OUD 11g/12c - How To Use Virtual Attributes To Assign Root Privileges To Members Of A Group
(Doc ID 2358005.1)
Last updated on FEBRUARY 06, 2018
Applies to:Oracle Unified Directory - Version 220.127.116.11.161018 and later
Information in this document applies to any platform.
Most LDAP directory servers typically have a single superuser, which is much like the root account in traditional UNIX systems. This account can bypass access controls and other restrictions that might be enforced for regular users. In Oracle Unified Directory you can define multiple root users, and a privilege subsystem that makes it possible to control capabilities at a more fine-grained level. The goal of this document is to demonstrate how to grant root level privileges to members of a group using virtual attributes.
The ability to set admin privileges must be applied to specific user accounts and not directly to groups.
The following example gets around this by creating a new virtual attribute that will populate "ds-privilege-name: unindexed-search" for each user that is a member of a group.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document