Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Authentication Services for Operating Systems
11
g
Release 1 (11.1.1)
Part Number E16454-02
Home
Book List
Index
Master Index
Contact Us
Next
View PDF
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Product Overview
1.1
Introduction to Oracle Internet Directory
1.2
Features of Oracle Authentication Services for Operating Systems
1.3
Components of Oracle Authentication Services for Operating Systems
1.4
How User Authentication Works With Oracle Internet Directory
1.5
Configuration Overview
1.6
Management Overview
1.7
Additional Documentation
2
Before You Configure
2.1
Verify Your Client and Server Operating Systems
2.2
Install Oracle Internet Directory and Oracle Directory Integration Platform
2.3
Upgrade from Oracle Authentication Services for Operating Systems 10
g
2.4
Determine Which Product Features You Will Use
2.5
Get NIS Migration Tools
2.5.1
AIX 5.3
2.5.2
Other Platforms
2.6
Download SUDO Package
2.7
Create and Index New Custom Attributes (Optional)
2.8
Platform-Specific Tasks
2.8.1
HP-UX
2.8.2
Solaris 5.9 and 5.10
3
Configuring Oracle Authentication Services for Operating Systems
3.1
Introduction
3.1.1
SSL Support
3.1.1.1
Self Signed Certificates
3.1.2
Password Policy Enforcement
3.1.3
Active Directory Integration
3.1.4
Directory Plug-ins
3.1.5
Language Support
3.1.6
Tools Used During Configuration
3.2
Configuring Oracle Authentication Services for Operating Systems on the Server
3.3
Configuring Oracle Authentication Services for Operating Systems on the Client
3.3.1
Solaris 9
3.3.2
AIX 5.3
3.3.2.1
Install the LDAP Client on AIX
3.3.2.2
Add At Least One User and One Group to Oracle Internet Directory on AIX
3.3.2.3
Install SSL-Related Client Packages on AIX
3.3.3
AIX 6.1
3.3.4
All Client Platforms
3.4
Configuring Oracle Internet Directory for Centralized Password Policies
3.4.1
Disabling Value Policies Local to the Operating System
3.4.2
Disabling State Policies Local to the Operating System
3.5
Switching Between SSL Authentication and Non-SSL Configurations
3.6
Rerunning the Configuration Scripts
3.7
Restoring the Client and Server to Their Pre-Configuration State
3.7.1
Restoring the Client
3.7.2
Restoring the Server
4
Migrating Entries to Oracle Internet Directory
4.1
Migrating Entries
4.1.1
Migrating from NIS to Oracle Internet Directory
4.1.1.1
AIX 5.3
4.1.1.2
Other Platforms
4.1.2
Migrating from Operating System Files to Oracle Internet Directory
4.1.3
Migrating from Another LDAP Directory to Oracle Internet Directory
4.1.3.1
Schema Migration
4.1.3.2
Data Migration
4.2
Setting Access Control on User Entry Attributes
4.3
Using Custom Attributes in Oracle Internet Directory
4.4
Migrating SUDO
4.4.1
Migrating SUDO Entries to Oracle Internet Directory on the Server
4.4.2
Configuring a Client to Use LDAP for SUDO Information
4.4.2.1
SuSE 10 Client
4.4.2.2
Solaris 9, Solaris 10, HP-UX 11.23 or AIX 5.3 Client
4.4.2.3
AIX 5.3 Client
4.4.2.4
Other Clients
4.4.3
Reconfiguring a Client to Use /etc/sudoers
4.5
Setting Access Control on SUDO Attributes
5
Configuring Active Directory Integration
5.1
Setting up a Plug-in to Augment Active Directory Entries for Linux Authentication
5.2
Configuring Oracle Directory Integration Platform
5.3
Configuring External Authentication Plug-ins
6
Managing Oracle Authentication Services for Operating Systems
6.1
Creating Home Directories
6.2
Managing Users and Groups with Platform-Specific Tools
6.2.1
libuser Tools
6.2.2
AIX-Specific Tools
6.3
Managing Oracle Internet Directory with Oracle Directory Services Manager and Command-Line Utilities
6.3.1
Testing Whether a User Has Been Added
6.3.2
Changing a User's Password by Using ldapmodify
6.3.3
Adding a User by Using ldapadd
6.3.4
Adding a Group by Using ldapadd
6.4
Managing Password Policies
7
Restricting User Logins
7.1
Oracle Internet Directory Server Setup
7.2
Solaris 9 and 10 Client Setup
7.3
Linux Client Setup
7.4
HP-UX 11.23 Client Setup
A
Troubleshooting
A.1
Client Configuration Script Errors
A.1.1
Client Script Failure on AIX 5.3
A.1.2
SSL Client Script Failure on AIX 6.1
A.1.3
Script Prints Server Hostname with Duplicate Domain
A.1.4
Script Does Not Recognize Non-English Input
A.2
Data Migration Errors
A.2.1
Sudo Conversion Script Errors
A.3
Tool Problems
A.3.1
Error in system-config-users
A.3.2
The libuser Tools Fail with Python Errors
A.3.3
Linux Management Tools Cause Inconsistencies
A.3.4
ldapsearch Error
A.3.5
AIX mkuser Command Error
A.3.6
Solaris id Command Does Not Report Secondary Groups
A.4
Testing and Log File Messages
A.4.1
Enabling Log Messages for All Operations
A.4.2
Testing StartTLS
A.4.3
Password Syntax Errors
A.4.4
Testing Connection to the Oracle Internet Directory Server on RHEL or OEL
A.4.5
Testing Root CA Certificate on Red Hat Enterprise Linux or Oracle Enterprise Linux
A.5
User Login Errors
A.5.1
Users Cannot Log In
A.5.2
User's Home Directory Does Not Exist
A.5.3
User's Shell Does Not Exist
A.5.4
Password Policy Not Consistently Enforced
B
Properties File for LDAP Migration
C
Sample Mapfiles
C.1
Template Mapfile
C.2
Sample Mapfile 1
C.3
Sample Mapfile 2
C.4
Sample Mapfile 3
C.5
Oracle Directory Server Enterprise Edition Mapfile 1
C.6
Oracle Directory Server Enterprise Edition Mapfile 2
C.7
eDirectory Mapfile
D
Synchronization Profile for Active Directory Integration
E
Sample Script Output
E.1
Non-SSL Server Script Run on Oracle Enterprise Linux 4
E.2
SSL Server Script Run on Oracle Enterprise Linux 4
E.3
Non-SSL Client Script Run on Oracle Enterprise Linux 4
E.4
SSL Client Script Run on Oracle Enterprise Linux 4
E.5
Reset Script Run on Oracle Enterprise Linux 4
F
LDAP Containers Added by Configuration Script
G
Working Configuration Files
G.1
Red Hat Enterprise Linux and Oracle Enterprise Linux Configuration Files
G.1.1
/etc/pam.d/system-auth
G.1.2
/etc/pam.d/sshd
G.1.3
/etc/sysconfig/authconfig
H
Prerequisite Packages
H.1
Red Hat Enterprise Linux and Oracle Enterprise Linux
H.1.1
Cyrus-sasl
H.1.2
Open SSL
H.1.3
Open LDAP
Index
Scripting on this page enhances content navigation, but does not change the content in any way.