readme_aso.htm

Debian中文参考手册,系统介绍了Debian系统

If the <CODE>jsse.jar</CODE> provided by your platform vendor and <CODE>jcert.jar</CODE> are present in the classpath, then <CODE>javax-ssl-1*.jar</CODE> should not be present in the classpath. Further, Oracle Corporation recommends that you use <CODE>jssl-1_1.jar</CODE> because <CODE>jssl-1_2.jar</CODE> may cause problems.
</P>
<A NAME="563423"></A>
<P CLASS="BP">
To use Oracle JavaSSL, the following Java security properties must be set:
</P>
    
<PRE CLASS="CE">
<A NAME="563409"></A>ssl.SocketFactory.provider=oracle.security.ssl.OracleSSLSocketFactoryImpl
<A NAME="564010"></A>ssl.ServerSocketFactory.provider=oracle.security.ssl.OracleSSLServerSocketFactoryImpl
<A NAME="563430"></A>
</PRE>    <A NAME="563410"></A>
<P CLASS="BP">
If <CODE>jsse.jar</CODE> and <CODE>jcert.jar</CODE> are installed as extensions (located in <CODE>$JAVA_HOME/jre/lib/ext</CODE>), then <CODE>jssl-1_1.jar</CODE> must be installed in the same directory.
</P>

<A NAME="521440"></A>
<!--TOC=h1-"521440"-->
<H2 CLASS="H1"><FONT FACE="Arial, Helvetica, sans-serif" COLOR="#330099">10&#32; ORACLE ENTERPRISE SECURITY MANAGER 9.2</FONT></H2>


<!--/TOC=h1-->
<A NAME="563458"></A>
<P CLASS="BP">
Enterprise Security Manager 9<EM CLASS="Italic">i,</EM> Release 2 has the capability of automatically creating a wallet for the database and users. Please note that these wallets are only intended for ease of building a demo or for rapid testing purposes.
</P>
<A NAME="563459"></A>
<P CLASS="BP">
Oracle Corporation does not recommend using these wallets for your production operations. We recommend, instead, that you use certificates generated by the certificate authority vendor of your choice and associate that certificate with the database or user wallet.
</P>

<A NAME="563460"></A>
<!--TOC=h2-"563460"-->
<H3 CLASS="H2"><FONT FACE="Arial, Helvetica, sans-serif" COLOR="#330099">10.1&#32; Known Bugs and Workarounds</FONT></H3>
<!--/TOC=h2-->

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563745"></A><STRONG>Bug 2293192</STRONG></FONT>
</DL>
<A NAME="563476"></A>
<P CLASS="BP">
The administrator for the user search base, is not able to create users. For example, <CODE>cn=admuser</CODE> cannot create users under <CODE>cn=users,c=us</CODE>.
</P>

<A NAME="563516"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563752"></A>
<P CLASS="BP">
Using the example listed above, add <CODE>cn=admuser</CODE> to <CODE>OracleUserSecurityAdmins</CODE>.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563461"></A><STRONG>Bug 2299074</STRONG></FONT>
</DL>
<A NAME="563753"></A>
<P CLASS="BP">
A user who belongs to both <CODE>OracleUserSecurityAdmins</CODE> and <CODE>OracleDBSecurityAdmins</CODE> (or indirectly to <CODE>OraclePasswordAccessibleDomains</CODE>) is not able to change passwords.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563462"></A><STRONG>Bug 2210818</STRONG></FONT>
</DL>
<A NAME="563756"></A>
<P CLASS="BP">
Cannot view the Oracle Context version with Enterprise Security Manager.
</P>

<A NAME="563517"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563759"></A>
<P CLASS="BP">
You can use Enterprise Security Manager to check whether it is an Oracle8<EM CLASS="Italic">i</EM> or 9<EM CLASS="Italic">i</EM> context. An <CODE>ldapsearch</CODE> allows you to distinguish between an Oracle9<EM CLASS="Italic">i,</EM> Release 1 or Release2 context (9iR1 or 9iR2, respectively).
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563463"></A><STRONG>Bug 2040979</STRONG></FONT>
</DL>
<A NAME="563760"></A>
<P CLASS="BP">
Enterprise Security Manager does not show search bases if the distinguished name (DN) matches beyond two levels.
</P>

<A NAME="563518"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563761"></A>
<P CLASS="BP">
Do not use multiple Oracle Contexts in a directory tree with DNs that match beyond two levels.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563464"></A><STRONG>Bug 1906630</STRONG></FONT>
</DL>
<A NAME="563764"></A>
<P CLASS="BP">
Changing the database password from Enterprise Login Assistant does not generate the correct database password verifier.
</P>

<A NAME="563519"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563767"></A>
<P CLASS="BP">
Do not use DNs to log onto Enterprise Login Assistant. The user should use their "User ID" to connect to the database using Enterprise Login Assistant.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563465"></A><STRONG>Bug 2234811</STRONG></FONT>
</DL>
<A NAME="563770"></A>
<P CLASS="BP">
Enterprise Security Manager creates the role but displays an error "Permission Denied: Your login doesn't have the correct privileges for this operation".
</P>

<A NAME="563523"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563771"></A>
<P CLASS="BP">
Ignore this error.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563466"></A><STRONG>Bug 2250699</STRONG></FONT>
</DL>
<A NAME="563774"></A>
<P CLASS="BP">
Enterprise Security Manager crashes when Oracle Internet Directory is shutdown.
</P>

<A NAME="563529"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563777"></A>
<P CLASS="BP">
Restart Enterprise Security Manager.
</P>

<A NAME="563452"></A>
<!--TOC=h2-"563452"-->
<H3 CLASS="H2"><FONT FACE="Arial, Helvetica, sans-serif" COLOR="#330099">10.2&#32; Command Line Tool for Enterprise Security Manager 9.2</FONT></H3>
<!--/TOC=h2-->
<A NAME="563532"></A>
<P CLASS="BP">
In this release, customers are provided the option to use the Enterprise Security Manager command line tool. This tool includes the functionality to create new enterprise users and to provision or enable existing directory user entries to participate in enterprise user security.
</P>
<A NAME="563583"></A>
<P CLASS="BP">
To start the tool, type <CODE>esm -cmd</CODE>, which displays the full tool syntax (help).
</P>
   
<A NAME="563782">
<DIV ALIGN="CENTER">
<P>
<TABLE CLASS="Note" BORDER="0" WIDTH="80%" CELLPADDING="0" CELLSPACING="0" dir="ltr" summary="This is a layout table to format a note" title="This is a layout table to format a note">
<TR CLASS="Note"><TD CLASS="Note">
<HR>
<A NAME="563785"></A><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="NH">Note:</STRONG></FONT>

<A NAME="563786"></A>
<P CLASS="NB">
When the Oracle Context is required as input, use the context base rather than the actual DN of the Oracle Context. For example, use '<CODE>c=us</CODE>' if your context is '<CODE>cn=OracleContext,c=us</CODE>'.
<HR>
</TD>
</TR>


</TABLE>


</DIV>
</A>
   
<A NAME="563584"></A>
<!--TOC=h3-"563584"-->
<H4 CLASS="H3"><FONT FACE="Arial, Helvetica, sans-serif" COLOR="#330099">10.2.1&#32; Known Bugs and Workarounds</FONT></H4>
<!--/TOC=h3-->

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563554"></A><STRONG>Bugs 2282536, 2282579, 2282626, 2282376</STRONG></FONT>
</DL>
<A NAME="563778"></A>
<P CLASS="BP">
Some of the less frequently used options displayed in the help description that are not supported in this release are: <CODE>addGlobalRole</CODE>, <CODE>addPasswordAccessibleDomains</CODE>, <CODE>addDomainDatabase</CODE> and <CODE>removeMapping</CODE>.
</P>

<A NAME="563587"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563779"></A>
<P CLASS="BP">
These administrative actions can be performed with the Enterprise Security Manager GUI interface.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563793"></A><STRONG>Bug 2271773</STRONG></FONT>
</DL>
<A NAME="563534"></A>
<P CLASS="BP">
When DNs are required as input for the various commands, spaces within attribute values in the DNs are not supported. For example, "<CODE>cn=john doe,c=us</CODE>" is not supported due to the space between john and doe, but "<CODE>cn=john,c=us</CODE>" is supported.
</P>

<A NAME="563588"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563796"></A>
<P CLASS="BP">
Do not use DNs that include spaces within attribute values.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563799"></A><STRONG>Bug 2282312</STRONG></FONT>
</DL>
<A NAME="563536"></A>
<P CLASS="BP">
When creating a new enterprise domain with <CODE>createDomain</CODE>, the default domain administrator is set incorrectly to be the DN of the Oracle Context.
</P>

<A NAME="563589"></A>
<H5 CLASS="SH3"><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="Bold">Workaround</STRONG></FONT></H5>
<A NAME="563800"></A>
<P CLASS="BP">
Use the Enterprise Security Manager GUI tool to remove the Oracle Context as a domain administrator, and add an appropriate user instead.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563803"></A><STRONG>Bug 2282444 (Enhancement Request)</STRONG></FONT>
</DL>
<A NAME="563592"></A>
<P CLASS="BP">
When using the Enterprise Security Manager command line tool to modify attributes relevant to an entire Oracle Context, such as User Search Bases and <CODE>userIDAttribute</CODE>, values for both attributes need to be included on the command line, even if only one of them is being modified.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563806"></A><STRONG>Bug 2282479 (Enhancement Request)</STRONG></FONT>
</DL>
<A NAME="563540"></A>
<P CLASS="BP">
There is no input verification when adding a new context administrator. Ensure that the DN being added is a valid user entry in the directory.
</P>

<DL CLASS="A1">

<DT CLASS="A1"><FONT SIZE="-1" FACE="Arial, Helvetica, sans-serif"><A NAME="563809"></A><STRONG>Bug 2282471 (Enhancement Request)</STRONG></FONT>
</DL>
<A NAME="563541"></A>
<P CLASS="BP">
For the various role operations (for example, <CODE>grantRole</CODE>), the full DN of the enterprise role is required as input. The syntax for enterprise role DNs is:
</P>
    
<PRE CLASS="CE">
<A NAME="563612"></A>"<CODE>cn=&lt;</CODE><EM><CODE>role name</CODE></EM><CODE>&gt;,cn=&lt;</CODE><EM><CODE>enterprise domain name</CODE></EM><CODE>&gt;,cn=OracleDBSecurity,cn=Products,  
cn=OracleContext,&lt;</CODE><EM><CODE>context location</CODE></EM><CODE>&gt;</CODE>".
</PRE>    
<A NAME="556075"></A>
<!--TOC=h1-"556075"-->
<H2 CLASS="H1"><FONT FACE="Arial, Helvetica, sans-serif" COLOR="#330099">11&#32; USER MIGRATION UTILITY</FONT></H2>


<!--/TOC=h1-->
<A NAME="563627"></A>
<P CLASS="BP">
New in the 9i Release 2 release is the User migration command line utility. This tool allows administrators to migrate database users to the directory to participate in enterprise user security. Using this tool allows exclusive schema users to be mapped to a shared schema during the migration process. Additionally, the user migration utility provisions/enables existing directory users for use with Oracle Advanced Security's Enterprise User Security feature.
</P>
<A NAME="563628"></A>
<P CLASS="BP">
The tool has a JRE 1.3.1 dependency. You should set <CODE>JAVA_HOME</CODE> or <CODE>CLASSPATH</CODE> to point to the JRE 1.3.1 file.
</P>
   
<A NAME="563822">
<DIV ALIGN="CENTER">
<P>
<TABLE CLASS="NoteAlso" BORDER="0" WIDTH="80%" CELLPADDING="0" CELLSPACING="0" dir="ltr" summary="This is a layout table to format a note" title="This is a layout table to format a note">
<TR CLASS="NoteAlso"><TD CLASS="NoteAlso">
<A NAME="563825"></A><FONT FACE="Arial, Helvetica, sans-serif"><STRONG CLASS="NH">See Also:</STRONG></FONT>

<A NAME="563826"></A>
<P CLASS="NB">
<EM CLASS="Italic">Oracle Advanced Security Administrator's Guide</EM>, Chapter 16, "Migrating Local or External Users to Enterprise Users"
</TD>
</TR>

</TABLE>


</DIV>

</A>
   <A NAME="562046"></A>
<P CLASS="BP">

</P>






<!-- Start Footer -->
</DIV>

<DIV CLASS="OUTD">
<HR>



<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD VALIGN="BOTTOM" WIDTH="33%">
<TABLE CELLSPACING="0" CELLPADDING="0">
<TR>



    
</TR>
</TABLE>
</TD>
<TD ALIGN="CENTER" WIDTH="34%">
<A HREF="../dcommon/html/cpyr.htm"><IMG SRC="../dcommon/gifs/oracle.gif" ALT="Oracle" BORDER="0"><BR>
<FONT SIZE="-2">Copyright &copy; 2002 Oracle Corporation.</FONT></A>
<BR>
<FONT SIZE="-2">All Rights Reserved.</FONT>
</TD>
<TD VALIGN="BOTTOM" ALIGN="RIGHT" WIDTH="33%"> 
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="144">
<TR>



<TD ALIGN="CENTER" VALIGN="TOP" WIDTH="25%"></TD>
<TD ALIGN="CENTER" VALIGN="TOP" WIDTH="25%"></TD>
<TD ALIGN="CENTER" VALIGN="TOP" WIDTH="25%"></TD>
<TD ALIGN="CENTER" VALIGN="TOP" WIDTH="25%"></TD>





</TR>
</TABLE>
</TD>
</TR>
</TABLE>
  
</DIV>

</BODY>
</HTML>