We are currently in our implementation phase and it is the biggest PITA going. We are going for full 4 site, 8 server replication with DR fallbacks, complete with full Sign-On and Active Directory integration. Oracle support and consultancy in the UK have been absolutely useless, given next to support or guidance, sent us down dead-end routes and I have sneaking suspicion have been using us a test bed to see if this works. We have even had to write our own AD password syncing DLL to put password changes from AD to OID because 9i DB's can't support the Kerberos authentication that AD, OID and 10g DBs will support, although Oracle assured us it works fine! Oh and we have just upgraded a 9i to 10g, which screwed the OID repository up as you are supposed to un-register before you upgrade then re-register afterwards, otherwise you lose all the security settings for that DB! Once this SSO "works" will be moving the TNS lookups into it, please spare me a prayer! Other than that, it's fine! Thanks for letting me get that off my chest! Seriously, as with all things that can impact the business, before you start letting management/sec. officer types get sold on this central management/SSO stuff, take a serious long look at what you want and do some very thorough research, we have been seriously burned by Oracle over the OID stuff. Rgds -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Baumgartel Sent: 10 Jan 2006 22:50 To: Oracle-L Subject: Re: Help with 10g AS and OID I actually had good results with 9i OID replication using AR. What I *couldn't* get running was using "LDAP replication" with 10g (you can choose either LDAP replication or Advanced Replication, and being adventurous and foolish, I chose the former). PB On 1/10/06, Jesse, Rich <Rich.Jesse@xxxxxxxxxxxxxxxxx> wrote: I did that in 9i (9.0.1) on Linux and it was *very* unreliable. It was explained to me that the 9i OID replication was really not full-blown Oracle AR due to the fact that some of the LDAP object attributes or tree or something (I forget) had to be different between the two servers, which AR wouldn't allow. Anyway, we could not get it stable for more than a week or two at a time and Oracle Support couldn't replicate it, so we junked it. Maybe 10g will be more reliable... ;) Rich -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto: oracle-l-bounce@xxxxxxxxxxxxx <mailto:oracle-l-bounce@xxxxxxxxxxxxx> ] On Behalf Of Paul Baumgartel Sent: Tuesday, January 10, 2006 2:50 PM To: Mark.Bobak@xxxxxxxxxxxxxxx Cc: Jason Heinrich; oracle-l@xxxxxxxxxxxxx Subject: Re: Help with 10g AS and OID Mark, Just depends on which direction you're facing! "Export" from tnsnames.ora...? Glad it worked. Just don't try setting up LDAP replication to a second OID server...I suffered through that for weeks and finally gave up! Paul -- Paul Baumgartel paul.baumgartel@xxxxxxxxxxxx **************************************************************************** This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. ****************************************************************************