Manage Users and Secure the Oracle Application Server 10g Environment

Identity Management

Oracle Identity Management is an integrated identity management infrastructure that

includes an LDAP directory service, directory integration and provisioning services, a
delegated administration service application, authentication and authorization services,
and an X.509 V3 certificate authority. Key benefits of Oracle Identity Management are
its robustness and scalability, out-of-the-box deployment support for Oracle products,
utility as a single point of integration for other enterprise identity management solutions,
and open, standards-based implementation

Managing Oracle Application Server 10g Users with Delegated Administration Services

This lesson provides instructions in how to use Delegated Administration Services (DAS)
to manage Oracle Application Server 10g users. Two methods for creating and managing
users are covered: using the Oracle Directory Manager (ODM) and using the Oracle
Internet Directory (OID) self-service console.

Overview
Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units
for performing directory operations on behalf of a user. It frees directory administrators
from the more routine directory management tasks by enabling them to delegate specific
functions to other administrators and to end users. It provides most of the functionality
that directory-enabled applications require, such as creating a user entry, creating a group
entry, searching for entries, and changing user passwords. You can use Oracle Delegated
Administration Services to develop your own tools for administering application data in
the directory. Alternatively, you can use the Oracle Internet Directory Self-Service
Console, a tool based on Delegated Administration Services. This tool comes ready to
use with Oracle Internet Directory.
Create a user with the OID Self Service Console as follows:

n Check that OID is up and running

cd /d01/oracle/infra/opmn/bin/

./opmn/bin/opmnctl stopall
./opmn/bin/opmnctl startall

1. Determine the HTTP Server port for your Infrastructure installation by looking at
the /home/oracle/infra/install/portlist.ini file

cd /d01/oracle/infra/install/
Open a browser window and open the OID Self Service Console homepage by typing:

http://<hostname>.<domain>:<HTTPServerport>/oiddas
The SSO login page comes up. Enter the User Name of orcladmin and the ias_admin
password. Click Login

Click the Directory tab.

Then, click Create to create an Application Server user.

In the Create User page, you can enter various details about the new user. You can fill in
the information as pictured (use welcome1 for the password).

GETTING DOWNLO DOCUMENTATION FORUMS ARTIC SAMP TUTORIALS

STARTED ADS LES LE
CODE
• Documentati • Dis • Tuto
• Getting • Do on cussion • rials
Started IndexNew wnloads IndexDatabaseFusio Forums rticles • IndexDataba
OTN IndexData n IndexTechn IndexF ample seOracle
UsersArchitectsDe baseFusion MiddlewareEnterpris ology or Code VMFusion
velopersDBAsISVs Middleware e Network Develo Home MiddlewareE
ManagerJDeveloperB Community persFo nterprise
eehiveApplicationsM r ManagerJDe
• SMBs • En
ore... DBAsF veloperBusin
terprise • Dat
or ess
ManagerJD abaseFusion
Archite Intelligence
eveloperS Middleware
ctsOra
QL
cle
DeveloperJ • De
• Dev Mag.
ava for mosMore...
eloper Curren
Developers
ToolsEnterp tOracle
rise Mag.
 ManagerEP Archive
M/Business sOracle
• Ja
Intelligence Publish
vaFXSolari
ing
s and
OpenSolari • PHP
sMore...
• Lin
ux &
Infrastructu
reMore...

Printer View E-mail this page Bookmark

Managing Oracle Application Server 10g Users with Delegated

Administration Services

Purpose

This lesson provides instructions in how to use Delegated Administration Services (DAS)
to manage Oracle Application Server 10g users. Two methods for creating and managing
users are covered: using the Oracle Directory Manager (ODM) and using the Oracle
Internet Directory (OID) self-service console.

Topics

This module will discuss the following:

Overview
Prerequisites
Create a User with ODM
Set Up the Environment
Check the Status of All Components
Create a User
Grant Privileges
Modify the Default Password Policy
Create a User with OID
Create a User
Verify the Creation of the User
Modify User Privileges
Log in to DAS as the New User

Viewing Screenshots

Place the cursor on this icon to display all screenshots. You can also place the
cursor on each icon to see only the screenshot associated with it.
Overview
Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based units
for performing directory operations on behalf of a user. It frees directory administrators
from the more routine directory management tasks by enabling them to delegate specific
functions to other administrators and to end users. It provides most of the functionality
that directory-enabled applications require, such as creating a user entry, creating a group
entry, searching for entries, and changing user passwords. You can use Oracle Delegated
Administration Services to develop your own tools for administering application data in
the directory. Alternatively, you can use the Oracle Internet Directory Self-Service
Console, a tool based on Delegated Administration Services. This tool comes ready to
use with Oracle Internet Directory.

Prerequisites

Back to Topic List

In order for this lesson to work successfully, you will need to have performed the
following:

Complete the Installing the Oracle Application Server 10g Infrastructure lesson.
1.

Create a User with ODM

Back to Topic List

Set Up the Environment

To set up the environment, open a terminal window and

enter:

cd /home/oracle/infra
export ORACLE_SID=infra
export ORACLE_HOME=/home/oracle/infra
export PATH=$PATH:$ORACLE_HOME/bin

Back to Topic List

Check the Status of All Components

You can start and stop components either using the command line or from the
Oracle Enterprise Manager 10g Application Server Control. The steps here
show how to check status, stop, and start the components using the command
line.
In the terminal window set up with the environment, check the status of all
components:

cd /home/oracle/infra
./opmn/bin/opmnctl status

Note: If the status is not listed as "Alive" for all components:

./opmn/bin/opmnctl stopall
./opmn/bin/opmnctl startall

Back to Topic List

Create a User

Create a user with ODM as follows:

Start oidadmin with User (orcladmin), Password (ias_admin password), Server

1.
(<hostname>), and Port (3060).
 Navigate to and expand the Entry Management node until cn=Users node appears under
2.
dc=com,dc=oracle,dc=us.

Select the node cn=PUBLIC under cn=Users. Right click to see the pop-up menu options.
3.
 Click Create Like from the menu options, to create a new user.

Note: By using the Create Like menu option, you don't have to specify the five object
classes that need to be included when a user is created. The object classes are: person,
organizationalPerson, inetOrgPerson, orclUserV2, and top.

The New Entry dialog box comes up. This dialog box will already contain the values for the
4.
user cn=PUBLIC. Replace the following properties with these values:
Distinguished Name (DN): cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com

In the Mandatory Properties:

cn=newuser1
sn=newuser1

In the Optional Properties (scroll through the list to find all of the properties):
employeeNumber: newuser1
 givenName: newuser1
mail: newuser1@xyz.com
orclIsEnabled: delete the existing value and leave it empty
uid=newuser1
userPassword: newuser1

When you're done, click OK. Notice that the new user is created under the cn=Users entry.
5.

Back to Topic List

Grant Privileges

The following steps show how to grant this newly created

user (newuser1) privileges for creating new users.

Navigate to and expand the Entry Management node, the cn=OracleContext node and the
1.
cn=Groups node.
 Select the node cn=OracleDASCreateUser. The right pane displays the properties of the
2.
entry selected. Scroll down to the uniquemembers field.

Add the DN of newuser1 (cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com) as a new line in

3.
the field and click Apply.

Note: You can test the privilege granted by logging in as newuser1 and creating a new user.
To login as newuser1, enter cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com as the User.

Back to Topic List

Modify the Default Password Policy

Modify the default Password Policy by changing the attribute

Password Maximum Failure (pwdmaxfailure) value to two,
as follows:

Navigate to and expand the Password Policy Management node and select the "Password
1.
Policy for Realm dc=us,dc=oracle,dc=com" node.

The password policy properties are displayed in the right pane in four tabs. Click the
2.
 Account Lockout tab.

Click on the Password Maximum Failure field and change the value from 10 to 2.
3.

Click Apply to save the changes.

4.
Note: You can test the new password policy settings by logging in as newuser1 and
providing the wrong password twice. The next time you try to login, an error will be
displayed stating that the newuser1 account is locked. You can unlock the newuser1 account
by resetting its password (the userPassword attribute) as an OID administrator.

Create a User with OID

Back to Topic List

Create a User

Create a user with the OID Self Service Console as follows:

Determine the HTTP Server port for your Infrastructure installation by looking at the
1.
/home/oracle/infra/install/portlist.ini file.
 Open a browser window and open the OID Self Service Console homepage by typing:
2.
http://<hostname>.<domain>:<HTTPServerport>/oiddas

Note: You may need to clear your cookies before logging in.

Click the Login icon.

3.
 The SSO login page comes up. Enter the User Name of orcladmin and the ias_admin
4.
password. Click Login.

Click the Directory tab.

5.
 Then, click Create to create an Application Server user.
6.

In the Create User page, you can enter various details about the new user. You can fill in the
7.
information as pictured (use welcome1 for the password).

Click Submit when done. Click OK.

8.

Back to Topic List

Verify the Creation of the User

Click the User tab.

Modify User Privileges

In the search results, select akr14feb and click Assign Privileges.

Log in to DAS as the New User
To verify that the users were created correctly, log in to DAS as follows: