E
LDAP Directory Schema for Oracle Database Security

This appendix describes the object classes and attributes defined in the LDAP directory schema for Oracle database security.

This appendix contains the following sections:

Structural Object Classes

Table E-1 lists the structural object classes and associated attributes related to the LDAP directory schema for Oracle database security.

Table E-1 Structural Object Classes and Attributes

Object Class	Database Attributes
orclDBServer	orclDBGlobalName
orclDBEnterpriseDomain	orclDBServerMember orclDBTrustedDomain
orclDBEnterpriseRole	orclDBServerRole orclDBRoleOccupant
orclDBEntryLevelMapping	orclDBDistinguishedName orclDBNativeUser
orclDBSubtreeLevelMapping	orclDBDistinguishedName orclDBNativeUser

Attributes

Table E-2 describes the attributes in the LDAP directory schema for Oracle database security.

Table E-2 LDAP Directory Schema Attributes

Attribute	Description
orclDBGlobalName	Identifies the global name of the server
orclDBServerMember	Defines a list of databases that are members of the domain
orclDBTrustedDomain	Indicates whether current user database links function between databases in the domain
orclDBServerRole	Defines a list of included global roles in the databases in the domain
orclDBRoleOccupant	Defines a list of users or groups to whom this enterprise role has been assigned
orclDBDistinguishedName	Specifies the full distinguished name of the enterprise user
orclDBNativeUser	Specifies the database shared schema name

Access Controls

Table E-3 describes the minimum required access controls for the LDAP directory security objects.

Note:
Members of the OracleDBSecurityAdmins group require create, update, and read access to all objects in the directory.

Table E-3 Minimum Required Access to Directory Objects.

Object	Created By	Updated By	Read By
database server	database creator during installation	DBA for the database	anyone
database-level mapping	DBA for the database, using Oracle Enterprise Security Manager	DBA for the database, using Oracle Enterprise Security Manager	database DBA for the database, using Oracle Enterprise Security Manager
Oracle Default Domain	Oracle Context creator, using Net8 Configuration Assistant	domain administrator for the Oracle Default Domain, using Enterprise Security Manager database creator, using Oracle Database Configuration Assistant; can only modify the domain, not the subordinate roles	database creator, using Oracle Database Configuration Assistant databases in the domain domain administrator, using Oracle Enterprise Security Manager
enterprise domain	database security administrator, using Oracle Enterprise Security Manager	domain administrator	databases in the domain
domain-level mapping	domain administrator for the domain, using Oracle Enterprise Security Manager	domain administrator for the domain, using Oracle Enterprise Security Manager	domain administrator for the domain, using Oracle Enterprise Security Manager databases in the domain
enterprise role	domain administrator, using Oracle Enterprise Security Manager	domain administrator, using Oracle Enterprise Security Manager	databases in the domain domain administrator using Oracle Enterprise Security Manager
OracleDBSecurityAdmins group	Oracle Context creator, using Net8 Configuration Assistant	database security administrator	database security administrator
OracleDBCreators group	Oracle Context creator, using Net8 Configuration Assistant	database security administrator	database creators

Note:
Database security administrators are members of the OracleDBSecurityAdmins group. Database creators are members of the OracleDBCreators group.

More Information:

For information on the context and usage of the Oracle security schema for LDAP, see Chapter 17, Managing Enterprise User Security.

For information on the OracleNetAdmins group, see the Net8 Administrator's Guide.

E LDAP Directory Schema for Oracle Database Security