Managing Oracle Application Server 10g Users with Delegated Administration Services
Managing Oracle Application
Server 10g Users with Delegated Administration Services
Purpose
This lesson provides instructions in
how to use Delegated Administration Services
(DAS) to manage Oracle Application Server 10g users. Two methods for
creating and managing users are covered: using the Oracle Directory Manager
(ODM) and using the Oracle Internet Directory (OID) self-service console.
Place the cursor on this icon to display all screenshots.
You can also place the cursor on each icon to see only the screenshot associated
with it.
Overview
Oracle Delegated Administration Services (DAS) is a set of pre-defined, Web-based
units for performing directory operations on behalf of a user. It frees directory
administrators from the more routine directory management tasks by enabling them
to delegate specific functions to other administrators and to end users. It provides
most of the functionality that directory-enabled applications require, such as
creating a user entry, creating a group entry, searching for entries, and changing
user passwords. You can use Oracle Delegated Administration Services to develop
your own tools for administering application data in the directory. Alternatively,
you can use the Oracle Internet Directory Self-Service Console, a tool based on
Delegated Administration Services. This tool comes ready to use with Oracle Internet
Directory.
You can start and stop components either using the command line or from
the Oracle Enterprise Manager 10g Application Server Control. The
steps here show how to check status, stop, and start the components using
the command line.
In the terminal window set up with the environment,
check the status of all components:
cd /home/oracle/infra
./opmn/bin/opmnctl status
Note: If the status is not listed as "Alive"
for all components:
Start oidadmin with User (orcladmin), Password (ias_admin
password), Server (<hostname>), and Port (3060).
2.
Navigate to and expand the Entry Management node until
cn=Users node appears under dc=com,dc=oracle,dc=us.
3.
Select the node cn=PUBLIC under cn=Users. Right click
to see the pop-up menu options. Click Create Like from the menu
options, to create a new user.
Note: By using the Create Like menu option, you
don't have to specify the five object classes that need to be included
when a user is created. The object classes are: person, organizationalPerson,
inetOrgPerson, orclUserV2, and top.
4.
The New Entry dialog box comes up. This dialog box will
already contain the values for the user cn=PUBLIC. Replace the following
properties with these values: Distinguished
Name (DN): cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com
In the Mandatory Properties:
cn=newuser1
sn=newuser1
In the Optional Properties (scroll through the list to find all of the
properties):
employeeNumber: newuser1
givenName: newuser1
mail: newuser1@xyz.com
orclIsEnabled: delete the existing value and leave it empty
uid=newuser1
userPassword: newuser1
5.
When you're done, click OK. Notice that the new
user is created under the cn=Users entry.
The following steps show how to grant this newly created user (newuser1)
privileges for creating new users.
1.
Navigate to and expand the Entry Management node, the
cn=OracleContext node and the cn=Groups node.
2.
Select the node cn=OracleDASCreateUser. The right
pane displays the properties of the entry selected. Scroll down to the
uniquemembers field.
3.
Add the DN of newuser1 (cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com)
as a new line in the field and click Apply.
Note: You can test the privilege granted by logging
in as newuser1 and creating a new user. To login as newuser1, enter cn=newuser1,cn=Users,dc=us,dc=oracle,dc=com
as the User.
Modify the default Password Policy by changing the attribute Password
Maximum Failure (pwdmaxfailure) value to two, as follows:
1.
Navigate to and expand the Password Policy Management
node and select the "Password Policy for Realm dc=us,dc=oracle,dc=com"
node.
2.
The password policy properties are displayed in the
right pane in four tabs. Click the Account Lockout tab.
3.
Click on the Password Maximum Failure field and
change the value from 10 to 2.
4.
Click Apply to save the changes.
Note: You can test the new password policy settings
by logging in as newuser1 and providing the wrong password twice. The
next time you try to login, an error will be displayed stating that the
newuser1 account is locked. You can unlock the newuser1 account by resetting
its password (the userPassword attribute) as an OID administrator.
Note: You may need to clear your cookies before
logging in.
3.
Click the Login icon.
4.
The SSO login page comes up. Enter the User Name of
orcladmin and the ias_admin password. Click Login.
5.
Click the Directory tab.
6.
Then, click Create to create an Application Server user.
7.
In the Create User page, you can enter various details
about the new user. You can fill in the information as pictured (use welcome1
for the password).
Bookmark
