 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
|
|
||||||||
|
|
|||||||||
|
Windows
Integration: Configuring DAS for AD User Provisioning
By default the DAS create user form does not include the "orclADUser" object class. Therefore when you create users in DAS you are not able to populate attributes such as "krbPrincipalName" or "orclSAMAccountName". These attributes are necessary for DAS to provision Microsoft Domain users". As a result the users created by DAS are not propogated to Active Directory. In this lesson we will show you how to do the following: Add new object classes to the DAS create user form that will support AD integration and provisioning. Create a new category in the DAS create user form that will be used to provision AD users. To accomplish either of these tasks we need to configure the DAS "Create User" form and the Export mapping file. Configuring DAS for AD user configuration Step 1. Open your browser to the DAS login page. Example URL: http://abasin.us.oracle.com:7777/oiddas Step 2. Login to DAS as the "orcladmin" user. Step 3. Select the "Configuration" tab. Step 4. Select the "User Entry" sub tab. Step 5. Select "Add Object Class"
Step 6. From the list of Object Classes select "orcladuser". Step 7. After you add the "orcladuser" objectclass, click the "Next" button at the bottom of the form. Step 8. Now we will add the attributes. The attributes we will add are: orclsamaccountname krbprincipalname orcluserprincipalname To add the new attributes click on the "Add New Attribute" button. Step 9. Select the "orclsamaccountname" attribute from the "Directory Attribute Name" drop down list. Step 10. The UI Label will be the title of the attribute on the "DAS Create User" form. In our example we will include optional formating instructions so that the administrators will know the proper format necessary for AD user provisioning.
Step 11. Check the "Viewable" check box so that you will be able to see the attribute on the DAS form. Step 12. Perform steps 8 through 11 using the krbpricipalname and orcluserprincipalname attributes instead of the orclsamaccountname. Step 13. Click the "Next" button to continue. Step 14. On the next page click the "Create" button to create a new category for the "DAS Create User" form.
Step 15. Put the title of your new category in the "UI Label" field. In our example we will call our new category "Active Directory User Provisioning".
Step 16. Click the "Done" button. Step 17 Click the "Order Category" button. Move the new category up the category list to where you want it. In our example we will put it under the "Basic Information" category. Step 18. Now we will add our three attributes to the new category. Select your new category by clicking its radio button. Then click the "Edit" button.
Step 19. Move the "orclsamaccountname", "krbprincipalname", and "orcluserprincipalname" attribtues from the list on the left to the list on the right.
Step 20. Click the "Done" button. Step 21. Click the "Next" button. Step 22. (Optional) If you want to include one of the new attributes in the Search Tables, select the attribute and click the "Move" button. Step 23. Click the "Next" button. Step 24. Click the "Finish" button. When you are finished navigate to the "DAS Create User" form by clicking on the "Directory" tab, and then click the "Create" button. You knew form should look something like this:
Now lets create a new user in DAS and verify that the user is properly provisioned into the Windows Domain. Be sure to follow the formatting rules for for your new attributes. Here is an example of how to fill out the form.
After you have completed creating the new user you should verify the new user is able to login to Windows as well as any Oracle Single Sing-on web applications such as DAS. |
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
