Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) B14085-02 |
|
Previous |
Next |
There are three main security concerns you need to consider:
Access policies—The user and group search bases should be appropriately protected from the access of any malicious users.
Synchronization—You can configure the Oracle directory integration and provisioning server to use SSL when connecting to Oracle Internet Directory and third-party directories. If you do this, then all information exchanged between the directory servers is secure.
Password synchronization—Depending on the configuration, passwords can be synchronized. For instance, when Oracle Internet Directory is the central enterprise directory, password changes can be communicated to the connected directory.
If passwords are to be synchronized, then Oracle Corporation recommends that you configure communication between the directories in SSL with server-only authentication. The sequence of steps to configure communication between connected directories in SSL is as follows:
In the integration profile, to indicate that the mode of communication is SSL, configure the connectedDirectoryURL
attribute in the form of host:port:1
. Make sure the port number is the SSL port. The default SSL port number is 636.
Generate a certificate from the connected directory. What is required is the trust point certificate from the server. You do not need to use any external certificate server to do this.
Export the certificates to Base 64 encoded format.
Import the certificates as trust points in the Oracle Wallet by using Oracle Wallet Manager.
Specify the wallet location in the odi.properties
file in $ORACLE_HOME/ldap/odi/conf.
Store the wallet password by using the Directory Integration and Provisioning Assistant with the wp
option.
Start the Oracle directory integration and provisioning server in SSL mode.