X

Configuring OUD to Support Multiple Enterprise User Security Domains

Guest Author






id="1680" class="segment">Configuring
OUD to Support Multiple Enterprise User Security Domains


id="1681" class="segment">If your users and groups are stored in
multiple domains, you must configure OUD to support multiple EUS
domains.
class="segment"> For
example, a single OUD instance contains two EUS domains.
name="OracleReview" id="1683" class="segment">class="Apple-converted-space"> One EUS domain
stores users entries in Active Directory belowclass="Apple-converted-space"> dir="ltr" style="font-family: monospace; font-size: 12px;">name="OracleReview" id="1684" class="segment">cn=users,dc=ad1,dc=comname="OracleReview" id="1685" class="segment">.name="OracleReview" id="1686" class="segment">class="Apple-converted-space"> A second EUS domain
stores user entries in a different Active Directory instance
below dir="ltr" style="font-family: monospace; font-size: 12px;">name="OracleReview" id="1687" class="segment">cn=users,dc=ad2,dc=comname="OracleReview" id="1688" class="segment">.name="OracleReview" id="1689" class="segment">class="Apple-converted-space"> You must configure
OUD to support each EUS domain.


id="1690" class="segment">To configure OUD to support multiple
EUS domains:


  1. Configure
    OUD as if the primary domain is the single domain containing
    all your users and groups.

    In this
    example, the primary domain isclass="Apple-converted-space"> 
    dir="ltr" style="font-family: monospace; font-size: 12px;">name="OracleReview" id="1693" class="segment">dc=ad1,dc=comname="OracleReview" id="1694" class="segment">.

    Complete
    the tasks in
    href="http://docs.oracle.com/cd/E49437_01/admin.111220/e22648/eus.htm#CJAGIBFF">class="secnum">28.4class="Apple-converted-space"> Oracle Unified
    Directory Used as a Proxy Server for an External LDAP
    Directory with Enterprise User Security


  2. Configure
    the secondary domain.

    In this
    example, the secondary domain isclass="Apple-converted-space"> 
    dir="ltr" style="font-family: monospace; font-size: 12px;">name="OracleReview" id="1699" class="segment">dc=ad2,dc=comname="OracleReview" id="1700" class="segment">.

    For this
    secondary domain, complete the steps inclass="Apple-converted-space">
    href="http://docs.oracle.com/cd/E49437_01/admin.111220/e22648/eus.htm#CJAHCHCA">class="secnum">28.4.1.1class="Apple-converted-space"> User Identities
    in Microsoft Active Directory


  3. Create a
    new naming context for the EUS domain, which isclass="Apple-converted-space"> 
    dir="ltr" style="font-family: monospace; font-size: 12px;">name="OracleReview" id="1704" class="segment">dc=ad2,dc=comname="OracleReview" id="1705" class="segment">class="Apple-converted-space"> in this
    example.


    name="OracleReview" id="1706" class="segment">Complete the
    steps in href="http://docs.oracle.com/cd/E49437_01/admin.111220/e22648/eus.htm#CJAJEJGD">28.4.2.1.2
    href="http://docs.oracle.com/cd/E49437_01/admin.111220/e22648/eus.htm#CJAJEJGD">to
    configure Enterprise User Security for an existing Oracle
    Unified Directory Proxy Server instance.


  4. Update
    the Oracle context with the new naming context.


    1. Create
      an LDIF file.

      In
      the following 
      dir="ltr" style="font-family: monospace; font-size:
      12px;">class="segment">myconfig.ldifname="OracleReview" id="1712" class="segment">class="Apple-converted-space"> example,
      make the following substitutions:

      • Replaceclass="Apple-converted-space"> dir="ltr" style="font-family: monospace; font-size:
        12px;">class="segment">dc=ad1,dc=comname="OracleReview" id="1715" class="segment">class="Apple-converted-space"> with
        the DN of your first domain.


      • Replaceclass="Apple-converted-space"> dir="ltr" style="font-family: monospace; font-size:
        12px;">class="segment">orclcommonusersearchbasename="OracleReview" id="1718" class="segment">class="Apple-converted-space"> with
        the users location in the secondary domain.


      • id="1719" class="segment">orclcommongroupsearchbasename="OracleReview" id="1720" class="segment">class="Apple-converted-space"> with
        the groups location in the secondary domain.


      dn: cn=Common,cn=Products,cn=OracleContext,dc=ad1,dc=com
      changetype: modify
      add: orclcommonusersearchbase
      orclcommonusersearchbase: cn=users,dc=ad2,dc=com
      orclcommongroupsearchbase: cn=groups,dc=ad2,dc=com

    2. Update
      OUD configuration using the LDIF file you created in
      step 4a.

      ldapmodify -h oudhost -p 1389 -D "cn=directory manager" 

      -w password -f myconfig.ldif








Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.