Nsure Idntity Manager & Oracle Internet Directory Michel Bluteau Field Corporate Strategist...

Tags:

Preview:

Click to see full reader

Citation preview

Nsure Idntity Manager &Oracle Internet Directory

Michel BluteauField Corporate StrategistNsure Identity ManagementNovell Québec

© 12 mai 2004 Novell Inc, Confidential & Proprietary2

Driver for Oracle 10g OID

• Required privileges for driver• Mandatory Classes for

– OID– Enterprise User– Enterprise Role

• Required ACLs for the changelog

© 12 mai 2004 Novell Inc, Confidential & Proprietary3

Oracle Internet Directory

•OID is an application that runs off Oracle•OID clients use LDAP•OID uses Oracle Net to communicate with Database servers

© 12 mai 2004 Novell Inc, Confidential & Proprietary4

Oracle Internet DirectoryOracle Directory Manager

© 12 mai 2004 Novell Inc, Confidential & Proprietary5

Oracle Internet DirectoryOracle Directory Manager

© 12 mai 2004 Novell Inc, Confidential & Proprietary6

Oracle Internet DirectoryCommunication

© 12 mai 2004 Novell Inc, Confidential & Proprietary7

Oracle Advanced Security Uses OID for

-Storing the password for a centralized user that can have access to more than one Database server-Centrally store and assign privileges-Integration of VPD(Virtual Private Database) and Row Label Security-With 10g, synchro of attributes userPassword(SSO) and orclPassword(DB)-OID can leverage RAS and RAC for high availability in a Oracle bubble(many DB servers)

© 12 mai 2004 Novell Inc, Confidential & Proprietary8

Driver for Oracle OID

• bi-directional sync for data• uni-directional sync for the password

– From eDirectory to OID

• No customization required(versus JDBC)

© 12 mai 2004 Novell Inc, Confidential & Proprietary9

Driver User: Select cn=orcladmin

© 12 mai 2004 Novell Inc, Confidential & Proprietary10

Choose Create Like, create meta

© 12 mai 2004 Novell Inc, Confidential & Proprietary11

Modify cn, sn, uid and userPassword

© 12 mai 2004 Novell Inc, Confidential & Proprietary12

Result: cn=meta

© 12 mai 2004 Novell Inc, Confidential & Proprietary13

Under cn=OracleContext, cn=Groups

© 12 mai 2004 Novell Inc, Confidential & Proprietary14

Add to cn=OracleSuperAdminGroup

© 12 mai 2004 Novell Inc, Confidential & Proprietary15

Add to cn=OracleUserSecurityAdmin

© 12 mai 2004 Novell Inc, Confidential & Proprietary16

Add to cn=Common User Attributes

© 12 mai 2004 Novell Inc, Confidential & Proprietary17

Add to cn=OracleContextAdmins

© 12 mai 2004 Novell Inc, Confidential & Proprietary18

Add to required DAS groups

© 12 mai 2004 Novell Inc, Confidential & Proprietary19

After adding meta to groups

- meta can create users and groups via oidadmin

- but cannot do so via LDAP with ldapadd or the DirXML driver

See:http://download-east.oracle.com/docs/cd/B10464_02/manage.904/b12118/priv_de3.htm

© 12 mai 2004 Novell Inc, Confidential & Proprietary20

After adding meta to groups

- Provide meta with the required ACLs for cn=Users and cn=Groups (under dc=novl,dc=ca).

See: http://download-east.oracle.com/docs/cd/B10464_02/manage.904/b12118/access2.htm#1059039

© 12 mai 2004 Novell Inc, Confidential & Proprietary21

After adding meta to groups

© 12 mai 2004 Novell Inc, Confidential & Proprietary22

After adding meta to groups

© 12 mai 2004 Novell Inc, Confidential & Proprietary23

Required privileges for changelog

The ACLs for changelog MUST be modified in order to allow meta access to the changelog

© 12 mai 2004 Novell Inc, Confidential & Proprietary24

Under Access Control Management

© 12 mai 2004 Novell Inc, Confidential & Proprietary25

Add meta, via Create Like

© 12 mai 2004 Novell Inc, Confidential & Proprietary26

Add meta, via Create Like

© 12 mai 2004 Novell Inc, Confidential & Proprietary27

Add meta, via Create Like

© 12 mai 2004 Novell Inc, Confidential & Proprietary28

Add meta, via Create Like

© 12 mai 2004 Novell Inc, Confidential & Proprietary29

Add meta, résultat

© 12 mai 2004 Novell Inc, Confidential & Proprietary30

Classes required for OID

- User requires the following classes:• inetOrgPerson• orclUserV2• orclUser(optional)

- Group(dynamicGroup) requires the following classes:

• groupOfUniqueNames• orclGroup• the displayname attribute is mandatory

© 12 mai 2004 Novell Inc, Confidential & Proprietary31

© 12 mai 2004 Novell Inc, Confidential & Proprietary32

Classes required for OID

© 12 mai 2004 Novell Inc, Confidential & Proprietary33

Classes required for OID

© 12 mai 2004 Novell Inc, Confidential & Proprietary34

Classes required for OID

Recommended

BLUTEAU, Raphael. Vocabulario Portuguez e Latino, 1719. Parte 2 Página 355
Documents
Novell Nsure SecureLogin · increase security, and improve compliance with corporate security policies. The separate single sign-on modules (components) of SecureLogin are designed
Documents
Novell ZENworks Application Virtualization · Novell ZENworks Application Virtualization. . Presenting Novell ZENworks Application Virtualization. Novell ZENworks Application Virtualization
Documents
Novell windermere
Technology
Nsure SecureLogin 3.51 Administration Guide · Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically
Documents
Novell Whitepaper
Documents
Www.novell.com Troubleshooting Novell BorderManager ® Craig Johnson Novell SysOp craigsj@ix.netcom.com Caterina Luppi Novell
Documents
Novell edir873
Documents
Novell SecureLogin
Technology
Novell UDDI Services · Web services. UDDI Services leverages open standards such as HTTP, XML, and SOAP. This is a light-weight edition of the Novell Nsure TM UDDI Server and comes
Documents
Novell NsureTM Identity Manager Driver for MVS* RACF* · 10 Nsure Identity Manager Driver 1.0 for MVS RACF Implementation Guide Nsure Identity Manager Driver 1.0 for MVS RACF Implementation
Documents
GWAVACon 2013: Novell File Management Suite Enhancing Novell Filr
Technology
Novell Nsure Identity Manager · Novell Novell Confidential Manual (ENU) 22 July 2004
Documents
Novell Nsure Identity Manager Fan-Out Driver · includes tasks performed on the platform, and core driver administration tasks. This section describes the installation tasks that
Documents
Novell Teaming 2...Novell Teaming 2.0 1 novdocx (en) 22 June 2009 Novell ® Novell Teaming 2.0 July 31, 2009 1 Product Overview Novell® Teaming 2.0 offers many enhancements over Teaming
Documents
Novell NsureTM Identity Manager Driver for MVS* …Nsure Identity Manager Driver 1.0 for MVS RACF Implementation Guide May 6, 2004 May 6, 2004 Novell Confidential Manual July 16, 2002
Documents
Overview of Novell® Nsure ™ Identity Manager Deployment Studio Steven Weitzeil Director of Engineering, Nsure Identity Manager & Nsure Audit Novell Bill
Documents
Novell iManager
Documents
Developing for Novell ® Nsure ™ SecureLogin Gordon Mathis Senior Software Engineer, Novell Inc. gmathis@novell.com
Documents
Configuring Novell ® Nsure ™ Identity Manager 2 (formerly DirXML ® ) for Enterprise Applications Mark Worwetz Senior Software Engineer Novell, Inc. mworwetz@novell.com
Documents