Re: Anyone configured Active Directory Auth to Oracle 11g?

• From: David Robillard <david.robillard@xxxxxxxxx>
• To: "Taylor, Chris David" <ChrisDavid.Taylor@xxxxxxxxxxxxxxx>
• Date: Fri, 28 Oct 2011 10:35:14 -0400

Hello Chris,

> According to 11g docs, you can do the below but I'm obviously missing 
> something since I don't know much about AD:

I'm not 100 % sure, but I think you need Oracle Internet Directory
(OID) for this to work. I don't think you can use any LDAP server for
this, but you should double check with Oracle Support. BTW, there is a
very detailed how to on enterprise user authentication in David C.
Knox's book « Effective Oracle Database 10g Security by Design » [1].
The book is on 10g, but I think the theory and setup is very similar
in 11g.

I do know that you can use any Kerberos infrastructure for user
authentication to the database. So you can use your Active Directory
Kerberos to authenticate users to your 11g database. But to do this,
you need the Oracle Advanced Security Option (OASO). See [2] for more
info on Kerberos authentication and [3] to help manage the AD Kerberos
from a Linux machine.

> What is O=oracle, and C=US?  The CN and OU I understand I think it's fairly 
> easy to find the AD toolkit...
>
> Anyone mind helping me out?

Those are LDAP attributes. O stands for Organization and C stands for
Country. But you might not have then in your company's LDAP tree. If
you plan on working with LDAP systems, do yourself a favor and grab a
copy of Gerald Carter's book « LDAP System Administration » [4].
Granted that it's a little old and It focuses on OpenLDAP, but the
LDAP theory is explained very clearly. It did help me understand LDAP
a lot more and then configure various LDAP servers (i.e. AD, OpenLDAP
and Oracle Internet Directory).

HTH,

David

[1] 
http://www.amazon.com/exec/obidos/tg/detail/-/0072231300/qid=1106156504/sr=8-1/ref=pd_csp_1/103-7294785-2887052?v=glance&s=books&n=507846
[2] 
http://download.oracle.com/docs/cd/E11882_01/network.112/e10746/asokerb.htm#ASOAG060
[3] http://fuhm.net/software/msktutil/
[4] http://shop.oreilly.com/product/9781565924918.do
--
David Robillard
http://www.linkedin.com/in/davidrobillard
http://itdavid.blogspot.com/

> Thanks,
>
>
> Chris Taylor
> Sr. Oracle DBA
> Ingram Barge Company
> Nashville, TN 37205
> Office: 615-517-3355
> Cell: 615-663-1673
> Email: chris.taylor@xxxxxxxxxxxxxxx<mailto:chris.taylor@xxxxxxxxxxxxxxx>
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • RE: Anyone configured Active Directory Auth to Oracle 11g?
    • From: Taylor, Chris David

Other related posts:

• » Anyone configured Active Directory Auth to Oracle 11g?- Taylor, Chris David
• » Re: Anyone configured Active Directory Auth to Oracle 11g? - David Robillard
• » RE: Anyone configured Active Directory Auth to Oracle 11g?- Taylor, Chris David
• » Re: Anyone configured Active Directory Auth to Oracle 11g?- Guenadi Jilevski
• » RE: Anyone configured Active Directory Auth to Oracle 11g?- Taylor, Chris David
• » Re: Anyone configured Active Directory Auth to Oracle 11g?- Paul Drake

1. Home
2. oracle-l
3. Archive
4. 10-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---