Upload File

odi external ldap

8
7/ 17/2014 Document Display ht tps:/ /support .oracle.com/epmos/ faces/SearchDocDi splay ?_adf.ctrl-state=mv t 2nj h1h_4 1/8  LDAP Di rectory T ype JPS-CON F I G .XML fi l e Speci al I nstructi ons Microsoft Active Directory (MSAD)  jps-configAD .xml  Oracle Internet Directory (OID) JPS-CONFIGOID.XML  Oracle Directory Server Ent erprise Edition  Also kno w as: Sunone LDAP directory. IPL ANET LDAP dire ctory.  jps-configSun7 .xml  How To Con fi gure ODI Studio With E xternal Authentication (Doc ID 1510392.1) Modified: 10-Jul-2014 Type: HOWTO In this Document Goal Solution  ODI 12c  ODI 12c standalone agent configuration  ODI 11g  ODI11g Standalone agent configuration References APPLIES TO: Oracle Data Integrator - Version 11.1.1.3.0 and later Information in this document  applies to any platform. GOAL How to configure ODI Studio with external authentication. SOLUTION This is done with the help of the Oracle Platform Security Services ( OPSS) ODI 12c For ODI 12c all steps are detailled in the documenation.  You may use the attached jps-config-jse.xml files bellow as a reference. ODI 12c standalone agent configuration For configuring ODI 12c standalone agent with external authentication refer to steps in this documentation. ODI 11g The steps are as follows: 1. Copy one of the following  jps-confi g.x m l files according to your LDAP server type to <ODI_HOME>\oracledi\client\odi\bin or use the existing one in your environment.

Upload: nareshreddyguntaka

Post on 09-Oct-2015

395 views

Category:

Documents


16 download

Report

TRANSCRIPT

  • 7/17/2014 Document Display

    https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=mvt2njh1h_4 1/8

    LDAP Directory Type JPS-CONFIG.XML file Special Instructions

    Microsoft Active Directory (MSAD) jps-configAD.xml

    Oracle Internet Directory (OID) JPS-CONFIGOID.XML

    Oracle Directory Server EnterpriseEdition

    Also know as:

    Sunone LDAP directory.IPLANET LDAP directory.

    jps-configSun7.xml

    How To Configure ODI Studio With External Authentication (Doc ID 1510392.1)

    Modified: 10-Jul-2014 Type: HOWTO

    In this Document

    Goal

    Solution

    ODI 12c

    ODI 12c standalone agent configuration

    ODI 11g

    ODI11g Standalone agent configuration

    References

    APPLIES TO:

    Oracle Data Integrator - Version 11.1.1.3.0 and laterInformation in this document applies to any platform.

    GOAL

    How to configure ODI Studio with external authentication.

    SOLUTION

    This is done with the help of the Oracle Platform Security Services (OPSS)

    ODI 12c

    For ODI 12c all steps are detailled in the documenation.

    You may use the attached jps-config-jse.xml files bellow as a reference.

    ODI 12c standalone agent configuration

    For configuring ODI 12c standalone agent with external authentication refer to steps in this documentation.

    ODI 11g

    The steps are as follows:

    1. Copy one of the following jps-config.xml files according to your LDAP server type to \oracledi\client\odi\bin or use theexisting one in your environment.

  • 7/17/2014 Document Display

    https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=mvt2njh1h_4 2/8

    Novell Edirectory jps-config-Novell-Edirectory.xml For integrating ODI console with Novell Edirectory the followingtwo property lines should be added to the global section of jps-config.xml

    2. Rename the file to jps-confg.xml.

    3. Edit the jps-config.xml and modify the following section:

    idstore.ad" provider="idstore.ldap.provider">

    /* when using Microsoft Active Directory

    */

    /* specified when creating the cred map */

    /* specified when creating the cred map*/

    user.search.bases

    CN=Users,DC=ad,DC=oracle,DC=com

    group.search.bases

    CN=Builtin,DC=ad,DC=oracle,DC=com

    username.attr" value="sAMAccountName" />

    This section should be modified by customer to match the LDAP directory environment.

    4. Here we are describing what should be set in the above mentioned section:

    idstore.type : The value of this attribute depends on the LDAP directory type.

    XML - file-based identity store. Because XML is the only possible value for a file-based identity store, idstore.type need not be specified inthis case.

    OID - Oracle Internet Directory

    OVD - Oracle Virtual Directory

    ACTIVE_DIRECTORY - Active Directory

    IPLANET - Sun Java System Directory Server

    WLS_OVD - WebLogic OVD

    EDIRECTORY - Novell Edirectory

    CUSTOM - Any other type

  • 7/17/2014 Document Display

    https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=mvt2njh1h_4 3/8

    If using a custom authenticator, the service instance configuration must include one of the following properties:

  • 7/17/2014 Document Display

    https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=mvt2njh1h_4 4/8

    Key : Should be set to the same bootstrap.security.principal.key property in the jps-config.xml

    User name: Should be set to The Distinguished Name (DN) of the Administrator account used to connect to the LDAP directory with Administratorprivileges

    [input] Password:******

    Password: This is the password used to connect to the LDAP Directory as Administrator with DN :"CN=Administrator,CN=Users,DC=ad,DC=oracle,DC=com" in case of Active Directory and this is NOT the password specified in step 'a' above.

    After running the odi-credtool.cmd the following will be displayed:

    C:\oracle\Middleware\Oracle_ODI1\oracledi\client\odi\bin>java -classpath ..\..\.

    .\..\oracledi.sdk\lib\odi-core.jar;..\..\..\..\modules\oracle.jps_11.1.1\jps-manifest.jar -Doracle.security.jps.config=.\jps-config.xml oracle.odi.core.security

    .JPSContextCredTool

    [input] Map:jps_map[input] Key:jps_key

    [input] User name:CN=Administrator,CN=Users,DC=ad,DC=oracle,DC=com

    [input] Password:04-Dec-2012 12:36:59 oracle.security.jps.internal.common.util.XmlSchemaValidatio

    nUtil$StrictErrorHandler warningWARNING: Failed to validate the xml content. SchemaLocation: schemaLocation valu

    e = 'http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd' must have e

    ven number of URI's. Location: line 2 column 272.04-Dec-2012 12:37:04 oracle.security.jps.internal.common.util.XmlSchemaValidatio

    nUtil$StrictErrorHandler error

    WARNING: Failed to validate the xml content. cvc-complex-type.2.4.a: Invalid content was found starting with element 'property'. One of '{"http://xmlns.oracle.c

    om/oracleas/schema/11/jps-config-11_1.xsd":extendedProperty, "http://xmlns.oracl

    e.com/oracleas/schema/11/jps-config-11_1.xsd":extendedPropertySetRef, "http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd":serviceInstanceRef}' is e

    xpected. Location: line 80 column 58.The credential has been successfully added to the Oracle wallet file: ./cwallet.

    sso.

    Please update your jps-config.xml file accordingly on values of the two properties: bootstrap.security.principal.map, bootstrap.security.principal.key

    C:\oracle\Middleware\Oracle_ODI1\oracledi\client\odi\bin>

    Discard the above error and check the created wallet file under the same folder.

    6. Create an external LDAP user called Supervisor and make sure that user is able to connect to the external LDAP. The steps varies according tothe LDAP type you are using.

    7. Switch the authentication from internal to external as follows:

    Launch ODI studio and in the ODI menu select "Switch Authentication Mode".Provide the password for the Master Repository database user then click next then click finish button.

  • 7/17/2014 Document Display

    https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=mvt2njh1h_4 5/8

  • 7/17/2014 Document Display

    https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=mvt2njh1h_4 6/8

    Now try to connect again to the ODI studio using the Supervisor user but with his password you specified in the external LDAP not the onestored in local ODI repository.

    For other newly created ODI users:

    At the time of switch authentication all the ODI user having users in external LDAP will be switched fine but if after switching authentication youdecide to add more users you need to do the following steps for each added user:

    Each ODI user should be having a corresponding user entry created in the LDAP server with the same name he has in OID.

  • 7/17/2014 Document Display

    https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=mvt2njh1h_4 7/8

    Open ODI studio and login with the master user.Open USER and retrieve LDAP password (GUID) button.Save and disconnectReconnect with that with his password in the LDAP directory.You should be able now to connect using the external LDAP authentication.

    For all external users you should create internal ODI users in the local ODI repository using the ODI studio for assigning ODIprofiles, each local user should be mapped to an external user through the GUID attribute value that is fetched from theexternal LDAP to the local user entry.

    For troubleshooting LDAP issues it's very useful to use any LDAP client to browse the LDAP tree, you can download ldapclient here

    For any LDAP directory other than Microsoft Active Directory (MSAD) we have to make sure that the propertyuser.filter.object.classes is set correctly to the user's objectclass which is by default is set to "USER" if not specified which iscorrect for (MSAD) but not for others. The attached XML files are having this property set correctly.

    After following this note and successfully switching to external authentication,If you are having ODI console and J2EE agentinstalled in this environment, after switching ODI Studio to external authentication you will not be able to login into ODIconsole and the J2EE agent will fail, you have to configure these two ODI components as well for external authenticationwith the same LDAP server. The procedure for this is documented in Note 1510434.1

    ODI11g Standalone agent configuration

    For configuring ODI11g standalone agent with external authentication do the following:

    1. After configuring ODI studio with external authentication copy the jps-config.xml and the generated wallet files from the ODI studio's binfolder and past them into the ODI standalone agent's bin folder.

    2. Restart the agent. 3. If during starting the agent you face error 'JPS-01061: Access to boostrap credential store denied to application code.' you have to follow

    Note 1602223.1 to resolve it.

    SSL Configuration

    If the LDAP directory communicates in SSL we have to do the following configuration in the JPS-CONFIG.xml file:

    1. Specify the LDAP URL as ldaps:// instead of ldap://

    Add another property "connection.pool.protocol" to specify that the ldap communication protocol is in SSL, the default value is flat.

    REFERENCES

    NOTE:1296817.1 - After Successful Setup Of External Authentication Using OID, ODI Studio And ODI Console Connection With Supervisor LoginFails With 'ODI-1404: Agent OracleDIAgent start failure'

    NOTE:1555788.1 - 'javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]' Displayed When Switching ODI toExternal AuthenticationNOTE:1510434.1 - How To Configure ODI Console and J2EE Agent For External AuthenticationNOTE:1602223.1 - 'JPS-01061: Access to boostrap credential store denied to application code.' Error Signaled When Launching Standalone AgentWhen ODI 11g is Configured With External Authentication

  • 7/17/2014 Document Display

    https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=mvt2njh1h_4 8/8

    BUG:14790233 - IMPOSSIBLE TO CONFIGURE EXTERNAL AUTHENTICATION WITH MICROSOFT ACTIVE DIRECTORY


[How-to] configure secure LDAP for Azure AD Domain Services · 2019. 10. 16. · 1. Go to the p roperties of your domain and copy the mentioned S ecure LDAP external IP . For example:

Replacement Parts for Model LDAP Indoor, …...Form P-LDAP, P/N 271892, page 1 ˜ P-LDAP (Version B) Obsoletes Form P-LDAP (Version A) Replacement Parts for Model LDAP Indoor, Downflow,

NDK: LDAP and eDirectory Integration - novell.com · 3 LDAP Event Services 53 ... LDAP and eDirectory Integration LDAP Return Codes ... statements to access eDirectory or Novell Directory

LDAP Lightweight Directory Access Protocol LDAP

Configuring ODI External User Authentication

Campus-wide Central Authentication using Directory Servicessiva/talks/ldap-iim.pdf · Motivation: Why LDAP? How LDAP works Managing LDAP How Applications use LDAP Campus-wide Central

Practical LDAP on Linux - allfree-stuff.comebooks.allfree-stuff.com/eBooks_down/Linux/Practical LDAP and Linux... · Practical LDAP on Linux A practical guide to integrating LDAP

LDAP Development Using Spring LDAP

LDAP Injection & Blind LDAP Injection in Web Applications

Configuring Local Authentication Using LDAP - cisco.com · Configuring Local Authentication Using LDAP LocalauthenticationusingLightweightDirectoryAccessProtocol(LDAP)allowsanendpointtobe

LDAP Injection & Blind LDAP Injection - ZenK-Security

Presentación del nodo ODI Madrid / Introduction to ODI Madrid

ODI 11 to ODI 12 Upgrade Assistant Plus - RedBridge … ssistanc 5 Run the Oracle ODI 12 Upgrade Assistant: It will upgrade the ODI 11g repository to an ODI 12c equivalent repository,

External Server for Authorization and Authentication · hostname(config-ldap-attribute-map)# map-name physicalDeliveryOfficeName Banner1 Step 4 Associate the LDAP attribute map to

LDAP Server On Linux (Open LDAP Service)

LDAP . Lightweight Directory Access Protocol LDAP

User Guide for Scopia Management Version 8 · If your profile settings are stored on an external LDAP directory server, your email address is imported from the LDAP directory and

Configuring LDAP authentication for TM1 9 - 8businessintelligenceonline.webs.com/documents/Configuring_LDAP... · configuring LDAP authentication for TM1 9.5 ... LDAP server certificate

Integrate Portal 10g with Oracle Applications 11i and ... integration has been carried out correctly. ... under $ORACLE_HOME/ldap/odi/log. ... Integrate Portal 10g with Oracle Applications

Configuracion Cisco Call manager y jabber · 2017. 11. 20. · Sincronización con LDAP Para activar la sincronización con LDAP vamos System > LDAP > LDAP System. Activamos la casilla

LDAP & Cocoon

AGENDA ODI Performance ODI Scheduling ODI Deployment/Release

LDAP Operation Guide - Brother Industriesdownload.brother.com/.../cv_mfc8510dn_eng_ldap_a.pdf · LDAP Operation Guide ... Microsoft, Windows, ... The solution is to have LDAP. LDAP,

Building an Integrated Big Data & Analytics Infrastructurefiles.meetup.com/1775479/CHUG_BigData_analytics_v092612.pdf · –Access data directly in HDFS using external tables •ODI

IPv6 Support for LDAP - · PDF fileInformation About IPv6 Support for LDAP TosupportLightweightDirectoryAccessProtocol(LDAP)overIPv6,changesaremadetoauthentication, authorizationandaccounting(AAA

LDAP101:What is LDAP? LDAP Basics

LDAP Synchronization Agent Configuration Guide · LDAP Synchronization Agent Configuration Guide 3 ... TCP Port 389 or 636 open between the LDAP Synchronization ... LDAP Synchronization

LDAP Servers and Applications - HUMBUGquark.humbug.org.au/publications/ldap/ldap-apps-v2.pdf · LDAP Servers and Applications Brad Marshall [email protected] SAGE-AU

Introduction to LDAP - HUMBUGquark.humbug.org.au/publications/ldap/ldap_tut_v2.pdf · Introduction to LDAP – p.14/127. Global View LDAP Server 1 LDAP Server 2 LDAP Server 3 Note

LDAP All in one,ldap configuration

Qmail LDAP

TROUBLESHOOT YOUR LDAP AUTHENTICATION PROVIDER · Page 19 Test LDAP ports Page 22 Verify secure LDAP configuration - StartTLS Page 23 Verify secure LDAP configuration - SSL Appendix

Puppet - Organizing Node Data with External Node Classifiers and LDAP

LDAP and External Table

Quark.humbug.org.Au Publications Ldap Ldap-Theory