5.1.7 Creating Users and Groups in the LDAP Store
Oracle Advanced Authentication (OAA) requires two groups to be configured
in the LDAP store used by Oracle Access Management (OAM):
- OAA-Admin-Role, which is used to authenticate administrator users who are permitted to access the Administration Console.
- OAA-App-User, which contains the list of users who are permitted to access the Self-Service Portal.
These groups, along with the OAA Administration user
oaaadmin
, are created
in your LDAP store during the OAA installation (unless they already exist).
Note:
As described in Supported Architectures, the LDAP store used by OAM must be extended with OAM Object classes. For more information, see Using Password Policy.The installation can optionally add all your existing LDAP users (in the defined user
search base) to the OAA-App-User group, and add the
obpsftid:
true
attribute for each user.
Note:
Theobpsftid:
true
is a requirement for persistent login and Oracle Universal
Authenticator.
If you do not want to add all of your defined LDAP user search base to
the OAA-App-User group, then you must add the users manually,
post-installation of OAA. Similarly, if using OUA you must also add the LDAP
attribute obpsftid: true
to each user manually.
5.1.7.1 Configuration Checkpoint
- Before proceeding make sure you have the following
information:
Variable Your Value Sample Value Description <LDAP_HOST> oud.example.com
The fully qualified hostname of the LDAP server. <LDAP_SERVER> ldap://oud.example.com:1389
The LDAP server protocol, hostname and port. <LDAP_ADMIN_USER> cn=oudadmin
The user name of the directory administrator. <LDAP_ADMIN_PWD> password
The password of the directory administrator. <LDAP_USER_SEARCHBASE> cn=Users,dc=example,dc=com
The location in the directory where names of users are stored. <LDAP_GROUP_SEARCHBASE> cn=Groups,dc=example,dc=com
The location in the directory where groups/roles are stored.