Oracle® Database Enterprise User Security Administrator's Guide 11g Release 2 (11.2) Part Number E10744-01 |
|
|
View PDF |
This appendix discusses upgrading Oracle9i Database (9.2.0.8) to Oracle Database 11g Release 2 (11.2) with respect to Enterprise User Security. It includes the following sections:
Upgrading Oracle Internet Directory from Release 9.2 to Release 9.0.4
Upgrading Oracle Database from Release 9.2.0.8 to Release 11.2
Oracle9i Database Release 2 can work with Oracle Internet Directory Release 9.2 or Release 9.0.4. Oracle Database 11g Release 2 (11.2) requires Oracle Internet Directory 9.0.4 or later. In case you are using Oracle Internet Directory Release 9.2, you need to upgrade it to Release 9.0.4.
The following list discusses upgrading Oracle Internet Directory Release 9.2 to Oracle Internet Directory Release 9.0.4:
Use Oracle Internet Directory Configuration Assistant to upgrade Oracle Internet Directory. This is required if you want to register Oracle Database 11g Release 2 (11.2) instances in the directory.
Upgrade Oracle Contexts used for Enterprise User Security to Identity Management Realms, if they are not root contexts. Use the Oracle Internet Directory Configuration Assistant command-line utility as follows:
oidca mode=CTXTOIMR
This step is required if you want to register an Oracle Database 11g Release 2 (11.2) instance in a realm.
You cannot use the root Oracle Context for Oracle Database 11g Release 2 (11.2) databases because it is not an Identity Management Realm.
Use Oracle Internet Directory tools, such as ldapmodify
and bulkmodify
, to add the orcluserV2
objectclass
to existing user entries. This objectclass
is required for users to change their database passwords, and for kerberos authentication to the database.
In a realm that contains both Oracle9i Database and Oracle Database 11g Release 2 (11.2), use a DAS-based tool in Oracle Internet Directory Release 9.0.4 to create and manage users. You can use either Oracle Internet Directory Self-Service Console or Enterprise Security Manager Console. Do not use Enterprise Security Manager or Enterprise Login Assistant from Oracle9i installations.
For each Oracle9i Database (9.2.0.8) instance that you upgrade to Oracle Database 11g Release 2 (11.2), perform the following steps:
Use Oracle Wallet Manager to disable automatic login for the database wallet.
Copy the database distinguished name (DN) from the initialization parameter rdbms_server_dn
to a file in a secure location.
Upgrade the database to Oracle Database 11g Release 2 (11.2).
Depending on where your database admin
directory is stored, move the database wallet either to $ORACLE_BASE/admin/
olddbuniquename
/wallet
or $ORACLE_HOME/admin/
olddbuniquename
/wallet
. Note that $ORACLE_HOME
is for the new Oracle Database 11g Release 2 (11.2). You may have to create the wallet
directory.
Copy the old $ORACLE_HOME/network/admin/ldap.ora
file to the new $ORACLE_HOME/ldap/admin/ldap.ora
file. Alternatively, you can use Oracle Net Configuration Assistant to create a new ldap.ora
file.
Use the command-line utility, mkstore
, to put the database DN (from the file in the previously created secure directory location) into the wallet by using the following syntax:
mkstore -wrl database_wallet_location -createEntry ORACLE.SECURITY.DN database_DN
You will be prompted for the wallet password.
If you make a mistake in the mkstore
command, then you can use the -modifyEntry
option to correct it.
Use Database Configuration Assistant to generate the database-to-directory password in the database wallet. Choose the Modify Database option.
Use Oracle Wallet Manager to re-enable automatic login for the database wallet.
Use Oracle Net Manager to set the new wallet location in the sqlnet.ora
file to the directory specified in step 4.
The default for the nickname attribute, such as CN, remains unchanged. The upgrade process does not change the default nickname attribute setting. After upgrading from Oracle Internet Directory Release 9.2 to Release 9.0.4, if you are unable to log in to Oracle Database 11g Release 2 (11.2), then you must use the DAS-based Oracle Internet Directory Self-Service Console to reset your password.