Manage Users and Secure the Oracle Application Server 10g Environment Identity Management Oracle Identity Management is an integrated identity management infrastructure that includes an LDAP directory service, directory integration and provisioning services, a delegated administration service application, authentication and authorization services, and an X.509 V3 certificate authority. Key benefits of Oracle Identity Management are its robustness and scalability, out-of-the-box deployment support for Oracle products, utility as a single point of integration for other enterprise identity management solutions, and open, standards-based implementation Managing Oracle Application Server 10g Users with Delegated Administration Services This lesson provides instructions in how to use Delegated Administration Services (DAS) to manage Oracle Application Server 10g users. Two methods for creating and managing users are covered: using the Oracle Directory Manager (ODM) and using the Oracle Internet Directory (OID) self-service console. Overview Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units for performing directory operations on behalf of a user. It frees directory administrators from the more routine directory management tasks by enabling them to delegate specific functions to other administrators and to end users. It provides most of the functionality that directory-enabled applications require, such as creating a user entry, creating a group entry, searching for entries, and changing user passwords. You can use Oracle Delegated Administration Services to develop your own tools for administering application data in the directory. Alternatively, you can use the Oracle Internet Directory Self-Service Console, a tool based on Delegated Administration Services. This tool comes ready to use with Oracle Internet Directory.
Transcript
Manage Users and Secure the Oracle Application Server 10g Environment Identity Management Oracle Identity Management is an integrated identity management infrastructure that includes an LDAP directory service, directory integration and provisioning services, a delegated administration service application, authentication and authorization services, and an X.509 V3 certificate authority. Key benefits of Oracle Identity Management are its robustness and scalability, out-of-the-box deployment support for Oracle products, utility as a single point of integration for other enterprise identity management solutions, and open, standards-based implementation Managing Oracle Application Server 10g Users with Delegated Administration Services This lesson provides instructions in how to use Delegated Administration Services (DAS) to manage Oracle Application Server 10g users. Two methods for creating and managing users are covered: using the Oracle Directory Manager (ODM) and using the Oracle Internet Directory (OID) self-service console.
Overview Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units for performing directory operations on behalf of a user. It frees directory administrators from the more routine directory management tasks by enabling them to delegate specific functions to other administrators and to end users. It provides most of the functionality that directory-enabled applications require, such as creating a user entry, creating a group entry, searching for entries, and changing user passwords. You can use Oracle Delegated Administration Services to develop your own tools for administering application data in the directory. Alternatively, you can use the Oracle Internet Directory Self-Service Console, a tool based on Delegated Administration Services. This tool comes ready to use with Oracle Internet Directory.
The SSO login page comes up. Enter the User Name of orcladmin and the ias_admin password. Click Login
Click the Directory tab.
Then, click Create to create an Application Server user.
In the Create User page, you can enter various details about the new user. You can fill in the information as pictured (use welcome1 for the password).
GETTING
STARTED
• Getting Started IndexNew OTN UsersArchitectsDevelopersDBAsISVs
• SMBs
DOWNLOADS
• Downloads IndexDatabaseFusion Middleware
• Enterprise ManagerJDeveloperSQL DeveloperJava for Developers
Managing Oracle Application Server 10g Users with Delegated Administration Services
Purpose
This lesson provides instructions in how to use Delegated Administration Services (DAS) to manage Oracle Application Server 10g users. Two methods for creating and managing users are covered: using the Oracle Directory Manager (ODM) and using the Oracle Internet Directory (OID) self-service console.
Topics
This module will discuss the following:
Overview
Prerequisites
Create a User with ODM
Set Up the Environment
Check the Status of All Components
Create a User
Grant Privileges
Modify the Default Password Policy
Create a User with OID
Create a User
Verify the Creation of the User
Modify User Privileges
Log in to DAS as the New User
Viewing Screenshots
Place the cursor on this icon to display all screenshots. You can also place the cursor on each icon to see only the screenshot associated with it.
Overview Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units for performing directory operations on behalf of a user. It frees directory administrators from the more routine directory management tasks by enabling them to delegate specific functions to other administrators and to end users. It provides most of the functionality that directory-enabled applications require, such as creating a user entry, creating a group entry, searching for entries, and changing user passwords. You can use Oracle Delegated Administration Services to develop your own tools for administering application data in the directory. Alternatively, you can use the Oracle Internet Directory Self-Service Console, a tool based on Delegated Administration Services. This tool comes ready to use with Oracle Internet Directory.
Prerequisites
Back to Topic List
In order for this lesson to work successfully, you will need to have performed the following:
1. Complete the Installing the Oracle Application Server 10g Infrastructure lesson.
Create a User with ODM
Back to Topic List
Set Up the Environment
To set up the environment, open a terminal window and enter:
cd /home/oracle/infra export ORACLE_SID=infra export ORACLE_HOME=/home/oracle/infra export PATH=$PATH:$ORACLE_HOME/bin
Back to Topic List
Check the Status of All Components
You can start and stop components either using the command line or from the Oracle Enterprise Manager 10g Application Server Control. The steps here show how to check status, stop, and start the components using the command line.
2. Navigate to and expand the Entry Management node until cn=Users node appears under dc=com,dc=oracle,dc=us.
3. Select the node cn=PUBLIC under cn=Users. Right click to see the pop-up menu options.
Click Create Like from the menu options, to create a new user.
Note: By using the Create Like menu option, you don't have to specify the five object classes that need to be included when a user is created. The object classes are: person, organizationalPerson, inetOrgPerson, orclUserV2, and top.
4. The New Entry dialog box comes up. This dialog box will already contain the values for the user cn=PUBLIC. Replace the following properties with these values: Distinguished Name (DN): cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com
In the Mandatory Properties: cn=newuser1 sn=newuser1
In the Optional Properties (scroll through the list to find all of the properties): employeeNumber: newuser1
givenName: newuser1 mail: [email protected] orclIsEnabled: delete the existing value and leave it empty uid=newuser1 userPassword: newuser1
5. When you're done, click OK. Notice that the new user is created under the cn=Users entry.
Back to Topic List
Grant Privileges
The following steps show how to grant this newly created user (newuser1) privileges for creating new users.
1. Navigate to and expand the Entry Management node, the cn=OracleContext node and the cn=Groups node.
2. Select the node cn=OracleDASCreateUser. The right pane displays the properties of the entry selected. Scroll down to the uniquemembers field.
3. Add the DN of newuser1 (cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com) as a new line in the field and click Apply.
Note: You can test the privilege granted by logging in as newuser1 and creating a new user. To login as newuser1, enter cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com as the User.
Back to Topic List
Modify the Default Password Policy
Modify the default Password Policy by changing the attribute Password Maximum Failure (pwdmaxfailure) value to two, as follows:
1. Navigate to and expand the Password Policy Management node and select the "Password Policy for Realm dc=us,dc=oracle,dc=com" node.
2. The password policy properties are displayed in the right pane in four tabs. Click the
3. Click on the Password Maximum Failure field and change the value from 10 to 2.
4. Click Apply to save the changes.
Note: You can test the new password policy settings by logging in as newuser1 and providing the wrong password twice. The next time you try to login, an error will be displayed stating that the newuser1 account is locked. You can unlock the newuser1 account by resetting its password (the userPassword attribute) as an OID administrator.
Create a User with OID
Back to Topic List
Create a User
Create a user with the OID Self Service Console as follows:
1. Determine the HTTP Server port for your Infrastructure installation by looking at the /home/oracle/infra/install/portlist.ini file.
Note: You may need to clear your cookies before logging in.
3. Click the Login icon.
4. The SSO login page comes up. Enter the User Name of orcladmin and the ias_admin password. Click Login.
5. Click the Directory tab.
6. Then, click Create to create an Application Server user.
7. In the Create User page, you can enter various details about the new user. You can fill in the information as pictured (use welcome1 for the password).
