Configuring Oracle Virtual Directory for Integrated Directory Solutions 19-5 1. Make a back-up copy of your Active Directory image. The schema extensions inside of Active Directory are permanent and cannot be canceled. The back-up image enables you to restore all your changes if required. 2. Load the Enterprise User Security required schema, extendAD, into Active Directory using the Java classes included in Oracle Virtual Directory by executing the following command. The extendAD file is located in the ORACLE_ HOME ovdeus directory. You can use the java executable in the ORACLE_ HOME jdkbin directory. java extendAD -h Active_Directory_Host_Name -p Active_Directory_Port -D Active_Directory_Admin_DN -w Active_Directory_Admin_Password –AD Active_Directory_Domain_DN 3. Install the Oracle Internet Directory Password Change Notification plug-in, oidpwdcn.dll, by performing the following steps: a. Copy the ORACLE_HOMEovdeusoidpwdcn.dll file to the Active Directory WINDOWS\system32 directory. b. Use regedt32 to edit the registry and enable the oidpwdcn.dll. Start regedt32 by entering regedt32 at the command prompt.

c. Add oidpwdcn to the end of the Notification Packages entry in the HKEY_

LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ registry, for example: RASSFM KDCSVC WDIGEST scecli oidpwdcn d. Restart the Active Directory system after making these changes. 4. Verify the Oracle Internet Directory Password Change Notification plug-in by performing the following steps: a. Change the password of an Active Directory user. b. Search Active Directory for the user you changed the password for. Verify the orclCommonAttribute attribute contains the generated hash password value. This value adds the orclCommonAttribute attribute definition in Active Directory. c. Reset the password for all the Active Directory users, allowing the plug-in to acquire the password changes and generate and store password verifiers. 5. If you are using Kerberos authentication on Windows 2000 or Windows 2003 with Oracle Database Advanced Security, you must configure it now by referring to the Oracle Database Advanced Security Administrators Guide. After you configure the Kerberos authentication, make sure you can log in to the database using your Active Directory user credential before proceeding to the next steps. Note: An example of a valid Active Directory domain DN is: dc=oracle,dc=com 19-6 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory

19.2.2.1.2 Configuring Oracle Virtual Directory for the Integration Perform the following

steps to configure Oracle Virtual Directory for the integration: 1. Ensure you have performed all steps in Preparing Oracle Virtual Directory for the Enterprise User Security Integration on page 19-3 before proceeding with this procedure. 2. Start the Oracle Virtual Directory server, then start Oracle Directory Services Manager, and then connect to the Oracle Virtual Directory server. 3. Create three new Local Store Adapters using the following settings. Refer to Creating Local Store Adapters on page 12-23 for information on creating Local Store Adapters. ■ Use the Local_Storage_Adapter template for each adapter. ■ The Adapter Suffix for a Local Store Adapter must be cn=OracleContext; the Adapter Suffix for another of the Local Store Adapters must be cn=OracleSchemaVersion; and the Adapter Suffix for the other the Local Store Adapters must be dc=com, unless your Active Directory domain is something like dc=example,dc=net, in which case the Adapter Suffix must be dc=net. ■ The Database File and Backup File fields for each of the adapters must be unique. 4. Update and load the entries into the Local Store Adapters by performing the following steps: a. Extend the Oracle Virtual Directory schema with the loadOVD.ldif file using the following command. The loadOVD.ldif file is located in the ORACLE_HOME ovdeus directory. ORACLE_HOME binldapmodify -h Oracle_Virtual_Directory_Host –p OVD_Port \ -D bindDN -q -v -a -f loadOVD.ldif b. Update realmRoot.ldif to use your namespaces, including the dn, dc, o, orclsubscriberfullname, and memberurl attributes in the file. If you have a DN mapping between Active Directory and Oracle Virtual Directory, use the DN that you see from Oracle Virtual Directory. The realmRoot.ldif file is located in the ORACLE_HOMEovdeus directory. c. Load your domain root information in the realmRoot.ldif file into Oracle Virtual Directory using the following command: ORACLE_HOME binldapmodify -h Oracle_Virtual_Directory_Host –p OVD_Port \ -D bindDN -q -v -a –f realmRoot.ldif Note: The loadOVD.ldif file contains entries for Oracle Context and schema version that Enterprise User Security queries. Note: The realmRoot.ldif file contains core entries in the directory namespace that Enterprise User Security queries. The realmRoot.ldif file also contains the dynamic group that contains the registered Enterprise User Security databases to allow secured access to sensitive Enterprise User Security related attributes, like the user’s Enterprise User Security hashed password attribute.