Management of Oracle Database Authorization with Oracle Identity Manager
By mustafakaya on Feb 19, 2014
Oracle Identity Manager is used to management of Oracle Unified Directory user's life-cycle with right value and user's group.All of this process stars from Oracle Identity Manager and then insert user to OUD group or delete user from OUD group.So user will have rights via Oracle Unified Directory and Enterprise User Security.
Following steps explain integration of these three tools.
1- Enabling Oracle Unified Directory for Enterprise User Security by using Oracle Directory Services Manager(ODSM).
- Connect to the directory server from ODSM.
- Select the Home tab.
- Under the Configuration menu, select Create Base DN.
- On the Configuration Wizard, enter the details of the new suffix.
- Select the EUS Enabled check box.
- Click Create to add the new, EUS-enabled suffix.
2- After OUD has been enabled for EUS, you must update the realm information in the OUD configuration by performing the following steps:
- Locate the LDIF template file at install_dir/config/EUS/modifyRealm.ldif.
- Edit the modifyRealm.ldif file as follows:
-Replace dc=example,dc=com with the correct naming context for your server instance.
-Replace ou=people and ou=groups with the correct location of the user and group entries in your DIT.
- Use the ldapmodify command to update the configuration with the edited LDIF template file, for example:
- $ ldapmodify -h localhost -p 4444 -D "cn=directory manager" -j pwd-file -v -f modifyRealm.ldif
3- Complete below configuration on Oracle Database
- Configure your database for directory usage by using NetCA.
- Register the database with the directory by using DBCA.
- Creating a shared schema in the database.
- Mapping enterprise users to the shared schema.
4-Install Oracle Internet Directory Connector to Oracle Identity Manager because of user provisioning to Oracle Unified Directory and manage groups so roles.
When complete all of above steps.First Enterprise User Security enabled on DB,then create DB roles -enterprise role- and map this roles to the Oracle Unified Directory global roles.And last manage user's Oracle database authorization with Oracle Identity Manager through Oracle Unified Directory.
P.S.: if you want to manage Oracle Database 9i you have to use Oracle Internet Directory instead of Oracle Unified Directory.
Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.