Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 Product Overview

• 1.1 Introduction to Oracle Internet Directory
• 1.2 Features of Oracle Authentication Services for Operating Systems
• 1.3 Components of Oracle Authentication Services for Operating Systems
• 1.4 How User Authentication Works With Oracle Internet Directory
• 1.5 Configuration Overview
• 1.6 Management Overview
• 1.7 Additional Documentation

2 Before You Configure

• 2.1 Verify Your Client and Server Operating Systems
• 2.2 Install Oracle Internet Directory and Oracle Directory Integration Platform
• 2.3 Upgrade from Oracle Authentication Services for Operating Systems 10g
• 2.4 Determine Which Product Features You Will Use
• 2.5 Get NIS Migration Tools
  • 2.5.1 AIX 5.3
  • 2.5.2 Other Platforms
• 2.6 Download SUDO Package
• 2.7 Create and Index New Custom Attributes (Optional)
• 2.8 Platform-Specific Tasks
  • 2.8.1 HP-UX
  • 2.8.2 Solaris 5.9 and 5.10

3 Configuring Oracle Authentication Services for Operating Systems

• 3.1 Introduction
  • 3.1.1 SSL Support
    • 3.1.1.1 Self Signed Certificates
  • 3.1.2 Password Policy Enforcement
  • 3.1.3 Active Directory Integration
  • 3.1.4 Directory Plug-ins
  • 3.1.5 Language Support
  • 3.1.6 Tools Used During Configuration
• 3.2 Configuring Oracle Authentication Services for Operating Systems on the Server
• 3.3 Configuring Oracle Authentication Services for Operating Systems on the Client
  • 3.3.1 Solaris 9
  • 3.3.2 AIX 5.3
    • 3.3.2.1 Install the LDAP Client on AIX
    • 3.3.2.2 Add At Least One User and One Group to Oracle Internet Directory on AIX
    • 3.3.2.3 Install SSL-Related Client Packages on AIX
  • 3.3.3 AIX 6.1
  • 3.3.4 All Client Platforms
• 3.4 Configuring Oracle Internet Directory for Centralized Password Policies
  • 3.4.1 Disabling Value Policies Local to the Operating System
  • 3.4.2 Disabling State Policies Local to the Operating System
• 3.5 Switching Between SSL Authentication and Non-SSL Configurations
• 3.6 Rerunning the Configuration Scripts
• 3.7 Restoring the Client and Server to Their Pre-Configuration State
  • 3.7.1 Restoring the Client
  • 3.7.2 Restoring the Server

4 Migrating Entries to Oracle Internet Directory

• 4.1 Migrating Entries
  • 4.1.1 Migrating from NIS to Oracle Internet Directory
    • 4.1.1.1 AIX 5.3
    • 4.1.1.2 Other Platforms
  • 4.1.2 Migrating from Operating System Files to Oracle Internet Directory
  • 4.1.3 Migrating from Another LDAP Directory to Oracle Internet Directory
    • 4.1.3.1 Schema Migration
    • 4.1.3.2 Data Migration
• 4.2 Setting Access Control on User Entry Attributes
• 4.3 Using Custom Attributes in Oracle Internet Directory
• 4.4 Migrating SUDO
  • 4.4.1 Migrating SUDO Entries to Oracle Internet Directory on the Server
  • 4.4.2 Configuring a Client to Use LDAP for SUDO Information
    • 4.4.2.1 SuSE 10 Client
    • 4.4.2.2 Solaris 9, Solaris 10, HP-UX 11.23 or AIX 5.3 Client
    • 4.4.2.3 AIX 5.3 Client
    • 4.4.2.4 Other Clients
  • 4.4.3 Reconfiguring a Client to Use /etc/sudoers
• 4.5 Setting Access Control on SUDO Attributes

5 Configuring Active Directory Integration

• 5.1 Setting up a Plug-in to Augment Active Directory Entries for Linux Authentication
• 5.2 Configuring Oracle Directory Integration Platform
• 5.3 Configuring External Authentication Plug-ins

6 Managing Oracle Authentication Services for Operating Systems

• 6.1 Creating Home Directories
• 6.2 Managing Users and Groups with Platform-Specific Tools
  • 6.2.1 libuser Tools
  • 6.2.2 AIX-Specific Tools
• 6.3 Managing Oracle Internet Directory with Oracle Directory Services Manager and Command-Line Utilities
  • 6.3.1 Testing Whether a User Has Been Added
  • 6.3.2 Changing a User's Password by Using ldapmodify
  • 6.3.3 Adding a User by Using ldapadd
  • 6.3.4 Adding a Group by Using ldapadd
• 6.4 Managing Password Policies

7 Restricting User Logins

• 7.1 Oracle Internet Directory Server Setup
• 7.2 Solaris 9 and 10 Client Setup
• 7.3 Linux Client Setup
• 7.4 HP-UX 11.23 Client Setup

A Troubleshooting

• A.1 Client Configuration Script Errors
  • A.1.1 Client Script Failure on AIX 5.3
  • A.1.2 SSL Client Script Failure on AIX 6.1
  • A.1.3 Script Prints Server Hostname with Duplicate Domain
  • A.1.4 Script Does Not Recognize Non-English Input
• A.2 Data Migration Errors
  • A.2.1 Sudo Conversion Script Errors
• A.3 Tool Problems
  • A.3.1 Error in system-config-users
  • A.3.2 The libuser Tools Fail with Python Errors
  • A.3.3 Linux Management Tools Cause Inconsistencies
  • A.3.4 ldapsearch Error
  • A.3.5 AIX mkuser Command Error
  • A.3.6 Solaris id Command Does Not Report Secondary Groups
• A.4 Testing and Log File Messages
  • A.4.1 Enabling Log Messages for All Operations
  • A.4.2 Testing StartTLS
  • A.4.3 Password Syntax Errors
  • A.4.4 Testing Connection to the Oracle Internet Directory Server on RHEL or OEL
  • A.4.5 Testing Root CA Certificate on Red Hat Enterprise Linux or Oracle Enterprise Linux
• A.5 User Login Errors
  • A.5.1 Users Cannot Log In
  • A.5.2 User's Home Directory Does Not Exist
  • A.5.3 User's Shell Does Not Exist
  • A.5.4 Password Policy Not Consistently Enforced

B Properties File for LDAP Migration

C Sample Mapfiles

• C.1 Template Mapfile
• C.2 Sample Mapfile 1
• C.3 Sample Mapfile 2
• C.4 Sample Mapfile 3
• C.5 Oracle Directory Server Enterprise Edition Mapfile 1
• C.6 Oracle Directory Server Enterprise Edition Mapfile 2
• C.7 eDirectory Mapfile

D Synchronization Profile for Active Directory Integration

E Sample Script Output

• E.1 Non-SSL Server Script Run on Oracle Enterprise Linux 4
• E.2 SSL Server Script Run on Oracle Enterprise Linux 4
• E.3 Non-SSL Client Script Run on Oracle Enterprise Linux 4
• E.4 SSL Client Script Run on Oracle Enterprise Linux 4
• E.5 Reset Script Run on Oracle Enterprise Linux 4

F LDAP Containers Added by Configuration Script

G Working Configuration Files

• G.1 Red Hat Enterprise Linux and Oracle Enterprise Linux Configuration Files
  • G.1.1 /etc/pam.d/system-auth
  • G.1.2 /etc/pam.d/sshd
  • G.1.3 /etc/sysconfig/authconfig

H Prerequisite Packages

• H.1 Red Hat Enterprise Linux and Oracle Enterprise Linux
  • H.1.1 Cyrus-sasl
  • H.1.2 Open SSL
  • H.1.3 Open LDAP

Index