Integration with Oracle Identity Management 11-7 4. Save the file. 5. Stop the Administration Server: SOAHOST1 cd ORACLE_BASEadmindomain_nameaserverdomain_namebin SOAHOST1 .stopWebLogic.sh 6. Start the Administrator Server using the procedure in Section 5.5, Starting the Administration Server on SOAHOST1.

11.1.2.3 Reassociating the Domain Credential Store

The reassociation of both the credential and the policy stores is accomplished as a unit using Fusion Middleware Control or the WLST command reassociateSecurityStore. See Section 11.1.4, Reassociation of Credentials and Policies for detailed steps.

11.1.3 Policy Store Configuration

The domain policy store is the repository of system and application-specific policies. In a given domain, there is one store that stores all policies that all applications deployed in the domain may use. This section provides the steps to configure Oracle Internet Directory LDAP as the policy store for the Oracle Enterprise Content Management Suite enterprise deployment topology. For more details on policy store configuration, refer to the OPSS Authorization and the Policy Store chapter in the Oracle Fusion Middleware Security Guide.

11.1.3.1 Prerequisites to Using an LDAP-Based Policy Store

In order to ensure the proper access to an LDAP server directory Oracle Internet Directory used as a policy store, you must set a node in the server directory. An Oracle Internet Directory administrator must follow these steps to create the appropriate node in an Oracle Internet Directory Server:

1. Create an LDIF file assumed to be jpstestnode.ldif in this example

specifying the following DN and CN entries: dn: cn=jpsroot_ecm cn: jpsroot_ecm objectclass: top objectclass: OrclContainer The distinguished name of the root node illustrated by the string jpsroot_ecm above must be distinct from any other distinguished name. One root node can be shared by multiple WebLogic domains. It is not required that this node be created at the top level, as long as read and write access to the subtree is granted to the Oracle Internet Directory administrator. 2. Import this data into Oracle Internet Directory server using the ldapadd command, as illustrated in the following example the command is shown as two lines in the example below for readability purposes, but you should enter the command on a single line: OIDHOST1 ORACLE_HOMEbinldapadd -h ldap_host -p ldap_port -D cn=orcladmin -w password -c -v -f jpstestnode.ldif 3. Verify that the node has been successfully inserted using the ldapsearch command, as illustrated in the following example the command is shown as two lines in the example below for readability purposes, but you should enter the command on a single line: 11-8 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle ECM Suite OIDHOST1 ORACLE_HOMEbinldapsearch -h ldap_host -p ldap_port -D cn=orcladmin -w password -b cn=jpsroot_ecm objectclass=orclContainer 4. When using Oracle Internet Directory as the LDAP-based policy store, run the oidstats.sql utility in the INFRADBHOST servers to generate database statistics for optimal database performance: ORACLE_HOME binsqlplus Enter ODS as a user name. You will be prompted for credentials for the ODS user. Inside sqlplus, enter the command to gather the statistics info: SQLPLUS ORACLE_HOMEldapadminoidstats.sql The oidstats.sql utility must be run just once after the initial provisioning. For details about this utility, consult the Oracle Fusion Middleware User Reference for Oracle Identity Management.

11.1.3.2 Reassociating the Domain Policy Store