Preparing the Directory for Enterprise User Security
12-6 Oracle Database Advanced Security Administrator's Guide
Task 3: Identity administrative users in the directory
Identify administrative users in the directory who are authorized to perform the
following tasks:
■ Register databases
■ Administer database security
■ Create and manage enterprise domains
If administrative users do not already exist who can perform these tasks, then see
Chapter 13, "Administering Enterprise User Security" to create them.
Task 4: (Optional) Set the default database-to-directory authentication type for the identity
management realm
By default, the identity management realm database-to-directory authentication
type is set to passwords. If you do not want to use this default setting, then use
Enterprise Security Manager to change it. For example, if you are using a public key
infrastructure (PKI), then you would need to set this to SSL. See "Setting the Default
Database-to-Directory Authentication Type for an Identity Management Realm" on
page 13-6.
Note: By default in a version 9.0.4 identity management realm, the
user search base is set to cn=Users,cn=realm_name, the group
search base is set to cn=Groups,cn=realm_name, and the
attribute for login name is set to the user's id (uid). In previous
releases, this used to be cn.
Note: Although one administrator can perform all Enterprise User
Security administrative tasks, you can create many different kinds
of administrators so security tasks can be assigned to different
people. Separating security tasks in this way results in a more
secure enterprise environment, but requires coordination between
the different administrators.
To Next Page
Loading...