nsure idntity manager & oracle internet directory michel bluteau field corporate strategist...
TRANSCRIPT
![Page 1: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/1.jpg)
Nsure Idntity Manager &Oracle Internet Directory
Michel BluteauField Corporate StrategistNsure Identity ManagementNovell Québec
![Page 2: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/2.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary2
Driver for Oracle 10g OID
• Required privileges for driver• Mandatory Classes for
– OID– Enterprise User– Enterprise Role
• Required ACLs for the changelog
![Page 3: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/3.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary3
Oracle Internet Directory
•OID is an application that runs off Oracle•OID clients use LDAP•OID uses Oracle Net to communicate with Database servers
![Page 4: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/4.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary4
Oracle Internet DirectoryOracle Directory Manager
![Page 5: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/5.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary5
Oracle Internet DirectoryOracle Directory Manager
![Page 6: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/6.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary6
Oracle Internet DirectoryCommunication
![Page 7: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/7.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary7
Oracle Advanced Security Uses OID for
-Storing the password for a centralized user that can have access to more than one Database server-Centrally store and assign privileges-Integration of VPD(Virtual Private Database) and Row Label Security-With 10g, synchro of attributes userPassword(SSO) and orclPassword(DB)-OID can leverage RAS and RAC for high availability in a Oracle bubble(many DB servers)
![Page 8: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/8.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary8
Driver for Oracle OID
• bi-directional sync for data• uni-directional sync for the password
– From eDirectory to OID
• No customization required(versus JDBC)
![Page 9: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/9.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary9
Driver User: Select cn=orcladmin
![Page 10: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/10.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary10
Choose Create Like, create meta
![Page 11: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/11.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary11
Modify cn, sn, uid and userPassword
![Page 12: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/12.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary12
Result: cn=meta
![Page 13: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/13.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary13
Under cn=OracleContext, cn=Groups
![Page 14: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/14.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary14
Add to cn=OracleSuperAdminGroup
![Page 15: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/15.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary15
Add to cn=OracleUserSecurityAdmin
![Page 16: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/16.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary16
Add to cn=Common User Attributes
![Page 17: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/17.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary17
Add to cn=OracleContextAdmins
![Page 18: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/18.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary18
Add to required DAS groups
![Page 19: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/19.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary19
After adding meta to groups
- meta can create users and groups via oidadmin
- but cannot do so via LDAP with ldapadd or the DirXML driver
See:http://download-east.oracle.com/docs/cd/B10464_02/manage.904/b12118/priv_de3.htm
![Page 20: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/20.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary20
After adding meta to groups
- Provide meta with the required ACLs for cn=Users and cn=Groups (under dc=novl,dc=ca).
See: http://download-east.oracle.com/docs/cd/B10464_02/manage.904/b12118/access2.htm#1059039
![Page 21: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/21.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary21
After adding meta to groups
![Page 22: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/22.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary22
After adding meta to groups
![Page 23: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/23.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary23
Required privileges for changelog
The ACLs for changelog MUST be modified in order to allow meta access to the changelog
![Page 24: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/24.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary24
Under Access Control Management
![Page 25: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/25.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary25
Add meta, via Create Like
![Page 26: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/26.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary26
Add meta, via Create Like
![Page 27: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/27.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary27
Add meta, via Create Like
![Page 28: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/28.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary28
Add meta, via Create Like
![Page 29: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/29.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary29
Add meta, résultat
![Page 30: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/30.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary30
Classes required for OID
- User requires the following classes:• inetOrgPerson• orclUserV2• orclUser(optional)
- Group(dynamicGroup) requires the following classes:
• groupOfUniqueNames• orclGroup• the displayname attribute is mandatory
![Page 31: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/31.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary31
![Page 32: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/32.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary32
Classes required for OID
![Page 33: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/33.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary33
Classes required for OID
![Page 34: Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist Nsure Identity Management Novell Québec](https://reader036.vdocuments.us/reader036/viewer/2022062500/56649edc5503460f94bed1d1/html5/thumbnails/34.jpg)
© 12 mai 2004 Novell Inc, Confidential & Proprietary34
Classes required for OID