Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

CHAPTER 9 Securing Fusion Middleware Ent... > Securing Oracle Platform Security Se...

Securing Oracle Platform Security Services Access to Oracle Internet Directory

So far, the connection from the pricing application’s OPSS component within the WebLogic Server domain to the OID LDAP server is established using the cn=orcladmin user. As mentioned briefly in Chapter 8, it is generally recommended that instead a dedicated LDAP Distinguished Name (DN) be used for each client application. In a production environment, the credentials for cn=orcladmin are typically only used by LDAP directory administrators and should not be used by client applications to access the LDAP server. A client application-specific DN can be given just enough privileges to access the directory and to perform the necessary authentication, authorization, and user/group lookups for OPSS. Furthermore, the use of such a DN allows us to protect the OPSS directory subtree to be seen only by this DN. This will prevent other LDAP users from tampering with application policies and credentials stored in OPSS. It also avoids improper usage and exposure of the cn=orcladmin super user.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint