This is intended for specific people
This is a very technical post, actually, it is for a friend of mine to help him resolve a problem and additianally, it remains a reference for me in the future when i needed. I trust hosting services for their storage reliability more that i trust my own disk, i claim that Oracle Documentation has syntax error
ORACLE Says
Considerations for 9.0.4.x Infrastructure: Access Control List Settings
Prior to the Oracle Internet Directory 10.1.2 implementation, access control list (ACL) features were not set up properly for JAZNAdminGroup. To use the Oracle Internet Directory 9.0.4 implementation with a 10.1.x OracleAS JAAS Provider implementation, place the following contents into a file, replacing %s_MgmtRealmDN% with the appropriate ID management realm (for example,
dc=us,dc=oracle,dc=com), then execute the steps that follow. dn: cn=JAZNContext,cn=Products,cn=OracleContext,%s_MgmtRealmDN%
changetype: modify
replace: orclaci
orclaci: access to entry
by group= "cn=JAZNAdminGroup,cn=Groups,cn=JAZNContext,cn=Products,cn=OracleContext"
(browse, add, delete)
by group= "cn=IASAdmins,cn=Groups,cn=OracleContext,%s_MgmtRealmDN%
added_object_constraint=(objectclass=orclApplicationEntity) (add, delete, browse)
by * (none)
orclaci: access to attr=(*)
by group= "cn=JAZNAdminGroup,cn=Groups,cn=JAZNContext,cn=Products,cn=OracleContext"
(search, read, write, compare)
by group= "cn=IASAdmins,cn=Groups,cn=OracleContext,%s_MgmtRealmDN%"
(read, search, write, compare)
by * (none)
Name the file with the .ldif extension, such as jaznacl.ldif.
Run the ldapmodify utility with the newly created file as input, specifying oidport, oidhost, adminuser_dn, password, and filename, as appropriate: % ldapmodify -c -a -p oidport -h oidhost -D adminuser_dn -w password \
-f filename.ldif
I SAY
replace the code in Blue with the following
note That each directive must finish without a new line
Copy and paste the syntax and change dc=PALCO,dc=com with your dc
dn:cn=JAZNContext,cn=Products,cn=OracleContext,dc=PALCO1,dc=com changetype: modifyreplace: orclaciorclaci: access to entry by group= "cn=JAZNAdminGroup,cn=Groups,cn=JAZNContext,cn=Products,cn=OracleContext"
(browse, add, delete) by group= "cn=IASAdmins,cn=Groups,cn=OracleContext,dc=train1,dc=com"
added_object_constraint= (objectclass=orclApplicationEntity) (add, delete, browse) by * (none)orclaci: access to attr=(*) by group=
"cn=JAZNAdminGroup,cn=Groups,cn=JAZNContext,cn=Products,cn=OracleContext" (search, read, write,compare) by
group= "cn=IASAdmins,cn=Groups,cn=OracleContext,dc=PALCO,dc=com" (read, search, write, compare) by * (none)
i used the ldapmodify command as follows
E:\oracle\infra\bin>ldapmodify -c -a -p 389 -h train1 -D "cn=orcladmin" -w manager1 -f c:\jaznacl.ldif
and it works
modifying entry JAZNContext,cn=Products,cn=OracleContext,dc=train1,dc=com
and it
No comments:
Post a Comment