Hi,
If you want to create a user which has same privileges as superuser cn=orcladmin has, then you need to assign the below privileged groups to the user account. You can query for those groups by searching for entries with "uniquemember=cn=orcladmin" or you can use the information provided below:
dn: cn=OracleDBCreators,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleNetAdmins,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleContextAdmins,cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDomainAdmins,cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDBAQUsers, cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=iASAdmins, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=authenticationServices, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=verifierServices, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=UserProxyPrivilege, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASAdminGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASUserPriv, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASConfiguration, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASGroupPriv, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASCreateUser, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASDeleteUser, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASEditUser, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASCreateGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASDeleteGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASEditGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=oraclemanageextendedpreferences, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleResourceAccessGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=ComputerAdmins, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=EmailAdminsGroup,cn=EMailServerContainer,cn=Products,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=UMAdminsGroup,cn=UMContainer,cn=Products,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASServiceAdminGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=OracleDASAccountAdminGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=ASPAdmins, cn=groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=IAS & User Mgmt Application Admins, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=Trusted Applications Admins, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=Common User Attributes, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=Common Group Attributes, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=PKIAdmins,cn=groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: cn=CRLAdmins,cn=groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <>
dn: ccn=OCS_PORTAL_USERS, cn=groups,dc=ftb,dc=ca,dc=gov
changetype: modify
add: uniquemember
uniquemember: <>
Replace the <> with your user account dn and save the above entries in an ldif file and run the ldapmodify command to assing super user like privileges to the user.
Note: If you want the above user account to be able to modify the Schema (ObjectClasses & Attributes) & Security Settings in Oracle Internet Directory, then please add the privilege group also.
dn: cn=DirectoryAdminGroup,cn=oracle internet directory
changetype: modify
add: member
member: <>
References:
http://docs.oracle.com/cd/E12839_01/oid.1111/e10029/oid_susers.htm#CIHDCHHI
Thanks
If you want to create a user which has same privileges as superuser cn=orcladmin has, then you need to assign the below privileged groups to the user account. You can query for those groups by searching for entries with "uniquemember=cn=orcladmin" or you can use the information provided below:
dn: cn=OracleDBCreators,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleNetAdmins,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleContextAdmins,cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDomainAdmins,cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDBAQUsers, cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=iASAdmins, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=authenticationServices, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=verifierServices, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=UserProxyPrivilege, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASAdminGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASUserPriv, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASConfiguration, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASGroupPriv, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASCreateUser, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASDeleteUser, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASEditUser, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASCreateGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASDeleteGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASEditGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=oraclemanageextendedpreferences, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleResourceAccessGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=ComputerAdmins, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=EmailAdminsGroup,cn=EMailServerContainer,cn=Products,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=UMAdminsGroup,cn=UMContainer,cn=Products,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASServiceAdminGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=OracleDASAccountAdminGroup, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=ASPAdmins, cn=groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=IAS & User Mgmt Application Admins, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=Trusted Applications Admins, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=Common User Attributes, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=Common Group Attributes, cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=PKIAdmins,cn=groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: cn=CRLAdmins,cn=groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: <
dn: ccn=OCS_PORTAL_USERS, cn=groups,dc=ftb,dc=ca,dc=gov
changetype: modify
add: uniquemember
uniquemember: <
Replace the <
Note: If you want the above user account to be able to modify the Schema (ObjectClasses & Attributes) & Security Settings in Oracle Internet Directory, then please add the privilege group also.
dn: cn=DirectoryAdminGroup,cn=oracle internet directory
changetype: modify
add: member
member: <
References:
http://docs.oracle.com/cd/E12839_01/oid.1111/e10029/oid_susers.htm#CIHDCHHI
Thanks
No comments:
Post a Comment