19-10 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory This value adds the orclCommonAttribute attribute definition in Active Directory. c. Reset the password for all the Active Directory users, allowing the plug-in to acquire the password changes and generate and store password verifiers. 8. If you are using Kerberos authentication on Windows 2000 or Windows 2003 with Oracle Database Advanced Security, you must configure it now by referring to the Oracle Database Advanced Security Administrators Guide. After you configure the Kerberos authentication, make sure you can log in to the database using your Active Directory user credential before proceeding to the next steps. 9. Extend the Oracle Internet Directory LDAP attribute and objectclass using the following command: ORACLE_HOME binldapmodify -h OID_Host_Name -p OID_Port -D bindDN \ -q -v -f OIDSchema.ldif 10. Create four new LDAP Adapters using the following settings and by entering the Oracle Internet Directory host information. Refer to Creating LDAP Adapters on page 12-3 for information on creating LDAP Adapters. For the first three new LDAP Adapters: ■ Use the Oracle_Internet_Directory adapter template. ■ The Adapter Remote Base and Mapped Namesapce for the first adapter must be cn=OracleContext. ■ The Adapter Remote Base and Mapped Namesapce for the second adapter must be cn=OracleSchemaVersion ■ The Adapter Remote Base and Mapped Namespace for the third adapter must be cn=subschemasubentry. For the fourth new LDAP Adapter: ■ Use the EUS_OID adapter template. ■ The Adapter Remote Base and Mapped Namesapce for the fourth adapter must be cn=oraclecontext,your_OID_realm. 11. Create a new Local Store Adapter using the following settings. Refer to Creating Local Store Adapters on page 12-23 for information on creating Local Store Adapters. ■ Use the Local_Storage_Adapter template. ■ The Adapter Suffix must be dc=com, unless your Oracle Internet Directory realm is something like dc=example,dc=net, in which case the Adapter Suffix must be dc=net. 12. Update realmRoot.ldif to use your namespaces, including the dn, dc, o, orclsubscriberfullname, and memberurl attributes in the file. If you have a DN mapping between Active Directory and Oracle Virtual Directory, use the DN that you see from Oracle Virtual Directory. Configuring Oracle Virtual Directory for Integrated Directory Solutions 19-11 13. Load your domain root information in the realmRoot.ldif file into Oracle Virtual Directory using the following command: ORACLE_HOME binldapmodify -h Oracle_Virtual_Directory_Host –p OVD_Port \ -D bindDN -q -v -a –f realmRoot.ldif 14. Create a new LDAP Adapter for the user search base in Active Directory using the following settings and by entering the Active Directory host information, including the Remote Base. Refer to Creating LDAP Adapters on page 12-3 for information on creating LDAP Adapters. ■ Use the EUS_ActiveDirectory template for the adapter. ■ For Remote Base, enter the container in Active Directory, for example: cn=users,dc=adrealm,dc=com 15. Check if the EUSActiveDirectory.py mapping is already deployed. If it is, go to step 16 now. If the EUSActiveDirectory.py mapping is not deployed, you must create a mapping for the Active Directory user search base adapter by clicking the Create Mapping button, then select EUSActiveDirectory.py, then enter a unique mapping name, then click the OK button, and then click the Apply button. 16. Add the Mapped Namespace to the orclcommonusersearchbase under cn=Common,cn=Products,cn=oraclecontext,OID realm. You can use an LDIF file such as: dn: cn=Common,cn=Products,cn=oraclecontext,dc=oracle,dc=com changetype: modify add: orclcommonusersearchbase orclcommonusersearchbase: cn=users,dc=adrealm,dc=com 17. Create the following ACLs. Refer to Creating Access Control Lists Using Oracle Directory Services Manager on page 16-1 for information on creating ACLs. If you have customized your ACLs after installing Oracle Virtual Directory, you must adjust the following ACL settings to include your customizations. Note: The realmRoot.ldif file contains core entries in the directory namespace that Enterprise User Security queries. The realmRoot.ldif file also contains the dynamic group that contains the registered Enterprise User Security databases to allow secured access to sensitive Enterprise User Security related attributes, like the user’s Enterprise User Security hashed password attribute. Target DN cn=subschemasubentry Scope subtree Applies To Entry Grant Browse DN and Return DN Access Public Target DN cn=subschemasubentry Scope subtree Applies To All Attributes