RE: Anyone configured Active Directory Auth to Oracle 11g?

  • From: "Taylor, Chris David" <ChrisDavid.Taylor@xxxxxxxxxxxxxxx>
  • To: 'David Robillard' <david.robillard@xxxxxxxxx>
  • Date: Fri, 28 Oct 2011 09:39:38 -0500


Thank you, that is very helpful.

Chris Taylor
Sr. Oracle DBA
Ingram Barge Company
Nashville, TN 37205

"Quality is never an accident; it is always the result of intelligent effort."
-- John Ruskin (English Writer 1819-1900)

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and 
may also be privileged. If you are not the named recipient, please notify the 
sender immediately and delete the contents of this message without disclosing 
the contents to anyone, using them for any purpose, or storing or copying the 
information on any medium.

-----Original Message-----
From: David Robillard [mailto:david.robillard@xxxxxxxxx] 
Sent: Friday, October 28, 2011 9:35 AM
To: Taylor, Chris David
Cc: oracle-l mailing list
Subject: Re: Anyone configured Active Directory Auth to Oracle 11g?

Hello Chris,

> According to 11g docs, you can do the below but I'm obviously missing 
> something since I don't know much about AD:

I'm not 100 % sure, but I think you need Oracle Internet Directory
(OID) for this to work. I don't think you can use any LDAP server for this, but 
you should double check with Oracle Support. BTW, there is a very detailed how 
to on enterprise user authentication in David C.
Knox's book < Effective Oracle Database 10g Security by Design > [1].
The book is on 10g, but I think the theory and setup is very similar in 11g.

I do know that you can use any Kerberos infrastructure for user authentication 
to the database. So you can use your Active Directory Kerberos to authenticate 
users to your 11g database. But to do this, you need the Oracle Advanced 
Security Option (OASO). See [2] for more info on Kerberos authentication and 
[3] to help manage the AD Kerberos from a Linux machine.

> What is O=oracle, and C=US?  The CN and OU I understand I think it's fairly 
> easy to find the AD toolkit...
> Anyone mind helping me out?

Those are LDAP attributes. O stands for Organization and C stands for Country. 
But you might not have then in your company's LDAP tree. If you plan on working 
with LDAP systems, do yourself a favor and grab a copy of Gerald Carter's book 
< LDAP System Administration > [4].
Granted that it's a little old and It focuses on OpenLDAP, but the LDAP theory 
is explained very clearly. It did help me understand LDAP a lot more and then 
configure various LDAP servers (i.e. AD, OpenLDAP and Oracle Internet 



David Robillard

> Thanks,
> Chris Taylor
> Sr. Oracle DBA
> Ingram Barge Company
> Nashville, TN 37205
> Office: 615-517-3355
> Cell: 615-663-1673
> Email: 
> chris.taylor@xxxxxxxxxxxxxxx<mailto:chris.taylor@xxxxxxxxxxxxxxx>


Other related posts: