Oracle Unified Directory - rlaich/avctrec GitHub Wiki

Purpose

To support Lenovo issue investigation

Environment:

• OS: Ubuntu server 22.04 (Desktop installed)
• Oracle Unified Directory: 12.2.1.4.0
• Java : Oracle 1.8.0_371

Install

• command
• Note: can't install when logined user is root.

java -jar fmw_12.2.1.4.0_oud.jar

Setup LDAP server instance

• command (setup by GUI)
• Note
  • when use not root user to setup, default port of LDAP can't be assigned.
  • Using sudo to run setup can assign default LDAP port
  • Setup support import tree by ldif file
    • ldap_dump-openldap.ldif(equal to ldap_dump-opensuse.ldif in example png file)

# Enter installed OUD folder
cd /home/$username/Oracle/Middleware/Oracle_Home/oud
# Run Setup 
sudo ./oud-setup

Test connection example

# Admin account can Read/Search all entries
ldapsearch -h $oud_ip -p 389 -D "cn=Manager" -w Password1 -b "dc=imm,dc=avct,dc=com" "(objectclass=*)"

# Other LDAP user only can access entries that set proper access control value (ACI)
# Set ACI of entry
ldapadd -c -D "cn=Manager" -w Password1 -H ldap://10.162.246.219 -a -f aci_add.ldif

# Test after set aci of entries
ldapsearch -h $oud_ip -p 389 -D "uid=hurdle,ou=user,ou=login,dc=imm,dc=avct,dc=com" -w Password1 -b "dc=imm,dc=avct,dc=com" "(objectclass=*)"

Manage LDAP server after reboot

• command

# Start
# asinst_n, n is installed instance index
cd /home/svteam/Oracle/Middleware/Oracle_Home/asinst_1/OUD/bin
./start-ds
# stop
./stop-ds
# Server status
./status

Reference

• Installing Oracle Unified Directory
• Administering Oracle Unified Directory
• Oracle Unified Directory Access Control Model
• Managing access control instructions
• View aci attribute