Oracle® Database Enterprise User Administrator's Guide 10g Release 2 (10.2) Part Number B14269-01 |
|
|
View PDF |
This appendix discusses upgrading Oracle9i Database to Oracle Database 10g Release 2 (10.2) with respect to Enterprise User Security. It includes the following sections:
Oracle9i Database Release 2 can work with Oracle Internet Directory Release 9.2 or Release 9.0.4. Oracle Database 10g Release 2 (10.2) requires Oracle Internet Directory 9.0.4 or later. In case you are using Oracle Internet Directory Release 9.2, you need to upgrade it to Release 9.0.4.
The following list discusses upgrading Oracle Internet Directory Release 9.2 to Oracle Internet Directory Release 9.0.4:
Use Oracle Internet Directory Configuration Assistant to upgrade Oracle Internet Directory. This is required if you want to register Oracle Database 10g Release 2 (10.2) instances in the directory.
Upgrade Oracle Contexts used for Enterprise User Security to Identity Management Realms, if they are not root contexts. Use the Oracle Internet Directory Configuration Assistant command-line utility as follows:
oidca mode=CTXTOIMR
This step is required if you want to register an Oracle Database 10g Release 2 (10.2) instance in a realm.
You cannot use the root Oracle Context for Oracle Database 10g Release 2 (10.2) databases because it is not an Identity Management Realm.
Use Oracle Internet Directory tools, such as ldapmodify
and bulkmodify
, to add the orcluserV2
objectclass
to existing user entries. This objectclass
is required for users to change their database passwords, and for kerberos authentication to the database.
In a realm that contains both Oracle9i Database (Release 9.1 or Release 9.2) and Oracle Database 10g Release 2 (10.2), use a DAS-based tool in Oracle Internet Directory Release 9.0.4 to create and manage users. You can use either Oracle Internet Directory Self-Service Console or Enterprise Security Manager Console. Do not use Enterprise Security Manager or Enterprise Login Assistant from Oracle9i installations.
For each Oracle9i Database instance that you upgrade to Oracle Database 10g Release 2 (10.2), perform the following steps:
Use Oracle Wallet Manager to disable automatic login for the database wallet.
Copy the database distinguished name (DN) from the initialization parameter rdbms_server_dn
to a file in a secure location.
Upgrade the database to Oracle Database 10g Release 2 (10.2).
Depending on where your database admin
directory is stored, move the database wallet either to $ORACLE_BASE/admin/
olddbuniquename
/wallet
or $ORACLE_HOME/admin/
olddbuniquename
/wallet
. Note that $ORACLE_HOME
is for the new Oracle Database 10g Release 2 (10.2). You may have to create the wallet
directory.
Copy the old $ORACLE_HOME/network/admin/ldap.ora
file to the new $ORACLE_HOME/ldap/admin/ldap.ora
file. Alternatively, you can use Oracle Net Configuration Assistant to create a new ldap.ora
file.
Use the command-line utility, mkstore
, to put the database DN (from the file in the previously created secure directory location) into the wallet by using the following syntax:
mkstore -wrl database_wallet_location -createEntry ORACLE.SECURITY.DN database_DN
You will be prompted for the wallet password.
If you make a mistake in the mkstore
command, then you can use the -modifyEntry
option to correct it.
Use Database Configuration Assistant to generate the database-to-directory password in the database wallet. Choose the Modify Database option.
Use Oracle Wallet Manager to re-enable automatic login for the database wallet.
Use Oracle Net Manager to set the new wallet location in the sqlnet.ora
file to the directory specified in step 4.
The default for the nickname attribute, such as CN, remains unchanged. The upgrade process does not change the default nickname attribute setting. After upgrading from Oracle Internet Directory Release 9.2 to Release 9.0.4, if you are unable to log into Oracle Database 10g Release 2 (10.2), then you must use the DAS-based Oracle Internet Directory Self-Service Console to reset your password.