Re: oid/ldap

• From: Job Miller <jobmiller@xxxxxxxxx>
• To: DEEDSD@xxxxxxxxxxxxxx, oracle-l@xxxxxxxxxxxxx
• Date: Fri, 1 Jun 2007 06:19:46 -0700 (PDT)

Oracle Virtual Directory(OVD) now supports EUS with AD and Sun LDAP.  (without 
OID synchronization)
   
  eDir was on the list of things to support,  but it wasn't certified in the 
latest release.   contact me off-line if you want more info on that.  It might 
be able to be made to work.
   
  The data sheet discussing the OVD and EUS integration for Sun and MS AD is 
here:
  
http://www.oracle.com/technology/products/id_mgmt/ovds/pdf/oeus_and_ovd_data_sheet.pdf
   
  SSO in general though can be accomplished a number of ways.  By your 
suggestion that you are using EUS, I presume you mean database sso, whereby one 
id/pw gets you into lots of dbs.    Do you have users that log into a lot of 
different db's?  What client application are they logging into dbs with?
   
  Do they just want to be able to use the same id/pw, or do they not want to 
have to sign into those client applications that all directly log them into the 
db?
   
  Oracle also has a Enterprise SSO product that I use on my desktop that logs 
me into 25 different applications I access.    It doesn't matter what the 
passwords are to those applications, after I log-in once, it remembers the 
passwords for me in a secure way and intercepts and fills in the requests for 
access to those applications.
   
  other folks take a provisioning approach where you centrally 
control/provision accounts/roles to lots of individual databases, effectively 
achieving the same thing as EUS, but the accounts are still separate db managed 
accounts.
   
  others use other forms of external authentication to centrally manage users 
(ie. kerberos).  The accounts still exist locally, but authentication is 
external.
   
  A provisioning approach takes DBAs out of the loop in terms of creating all 
the accounts in the various target databases for a new user or a self-service 
request for access to a db, because those account creations and role 
activations are done through the provisioning framework in place (ie.  Oracle 
Identity Manager).  The DBA can still be an "approver" of the account creation, 
but they need not actually be the one executing the SQL to create new accounts.
   
  Job
  

DEEDSD@xxxxxxxxxxxxxx wrote:
  
How are folks handling single sign-on with Oracle? 

We have implemented Enterprise Users with OID and are trying to migrate that 
and Oracle Names to 10g OID and have had a fair amount of difficulty.  Our 
ID's, passwords, etc are stored in edirectory and get pushed to OID. 

Anyone using any other way to use single sign-on with Oracle other than OID?

       
---------------------------------
Boardwalk for $500? In 2007? Ha! 
Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.

• » oid/ldap
• » Re: oid/ldap

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription