Oracle Beehive Proxy Auth
File Name: Oracle_Beehive_ProxyAuth.doc
Date / Author / Description of Changes1/21/08 / Gabe Whorten /
Updated to include MD5 requirement.
1/15/08 / Gabe Whorten /Original.
Purpose – Describe the steps necessary to configure an Oracle Beehive system for Proxy Authentication. This will then enable GO!NLES Pim to log into Oracle Beehive user accounts without their passwords.
Prerequisites
- Must have access to use the Beehive administration shell. These steps should be performed by the Beehive Server administrator.
- SyncML MD5 authentication must be set to “Not Supported, Not Required”. Reference the Administrator Guide for details on how to configure your system in this manner.
Step 1 – Determine specifics about your Beehive Server
- Determine the Identifier of your enterprise
For Example:
beectl> list_enterprises
------
| Enterprise name | Identifier |
------
| Notify | enpr=Notify |
------
- Determine the BYPASS Role Information
For Example:
[oracle@orclbeehive1 ~]$ $BEE_HOME/beehive/bin/beectl list_role_definitions | grep BYPASS
| acrd=enterprise-system,enpr=Notify | enterprise-system | enterprise-system | | [BYPASS] | true |
The 1st portion is the Role Definition: “acrd=enterprise-system,enpr=Notify”
The 2nd portion is the Role Name: “enterprise-system”
The 5th portion is the Privileges: “[BYPASS]”
Step 2 – Create a Superuser Account on the Beehive Server
- Create a regular account on the Beehive server using the shell command add_user. This account will later be given bypass access.
For Example:
add_user --givenname Super --familyname User --loginid superuser --password Password --enterprise enpr=Your_Enterprise --email_address superuser@Your_domain.com
Step 3 – Add the BYPASS Role to the newly created user
- Use the beectl shell command add_assigned_role to add the BYPASS role to the user.
beectl> add_assigned_role --name Role_Name-username --assigned_scope Your_Enterprise_ID --role_definition Role_Definition --accessor loginid=username
For Example:
beectl> add_assigned_role --name enterprise-system-superuser --assigned_scope enpr=Notify --role_definition acrd=enterprise-system,enpr=Notify --accessor loginid=superuser
Step 4 – Set the SurrogateAuth property for IMAP
In order to use proxy auth with IMAP in Beehive, the SurrogateAuth property needs to be set on the IMAP service properties. This can be done with the beectl shell.
- Determine the IMAP Properties Identifier
[oracle@orclbeehive1 ~]$ $BEE_HOME/beehive/bin/beectl list_components | grep IMAP
| EmailService$IMAPProperties | 623aaa7f-c15e-4013-b98c-86dc00ae129f |
The 2nd field is the ID: “623aaa7f-c15e-4013-b98c-86dc00ae129f” *
*Note - Your ID will be different.
- Use the modify_property command to change the SurrogateAuth property
[oracle@orclbeehive1 ~]$ $BEE_HOME/beehive/bin/beectl modify_property --component IMAP_Properties_Identifier --name SurrogateAuth --value true
- Activate the configuration changes
[oracle@orclbeehive1 ~]$ $BEE_HOME/beehive/bin/beectl activate_configuration
- Restart the Email service
[oracle@orclbeehive1 ~]$ $BEE_HOME/opmn/bin/opmnctl restartproc process-type=BEEAPP application=email-service