X

Migration from OID to OUD: Adapting EUS metadata

Guest Author

Enterprise User Security is an important component of Oracle Database Enterprise Edition. It enables you to address administrative and security challenges for a large number of enterprise database users by centralizing users and roles in a LDAP directory.

It is possible to use either Oracle Internet Directory (OID) or Oracle Unified Directory (OUD) as LDAP repository for EUS.

To migrate from OID to OUD, 
- enable EUS support in OUD
- copy your user and groups in <your_context)
- copy across EUS metadata (in cn=oracleContext,<your suffix)

EUS metadata as stored in OID must be slighly adapted before being impoorted to OUD otherwise the DB won't be able to authenticate against OUD and will raise the following error:

ORA-28043: invalid bind credentials for DB-OID connection

Migrating the DB entry from OID to OUD requires some specific
steps for SASL/DIGEST-MD5 authentication. In OID, the password
hash used for SASL/DIGEST-MD5 authentication is stored in
authpassword;oid
, with the {SASL/MD5} prefix.

In OUD, this must be stored in orclcommonrpwdattribute with the
{SASL-MD5} prefix.


For instance:

In OID:

ldapsearch [conn details] -b cn=oraclecontext,dc=example,dc=com
-s one "(cn=orcl11g)" authpassword

dn: cn=orcl11g,cn=oraclecontext,dc=example,dc=com
authpassword;oid: {SASL/MD5}ola+G+GFsSeiu6QcRiAh9g==

authpassword;oid: {SASL/MD5-DN}3UeqmU5Axd+XVAM9Lxf28g==

authpassword;oid: {SASL/MD5-U}BD6uyBcSiFbGtlPzq6TtUA==


In OUD:

ldapsearch [conn details] -b cn=oraclecontext,dc=example,dc=com
-s one "(objectclass=orcldbserver)" orclcommonrpwdattribute

dn: cn=orcl11g,cn=OracleContext,dc=example,dc=com
orclcommonrpwdattribute: {SASL-MD5}ola+G+GFsSeiu6QcRiAh9g==


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.