RE: Help with 10g AS and OID
- From: "Johnson, George" <GJohnson@xxxxxxx>
- To: "Oracle-L" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 11 Jan 2006 07:50:50 -0000
We are currently in our implementation phase and it is the
biggest PITA going. We are going for full 4 site, 8 server replication with DR
fallbacks, complete with full Sign-On and Active Directory integration. Oracle
support and consultancy in the UK have been absolutely useless, given next to
support or guidance, sent us down dead-end routes and I have sneaking suspicion
have been using us a test bed to see if this works. We have even had to write
our own AD password syncing DLL to put password changes from AD to OID because
9i DB's can't support the Kerberos authentication that AD, OID and 10g DBs will
support, although Oracle assured us it works fine! Oh and we have just upgraded
a 9i to 10g, which screwed the OID repository up as you are supposed to
un-register before you upgrade then re-register afterwards, otherwise you lose
all the security settings for that DB! Once this SSO "works" will be moving the
TNS lookups into it, please spare me a prayer! Other than that, it's fine!
Thanks for letting me get that off my chest!
Seriously, as with all things that can impact the business,
before you start letting management/sec. officer types get sold on this central
management/SSO stuff, take a serious long look at what you want and do some
very thorough research, we have been seriously burned by Oracle over the OID
stuff.
Rgds
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Baumgartel
Sent: 10 Jan 2006 22:50
To: Oracle-L
Subject: Re: Help with 10g AS and OID
I actually had good results with 9i OID replication using AR. What I
*couldn't* get running was using "LDAP replication" with 10g (you can choose
either LDAP replication or Advanced Replication, and being adventurous and
foolish, I chose the former).
PB
On 1/10/06, Jesse, Rich <Rich.Jesse@xxxxxxxxxxxxxxxxx> wrote:
I did that in 9i (9.0.1) on Linux and it was *very* unreliable.
It was explained to me that the 9i OID replication was really not full-blown
Oracle AR due to the fact that some of the LDAP object attributes or tree or
something (I forget) had to be different between the two servers, which AR
wouldn't allow. Anyway, we could not get it stable for more than a week or two
at a time and Oracle Support couldn't replicate it, so we junked it.
Maybe 10g will be more reliable... ;)
Rich
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:
oracle-l-bounce@xxxxxxxxxxxxx <mailto:oracle-l-bounce@xxxxxxxxxxxxx> ] On
Behalf Of Paul Baumgartel
Sent: Tuesday, January 10, 2006 2:50 PM
To: Mark.Bobak@xxxxxxxxxxxxxxx
Cc: Jason Heinrich; oracle-l@xxxxxxxxxxxxx
Subject: Re: Help with 10g AS and OID
Mark,
Just depends on which direction you're facing!
"Export" from tnsnames.ora...?
Glad it worked. Just don't try setting up LDAP
replication to a second OID server...I suffered through that for weeks and
finally gave up!
Paul
--
Paul Baumgartel
paul.baumgartel@xxxxxxxxxxxx
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
Other related posts:
