tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P45
Applied Oracle Security: Developing Secure Database and Middleware Environments- P45:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 414 Part III Identity Management FIGURE 10-4 Configuring the basic details of the OVD Server Initializing the Virtual LDAP Tree Using a Local Store Adapter Before any physical information is presented through a virtual directory you need to define and design the directory tree and namespace that organizes all the information across the enterprise. Traditionally this part of the project can often be a paralyzing step since it requires that people agree on a common namespace. However OVD supports the notion of a virtual namespace. You are no longer permanently committed to namespaces and in fact you can now host multiple namespaces in the same virtual directory to support two models for organizing the same identity information. However it is recommended to keep it simple and unified under a common namespace. In this example we will use the namespace dc oracle dc com as our common unified namespace and integrate data from multiple repositories under a common directory information tree. The easiest way to create the root of the namespace is to use a Local Store Adapter LSA in OVD. An LSA uses a file-based repository to hold a relatively small quantity of information. It is recommended to limit the use of the LSA for only the root node of the directory tree. It is not a good idea to have the LSA store actual users since it is not meant to scale for high volume identity data. Once you define the root node of the tree you can start integrating the identity repositories that contain the full scale of identity data about all users in the enterprise. The following example uses a scenario in which different types of identity data is split across Active Directory and OID you can use the LSA to create a single logical directory tree that can reconcile the two physical directories by integrating that data underneath the namespace defined by the LSA. Figure 10-5 illustrates this design pattern. Chapter 10 Oracle Directory Services 415 FIGURE 10-5 Directory tree design using OVD .
đang nạp các trang xem trước