User's Manual

Administering Identity Management Realms

Administering Enterprise User Security 13-5

Setting Properties of an Identity Management Realm

An identity management realm has a number of properties that can be viewed and

managed by using Enterprise Security Manager. These properties are described in

Table 13–1.

Setting Login Name, Kerberos Principal Name, User Search Base, and Group Search

Base Identity Management Realm Attributes

Setting these identity management realm attributes enables the database to locate

Enterprise User Security entries.

To set Login Name, Kerberos Principal Name, User Search Base, and Group

Search Base identity management realm attributes:

1. Navigate to the Enterprise Security Manager Console home page. (Choose

Launch Enterprise Security Manager Console from the Operations menu and

2. Choose the Realm Conﬁguration tab.

Table 13–1 Identity Management Realm Properties

Property Description

Attribute for Login Name Name of the directory attribute used to store login names. By

default, login names are stored in the uid attribute, but can be

changed to correspond to your directory conﬁguration. In

prior releases, this was the cn attribute.

Attribute for Kerberos

Principal Name

Name of the directory attribute used to store Kerberos

principal names. By default, Kerberos principal names are

stored in the krbPrincipalName directory attribute, but can

be changed to correspond to your directory conﬁguration by

changing orclCommonKrbPrincipalAttribute in the

identity management realm.

User Search Base Full distinguished name (DN) for the node at which enterprise

users are stored in the directory.

Group Search Base Full DN for the node at which user groups are stored for this

identity management realm in the directory.

Version Compatibility This property is no longer used. However, you should ensure

that it is not set to 81000, since release 8.1.7 and earlier

databases cannot be in thesame realm with10g Release 1 (10.1)

databases.