Configuring OUD to Support Multiple Enterprise User Security Domains
If your users and groups are stored in
multiple domains, you must configure OUD to support multiple EUS
domains. For
example, a single OUD instance contains two EUS domains. One EUS domain
stores users entries in Active Directory below cn=users,dc=ad1,dc=com. A second EUS domain
stores user entries in a different Active Directory instance
below cn=users,dc=ad2,dc=com. You must configure
OUD to support each EUS domain.
To configure OUD to support multiple EUS domains:
Configure OUD as if the primary domain is the single domain containing all your users and groups.
In this example, the primary domain is
dc=ad1,dc=com.Complete the tasks in28.4 Oracle Unified Directory Used as a Proxy Server for an External LDAP Directory with Enterprise User Security
Configure the secondary domain.
In this example, the secondary domain is
dc=ad2,dc=com.For this secondary domain, complete the steps in28.4.1.1 User Identities in Microsoft Active Directory
Create a new naming context for the EUS domain, which is
dc=ad2,dc=comin this example.Complete the steps in 28.4.2.1.2to configure Enterprise User Security for an existing Oracle Unified Directory Proxy Server instance.
Update the Oracle context with the new naming context.
Create an LDIF file.
In the following
myconfig.ldifexample, make the following substitutions:Replace
dc=ad1,dc=comwith the DN of your first domain.Replace
orclcommonusersearchbasewith the users location in the secondary domain.orclcommongroupsearchbasewith the groups location in the secondary domain.
dn: cn=Common,cn=Products,cn=OracleContext,dc=ad1,dc=comchangetype: modifyadd: orclcommonusersearchbaseorclcommonusersearchbase: cn=users,dc=ad2,dc=comorclcommongroupsearchbase: cn=groups,dc=ad2,dc=com
Update OUD configuration using the LDIF file you created in step 4a.
ldapmodify -h oudhost -p 1389 -D "cn=directory manager"
-w password -f myconfig.ldif