Monday, July 25, 2011

How to create user in OID with orcladmin privileges.


 

My environment details:

Hostname: oidoam.tap

OID Port: 389

Root user: orcladmin

Password: abc123

New user to be created: qasim

Step 1: First of all from the ORACLE_HOME/bin execute following command.

$ ldapsearch -h oidoam.tap -p 389 -D "cn=orcladmin" -w abc123 "uniquemember=cn=orcladmin,cn=Users,dc=tap,dc=com" "dn" > '/tmp/group.ldif'

This command will create an ourput file group.ldif in /tmp.

Sample group.ldif output:

cn=OracleContextAdmins,cn=Groups,cn=OracleContext,dc=tap,dc=com

cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,dc=tap,dc=com

cn=iASAdmins, cn=Groups,cn=OracleContext,dc=tap,dc=com

cn=UserProxyPrivilege, cn=Groups,cn=OracleContext,dc=tap,dc=com

cn=OracleDASAdminGroup, cn=Groups,cn=OracleContext,dc=tap,dc=com

cn=OracleSuperUserAdminGroup, cn=Groups, cn=OracleContext,dc=tap,dc=com

cn=ASPAdmins, cn=groups,cn=OracleContext,dc=tap,dc=com

cn=IAS & User Mgmt Application Admins, cn=Groups,cn=OracleContext,dc=tap,dc=com

cn=Trusted Applications Admins, cn=Groups,cn=OracleContext,dc=tap,dc=com


 


 

Step 2.

Edit the group.ldif file to following format:

dn: cn=OracleContextAdmins,cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=iASAdmins, cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=UserProxyPrivilege, cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=OracleDASAdminGroup, cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=OracleSuperUserAdminGroup, cn=Groups, cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=ASPAdmins, cn=groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=IAS & User Mgmt Application Admins, cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=Trusted Applications Admins, cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=Common User Attributes, cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

dn: cn=Common Group Attributes, cn=Groups,cn=OracleContext,dc=tap,dc=com

changetype: modify

add: uniquemember

uniquemember: cn=qasim,cn=Users,dc=tap,dc=com


 

Step 4:

Save the group.ldif file and execute the following command:

$ ldapmodify -h oidoam.tap -p 389 -D "cn=orcladmin" -w abc123 -f '/tmp/group.ldif'

To confirm if the user has been really created, kindly execute the below command:

$ ldapsearch -h oidoam.tap -p 389 -D "cn=orcladmin" -w abc123 "uniquemember=cn=qasim,cn=Users,dc=tap,dc=com" "dn"
Posted by at
Labels: , , ,

6 comments:

  1. AnonymousFebruary 8, 2013 at 11:21 AM

    Little seemingly trivial find like this keeps the world going! I spent half a day trying to figure out the problem. Glad to find this article! Thanks sir!

    -HL

    ReplyDelete
  2. KrishJanuary 9, 2014 at 11:57 AM

    Any idea how i can create a read only user for the user and group containers

    ReplyDelete
  3. AnonymousJanuary 23, 2015 at 12:08 AM

    Thanks qasim for the useful post.
    Simple and straightforward.
    It worked for me.
    Regards,
    Chandrakanth

    ReplyDelete
  4. UnknownFebruary 12, 2018 at 2:24 AM

    How to set the Password for this new user

    ReplyDelete
  5. Raushan KumarMarch 16, 2018 at 9:45 AM

    getting error while executing step 4 command: ldapmodify: no attributes to change or add (entry cn=OracleContextAdmins,cn=Groups,cn=OracleContext,dc=corp,dc=local)

    ReplyDelete
  6. sudhir singh patelMarch 18, 2018 at 4:33 AM

    i can see user got created from ldap login but while searching user through ldapsearch didn't get any result. and what will be password for newly created user(qasim) ?

    ReplyDelete

Subscribe to: Post Comments (Atom)