for EUS
- Configuring an OUD 12c Directory Server for EUS
- Configuring Network and Database Connectivity for OUD 12c and EUS
- Configuring Schemas, Roles and Mapping for EUS and OUD 12c
- Testing the EUS and OUD 12c Integration
Background
Oracle EUS enables Oracle Database users to authenticate against identities stored in an LDAP-compliant directory service such as OUD. In this tutorial you configure OUD as the directory server for EUS, load sample users and groups, and create a new password policy for an EUS Administrator.
What Do You Need?
- To have followed OBE II: Configuring OUDSM 12c for EUS
Create a Directory Server for EUS
- Launch a terminal window as
oracleand enter the following command:
cd /u01/app/oracle/product/oud/oud echo password >pwd.txt
export INSTANCE_NAME=../../config/oud_instances/asinst_1
./oud-setup --cli --integration eus --no-prompt --ldapPort 1389 \
--adminConnectorPort 4444 -D "cn=Directory Manager" \
--rootUserPasswordFile pwd.txt --ldapsPort 1636 \
--generateSelfSignedCertificate --baseDN "dc=example,dc=com"Note: Change password to a password of your choice.
If successful you should see the following output:
Oracle Unified Directory 12.2.1.3.0 Please wait while the setup program initializes... Creating instance directory /u01/app/oracle/config/oud_instances/asinst_1/OUD .....Done. See /u01/app/oracle/config/oud_instances/asinst_1/OUD/logs/oud-setup for a detailed log of this operation. Configuring Directory Server ..... Done. Configuring Certificates ..... Done. Preparing the server for Oracle integration ........ Done. Starting Directory Server ........ Done. Creating EUS suffixes ..... Done. To see basic server configuration status and configuration you can launch /u01/app/oracle/config/oud_instances/asinst_1/OUD/bin/status
Import Sample Users and Groups into OUD
In this section you import a number of sample users and groups into ou=People,dc=example,dc=com and ou=Groups,dc=example,dc=com respectively. These users and groups will be used to login to the database with EUS in a later tutorial.
- Download the example.ldif and copy to /stage.
- Launch a terminal window as
oracleand enter the following command:
cd /u01/app/oracle/config/oud_instances/asinst_1/OUD/bin
./ldapmodify -p 1389 -D "cn=Directory Manager" -w password -a -c -f /stage/example.ldifwhere password is the password you entered in the previous step.
- If successful you should see the following output:
Processing ADD request for ou=People,dc=example,dc=com
ADD operation successful for DN ou=People,dc=example,dc=com
Processing ADD request for ou=Groups,dc=example,dc=com
ADD operation successful for DN ou=Groups,dc=example,dc=com
Processing ADD request for cn=ora_connect,ou=Groups,dc=example,dc=com
ADD operation successful for DN cn=ora_connect,ou=Groups,dc=example,dc=com
Processing ADD request for cn=ora_resource,ou=Groups,dc=example,dc=com
ADD operation successful for DN cn=ora_resource,ou=Groups,dc=example,dc=com
Processing ADD request for cn=ora_dba,ou=Groups,dc=example,dc=com
ADD operation successful for DN cn=ora_dba,ou=Groups,dc=example,dc=com
Processing ADD request for uid=user.0,ou=People,dc=example,dc=com
ADD operation successful for DN uid=user.0,ou=People,dc=example,dc=com
Processing ADD request for uid=user.1,ou=People,dc=example,dc=com
ADD operation successful for DN uid=user.1,ou=People,dc=example,dc=com
Processing ADD request for uid=user.2,ou=People,dc=example,dc=com
ADD operation successful for DN uid=user.2,ou=People,dc=example,dc=com
Configure a Password Policy For EUS Administrator
In this section you create a new password policy for EUS Administrators, and then create an EUS Administration User called cn=eusadmin,cn=oraclecontext.
- Launch a terminal window as
oracleon the OUD server and run the following command to create theEUSAdminspassword policy:
where password is the password you entered in the previous step.cd /u01/app/oracle/config/oud_instances/asinst_1/OUD/bin
echo password >pwd.txt ./dsconfig create-password-policy --policy-name EUSAdmins \ --set password-attribute:userpassword \
--set default-password-storage-scheme:AES \
--set default-password-storage-scheme:Salted\ SHA-512 \
--type generic \
--hostName localhost \
--port 4444 \
--bindDN "cn=Directory Manager" \
--bindPasswordFile pwd.txt \
--trustAll \
--no-prompt - Download the eusadmin.ldif file and copy to /stage. The eusadmin.ldif file creates a user
cn=eusadmin,cn=oraclecontextand assigns theEUSAdminspassword policy created above to it, along with other required privileges.
- Run the following command to create the
cn=eusadmin,cn=oraclecontextuser:
./ldapmodify -p 1389 -D "cn=Directory Manager" -w password -f /stage/eusadmin.ldifwhere password is the password you entered in the previous step.
If successful you should see:
Processing ADD request for cn=eusadmin,cn=oraclecontext
ADD operation successful for DN cn=eusadmin,cn=oraclecontext etc..
Verify the OUD Instance with OUDSM
- Launch a browser and enter the following URL to launch Oracle Directory Services Manager (OUDSM):
http://oud.example.com:7001/oudsm. Enter the following details and click Login:
Name:OUD
Server:oud.example.com
Password:passwordwhere password is the password you entered in the previous step.
When prompted with the Server Certificate Validation screen, click Yes to trust the certificate.
- In the OUDSM home page, click the Data Browser tab and expand the directory information tree
dc=example,dc=comto display the sample users and groups added earlier:
Description
Next Tutorial
Configuring Network and Database Connectivity for OUD 12c and EUS