WIXLIB

Oracle Adaptive Access ManagerLDAP Configuration in WebSphere 6.1.0.3with Open LDAP10g (10.1.4.3.0)December 2007

Oracle Adaptive Access LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)Copyright 2007, Oracle. All rights reserved.The Programs (which include both the software and documentation) contain proprietary information;they are provided under a license agreement containing restrictions on use and disclosure and are alsoprotected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering,disassembly, or decompilation of the Programs, except to the extent required to obtain interoperabilitywith other independently created software or as specified by law, is prohibited.The information contained in this document is subject to change without notice. If you find anyproblems in the documentation, please report them to us in writing. This document is not warranted tobe error-free. Except as may be expressly permitted in your license agreement for these Programs, nopart of these Programs may be reproduced or transmitted in any form or by any means, electronic ormechanical, for any purpose.If the Programs are delivered to the United States Government or anyone licensing or using thePrograms on behalf of the United States Government, the following notice is applicable:U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation andtechnical data delivered to U.S. Government customers are "commercial computer software" or"commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agencyspecific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation ofthe Programs, including documentation and technical data, shall be subject to the licensing restrictionsset forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rightsset forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). OracleUSA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or otherinherently dangerous applications. It shall be the licensee's responsibility to take all appropriate failsafe, backup, redundancy and other measures to ensure the safe use of such applications if the Programsare used for such purposes, and we disclaim liability for any damages caused by such use of thePrograms.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may betrademarks of their respective owners.The Programs may provide links to Web sites and access to content, products, and services from thirdparties. Oracle is not responsible for the availability of, or any content provided on, third-party Websites. You bear all risks associated with the use of such content. If you choose to purchase any productsor services from a third party, the relationship is directly between you and the third party. Oracle is notresponsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms ofthe agreement with the third party, including delivery of products or services and warranty obligationsrelated to purchased products or services. Oracle is not responsible for any loss or damage of any sortthat you may incur from dealing with any third party.Oracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)2

ContentsDocumentation.4Oracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3 with OpenLDAP.6Troubleshooting .17Oracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)3

DocumentationThe Oracle Adaptive Access Manager 10g documentation includes the following: The Oracle Adaptive Access Manager API Integration Guide, which provides informationon natively integrating the client portion of the Adaptive Risk Manager Online solutions. Inan API integration, the client application invokes the Adaptive Risk Manager Online APIsdirectly and manages the authentication and challenge flows. The Oracle Adaptive Access Manager Database Installation Guide (Oracle), whichprovides information about installing the Adaptive Access Manager schema into an Oracledatabase. Access to the Adaptive Access Manager schema is a requirement of theAdaptive Access Manager Application Server, which hosts the Adaptive StrongAuthenticator and the Adaptive Risk Manager. Note that the Adaptive Access Managerschema needs to be installed into the Oracle database before proceeding to theinstallation of the proxy. The Oracle Adaptive Access Manager Database Installation Guide for SQL Server 2005,which provides information about installing the Adaptive Access Manager schema intoSQL Server 2005. Access to the Adaptive Access Manager schema is a requirement ofthe Adaptive Access Manager Application Server, which hosts the Adaptive StrongAuthenticator and the Adaptive Risk Manager. Note that the Adaptive Access Managerschema needs to be installed into SQL Server 2005 before proceeding to the installationof the proxy. The Oracle Adaptive Access Manager Proxy Integration Guide, which providesprogramming information and instructions on the installation of the Adaptive AccessManager proxy, one of the components in the Adaptive Access Manager UIO deployment.The Oracle Adaptive Access Manager's Universal Installation Option (UIO) offers multifactor authentication to Web applications without requiring any change to the applicationcode. The Oracle Adaptive Access Manager Proxy and The Oracle Adaptive AccessManager Proxy Web Publishing Configuration are guides specific to the UIO deployment. The Oracle Adaptive Access Manager Proxy Web Publishing Configuration, whichprovides information on creating web publishing rules and listeners so that Webapplications and the Web UIO can be accessible from the Internet. The Oracle AdaptiveAccess Manager's Universal Installation Option (UIO) offers multi-factor authentication toWeb applications without requiring any change to the application code. The Oracle Adaptive Access Manager Proxy and The Oracle Adaptive Access Manager Proxy WebPublishing Configuration are guides specific to the UIO deployment. The Oracle Adaptive Risk Manager Online Installation Guide, which provides informationon the installation of the administration user interface of Oracle Adaptive Access Manager.Adaptive Risk Manager Online is the administration user interface of Oracle AdaptiveAccess Manager, a set of web-based administration tools that provides sophisticatedfraud monitoring, analysis, and tracking by user location, device, time of day, type oftransaction, as well as a host of other factors, and evaluates these factors against a set ofcustomizable rules. The Oracle Adaptive Access Manager LDAP Configuration Guide, which providesinformation on how to configure the Oracle Adaptive Access Manager Application Serverto allow a user to be authenticated via a user identifier and password. The intendedaudience of this manual are users of WebLogic and Tomcat who want to use LDAP to setup users instead of the functionality in WebLogic and Tomcat.Oracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)4

The Oracle Adaptive Access Manager Import/Export Manual, which provides informationon importing and exporting groups, rule templates, and models to and from the AdaptiveAccess Manager schema. The Oracle Adaptive Risk Manager Online Customer Care API Guide, which providesinformation about the Adaptive Risk Manager Online Customer Care API and provides theXML definition for each of the APIs. The Oracle Adaptive Access Manager Database Tables Archiving and PurgingProcedure, which provides information on the purge and archive scripts in the OracleAdaptive Access Manager database tables of Microsoft SQL Server 2005. The procedureto trigger the scripts and information on verification and validation of script results are alsoprovided. The Oracle Adaptive Access Manager SQL Server Maintenance Guide, which providesinstructions to set up the Oracle Adaptive Access Manager Maintenance Plan to purgeand archive scripts in the Oracle Adaptive Access Manager database tables of MicrosoftSQL Server 2005. The manual also discusses in detail how to trigger the scripts andprovides information on the verification and validation of script results. The Oracle Adaptive Risk Manager Administrator's Guide, which provides step-bystep instructions for creating and managing groups, creating models that contain rules,and customizing and managing rules. The Oracle Adaptive Risk Manager Dashboard and Reporting Guide, which providesdetailed instructions on how to use the dashboard and reporting functionality within theOracle Adaptive Risk Manager Online. The Oracle Adaptive Risk Manager Onlineincludes a dashboard that provides a high-level overview of users and devices that havegenerated alerts and the alerts themselves, and it contains a comprehensive collection ofreports on users, locations, devices, and security alerts. The Oracle Adaptive Risk Manager Customer Care Administration Guide, whichprovides information on creating new customer cases and administering them.Oracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)5

Oracle Adaptive Access Manager LDAP Configuration inWebSphere 6.1.0.3 with Open LDAPNote: Before making any changes to the authentication realms, make sure to take a backup ofthe security.xml file as the web admin console would be blocked .The file is located at C:\Program Files\IBM\WebSphere\ AppServerX \profiles\AppSrv01\config\cells\ systemnameNodedell 1. From the Console's left pane, select Security and click Secure administration,applications, and infrastructure.2. From the Available realm definitions list at the bottom of the main page, chooseStandalone LDAP registry, and click the Configure button.Oracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)6

3. In the General Properties section, enter the values for Primary administrative username, Type of LDAP server, and all LDAP information.Example values are shown below. Primary administrative user name: uid ruleAdmin1,ou people,dc my-domain,dc com Server identity that is stored in the repository Server user ID or administrative user on aVersion 6.0.x node: uid ruleAdmin1,ou people,dc my-domain,dc com password: ****** Type of LDAP server: custom Host: 127.0.0.1 Port: 389 Base distinguished name (DN): dc my-domain,dc com Bind distinguished name (DN): cn Manager,dc my-domain,dc com Bind password: ******** Search Timeout: 120 Reuse connection: checked Ignore case for authorization: uncheck SSL enabled: uncheckOracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)7

Under the Additional Properties section, click the Advanced Lightweight Directory AccessProtocol (LDAP) user registry settings link. User filter: (&(uid %v)(objectclass inetOrgPerson)) Group Filter:(&(cn %v)( (objectclass groupOfNames)(objectclass groupOfUniqueNames)(objectclass groupOfURLs))) User ID map: uid {0},ou people,dc my-domain,dc com Group ID map: ou roles,dc my-domain,dc com Group member ID map: uniqueMember Perform a nested group search: uncheck ( can be checked) Certificate map mode: EXACT DN4. In Secure administration, applications, and infrastructure page's User accountrepository section, click the Set as Current button and check that the current realmdefinition is changed to Standalone LDAP registry.Oracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)8

5. Click the Apply button to save the master configuration.Oracle Adaptive Access Manager LDAP Configuration in WebSphere 6.1.0.3, 10g (10.1.4.3.0)9