Re: How to setup LDAP
- From: Mayen.Shah@xxxxxxxxxx
- To: oracle-l@xxxxxxxxxxxxx
- Date: Wed, 23 Jan 2008 11:38:58 -0500
Hello Everyone,
My apologies for not giving any feed back soon. (Got distracted with other
production issues). My problem is still unresolved.
Here is what I want to achieve.
Database version 9.2.0.7 and 10.2.0.3
Local tnsnames.ora
Currently I am using database authentication for user login to the
database.
I want to continue using local tnsnames. Only requirement is to change
user authentication from database to LDAP authentication. I am sure some
on our list must have done similar setup.
Simply creating user as below does not work.
Create user LDAPTEST identified globally as 'CN=LDAPTEST,ou=Service
Accounts,ou=Users,ou=Administrative,ou=.Lazard,dc=lazard,dc=com';
User gets created without error but connection fails with invalid
username/password error. I verified with our sa and DN is correct. I am
sure I am missing something but could not find more information. Search on
metalink/google mostly points me to OID and I was told by oracle sales rep
that OID is licensed product.
Any help/pointer is greatly appreciated.
Thank you.
Mayen
"Dan Norris" <dannorris@xxxxxxxxxxxxx>
Jan 14 2008 01:10 PM
To
krish.hariharan@xxxxxxxxxxxx, Mayen Shah/ITS/Lazard@Lazard NYC
cc
oracle-l@xxxxxxxxxxxxx, "Jared Still" <jkstill@xxxxxxxxx>
Subject
Re: How to setup LDAP
>>> The user administration and global authentication portion WAS NOT
FREE.
That's almost correct. When 10g was introduced, the ASO license was
refactored such that EE now includes password-based Enterprise User
Security. If you want certificate-based security, that still requires the
ASO option to be licensed. I'm not sure that the price list shows that
very well, but it is verifiable--I think it's in the docs where they show
the features and options list and what editions they're available in.
Dan
----- Original Message ----
From: "krish.hariharan@xxxxxxxxxxxx" <krish.hariharan@xxxxxxxxxxxx>
To: Mayen.Shah@xxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx; Jared Still <jkstill@xxxxxxxxx>
Sent: Monday, January 14, 2008 11:41:09 AM
Subject: RE: How to setup LDAP
Oracle OID has the identity management framework and that had two parts
the database naming (tnsnames/onames functionality) and the
external/global user administration and authentication functionality. When
I converted/complemented ONAMES with OID I found from Oracle Sales and
Metalink that the database naming partition of OID was free since Oracle
10g treats ONAMES as ?He who shall not be named?, pun not intended. The
user administration and global authentication portion WAS NOT FREE.
The database naming (tnsnames functionality) can be done with sqlnet.ora
directory path including LDAP and an ldap.ora or using DNS entries that
advertise a well known ldap host.
You should clarify with your account representative on the use of the OID
identity management framework for external/global user administration
since that part is a separately licensed ($$) component. I believe this is
mentioned in Rich?s and Jared?s responses.
I haven?t been following the entire thread, but I also found out that in
10g the distribution of OID coming through the RBDMS install is not
production and one through IAS app distribution is. I discovered that when
I was looking for the onamesproxy which we tested in 9.2 OID and not
available in 10g OID.
Please feel free to correct if your experience and information is current
and different.
Regards,
-Krish
Krish Hariharan
President/Executive Architect, Quasar Database Technologies, LLC
(303) 808-5172
http://www.linkedin.com/in/quasardb
Other related posts:
