Integrate Portal 10g with Oracle Applications 11i and ...
Transcript of Integrate Portal 10g with Oracle Applications 11i and ...
Manage Users and Secure the Oracle Application Server 10g Environment Identity Management Oracle Identity Management is an integrated identity management infrastructure that includes an LDAP directory service, directory integration and provisioning services, a delegated administration service application, authentication and authorization services, and an X.509 V3 certificate authority. Key benefits of Oracle Identity Management are its robustness and scalability, out-of-the-box deployment support for Oracle products, utility as a single point of integration for other enterprise identity management solutions, and open, standards-based implementation Managing Oracle Application Server 10g Users with Delegated Administration Services This lesson provides instructions in how to use Delegated Administration Services (DAS) to manage Oracle Application Server 10g users. Two methods for creating and managing users are covered: using the Oracle Directory Manager (ODM) and using the Oracle Internet Directory (OID) self-service console.
Overview Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units for performing directory operations on behalf of a user. It frees directory administrators from the more routine directory management tasks by enabling them to delegate specific functions to other administrators and to end users. It provides most of the functionality that directory-enabled applications require, such as creating a user entry, creating a group entry, searching for entries, and changing user passwords. You can use Oracle Delegated Administration Services to develop your own tools for administering application data in the directory. Alternatively, you can use the Oracle Internet Directory Self-Service Console, a tool based on Delegated Administration Services. This tool comes ready to use with Oracle Internet Directory.
Create a user with the OID Self Service Console as follows:
n Check that OID is up and running
cd /d01/oracle/infra/opmn/bin/
./opmn/bin/opmnctl stopall
./opmn/bin/opmnctl startall
1. Determine the HTTP Server port for your Infrastructure installation by looking at the /home/oracle/infra/install/portlist.ini file
cd /d01/oracle/infra/install/
Open a browser window and open the OID Self Service Console homepage by typing:
http://<hostname>.<domain>:<HTTPServerport>/oiddas
The SSO login page comes up. Enter the User Name of orcladmin and the ias_admin password. Click Login
Click the Directory tab.
Then, click Create to create an Application Server user.
In the Create User page, you can enter various details about the new user. You can fill in the information as pictured (use welcome1 for the password).
GETTING
STARTED
• Getting Started IndexNew OTN UsersArchitectsDevelopersDBAsISVs
• SMBs
DOWNLOADS
• Downloads IndexDatabaseFusion Middleware
• Enterprise ManagerJDeveloperSQL DeveloperJava for Developers
DOCUMENTATION
• Documentation IndexDatabaseFusion MiddlewareEnterprise ManagerJDeveloperBeehiveApplicationsMore...
FORUMS
• Discussion Forums IndexTechnology Network Community
• DatabaseFusion Middleware
• Developer ToolsEnterprise
ARTICLES
• rticles IndexFor DevelopersFor DBAsFor ArchitectsOracle Mag. CurrentOracle Mag.
SAMPLE CODE
• ample Code Home
TUTORIALS
• Tutorials IndexDatabaseOracle VMFusion MiddlewareEnterprise ManagerJDeveloperBusiness Intelligence
• DemosMore...
• JavaFXSolaris and OpenSolarisMore...
ManagerEPM/Business Intelligence
• PHP
• Linux & InfrastructureMore...
ArchivesOracle Publishing
Printer View E-mail this page Bookmark
Managing Oracle Application Server 10g Users with Delegated Administration Services
Purpose
This lesson provides instructions in how to use Delegated Administration Services (DAS) to manage Oracle Application Server 10g users. Two methods for creating and managing users are covered: using the Oracle Directory Manager (ODM) and using the Oracle Internet Directory (OID) self-service console.
Topics
This module will discuss the following:
Overview
Prerequisites
Create a User with ODM
Set Up the Environment
Check the Status of All Components
Create a User
Grant Privileges
Modify the Default Password Policy
Create a User with OID
Create a User
Verify the Creation of the User
Modify User Privileges
Log in to DAS as the New User
Viewing Screenshots
Place the cursor on this icon to display all screenshots. You can also place the cursor on each icon to see only the screenshot associated with it.
Overview Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units for performing directory operations on behalf of a user. It frees directory administrators from the more routine directory management tasks by enabling them to delegate specific functions to other administrators and to end users. It provides most of the functionality that directory-enabled applications require, such as creating a user entry, creating a group entry, searching for entries, and changing user passwords. You can use Oracle Delegated Administration Services to develop your own tools for administering application data in the directory. Alternatively, you can use the Oracle Internet Directory Self-Service Console, a tool based on Delegated Administration Services. This tool comes ready to use with Oracle Internet Directory.
Prerequisites
Back to Topic List
In order for this lesson to work successfully, you will need to have performed the following:
1. Complete the Installing the Oracle Application Server 10g Infrastructure lesson.
Create a User with ODM
Back to Topic List
Set Up the Environment
To set up the environment, open a terminal window and enter:
cd /home/oracle/infra export ORACLE_SID=infra export ORACLE_HOME=/home/oracle/infra export PATH=$PATH:$ORACLE_HOME/bin
Back to Topic List
Check the Status of All Components
You can start and stop components either using the command line or from the Oracle Enterprise Manager 10g Application Server Control. The steps here show how to check status, stop, and start the components using the command line.
In the terminal window set up with the environment, check the status of all components:
cd /home/oracle/infra ./opmn/bin/opmnctl status
Note: If the status is not listed as "Alive" for all components:
./opmn/bin/opmnctl stopall
./opmn/bin/opmnctl startall
Back to Topic List
Create a User
Create a user with ODM as follows:
1. Start oidadmin with User (orcladmin), Password (ias_admin password), Server (<hostname>), and Port (3060).
2. Navigate to and expand the Entry Management node until cn=Users node appears under dc=com,dc=oracle,dc=us.
3. Select the node cn=PUBLIC under cn=Users. Right click to see the pop-up menu options.
Click Create Like from the menu options, to create a new user.
Note: By using the Create Like menu option, you don't have to specify the five object classes that need to be included when a user is created. The object classes are: person, organizationalPerson, inetOrgPerson, orclUserV2, and top.
4. The New Entry dialog box comes up. This dialog box will already contain the values for the user cn=PUBLIC. Replace the following properties with these values: Distinguished Name (DN): cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com
In the Mandatory Properties: cn=newuser1 sn=newuser1
In the Optional Properties (scroll through the list to find all of the properties): employeeNumber: newuser1
givenName: newuser1 mail: [email protected] orclIsEnabled: delete the existing value and leave it empty uid=newuser1 userPassword: newuser1
5. When you're done, click OK. Notice that the new user is created under the cn=Users entry.
Back to Topic List
Grant Privileges
The following steps show how to grant this newly created user (newuser1) privileges for creating new users.
1. Navigate to and expand the Entry Management node, the cn=OracleContext node and the cn=Groups node.
2. Select the node cn=OracleDASCreateUser. The right pane displays the properties of the entry selected. Scroll down to the uniquemembers field.
3. Add the DN of newuser1 (cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com) as a new line in the field and click Apply.
Note: You can test the privilege granted by logging in as newuser1 and creating a new user. To login as newuser1, enter cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com as the User.
Back to Topic List
Modify the Default Password Policy
Modify the default Password Policy by changing the attribute Password Maximum Failure (pwdmaxfailure) value to two, as follows:
1. Navigate to and expand the Password Policy Management node and select the "Password Policy for Realm dc=us,dc=oracle,dc=com" node.
2. The password policy properties are displayed in the right pane in four tabs. Click the
Account Lockout tab.
3. Click on the Password Maximum Failure field and change the value from 10 to 2.
4. Click Apply to save the changes.
Note: You can test the new password policy settings by logging in as newuser1 and providing the wrong password twice. The next time you try to login, an error will be displayed stating that the newuser1 account is locked. You can unlock the newuser1 account by resetting its password (the userPassword attribute) as an OID administrator.
Create a User with OID
Back to Topic List
Create a User
Create a user with the OID Self Service Console as follows:
1. Determine the HTTP Server port for your Infrastructure installation by looking at the /home/oracle/infra/install/portlist.ini file.
2. Open a browser window and open the OID Self Service Console homepage by typing:
http://<hostname>.<domain>:<HTTPServerport>/oiddas
Note: You may need to clear your cookies before logging in.
3. Click the Login icon.
4. The SSO login page comes up. Enter the User Name of orcladmin and the ias_admin password. Click Login.
5. Click the Directory tab.
6. Then, click Create to create an Application Server user.
7. In the Create User page, you can enter various details about the new user. You can fill in the information as pictured (use welcome1 for the password).
8. Click Submit when done. Click OK.
Back to Topic List
Verify the Creation of the User
Click the User tab.
Modify User Privileges
In the search results, select akr14feb and click Assign Privileges.
Log in to DAS as the New User To verify that the users were created correctly, log in to DAS as follows: