Oracle® Database Enterprise User Security Administrator's Guide 11g Release 1 (11.1) Part Number B28528-01 |
|
|
View PDF |
You should run the SSL external users conversion script after upgrading to Oracle Database 11g Release 1 (11.1), in case you were using SSL-authenticated external users in the earlier release. The script converts SSL-authenticated external users in previous releases into SSL-authenticated external users in Oracle Database 11g Release 1 (11.1).
This chapter covers the following topics:
The SSL external users conversion script has the following syntax:
$ORACLE_HOME/rdbms/bin/extusrupgrade --dbconnectstring database connect string --dbuser database user --dbuserpassword database user password [-a] [-l username1,username2,...] [-f filename] [-o] [-h]
The database connect string
should be in the format hostname
:port_no
:sid
, where hostname
is the name of the host on which the database is running, port_no
is the listener port number and sid
is the system identifier for the database instance.
Use the -a
option to convert all SSL-authenticated external users. Here is an example:
extusrupgrade --dbconnectstring dlsun88:1521:10gR2 --dbuser system --dbuserpassword manager -a
Use the -l
option to specify a comma-delimited list of users to be converted. For example:
extusrupgrade --dbconnectstring dlsun88:1521:10gR2 --dbuser system --dbuserpassword manager -l user1,user2,user3
Use the -f
option to specify a file that has the list of users to be converted. For example:
extusrupgrade --dbconnectstring dlsun88:1521:10gR2 --dbuser system --dbuserpassword manager -f usernames.txt
There should be one user name in each line in the specified file. Here is a sample usernames.txt
file:
user#1 user>2 user,3 user4 user5
You must use the -f
option to convert users who have special characters (such as #) in their user names.
Note:
You can combine the-l
and -f
options in the same command. The script combines the list of users from both the -l
and -f
options. If you use the -a
option along with the -l option
and the -f
option, then the -a
option is ignored.You can use the -o
option to print a list of SSL-authenticated external users to the standard output device. The output lists the users you can convert using the extusrupgrade script. The -o
option cannot be combined with any other option.
extusrupgrade --dbconnectstring dlsun88:1521:10gR2 --dbuser system --dbuserpassword manager -o
A sample output for this could be:
user1 user2 user3
Tip:
You can redirect the command output to a file to get a list of users who can be converted. You can then edit the file and use it with the-f
option.Oracle Database 11g Release 1 (11.1) allows SSL-authenticated external users and SSL-authenticated global users to coexist in the database. Previous releases had the restriction that all SSL users must be either global users or external users, depending on whether Oracle Internet Directory is being used or not for authenticating the users.
If you want a user to be able to connect to the database even when Oracle Internet Directory is not available, then the user should be configured as an external user. You can convert SSL-authenticated global users into SSL-authenticated external users by using the SSL external users conversion script.
For example:
extusrupgrade --dbconnectstring dlsun88:1521:10gR2 --dbuser system --dbuserpassword manager -l user1,user2
The preceding example converts two global users into external users.