How To Restrict Anonymous Access To OID Only For Tnsnames Entries / Resolution?
(Doc ID 1471635.1)
Last updated on MARCH 10, 2021
Applies to:
Oracle Internet Directory - Version 10.1.2 and laterOracle Net Services - Version 10.1.0.2 and later
Information in this document applies to any platform.
Goal
Oracle Internet Directory (OID).
It is understood anonymous binds on are required for tnsnames resolution, but how to address more strict security requirements, such as:
Question 1:
All clients use OID for names resolution, as well as other queries, and also for authentication/authorization.
All clients use the same OID or load balancer hostname and port.
Need anonymous binds enabled for tnsnames resolution, but want to restrict it only for names resolution and nothing else.
Also wants to restrict all userid related attributes, ie DN, CN, UID, etc, and any password related attribute, from being queried or returned by anonymous binds/searches.
In fact, how to disallow everything But tnsnames resolution from an anonymous binds/searches?
Question 2:
The following command:
Returns All values in the OID server.
How to modify the security so it returns a single connect-string only when a valid service-name is specified, and return a full list of all values only when a proper password is supplied?
Question 3:
Need anonymous binds to fulfill the TNS requirements, but how to restrict anonymous from access anything else? For example, do not want anonymous to be able to see the cn=users,<realm> container.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| References |