Setting Up Enterprise User Security

Hi All,
Oracle Database Assistant always crashes when I try to modify or delete a database. It always crashes with java receiving a SIGSEGV (segmentation fault) in libjava.so. I'm using the jre shipped with the Oracle package. It does not crashes when I tru to create a new one, it's working fine then. What's wrong?

I can't even seem to get the DBAssistant to run and continue past the JNLS error popup? It is supposed to be a bug - then it should continue ... any ideas?
thanks
adam
<BLOCKQUOTE>quote:<HR>Originally posted by afreeman ():
I got the same problem; I can create databases without any problem, but cannot delete or modify them - dbassist dies with a sigsegv in same java library that you mentioned.
I've been looking around for a list of things to do to manually delete a database on linux; I'll post it, if I find something useful.
-Aaron<HR></BLOCKQUOTE>
null

Similar Messages

How to configure Enterprise User Security ?

Hi All,
I am following the oracle document for setting up Enterprise User Security to setup Enterprise user security between OID 11g and database 11g . but right now if i click on the "Enterprise User Security" link in the Security under the Server tab , I am getting a HTTP 500 internal error , please kindly provide your inputs .
Regards,
Senthil.

Hi,
You don't so much configure enterprise voice for federation, you just configure enterprise voice. Then when you configure you're environment for federation, the voice features will take care of themselves. The two are separation components / features.
But you'll need to be a little more specific; Are the two user forests using the same Lync environment through a forest trust(s) (resource or central forest topologies)? If they are, then you don't need to do anything with federation for these
two forests to leverage enterprise voice between their users - it will just work. However if each user forest is using a separate Lync environment, then you will need to configure federation between the two and make use of Lync Edge servers.
You can enable enterprise voice for users without an SBC or gateway, this component is used merely to connect your Lync platform to the PSTN. You may also use a direct SIP trunk to your mediation server as you have eluded to, although I never recommend this
in production for security reasons (which I feel others will back me on), it is still a supported option.
Let me know if I've interpreted this completely wrong.
Kind regards
Ben
Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.
Lync | Skype | Blog: Gecko-Studio

Enterprise User Security and Password Policies

Hi!
I'm testing Enterprise User Security. Till now everything has gone ok, I can connect to my db using oid users.
Now I'm configuring OID password policies for my realm but it seems that these are not applied when I connect through db. For example, I can try to logon with a wrong password as many time as I want, although in policies a limit of three is set.
Is this correct?!

If you're not using DB 10.2 this is the "expected" behavior for the DB. See also metalink note 351170.1 "Enterprise Users Can Connect to a Database when the OID Account is Disabled"
regards,
--Olaf

Enterprise User Security, How do I store the DB password somewhere else?

Hi Guys,
I'm running Oracle 11gR2 and OID 11gR1.
Right now I have enterprise user security working, however I would like to decouple Apps / Directory password from the DB password in OID.
I understand that I can stick the password in orclpasswordverifier.
I have tried to add a new Password Verifier in OID, set up the appropriate appID in the password verifier, added the orclpasswordverifier.<appid> = password into my user but the set up refuses to go to orclpasswordverifier.<appid> it still uses the value of userpassword and orclpassword. I have also read the manual like 5 times.
I've even tried to move the Password Verifier around, to root DBSecurity context, to my domain's context, swapped around the appid value, but no matter what it doesn't seem to work.
Any advise please?

I could able to find out the solution for the first item by looking at the forums and some documentation.
We can specify the some part of the URL in the cgicmd.dat file as a key value pairs, which is located in <Oracle-Home>/reports/conf
testreports: userid=scott/tiger@ORCL destype=CACHE server=ust %*
Here the key is -- testreports
Now new URL to access the report like
http://localhost:7778/reports/rwservlet?cmdkey=testreports&report=sample_report.rdf&desformat=pdf&p_from_date=02-MAY-2006&p_to_date=03-SEP-2006
You can see that Key is passed as cmdkey=testreports
Please do remember that you have to append %* at the end of the key, this will allow part of the Key specified in the config file and part will be supplied in the URL
Madhu

Get error while Integrating with Oracle's Enterprise User Security

Hi,
I am trying to create an Oracle Enterprise User integrating with OVD and MS Active Directory.
I am following all the steps in Integrating with Oracle's Enterprise User Security.
In the documentation section: "Configuring Oracle Virtual Directory for the Integration"
I have applied the steps successfully until:
Update and load the entries into the Local Store Adapters by performing the following steps:
I have successfully extended the Oracle Virtual Directory schema with the loadOVD.ldif
However I am getting errors in the next step: Update realmRoot.ldif to use your namespaces
The next step states the following:
Update realmRoot.ldif to use your namespaces, including the dn, dc, o, orclsubscriberfullname,
and memberurl attributes in the file. If you have a DN mapping between Active Directory and
Oracle Virtual Directory, use the DN that you see from Oracle Virtual Directory.
The realmRoot.ldif file is located in ORACLE_VIRTUAL_DIRECTORY_HOME/eus,
where ORACLE_VIRTUAL_DIRECTORY_HOME represents the location where Oracle Virtual Directory is installed.
The realmRoot.ldif file contains core entries in the directory namespace that Enterprise User Security queries. The realmRoot.ldif file also contains the dynamic group that contains the registered Enterprise User Security databases to allow secured access to sensitive Enterprise User Security related attributes, like the user's Enterprise User Security hashed password attribute.
Load your domain root information in the realmRoot.ldif file into Oracle Virtual Directory using the following command:
ldapmodify -h Oracle_Virtual_Directory_Host –p OVD_Port -D cn=admin -w Admin_Password -v -a –f realmRoot.ldif
When I run the ldapmodify command I get the following error:
add dc:
testldap
add objectclass:
top
domain
domainDNS
adding new entry DC=testldap,DC=local
ldap_add: Operations error
ldap_add: additional info: LDAP Error 1 : null
The actual realmRoot.ldif looks like this:
# Please uncomment the following one line if you are importing this
# LDIF file via OVD Manager or OVD Server's ldapmodify tool.
#version: 1
#dn: dc=com
#dc: com
#objectclass: domain
dn: DC=testldap,DC=local
changetype: add
dc: testldap
#o: subarashii
objectclass: top
objectclass: domain
objectclass: domainDNS
#objectclass: orclSubscriber
#orclsubscriberfullname: subarashii
#orclVersion: 90400
# If your domain structure has more layers than dc=subarashii,dc=com,
# for example, it's dc=us,dc=subarashii,dc=com, you will need to load
# the following ldif entry/entries too.
# Uncomment out the following, if required.
#dn: dc=us,dc=subarashii,dc=com
#orclversion: 90400
#orclsubscriberfullname: us
#objectclass: domain
#objectclass: top
#objectclass: orclSubscriber
#dc: us
# Adding EUSDBGroup entry
# Modify the memberurl attribute and replace it with your own domain name
#dn: cn=EUSDBGROUP,dc=subarashii,dc=com
#cn: EUSDBGROUP
#memberurl:ldap:///dc=subarashii,dc=com??sub?(&(objectclass=orclService)(objectclass=orclDBServer))
#objectclass:groupofuniquenames
#objectclass:groupofurls
#objectclass:top

Did you ever get your questions answered about the realmRoot.ldif file? Did you manage to configure a successful integration of OVD with EUS? I am battling with trying to get Oracle Virtual Directory integrated with Enterprise User Security, but every step I take in Chapter 7 of the OVD manual fails in some way, and the instructions are often vague. I am not sure how to modify the realmRoot.ldif file. Is there any improved documentation on this? I have logged a Service Request, but not getting any help. Any resources or documentation you know of that provides better guidance would be much appreciated. I am way behind my schedule now and this is a very frustrating exercise.
Thanks.

Completion Insight not working correctly when using Enterprise User Security (EUS) logon

This is a pre existing issue we've experienced with SQL Developer, though I've only just worked out what is causing the issue it is present in previous versions of the tool, up to the current 4.0.EA2.
We experience issues with the Completion Insight functionality of SQL Developer.
When we log into a database using Enterprise User Security i,e authenticating against OID, the schema of the database account is prefixed to any reference to public synonyms, ie all user_%, all_%, dba_% and v$% views.
When I change the authentication of the database account back to normal database authentication the schema prefix correctly isn't shown. It simply suggests the synonym name of the views.
An example of this is as follows when attempting to query the DBA_TABLES view:
The database account is ORADBA and has DBA privs.
The EUS user that is mapped to the ORADBA schema is dbutler.
The ORADBA user is configured to authenticate externally (against OID).
I login with my dbutler directory credentials:
If I start typing:
select * from dba_tabl
The object name is suggested as ORADBA.dba_tables
If I change the authentication of the ORADBA account back to database authentication, the prefix is no longer present.
i.e If I start typing:
select * from dba_tabl
The object name is suggested as dba_tables

If you're not using DB 10.2 this is the "expected" behavior for the DB. See also metalink note 351170.1 "Enterprise Users Can Connect to a Database when the OID Account is Disabled"
regards,
--Olaf

Shared Schemas Enterprise User Security.

Hello,
I currently have externally authenticated users setup. With each user having his own schema.
My enviromnent does not need users to have seperate schemas. There will be a Prod, Train and Test environments. My question is what is the best way to implement database access. Should I stick with my current environment and grant privledges to allow users to access the same schema. Should I create a global schema and create Enterprise users and map those users to that schema. Should I create the different environments as global schemas in one database or create three separate databases. Any Suggestions. The documentation does not give real world solutions.
Thanks in advance!!!

If you're not using DB 10.2 this is the "expected" behavior for the DB. See also metalink note 351170.1 "Enterprise Users Can Connect to a Database when the OID Account is Disabled"
regards,
--Olaf

Enterprise User Security

Hi All,
Can an Oracle 9i Database Release 2 (or above) authenticate users using LDAP against Novell E-Directory?
Thanks,
Matt

Can you see it with
select * from dba_roles;

Enterprise User Security (EUS) with Oracle RAC database

Hi all,
i'm experiencing a problem configuring centralized AAA on Oracle OID for Oracle RAC Database.
My environment is:
1) Oracle OID 10g (192.168.15.245 - rh4oidserver.klab.it)
2) Oracle RAC database 11g
I successfull configured a standalone Oracle Database to authenticate user in OID centralized repository, but i'm experiencing different problem to do, with RAC, same things.
In dept:
1) Oracle RAC works correctly and internal user (SYS,Oracle, ecc.) are correctly authenticated and authorizated against database
2) Oracle RAC register himself in OID (see attached snapshoot)
3) I run sqlplus to connect on Oracle RAC using OID users and i get following error: ORA-28030 Server encountered problems accessing LDAP directory service
Using a sniffer, i can see a reset message after SSL handshake (SSL v3 encrypted alert), but i don't undenstand root cause....
Host file on RAC server is:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1          localhost.localdomain localhost
::1          localhost6.localdomain6 localhost6
# Public
192.168.15.177          orclrac1.klab.it orclrac1
192.168.15.178 orclrac2.klab.it orclrac2
#Private
192.168.1.100          orclrac1-priv.klab.it orclrac1-priv
192.168.1.105 orclrac2-priv.klab.it orclrac2-priv
#Virtual
192.168.15.88 orclrac1-vip.klab.it orclrac1-vip
192.168.15.96 orclrac2-vip.klab.it orclrac2-vip
92.168.15.184 openfiler.klab.it openfiler
192.168.1.90 openfiler-priv.klab.it openfiler-priv
192.168.15.246     acti.klab.it acti
#192.168.1.245 rh4oidserver.klab.it rh4oidserver
192.168.15.245 rh4oidserver.klab.it rh4oidserver
tnsname.ora is:
# tnsnames.ora Network Configuration File: /u01/app/oracle/product/11.1.0/db_1/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
RACDB1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = orclrac1-vip)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = racdb.klab.it)
(INSTANCE_NAME = racdb1)
RACDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = orclrac1-vip)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = orclrac2-vip)(PORT = 1521))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = racdb.klab.it)
LISTENERS_RACDB =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = orclrac1-vip)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = orclrac2-vip)(PORT = 1521))
RACDB2 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = orclrac2-vip)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = racdb.klab.it)
(INSTANCE_NAME = racdb2)
ldap.ora is:
# ldap.ora Network Configuration File: /u01/app/oracle/product/11.1.0/db_1/network/admin/ldap.ora
# Generated by Oracle configuration tools.
DIRECTORY_SERVERS= (rh4oidserver.klab.it:389:636)
DEFAULT_ADMIN_CONTEXT = "dc=dbtest101,dc=klab,dc=it"
DIRECTORY_SERVER_TYPE = OID
sqlnet.ora is:
# sqlnet.ora.orclrac1 Network Configuration File: /u01/app/oracle/product/11.1.0/db_1/network/admin/sqlnet.ora.orclrac1
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (LDAP,TNSNAMES)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/admin/racdb)
listener.ora is:
# listener.ora.orclrac1 Network Configuration File: /u01/app/oracle/product/11.1.0/db_1/network/admin/listener.ora.orclrac1
# Generated by Oracle configuration tools.
LISTENER_ORCLRAC1 =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = orclrac1-vip)(PORT = 1521)(IP = FIRST))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.15.177)(PORT = 1521)(IP = FIRST))
LISTENER_ORCLRAC2 =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = orclrac1-vip)(PORT = 1521)(IP = FIRST))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.15.178)(PORT = 1521)(IP = FIRST))
Thank's in advance for any help or suggestion.
Antonio

Hello bipkary,
what version are you using?
the following link tells you everything about EUS in oracle10g R2:
http://download.oracle.com/docs/cd/B19306_01/network.102/b14269/toc.htm

Setting Application Context Attributes for Enterprise Users Based on Roles

Hello,
We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
-- For each record in my RoleSitePrivileges table, set
-- an attribute named 'SITE_PRIVILEGE_<SiteID>'.
-- If the current user has been assigned a role matching
-- the value in the 'RoleName' field, set the corresponding
-- attribute to 'Y'... otherwise, set it to 'N'.
FOR iPrivRec IN (SELECT RoleName, SiteID
 FROM RoleSitePrivileges
 ORDER BY SiteID)
 LOOP
 SELECT COUNT(*)
 INTO roleExists
 FROM dba_role_privs
 WHERE granted_role = UPPER(iPrivRec.RoleName)
 AND grantee = USER;
 IF roleExists > 0 THEN
 DBMS_SESSION.set_context(
 namespace => 'my_ctx',
 attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
 value => 'Y');
 ELSE
 DBMS_SESSION.set_context(
 namespace => 'my_ctx',
 attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
 value => 'N');
 END IF;
 END LOOP;To finish things off, I created a security policy function for the table which returns the following:
RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
 FROM session_context
 WHERE attribute LIKE ''SITE_PRIVILEGE_%''
 AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
Thank you!

Hello,
We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
-- For each record in my RoleSitePrivileges table, set
-- an attribute named 'SITE_PRIVILEGE_<SiteID>'.
-- If the current user has been assigned a role matching
-- the value in the 'RoleName' field, set the corresponding
-- attribute to 'Y'... otherwise, set it to 'N'.
FOR iPrivRec IN (SELECT RoleName, SiteID
 FROM RoleSitePrivileges
 ORDER BY SiteID)
 LOOP
 SELECT COUNT(*)
 INTO roleExists
 FROM dba_role_privs
 WHERE granted_role = UPPER(iPrivRec.RoleName)
 AND grantee = USER;
 IF roleExists > 0 THEN
 DBMS_SESSION.set_context(
 namespace => 'my_ctx',
 attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
 value => 'Y');
 ELSE
 DBMS_SESSION.set_context(
 namespace => 'my_ctx',
 attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
 value => 'N');
 END IF;
 END LOOP;To finish things off, I created a security policy function for the table which returns the following:
RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
 FROM session_context
 WHERE attribute LIKE ''SITE_PRIVILEGE_%''
 AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
Thank you!

Can Enterprise users have more than 1 Shared Schema ?

Hi Everyone,
I just want to know whether is it possible for
Enterprise Users ( Schema-Independant users) able to access different shared schemas using the same user credentials.
A typical example is :
User1, User2 & User3 were Enterprise users who works for same project has been assigned to a shared schema (project1) which works fine with the enterprise user security by assigning them Project1 schema as default schema.
But User2 also works for another project ( Project2) and should be logged into schema project2 using his user credentials . Is this possible ???
Thanks
Venu

Oracle object privileges are generally best managed via the use of ROLES.
One way to have multiple end users access one schema might be to use the PROXY connection feature.
Both subjects are convered in the official documentation.
HTH -- Mark D Powell --

Can Enterprise Users have more than One Shared Schemas ???

Hi Everyone,
I just want to know whether is it possible for Enterprise Users ( Schema-Independant users) able to access different shared schemas using the same user credentials.
A typical example is :
User1, User2 & User3 were Enterprise users who works for same project has been assigned to a shared schema (project1)
which works fine with the enterprise user security by assigning them Project1 schema as default schema.
But User2 also works for another project ( Project2) and should be logged into schema project2 using his user credentials . Is this possible ???
Thanks
Venu

Oracle object privileges are generally best managed via the use of ROLES.
One way to have multiple end users access one schema might be to use the PROXY connection feature.
Both subjects are convered in the official documentation.
HTH -- Mark D Powell --

Establishing Enterprise Users Under OracleAS 10gR3

I'm interested in establishing 10gR2 database users as “Schema-Independent Global Users” as identified in the Database Administrators Guide. The reason for this is that our web-based application currently uses the “One Big Application User Approach” of logging into the database, which is inherently bad for database auditing (among other things). I’d like to switch to the “Proxy Authentication Integrated with Enterprise User Security” method as discussed in the Oracle Database Security Guide 10g Release 2 (10.2). It’s the “Enterprise User Security” aspect that I need some guidance on. 
The Database Enterprise User Administrator's Guide 10g Release 2 (10.2) (last released in June 2005) talks about how to establish “Enterprise Users” in an OID that includes an identity management realm. It also states that “OracleAS SSO must be installed and configured to authenticate enterprise user security administrators when they log in to the Enterprise Security Manager Console, an element of Enterprise Security Manager.” So, essentially this document covers how to establish and administer Enterprise Users under OracleAS10g (9.0.4). 
I'm interested in using OracleAS 10gR3 10.1.4.0.1 but it looks like Oracle has moved the Identity Management pieces (OID, SSO, Certificate Authority, etc.) around from R2 (OracleAS Infrastructure Installation) to R3 and introduced "Oracle Identity Management". 
What specifically do I download under OracleAS 10gR3 (OracleAS or Identity Managment) and if it's OracleAS what type of install would be required to end up with the required OID and SSO components?. 
Thank you.

Thanks Martin. The repackaging of the identity management pieces (OID, SSO, DAS, etc.) under OracleAS 10gR3 (as compared to versions prior to 10gR3) threw me for a loop. I was looking for these pieces in the OracleAS 10gR3 download at:
http://www.oracle.com/technology/software/products/ias/htdocs/1013.html
and those pieces aren't in that distribution any longer.

Providing User Security in Hyperon FDM

Hi
I am trying to create new user in Hyperion FDM using Webclient.
I am doing it by going to Administration->User Maintenance->New User.
What password shud I provide in Target system password for the new user.
If target system password is optional,thn what shud be the password for newly created user..
Has it got anything to do with Shared services.Cos..I am not sure whether setting up FDM user security has any relation with Shared services
Thanks in Advance!!!!!!!

Hi,
(a) Logging into FDM
You create new users in FDM and system doesnt require you to define the password for new user.
What is the password for the new user then? The authentication is defined in Load Balance Configuration/Authentication Providers. For example, if 'ABC' user is created in FDM and you use NTLM for authentication, then you need to create 'ABC' and define password in NTLM. In addition, you can use Shared Services as your authentication provider. Please refer to John's blog http://john-goodwin.blogspot.com/2008_07_01_archive.html.
(b) Logging from FDM application to Target HFM application.
The login information is defined in Adapter for your FDM application. In the Adapter option, you define below login information.
- App Name
- Logon Method
- Global Logon Information (User ID and PW)
That is my understanding and I have no problems accessing Target HFM application either from NTLM or Shared Service authentication.

The OMS is not set up for Enterprise Manager Security

Hi, I'm trying to add an agent to grid control and its not connecting with the management server because i cant secure it...
bash-2.05$ ../../bin/emctl secure agent <password>
Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
Agent is already stopped... Done.
Securing agent... Started.
Requesting an HTTPS Upload URL from the OMS... Failed.
The OMS is not set up for Enterprise Manager Security.
i have tried this on two seperate servers, both do the exact same thing. However, on my repository server where the OMS is housed, i can secure the agent no problem. Does anyone know what the problem could be? My OMS is on a Linux (SuSE 10.2) 32-bit machine.
heres the emdctl.trc on the agent machine:
2007-07-11 11:00:20 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:00:22 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:00:22 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:05:10 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:05:10 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:10:08 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:10:08 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
bash-2.05$ lsof | grep 3872
bash-2.05$
seems to be failing the connect but nothing is running on the port so i'm not sure why
Thanks in advance
Message was edited by:
user581869

some further information and hopefully someone can help me...
I went to the OMS binary folder (fmc45712:$OMS_HOME/bin) and executed the following commands...
$OMS_HOME/opmn/bin/opmnctl stopall
$OMS_HOME/bin/emctl stop oms
$OMS_HOME/bin/emctl secure oms
$OMS_HOME/bin/emctl start oms
$OMS_HOME/opmn/bin/opmnctl startall
then i go to $AGENT_HOME on the OMS machine (fmc45712:$AGENT_HOME/bin) and execute..
$AGENT_HOME/bin/emctl status agent -secure
Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
Checking the security status of the Agent at location set in /opt/oracle/OracleHomes/agent10g/sysman/config/emd.properties... Done.
Agent is secure at HTTPS Port 3872.
Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
OMS is secure on HTTPS Port 1159
I then to go the server i deployed the agent on that i want to get communicating wtih my OMS...
$AGENT_HOME/bin/emctl status agent -secure
Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
Checking the security status of the Agent at location set in /u101/em/agent10g/sysman/config/emd.properties... Done.
Agent is unsecure at HTTP Port 3872.
Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
OMS is running but has not been secured. No HTTPS Port available.
same command, different computer, but on the same network, and it just doesn't work. The OMS is on Linux x86 and the agent on the alternate computer is on HP-UX. If anyone has any help it'd be much appreciated.

Setting Up Enterprise User Security

Similar Messages

Maybe you are looking for