Home > Identity Manager, Oracle MiddleWare > Oracle Internet Directory (OID) Synchronization with Active Directory for Enterprise User Security – Part 3

Oracle Internet Directory (OID) Synchronization with Active Directory for Enterprise User Security – Part 3


1          Active Directory Configuration

1.1       Importing OID’s trusted certificate to Active Directory‘s Trust store

  • Login to Oracle Fusion middle ware Enterprise Manager http:// <idm weblogic server domain>:7001/em
  • Export Trusted Certificate of OID. We will add this to Active Directory for SSL synch
  • Select “Trust” certificate as shown in below screenshot and click on “Export” button
  • Save the certificate in your file system. We will be adding this certificate to Microsoft Active Directory’s trust store.

  • Server-authenticated SSL communication between a Microsoft Active Directory domain controller and Oracle Internet Directory will fail if the domain controller does not recognize the Oracle Internet Directory SSL certificate as valid. In order for a domain controller to accept an Oracle Internet Directory SSL certificate, you must use the Microsoft Management Console to import the certificate authority’s trusted certificate into the domain controller.
  • To use the Microsoft Management Console to import the certificate authority’s trusted certificate into the domain controller:
  1. Select Run from the Windows Start menu. The Run dialog box displays. In the Run dialog box, type mmc, and then click OK. The Microsoft Management Console window displays.
  2. Select Add/Remove Snap-in from the File menu. The Add/Remove Snap-in dialog box displays.
  3. In the Add/Remove Snap-in dialog box, click Add. The Add Standalone Snap-in dialog box displays.
  4. In the Add Standalone Snap-in dialog box, select Certificates, and then click Add. The Certificates snap-in dialog box displays, prompting you to select an option for which the snap-in will manage certificates.
  5. In the Certificates snap-in dialog box, select Computer Account, and then click Next. The Select Computer dialog box displays.
  6. In the Select Computer dialog box, select Local Computer, and then click Finish.
  7. Click Close in the Add Standalone Snap-in dialog box, and then click OK in the Add/Remove Snap-in dialog box. The new console displays Certificates (Local Computer) in the console tree.
  8. In the console tree, expand Certificates (Local Computer), and then click Trusted Root Certification Authority.
  9. Point to All Tasks on the Action menu, and then select Import. The Welcome page of the Certificate Import Wizard displays. Click Next to display the File to Import page.
  10. On the File to Import page, enter the path and file name of the certificate authority’s trusted root certificate, or click Browse to search for a file, and then click Next. The Certificate Store page displays. In this step add the TrustServer certificate we extracted from OID’s EM console’s wallet.
  11. On the Certificate Store page, select Place all certificates in the following store. If Trusted Root Certification Authorities is not already selected as the certificate store, click Browse and select it. Click Next. The Completing the Certificate Import page displays.
  12. On the Completing the Certificate Import page, click Finish. A dialog box displays indicating that the import was successful. Click OK.
  13. Click Save from the File menu. The Save As dialog box displays. Enter a name for the new console, and then click Save.
  14. Close Microsoft Management Console.
  • We will see in the next blog how to install “Oracle Password Filter” on Microsoft AD
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: