By default, new enterprise domains are configured to accept all supported user authentication types (password, Kerberos, and SSL). If you want enterprise users to be authenticated by passwords, then you must configure that as described in the following tasks.
The configuration steps in this section assume the following:
You have prepared your directory by completing the tasks described in "Preparing the Directory for Enterprise User Security (Phase One)".
You have configured your Enterprise User Security objects in the database and the directory by completing the tasks described in "Configuring Enterprise User Security Objects in the Database and the Directory (Phase Two)".
You have configured an SSL instance with no authentication for Oracle Internet Directory as described in Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory. If you are using an ldap.ora
file, then also ensure that the port number for this SSL with no authentication instance is listed there as your directory SSL port.
To configure Enterprise User Security for password authentication, perform the following tasks:
By default, OracleDefaultDomain is configured to accept password authentication. If this has been changed, then use Oracle Enterprise Manager to enable password authentication for OracleDefaultDomain using the following steps:
Log in to Enterprise Manager Cloud Control, as an administrative user.
To navigate to your database, select Databases from the Targets menu.
Click the database name in the list that appears. The database page appears.
Under the Administration menu, select Security, Enterprise User Security. The Oracle Internet Directory Login page appears.
Enter the distinguished name (DN) of a directory user who can administer enterprise users in the User field. Enter the user password in the Password field. Click Login.
The Enterprise User Security page appears.
Click Manage Enterprise Domains.
The Manage Enterprise Domains page appears. This page lists the enterprise domains in the identity management realm.
Select OracleDefaultDomain. Click Configure.
The Configure Domain page appears.
Click the Configuration tab.
Under User Authentication Types Accepted, select Password.
Click OK.
For an enterprise user whose directory login name is hscortea
and whose password is Easy2rem
, enter the following to connect to the database by using SQL*Plus:
SQL> connect hscortea@<Oracle Net Service Name>
Enter password:
/* Enter Easy2rem when prompted for the password*/
The database authenticates the enterprise user (hscortea
) by verifying the username-password combination against the directory entry associated with this user. Then, it identifies the proper schema and retrieves the user's global roles. If successful, then the connection to the database is established.
If your connection succeeds, then the system responds Connected to:...
. This is the confirmation message of a successful connect and setup. If an error message is displayed, then see "ORA-# Errors for Password-Authenticated Enterprise Users".
If you do connect successfully, then check that the appropriate global roles were retrieved from the directory, by entering the following at the SQL*Plus prompt:
select * from session_roles
If the global roles were not retrieved from the directory, then see "NO-GLOBAL-ROLES Checklist".
You have completed password-authenticated Enterprise User Security configuration.
See Also:
"Troubleshooting Enterprise User Security" for information about diagnosing and resolving errors
Administering Enterprise User Security for information about configuring the identity management realm, and about creating and managing enterprise domains, enterprise roles, and enterprise users