Configuring Oracle Enterprise Content Management Suite 4-29 After the Oracle IRM Managed Server picks up this configuration change, normally right away, it will write out a series of XML documents in the export folder. This process is complete when a folder named accounts appears under the export folder. The accounts folder will contain one or more folders named batchXXX, with each batch folder containing a set of XML documents that include the user and group details. For example: scratch irm-data accounts batch1 user1.xml user2.xml group1.xml The batch folders are used to ensure that the operating system limit of the maximum number of files in a folder is not exceeded. After this process is complete, reset the export folder: setIRMExportFolder This reset ensures that Oracle IRM does not perform any further data exporting when the Managed Server restarts. 5. Configure the Oracle Internet Directory authentication provider: a. Start the Administration Server for your Oracle WebLogic Server domain, as described in Section 10.1, Starting the Administration Server. b. Log in to the Oracle WebLogic Server Administration Console as the domain Administration user, at this URL: http:adminServerHost:adminServerPortconsole For adminServerHost, specify the name of the computer that hosts the Administration Server for your domain. For adminServerPort, specify the listen port number for the Administration Server. The default number is 7001. For example: http:myHost.example.com:7001console To log in, supply the user name and password that were specified on the Configure Administrator User Name and Password screen in the configuration wizard.

c. Under Domain Structure on the left, select Security Realms.

Note: If SSL is enabled, before you use WLST to connect to the Administration Server, you must either append the following parameters to the JVM_ARGS section of the wlst.sh file or set them in the CONFIG_JVM_ARGS environment variable: -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=KeyStoreName KeyStoreName is the name of the keystore in use DemoTrust for the built-in demonstration certificate. The wlst.sh file is in the bin subdirectory of the common directory in the ECM Oracle home directory. 4-30 Oracle Fusion Middleware Installation Guide for Oracle Enterprise Content Management Suite

d. In the Realms table on the Summary of Security Realms page, click myrealm

in the Name column to open the Settings for myrealm page. e. Click the Providers tab, and then click New under the Authentication Providers table on the Authentication tab. f. In the Create a new Authentication Provider dialog box, enter a provider name in the Name field, change the type to OracleInternetDirectoryAuthenticator, and then click OK. For a list of authenticator types for different LDAP Authentication Providers, see Table 4–5 .

g. In the Authentication Providers table, click Reorder, move the provider you

just created to the top of the list, and then click OK. h. Click DefaultAuthenticator, change the Control Flag value to OPTIONAL, and then click Save.

i. Go back to the Providers tab.

j. Click the name of the authentication provider you just created to navigate to the Configuration tab for the provider. The Configuration tab has two tabs, Common and Provider Specific. On the Common tab, change the Control Flag value to SUFFICIENT, and then click Save . SUFFICIENT means that if a user can be authenticated against Oracle Internet Directory, no further authentication is processed. REQUIRED means that the authentication provider must succeed even if another provider already authenticated the user. If the embedded LDAP has been set to OPTIONAL and Oracle Internet Directory has been set to REQUIRED, the embedded LDAP user is no longer valid.

k. Click the Provider Specific tab.