 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
Enterprise User Security |
|
||||||||
|
|
|||||||||
|
Enterprise User Security If your infrastructure is like most, you have an LDAP server that stores your user identities, roles and privileges for the purpose of authenticating your users against their application. The LDAP server also gives you a place to centrally manage your users and the ability to apply a consistent security policy to all of your applications. The LDAP server also gives you the ability to easily delegate administration tasks to others. Traditionally, database authentication is done by creating database schema users in the database itself. These schema users have their user identities, passwords, roles and privileges stored in the database. When the user logs into the database either directly using SQLPlus or through some application, the users credentials and privileges are checked inside the database. This model creates fragmented administrative control of users that access their applications. Every database you have creates a new administrative management point and a potential for fragmented administration and security policies in your corporate infrastructure. A better model would be to have these users created as "Enterprise Users" in the OID LDAP server. This model allows you to have your users authenticate against the LDAP server and to apply a consistent security policy for all of your users accessing your databases and database applications. It is also an easier way of managing users and their access to applications. This model also limits the number database schema user accounts in the database to just those that are actually administering the database. In this section we will show you how to create enterprise users in OID using a feature called "Enterprise Security Manager" that enables your users to authenticate to your databases using their credentials and roles stored in OID. Prerequisites: Oracle 10g Application Server infrastructure must be installed and running Oracle 9i or 10g database must be installed running and configured with the "Advanced Security Option". Subjects covered in this lesson Simple LDAP Authentication Proof of Concept Enabling your database for LDAP network connectivity Configuring your database for LDAP authentication with OID Configure your database schema mappings using Enterprise Security Manager Test user authentication against the database Configuring an Enterprise Role How to create an "Enterprise Role" in OID and map it to a database role Test user authentication against your new Enterprise Role Configuring a Shared Schema for Groups |
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
