1. Home
  2. Lainnya

Disable Anonymous Binds to Oracle Virtual Directory LDAP Ports Set Up Oracle Virtual Directory–Oracle Identity Manager Access Control Lists

10-16 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management

10.4.6 Disable Anonymous Binds to Oracle Virtual Directory LDAP Ports

For security, you must disable anonymous binds to Oracle Virtual Directorys LDAP ports by editing a configuration file. Proceed as follows:

1. Stop Oracle Virtual Directory by typing:

ORACLE_INSTANCE binopmnctl stopproc ias-component=ovd1 2. Edit the file: ORACLE_INSTANCE configOVDcomponentlisteners.os_xml Locate the section for the LDAP Endpoint listener, which looks like this: ldap id=LDAP Endpoint version=1 port6501port ...... anonymousBindAllow anonymousBind ...... ldap Modify this section so that it looks like this: ldap id=LDAP Endpoint version=1 port6501port ...... anonymousBindDeny anonymousBind ...... ldap 3. Locate the similar section for the LDAP SSL Endpoint listener and make the same change. 4. Save the file. 5. Restart Oracle Virtual Directory using the command: ORACLE_INSTANCE binopmnctl startproc ias-component=ovd1

6. Repeat these steps for each Oracle Virtual Directory instance.

10.4.7 Set Up Oracle Virtual Directory–Oracle Identity Manager Access Control Lists

In addition to the steps described previously, you must update the access permissions of the following users. The users are the values you assigned to the parameters: IDSTORE_OIMADMINUSER To do this you must create an LDIF file for the user being updated. The file must have the format: dn: s_SearchBase changetype: modify add: subtreeACI subtreeACI: grant:b,t,a,d,n[entry]authzID-dn:s_NamingAttr=s_UserName,s_ SystemIDBase subtreeACI: grant:s,r,w,o,c,m[all]authzID-dn:s_NamingAttr=s_UserName,s_ SystemIDBase dn: cn=changelog changetype: modify add: subtreeACI subtreeACI: grant:b,t,a,d,n[entry]authzID-dn:s_NamingAttr=s_UserName,s_ Preparing Identity and Policy Stores 10-17 SystemIDBase subtreeACI: grant:s,r,w,o,c,m[all]authzID-dn:s_NamingAttr=s_UserName,s_ SystemIDBase For example: dn: dc=mycompany,dc=com changetype: modify add: subtreeACI subtreeACI: grant:b,t,a,d,n[entry]authzID-dn:cn=oimLDAP,cn=systemids,dc=mycompany,dc=com subtreeACI: grant:s,r,w,o,c,m[all]authzID-dn:cn=oimLDAP,cn=systemids,dc=mycompany,dc=com dn: cn=changelog changetype: modify add: subtreeACI subtreeACI: grant:b,t,a,d,n[entry]authzID-dn:cn=oimLDAP,cn=systemids,dc=mycompany,dc=com subtreeACI: grant:s,r,w,o,c,m[all]authzID-dn:cn=oimLDAP,cn=systemids,dc=mycompany,dc=com Once you have created the file, load it into Oracle Virtual Directory using the command: ldapmodify -h ovdhost1.mycompany.com -p 389 -D cn=orcladmin -q -f filename.ldif ldapmodify -h ovdhost2.mycompany.com -p 389 -D cn=orcladmin -q -f filename.ldif

10.4.8 Creating Access Control Lists in Non-Oracle Internet Directory Directories

Dokumen yang terkait

Oracle Fusion Middleware Online Documentation Library

0 4 110

Oracle Fusion Middleware Online Documentation Library

0 1 210

Oracle Fusion Middleware Online Documentation Library

0 3 60

Oracle Fusion Middleware Online Documentation Library

0 5 76

Oracle Fusion Middleware Online Documentation Library

0 0 44

Oracle Fusion Middleware Online Documentation Library

0 0 70

Oracle Fusion Middleware Online Documentation Library

0 0 18

Oracle Fusion Middleware Online Documentation Library

0 0 152

Oracle Fusion Middleware Online Documentation Library

0 0 76

Oracle Fusion Middleware Online Documentation Library

0 1 74