Monday, May 28, 2007

Enabling IAS 9.0.4.x with OC4J 10.1.3 --

This is intended for specific people
This is a very technical post, actually, it is for a friend of mine to help him resolve a problem and additianally, it remains a reference for me in the future when i needed. I trust hosting services for their storage reliability more that i trust my own disk, i claim that Oracle Documentation has syntax error

Considerations for 9.0.4.x Infrastructure: Access Control List Settings
Prior to the Oracle Internet Directory 10.1.2 implementation, access control list (ACL) features were not set up properly for JAZNAdminGroup. To use the Oracle Internet Directory 9.0.4 implementation with a 10.1.x OracleAS JAAS Provider implementation, place the following contents into a file, replacing %s_MgmtRealmDN% with the appropriate ID management realm (for example,

dc=us,dc=oracle,dc=com), then execute the steps that follow. dn: cn=JAZNContext,cn=Products,cn=OracleContext,%s_MgmtRealmDN%
changetype: modify
replace: orclaci
orclaci: access to entry
by group= "cn=JAZNAdminGroup,cn=Groups,cn=JAZNContext,cn=Products,cn=OracleContext"
(browse, add, delete)
by group= "cn=IASAdmins,cn=Groups,cn=OracleContext,%s_MgmtRealmDN%
added_object_constraint=(objectclass=orclApplicationEntity) (add, delete, browse)
by * (none)
orclaci: access to attr=(*)
by group= "cn=JAZNAdminGroup,cn=Groups,cn=JAZNContext,cn=Products,cn=OracleContext"
(search, read, write, compare)
by group= "cn=IASAdmins,cn=Groups,cn=OracleContext,%s_MgmtRealmDN%"
(read, search, write, compare)
by * (none)

Name the file with the .ldif extension, such as jaznacl.ldif.
Run the ldapmodify utility with the newly created file as input, specifying oidport, oidhost, adminuser_dn, password, and filename, as appropriate: % ldapmodify -c -a -p oidport -h oidhost -D adminuser_dn -w password \
-f filename.ldif


replace the code in Blue with the following
note That each directive must finish without a new line
Copy and paste the syntax and change dc=PALCO,dc=com with your dc

dn:cn=JAZNContext,cn=Products,cn=OracleContext,dc=PALCO1,dc=com changetype: modifyreplace: orclaciorclaci: access to entry by group= "cn=JAZNAdminGroup,cn=Groups,cn=JAZNContext,cn=Products,cn=OracleContext"
(browse, add, delete) by group= "cn=IASAdmins,cn=Groups,cn=OracleContext,dc=train1,dc=com"
added_object_constraint= (objectclass=orclApplicationEntity) (add, delete, browse) by * (none)orclaci: access to attr=(*) by group=
"cn=JAZNAdminGroup,cn=Groups,cn=JAZNContext,cn=Products,cn=OracleContext" (search, read, write,compare) by
group= "cn=IASAdmins,cn=Groups,cn=OracleContext,dc=PALCO,dc=com" (read, search, write, compare) by * (none)

i used the ldapmodify command as follows

E:\oracle\infra\bin>ldapmodify -c -a -p 389 -h train1 -D "cn=orcladmin" -w manager1 -f c:\jaznacl.ldif

and it works
modifying entry JAZNContext,cn=Products,cn=OracleContext,dc=train1,dc=com

and it

No comments:

Playing around with ADF dataControl

While trying to figure out what one of our ex-colleagues at REALSOFT is programming a business rule engine admin screen for the Health Insu...