Setting Permissions for your Oracle Access Manager Bind Account in OID


02/12/2009

The bind account that OAM uses to connect to OID directory services needs to have full rights over the portion of the DIT that you intend to manage with OAM.

It is considered a best practice to avoid using the root user (cn=orcladmin) who has rights over the whole context and the rest of the server. It’s also a good practice to avoid the use of   to preserve it for general context administration.

An efficient way of making sure your new OAM service account has the right stuff is to set the user up with the same group memberships as the context administrator account (that’s the  ,… guy).

which gives you a good starting point for a file of modifications to add your new account into the right groups to achieve general context admin rights without having to fuss with ACLs.

You get the idea… (there are more than are listed in this post)

I’m sure there are other ways. This has worked well for me.

No Results