10g (9.0.4) for Linux x86
Part Number B12261-03
 Home |
 Contents |
| Oracle® Application Server 10g Release Notes 10g (9.0.4) for Linux x86 Part Number B12261-03 |
|
This chapter describes issues for both the Oracle Delegated Administration Services and the Oracle Internet Directory Self-Service Console. It includes the following topics:
This section describes general issues and their workarounds for Oracle Delegated Administration Services. It includes the following topics:
Oracle Internet Directory 10g (9.0.4) enables prompting of users to change their passwords after initial login. Users must change their passwords by using the Oracle Internet Directory Self-Service Console Password Change screen. Using other mechanisms may not satisfy the password change requirement, and users may be prompted to change their password the next time they log in as well.
In Releases 9.0.2 and 9.0.4 upgrade, only the orcladmin user can edit realm values. Other users, even those with Oracle Delegated Administration Services configuration privileges cannot edit them. This is because the latter do not have sufficient privileges to read the User Search Base, User Creation Base, Group Search Base, and Group Creation Base. The workaround is to modify the ACLs on these containers and enable anonymous browse access.
Workaround: A role should contain at least one unique member, so that it would be displayed in the Role Assignment section in Create User page and the Edit User page.
To add a unique member to a role, the syntax of the LDIF file is:
dn: DN_of_role_entry
changetype: modify
add:uniquemember
uniquemember:DN of member entry
Issue this command to modify the file:
ldapmodify -p oid_port -h oid_host -D "cn=orcladmin" -w admin_password -v -f file_name.ldif
After creating a group, the owner of the group cannot edit the group in the same session. Workaround: Logout, close the browser, then login again. [2944346]
This section describes configuration issues and their workarounds for Oracle Delegated Administration Services. It includes the following topics:
To configure Oracle Delegated Administration Services in a separate Oracle Home, you perform a standalone installation of it. To do this, you select the Identity Management installation type, and, on the Configuration Options screen, select Delegated Administration Services.
When logging in to Oracle Internet Directory Self-Service Console, the administrator of the default realm does not have the necessary privileges to create users or change DAS configuration. The workaround is:
cn=userpassword, cn=attributes,cn=User Configuration,cn=Attribute Configuration,cn=DAS,cn=Products, cn=OracleContext,DN of the realm.
orcldasviewable to 0.
Follow these steps to make Oracle Delegated Administration Services 10g (9.0.4) work against an installation of Oracle Internet Directory that has been upgraded from Release 9.2 to Release 9.0.4.
schema_delta.sbs file located in $ORACLE_HOME/ldap/das. When you do this, replace all the occurrences of %s_OracleContextDN% in schema_delta.sbs with the value cn=oraclecontext,realm DN.
The syntax for ldapmodify is:
ldapmodify -p port number -h host -D "cn=orcladmin" -w orcladmin passwaord -f schema_delta.sbs
cn=users,realm DN and cn=groups,realm DN to allow anonymous browse access.
This section describes administration issues and their workarounds for Oracle Delegated Administration Services. It includes the following topics:
When Oracle Collaboration Suite users use the Self-Service Console to change their passwords, the field name associated with their voicemail PIN number is incorrectly displayed as 'EmailServerContainer'. To solve this problem:
cn=orclpwdverifierconfig,cn=EMailServerContainer, cn=Products,cn=OracleContext,cn=subscriber realm
Voicemail PIN.
Oracle Identity Management has two distinct types of privileged user. Both privileged user accounts can be locked if certain password policies are activated.
The first type of privileged user, the super user with the DN cn=orcladmin, is represented as a special user entry found within the default identity management realm. It enables directory administrators to make any modifications to the DIT and any changes to the configuration of Oracle Internet Directory servers. If the super user (orcladmin) account is locked--for example, as a result of too many attempts to bind with an incorrect password--then an administrator with DBA privileges to the Oracle Internet Directory repository can unlock it by using the oidpasswd tool. To unlock the orcladmin account execute the command:
oidpasswd unlock_su_acct=TRUE
The second privileged user, a realm-specific privileged user, governs capabilities such as creation and deletion of users and groups within a realm and all the functionality related to Oracle Delegated Administration Services. This account is represented by an entry with the DN cn=orcladmin,cn=users,realm DN. Note that, in contrast to the single super user account, each realm has its own realm-specific privileged user. To unlock the realm-specific privileged account, the administrator modifies the realm-specific privileged users account password by using Oracle Directory Manager.
If you are running Oracle Delegated Administration Services in one domain, and OracleAS Portal in another, then, in the Oracle Application Server Portal Configuration Guide, follow the instructions in Section 6.1.6.2, "Relationship Between OracleAS Portal and Oracle Internet Directory".
This section describes errors in the documentation for Oracle Delegated Administration Services. It includes the following topics:
The online help for the Oracle Internet Directory Self-Service Console incorrectly states that, after searching for a particular realm, you can modify it by selecting it from the search results page and choosing Proceed. However, the search results page enables you only to view, and not to modify, the selected realm. To modify a realm configuration, select the Configuration tab, enter your changes, then choose Submit. For instructions on viewing and modifying configuration settings for a realm, see the Chapter 31, "Oracle Internet Directory Self-Service Console" in the Oracle Internet Directory Administrator's Guide.
In the Oracle Internet Directory Self-Service Console, the Configure Roles page (Step 5 of the "Configure User Entry" task) has help icons at the top and bottom of the page that generate the error message "The requested topic could not be found."
|
 Copyright © 2003 Oracle. All Rights Reserved. |
|