While writing a separate article on EM12c’s Security Authentication, I felt the need to separate out the various parts and pieces which make up the discussion. Rather than have one quite long post, a few smaller ones would make for an easier read.
In this one, I’d like to show you how to enable auto-provisioning for external users in EM12c. Quoting the documentation below, the intent is self explanatory.
“Typically the external LDAP users need to be created in Enterprise Manager before they can log in to the Enterprise Manager console. Auto provisioning removes that requirement by automatically creating the Enterprise Manager user account upon successful authentication of the user the first time he logs on to Enterprise Manager.”
Basically, if the property is not enabled, during the authentication-authorization phase the attempt to log will fail with an “Authentication Failed” message. You would have to dig down quite deep in the EMGC_OMSx Server LDAP logs to find that during the authorization phase the user would not map.
When I first had to do this in version 22.214.171.124.0, I found a neat video that Oracle posted which described the process of LDAP Authentication from start to finish. With respect to my post, the relevant steps are below – these need to be run on each OMS server.
-bash-4.1$ emctl set property -name "oracle.sysman.core.security.auth.autoprovisioning" -value "true"
Oracle Enterprise Manager Cloud Control 12c Release 3
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
Property oracle.sysman.core.security.auth.autoprovisioning for oms p-oem-app02.acme.com:4889_Management_Service has been set to value true
OMS restart is not required to reflect the new property value
Finally, restart all OMS servers and voila!
Hope this helps.