This is a text description of asoag034.gif, which is a flow chart of the tasks required to configure Enterprise User Security that includes decision points along the way. The flow starts with "Configuration Started," and includes the following steps:

  1. Decision: What Oracle Internet Directory version and realm Oracle Context version do you have?

  2. 1a. If you have 9.2 or earlier, then you must upgrade to 9.0.4

    1b. If you have 9.0.4 or later, then you can continue with the configuration.

  3. Are you using DNS discovery?

  4. 2a. If you are not, then you must use Oracle Net Configuration Assistant to create an ldap.ora file.

    2b. If you are, then proceed to the next configuration step.

  5. (Optional) Use Enterprise Security Manager to set Login name attribute, user and group search base for the Identity Management realm.
  6. (Optional) Use Enterprise Security Manager to set the database to directory authentication type for the Identity Management realm.
  7. Use Database Configuration Assistant to register the database in the directory.
  8. Decision: Are you using the default enterprise domain?

    6a. If no, then create a new enterprise domain in the realm and put the database into it.

    6b. If yes, then proceed with the configuration.

  9. (Optional) Use Enterprise Security Manager to set the user authentication type for the enterprise domain in the directory.
  10. Decision: How are users authenticated?

    8a. If by Kerberos, then use the Enterprise Security Manager Console to set the attribute for Kerberos Principal Name in the Identity Management realm, and the principal names for the users in the user entries in the directory.

    8b. If by password, then use Enterprise Security Manager to put the domain in the password accessible domains group.

    8c. If by SSL, then use Oracle Wallet Manager and Oracle Net Manager to set up user and database wallets, and to configure SSL for clients and databases. Then use Oracle Wallet Manager and Oracle Directory Manager to set up the directory wallet, and to configure SSL for the directory.

  11. Use SQL*Plus to create shared schemas and global roles in the database.
  12. Use Enterprise Security Manager to create user-schema mappings and enterprise roles in the directory.
  13. (Optional) Use Enterprise Security Manager to add global database roles to enterprise roles in the directory.
  14. (Optional) Use Enterprise Security Manager to grant enterprise roles to enterprise users in the directory.
  15. Connect to the database as an enterprise user.
  16. Decision: How are users authenticated?

    13a. If they are authenticated by Kerberos or by SSL, then at a SQL prompt, enter: connect /@<net_service_name>

    13b. If they are authenticated by password, then at a SQL prompt, enter: connect username/password@<net_service_name>

    Now the "Configuration is Finished"