Skip to main content

Enterprise User security(EUS) with OVD and Novell eDirectory

EUS set up for OVD 11.1.1.7 and Novell eDirectory 8.8 SP8
Prerequisites:
Ø  Oracle Virtual Directory version 11.1.1.7 is already installed and running.
Ø  Novell eDirectory server Version 8.8 SP8 is already installed and running.
Ø  iManager version 2.7.7 is already installed. Password management plugin is downloaded and installed on iManager. RBS configuration wizard has run.
Ø  Oracle Database (Version 11.2.0.1.0) is already installed and running. 

Configuring Novell eDirectory server for EUS Integration

For EUS integration a universal password policy has to be implemented on eDirectory and Admin should have access to retrieve the password of the user.
 For setting up the universal password policy login to iManager with Admin credentials.



Go to ‘Roles and Tasks’ tab and click Passwords.

Click Password policies.


Click New to create new password policy.
Provide the container name, policy name, description and password change message.


Click Next.

On next page click on view options.

Make sure that “Allow admin to retrieve passwords” check box is checked.


Click Next.

On the next page select the complexity of the password on the basis of requirements.


Click Next.

Assign it to the desired user container of tree.


Finally verify the policy summary before applying it on to the container.

Click finish to apply the Password Policy.


Configuring OVD for EUS Integration

Login to the ODSM and select Adapter tab. Click “configure adapter for Enterprise User Security (EUS)”.

Select OVD context and click next.


Select either same parent or different parent (context) depending on the requirement.


Select Adapter template as EUS eDirectory. Provide the credentials to connect to the Directory server.

Provide a mapped name space (in OVD) to Remote Base.
Click Next.




Validate the values for EUS adapter and click finish.




4 New adapters would be created. Please validate the adapters. 


Enabling Root Access on OVD

Login to ODSM and click the Advanced tab.
Click apply for the password mappings. 


Now click the security tab.
Select root from the access control points.


Select new from the entry level operations.
Select the Browse DN and return DN from the permissions. Select Public from By Whom List.


Anonymous root access is enabled on OVD now.


Configuring Database for EUS configuration

Run netCA to configure the database for EUS integration with Directory Server.

Select Directory Usage Configuration.

Click Next.


Provide the connection parameters for Directory server.
Click Next.




Select cn=OracleContext,dc=eusovd,dc=com.

Click Next.


Click Next.


Click Finish.


This will add an entry of Directory Server in the ORACLE_HOME/ network/admin/ldap.ora file.
Check once to validate.


Registering the Database with the OVD

Run DBCA on the database.

Click Next.


Select ‘configure Database Options’ and click next.


Select the database SID and click next.


Provide the credentials to connect to the directory and provide a wallet password.

Click next.


Click next


Click No and finish.


After restarting the database create a user identified globally.
“Create User global_ident_schema_user IDENTIFIED GLOBALLY;”

Grant connect to the user:

GRANT CONNECT to global_ident_schema_user;


Setting up User Schema Mapping

Open a terminal and type
emctl start dbconsole

Now go to https://host_name:port /em

Username:sys as sysdba

Password: ************

Make sure to log in as system as sysdba so that you have the proper permissions


Click on Server it will be at the top in the middle tab


Click on Enterprise User Security


Provide the LDAP credentials so that EUS can look up the LDAP groups.

User:cn=orcladmin
Password:*********


Click on Manage Enterprise Domains


Click on configure




Click User-Schema Mappings


Click Create


Click subtree

Click the flashlight and select
dc=eusovd,dc=com

Enter Schema as global_ident_schema_user

Click continue


Click OK


Test


Create a new user in NovelleDirectory





 Pull up a terminal
Try to login to the sqlplus with the created user.


















Labels:

Comments

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c
5 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D
Post a Comment
Read more

What is Application Instance

Application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism) . Creating and managing application instances are performed by using the Oracle Identity System Administration. Once Created Application Instance can be requested from the catalog. Application instances can be connected or disconnected.  Connected application  instance -It has a connector defined for the provisioning of entities. Account is created in the target system real time in case of connected Application Instance. Disconnected  application instance - It is used for the provisioning of a disconnected resource, for which  a connector is not defined, and therefore, the provisioning is performed manually by the administrator. A mail trigger system can also be attached which sends the account creation/modification/deletion mails to the application owner.
Post a Comment
Read more