Skip to main content

Configure Java External Authentication Plug-ins Using GUI In OID 11g

Applies To:

Oracle Internet Directory - Version 11.1.1.1.0 to 11.1.1.7.0 [Release 11g]

Goal:

This document describe how to configure Java-based external authentication plug-ins in OID 11g.

The examples show plugin configuration for AD. Similar steps should work for other directories like 
iPlanet/SunOne or ODSEE, ADAM, eDirectory, OpenLDAP, Tivoli.
The configuration shown here is for the case when a plugin communicates with third party directory services (AD) over LDAP.

In this document: 
I. Configuring plugins in GUI.

Steps to be done:

1. Open ODSM: http://<host>:<port>/odsm
    Login as cn=orcladmin user 
    click Advanced 
    In Plug-in list click oidexplg_"bind"_ad for configuring java-based bind external authentication plug-in for AD

   Click "Optional Properties" tab
   In "Flex Fields" define host/host2 and port/port2 with values for AD (test.local.com 389)
   No other parameters apart from those are necessary in "Flex Fields"
   For this case (OID communicate with AD over ldap), means the rest of the parameters from here should remain as default.


 2.For "Plug-in Subscriber DN List"
set container dn where AD synchronized users are. In current example cn=adten,cn=users,dc=ro,dc=oracle,dc=com
Keep "Plug-in Request Group " as empty
We need to observe that "Plug-in Entry Properties" is (!(&(objectclass=orcladobject)(objectclass=orcluserv2)))keep this value, this means that plugin will NOT be invoked for users that are NOT synchronized from AD




















3. Click "Mandatory Properties"
- Keep parameters from "Mandatory Properties" as below (those are default values usual)
But check that "Plug-in Enable" checkbox to be checked




















Click Apply button on the upper, left side

4. click oidexplg_compare_ad for configuring 
    java-based "compare" external authentication plug-in for AD 
    Make similar settings like in previous oidexplg_bind_ad
    Below are screenshoots with configuration. 
























Testing:

Now test the user created in AD using the following two commands.

1. ldapcompare -h <OID host> -p <OID port> -D "cn=orclacmin" -w <orcladmin password> -b <AD-USER-DN in OID> -a userPassword -v <AD-USER-PASSWORD>

2. ldapbind -h <OID host> -p <OID port> -D "<AD-USER-DN in OID>" -w <AD-USER-PASSWORD>

Labels:

Comments

Post a Comment

Popular posts from this blog

Node id does not exist for the current application server id

Issue: After completing cloning procedure, you generally may across the following issue. "Node id does not exist for the current application server id". Solution: First stop the application. Run adgendbc.sh script to configure apps tier dbc file with the correct id from the database instance. Start the application and test your issue. Location of script: 11i: $COMMON_TOP/admin/install/$CONTEXT_NAME R12: $INST_TOP/admin/install [appldev@erptest install]$ sh adgendbc.sh (Note: It will prompt you to give apps username and apps password.)
Post a Comment
Read more

How to change EBS R12 database and application port number

On Database Tier 1. Logon as oracle database user and source environment for R12 RDBMS ORACLE_HOME 2. Start database instance for which you want to change R12 port 3. Backup contextfile 4. Change as below in contextfile         dbport  : Change database port from 1521 to 1541         db_ons_localport : 6300 to 6320         db_ons_remoteport : 6400 to 6420         cmanport : 1521 to 1541 5. Run adautocfg.sh On Apps Tier Change Application port from 8000 to 8020 1. Logon as application manager user and source environment for R12 2. Backup contextfile 3. Run adpreclone    $ perl ./adpreclone.pl appsTier 4. Run adcfgclone and choose new port pool    $ cd $COMMON_TOP/clone/bin    $ perl ./adcfgclone.pl appsTier 5. Check new application URL SQL> select home_url from icx_parameters; HOME_URL ----------...
Post a Comment
Read more

Oracle R12 : You are trying to access a page that is no longer active

Login fails “You are trying to access a page that is no longer active.” The issue can be reproduced at will with the following steps: Issue : After cloning process the login page of Oracle E-Business Suite R12 show the above error. Solution :  For this you need to update the new hostname in the  icx_parameteres table 1.   SQL> SELECT SESSION_COOKIE_DOMAIN FROM icx_parameters; SESSION_COOKIE_DOMAIN --------------------- erp.local.com (This is hostname of Source Application Tier) 2. SQL>update icx_parameters set SESSION_COOKIE_DOMAIN = ‘target.local.com’; 1 row updated. SQL> commit; Commit complete. (This has changed the SESSION_COOKIE_DOMAIN of target application to target hostname.domain_name) 3. SQL> SELECT SESSION_COOKIE_DOMAIN FROM icx_parameters; SESSION_COOKIE_DOMAIN --------------------- target.local.com
Post a Comment
Read more