My Oracle Support Banner

OUD 11g/12c - How To Use Virtual Attributes To Assign Root Privileges To Members Of A Group (Doc ID 2358005.1)

Last updated on FEBRUARY 06, 2018

Applies to:

Oracle Unified Directory - Version 11.1.2.3.161018 and later
Information in this document applies to any platform.

Goal

Most LDAP directory servers typically have a single superuser, which is much like the root account in traditional UNIX systems. This account can bypass access controls and other restrictions that might be enforced for regular users. In Oracle Unified Directory you can define multiple root users, and a privilege subsystem that makes it possible to control capabilities at a more fine-grained level.  The goal of this document is to demonstrate how to grant root level privileges to members of a group using virtual attributes.

The ability to set admin privileges must be applied to specific user accounts and not directly to groups.

The following example gets around this by creating a new virtual attribute that will populate "ds-privilege-name: unindexed-search" for each user that is a member of a group.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.