Professional Documents
Culture Documents
Identity Management
Managing Oracle Application Server 10g Users with Delegated Administration Services
This lesson provides instructions in how to use Delegated Administration Services (DAS)
to manage Oracle Application Server 10g users. Two methods for creating and managing
users are covered: using the Oracle Directory Manager (ODM) and using the Oracle
Internet Directory (OID) self-service console.
Overview
Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units
for performing directory operations on behalf of a user. It frees directory administrators
from the more routine directory management tasks by enabling them to delegate specific
functions to other administrators and to end users. It provides most of the functionality
that directory-enabled applications require, such as creating a user entry, creating a group
entry, searching for entries, and changing user passwords. You can use Oracle Delegated
Administration Services to develop your own tools for administering application data in
the directory. Alternatively, you can use the Oracle Internet Directory Self-Service
Console, a tool based on Delegated Administration Services. This tool comes ready to
use with Oracle Internet Directory.
Create a user with the OID Self Service Console as follows:
cd /d01/oracle/infra/opmn/bin/
./opmn/bin/opmnctl stopall
./opmn/bin/opmnctl startall
1. Determine the HTTP Server port for your Infrastructure installation by looking at
the /home/oracle/infra/install/portlist.ini file
cd /d01/oracle/infra/install/
Open a browser window and open the OID Self Service Console homepage by typing:
http://<hostname>.<domain>:<HTTPServerport>/oiddas
The SSO login page comes up. Enter the User Name of orcladmin and the ias_admin
password. Click Login
Purpose
This lesson provides instructions in how to use Delegated Administration Services (DAS)
to manage Oracle Application Server 10g users. Two methods for creating and managing
users are covered: using the Oracle Directory Manager (ODM) and using the Oracle
Internet Directory (OID) self-service console.
Topics
Overview
Prerequisites
Create a User with ODM
Set Up the Environment
Check the Status of All Components
Create a User
Grant Privileges
Modify the Default Password Policy
Create a User with OID
Create a User
Verify the Creation of the User
Modify User Privileges
Log in to DAS as the New User
Viewing Screenshots
Place the cursor on this icon to display all screenshots. You can also place the
cursor on each icon to see only the screenshot associated with it.
Overview
Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units
for performing directory operations on behalf of a user. It frees directory administrators
from the more routine directory management tasks by enabling them to delegate specific
functions to other administrators and to end users. It provides most of the functionality
that directory-enabled applications require, such as creating a user entry, creating a group
entry, searching for entries, and changing user passwords. You can use Oracle Delegated
Administration Services to develop your own tools for administering application data in
the directory. Alternatively, you can use the Oracle Internet Directory Self-Service
Console, a tool based on Delegated Administration Services. This tool comes ready to
use with Oracle Internet Directory.
Prerequisites
In order for this lesson to work successfully, you will need to have performed the
following:
Complete the Installing the Oracle Application Server 10g Infrastructure lesson.
1.
cd /home/oracle/infra
export ORACLE_SID=infra
export ORACLE_HOME=/home/oracle/infra
export PATH=$PATH:$ORACLE_HOME/bin
You can start and stop components either using the command line or from the
Oracle Enterprise Manager 10g Application Server Control. The steps here
show how to check status, stop, and start the components using the command
line.
In the terminal window set up with the environment, check the status of all
components:
cd /home/oracle/infra
./opmn/bin/opmnctl status
./opmn/bin/opmnctl stopall
./opmn/bin/opmnctl startall
Create a User
Select the node cn=PUBLIC under cn=Users. Right click to see the pop-up menu options.
3.
Click Create Like from the menu options, to create a new user.
Note: By using the Create Like menu option, you don't have to specify the five object
classes that need to be included when a user is created. The object classes are: person,
organizationalPerson, inetOrgPerson, orclUserV2, and top.
The New Entry dialog box comes up. This dialog box will already contain the values for the
4.
user cn=PUBLIC. Replace the following properties with these values:
Distinguished Name (DN): cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com
In the Optional Properties (scroll through the list to find all of the properties):
employeeNumber: newuser1
givenName: newuser1
mail: newuser1@xyz.com
orclIsEnabled: delete the existing value and leave it empty
uid=newuser1
userPassword: newuser1
When you're done, click OK. Notice that the new user is created under the cn=Users entry.
5.
Grant Privileges
Navigate to and expand the Entry Management node, the cn=OracleContext node and the
1.
cn=Groups node.
Select the node cn=OracleDASCreateUser. The right pane displays the properties of the
2.
entry selected. Scroll down to the uniquemembers field.
Note: You can test the privilege granted by logging in as newuser1 and creating a new user.
To login as newuser1, enter cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com as the User.
Navigate to and expand the Password Policy Management node and select the "Password
1.
Policy for Realm dc=us,dc=oracle,dc=com" node.
The password policy properties are displayed in the right pane in four tabs. Click the
2.
Account Lockout tab.
Click on the Password Maximum Failure field and change the value from 10 to 2.
3.
Create a User
Determine the HTTP Server port for your Infrastructure installation by looking at the
1.
/home/oracle/infra/install/portlist.ini file.
Open a browser window and open the OID Self Service Console homepage by typing:
2.
http://<hostname>.<domain>:<HTTPServerport>/oiddas
Note: You may need to clear your cookies before logging in.
In the Create User page, you can enter various details about the new user. You can fill in the
7.
information as pictured (use welcome1 for the password).