Corporation Network Router User Manual

Configuring Enterprise User Security for SSL Authentication

Enterprise User Security Conﬁguration Tasks and Troubleshooting 12-23

3. Click Apply.

For more information about this task, see "Managing Database Security Options for

an Enterprise Domain" on page 13-19.

Task 2: Set the LDAP_DIRECTORY_ACCESS Initialization Parameter to SSL

You can change this initialization parameter either by editing your database

initialization parameter ﬁle, or by issuing an ALTER SYSTEM SQL command with

the SET clause.

For example, the following ALTER SYSTEM command changes the LDAP_

DIRECTORY_ACCESS parameter value to SSL in the server parameter ﬁle:

ALTER SYSTEM SET LDAP_DIRECTORY_ACCESS=SSL SCOPE=SPFILE

Task 3: Connect as an SSL-Authenticated Enterprise User

Connecting asan SSL-authenticatedenterprise userinvolves ensuring that you have

the appropriate Oracle wallet features conﬁgured, and that you do not have a wallet

location speciﬁed in the client sqlnet.ora ﬁle. If the client sqlnet.ora ﬁle

contains a wallet location, then multiple users cannot share that ﬁle. Only the server

sqlnet.ora ﬁle must have a value for the wallet location parameter.

To connect as an SSL-authentication enterprise user, perform the following steps:

1. Use Oracle Wallet Manager to download a user wallet from the directory. See

"Downloading a Wallet from an LDAP Directory" on page 8-16.

2. Use Oracle Wallet Manager to enable auto login for the user wallet. Enabling

auto login generates a single sign-on (.sso) ﬁle and enables authentication to

the SSL adapter. See "Using Auto Login" on page 8-19.

3. Set the TNS_ADMIN environment variable (to point to the client's sqlnet.ora

ﬁle) for the client if the client Oracle home points to a server Oracle home.

(Because a server must have a wallet location set in its sqlnet.ora ﬁle and a