Now that all editions can leverage ms ad for authentication, has anyone implemented that with 11.2.0.3 on ms server 2008 r2? It appears that there is more to it than a few clicks in NetCA to actually get it to work. On Oct 27, 2011 4:04 PM, "Taylor, Chris David" < ChrisDavid.Taylor@xxxxxxxxxxxxxxx> wrote: > According to 11g docs, you can do the below but I'm obviously missing > something since I don't know much about AD: > > ------------------------------------------------------------------------------------------------------------ > Creating a User Who Is Authorized by a Directory Service > > You have the following options to specify users who are authorized by a > directory service: > > * Creating a Global User Who Has a Private Schema< > http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authentication.htm#CHDJJDFE > > > > * Creating Multiple Enterprise Users Who Share Schemas< > http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authentication.htm#CHDJHAIB > > > > Creating a Global User Who Has a Private Schema > > The following statement shows the creation of a global user with a private > schema, authenticated by SSL, and authorized by the enterprise directory > service: > > CREATE USER psmith IDENTIFIED GLOBALLY AS > 'CN=psmith,OU=division1,O=oracle,C=US'; > > The string provided in the AS clause provides an identifier (distinguished > name, or DN) meaningful to the enterprise directory. > > In this case, psmith is a global user. But, the disadvantage here is that > user psmith must then be created in every database that he must access, > plus the directory. > > ---------------------------------------------------------------------------------------------------------- > > > What is O=oracle, and C=US? The CN and OU I understand I think it's > fairly easy to find the AD toolkit... > > Anyone mind helping me out? > > Thanks, > > > Chris Taylor > Sr. Oracle DBA > Ingram Barge Company > Nashville, TN 37205 > Office: 615-517-3355 > Cell: 615-663-1673 > Email: chris.taylor@xxxxxxxxxxxxxxx<mailto:chris.taylor@xxxxxxxxxxxxxxx> > > CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential > and may also be privileged. If you are not the named recipient, please > notify the sender immediately and delete the contents of this message > without disclosing the contents to anyone, using them for any purpose, or > storing or copying the information on any medium. > > > -- > //www.freelists.org/webpage/oracle-l > > >