Run the following command to configure the user and group containers:

19-20 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory ORACLE_HOME binldapmodify -h OID_Host_Name -p OID_Port -D bindDN -q -v \ -f .OIDSchema.ldif

19.2.2.5.2 Configuring Oracle Virtual Directory for the Integration Perform the following

steps to configure Oracle Virtual Directory for the integration: 1. Ensure you have performed all steps in Preparing Oracle Virtual Directory for the Enterprise User Security Integration on page 19-3 before proceeding with this procedure. 2. Start the Oracle Virtual Directory server, then start Oracle Directory Services Manager, and then connect to the Oracle Virtual Directory server. 3. Create three new Local Store Adapters using the following settings. Refer to Creating Local Store Adapters on page 12-23 for information on creating Local Store Adapters. ■ Use the Local_Storage_Adapter template for each adapter. ■ The Adapter Suffix for a Local Store Adapter must be cn=OracleContext; the Adapter Suffix for another of the Local Store Adapters must be cn=OracleSchemaVersion; and the Adapter Suffix for the other the Local Store Adapters must be dc=com, unless your Oracle Internet Directory domain is something like dc=example,dc=net, in which case the Adapter Suffix must be dc=net. ■ The Database File and Backup File fields for each of the adapters must be unique. 4. Update and load the entries into the Local Store Adapters by performing the following steps: a. Extend the Oracle Virtual Directory schema with the loadOVD.ldif file using the following command. The loadOVD.ldif file contains entries for Oracle Context and schemaversion that Enterprise User Security queries. The loadOVD.ldif file is located in the ORACLE_HOMEovdeus directory. ORACLE_HOME binldapmodify -h Oracle_Virtual_Directory_Host –p OVD_Port \ -D bindDN -q -v -a -f loadOVD.ldif b. Update realmRoot.ldif to use your namespaces, including the dn, dc, o, orclsubscriberfullname, and memberurl attributes in the file. If you have a DN mapping between Oracle Internet Directory and Oracle Virtual Directory, use the DN that you see from Oracle Virtual Directory. The realmRoot.ldif file is located in the ORACLE_HOMEovdeus directory. c. Load your domain root information in the realmRoot.ldif file into Oracle Virtual Directory using the following command: ORACLE_HOME binldapmodify -h Oracle_Virtual_Directory_Host –p OVD_Port \ -D bindDN -q -v -a –f realmRoot.ldif Note: The realmRoot.ldif file contains core entries in the directory namespace that Enterprise User Security queries. The realmRoot.ldif file also contains the dynamic group that contains the registered Enterprise User Security databases to allow secured access to sensitive Enterprise User Security related attributes, like the user’s Enterprise User Security hashed password attribute. Configuring Oracle Virtual Directory for Integrated Directory Solutions 19-21

5. Create an LDAP Adapter for Enterprise User Security using the EUS_OID adapter

template and by entering the Oracle Internet Directory host information, including the appropriate Remote Base and Mapped Namespace. Refer to Creating LDAP Adapters on page 12-3 for information on creating LDAP Adapters. 6. Configure the Access Control Lists ACLs for the integration. Refer to Configuring Access Control Lists for the Enterprise User Security Integration on page 19-21 for details about each ACL. After you configure the ACLs, continue the integration by proceeding to step 7. 7. Update the realm information with Root Oracle Context by performing the following steps: a. Edit the modifyRealm.ldif file to use your Oracle Internet Directory domain name. If you use DN mappings between Oracle Virtual Directory and Oracle Internet Directory, use the mapped DN in Oracle Virtual Directory. b. Update the realm information using the following command: ORACLE_HOME binldapmodify –h Oracle_Virtual_Directory_Host –p port -D \ bindDN -q –v –f modifyRealm.ldif The steps to configure Oracle Virtual Directory for integration with Enterprise Security and use with Oracle Internet Directory are complete. Continue the integration process and configure Enterprise User Security by referring to the Oracle Database Enterprise User Administrators Guide.

19.2.3 Configuring Access Control Lists for the Enterprise User Security Integration

This section describes the Access Control Lists ACLs you must configure in Oracle Virtual Directory for the Enterprise User Security integration regardless of which external repository you are using to store user identities in. If you have customized your ACLs after installing Oracle Virtual Directory, you must adjust the following ACL settings to include your customizations. Perform the following steps to configure Oracle Virtual Directory ACLs for the Enterprise User Security integration:

1. Create the following ACLs. Refer to

Creating Access Control Lists Using Oracle Directory Services Manager on page 16-1 for information on creating ACLs: Note: To update the Oracle Internet Directory-Oracle Virtual Directory configuration, edit the modifyRealm.ldif file and execute ldapmodify with the updated modifyRealm.ldif file. Target DN cn=OracleContext Scope subtree Applies To Entry Grant Browse DN and Return DN Access Public Target DN cn=OracleContext Scope subtree 19-22 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory Applies To All Attributes Grant Search and Read Access Public Target DN cn=OracleSchemaVersion Scope subtree Applies To Entry Grant Browse DN and Return DN Access Public Target DN cn=OracleSchemaVersion Scope subtree Applies To All Attributes Grant Search and Read Access Public Target DN dc=com Scope subtree Applies To Entry Grant Browse DN and Return DN Access Public Target DN dc=com Scope subtree Applies To All Attributes Grant Search and Read Access Public Target DN dc=com Scope subtree Applies To authpassword Deny All operations Access Public Note: The following ACL must be the last ACL in the ACL list for dc=com.