My Oracle Support Banner

OUD 11g/12c - How To Use Virtual Attributes To Assign Root Privileges To Members Of A Group (Doc ID 2358005.1)

Last updated on MAY 09, 2019

Applies to:

Oracle Unified Directory - Version 11.1.2.3.161018 and later
Information in this document applies to any platform.

Goal

Most LDAP directory servers typically have a single superuser, which is much like the root account in traditional UNIX systems. This account can bypass access controls and other restrictions that might be enforced for regular users. In Oracle Unified Directory you can define multiple root users, and there is a privilege subsystem that makes it possible to control capabilities at a more fine-grained level.  The goal of this document is to demonstrate how to grant root level privileges to members of a group using virtual attributes.

The ability to set admin privileges must be applied to specific user accounts and not directly to groups.

The following example gets around this by creating a new virtual attribute that will populate "ds-privilege-name: unindexed-search" for each user that is a member of a group.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Configuring Virtual Attributes Using dsconfig
 Viewing the Configuration of a Virtual Attribute Using dsconfig
 Assigning Privileges to Normal Users


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.