David, Thank you, that is very helpful. Chris Taylor Sr. Oracle DBA Ingram Barge Company Nashville, TN 37205 "Quality is never an accident; it is always the result of intelligent effort." -- John Ruskin (English Writer 1819-1900) CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and delete the contents of this message without disclosing the contents to anyone, using them for any purpose, or storing or copying the information on any medium. -----Original Message----- From: David Robillard [mailto:david.robillard@xxxxxxxxx] Sent: Friday, October 28, 2011 9:35 AM To: Taylor, Chris David Cc: oracle-l mailing list Subject: Re: Anyone configured Active Directory Auth to Oracle 11g? Hello Chris, > According to 11g docs, you can do the below but I'm obviously missing > something since I don't know much about AD: I'm not 100 % sure, but I think you need Oracle Internet Directory (OID) for this to work. I don't think you can use any LDAP server for this, but you should double check with Oracle Support. BTW, there is a very detailed how to on enterprise user authentication in David C. Knox's book < Effective Oracle Database 10g Security by Design > [1]. The book is on 10g, but I think the theory and setup is very similar in 11g. I do know that you can use any Kerberos infrastructure for user authentication to the database. So you can use your Active Directory Kerberos to authenticate users to your 11g database. But to do this, you need the Oracle Advanced Security Option (OASO). See [2] for more info on Kerberos authentication and [3] to help manage the AD Kerberos from a Linux machine. > What is O=oracle, and C=US? The CN and OU I understand I think it's fairly > easy to find the AD toolkit... > > Anyone mind helping me out? Those are LDAP attributes. O stands for Organization and C stands for Country. But you might not have then in your company's LDAP tree. If you plan on working with LDAP systems, do yourself a favor and grab a copy of Gerald Carter's book < LDAP System Administration > [4]. Granted that it's a little old and It focuses on OpenLDAP, but the LDAP theory is explained very clearly. It did help me understand LDAP a lot more and then configure various LDAP servers (i.e. AD, OpenLDAP and Oracle Internet Directory). HTH, David [1] http://www.amazon.com/exec/obidos/tg/detail/-/0072231300/qid=1106156504/sr=8-1/ref=pd_csp_1/103-7294785-2887052?v=glance&s=books&n=507846 [2] http://download.oracle.com/docs/cd/E11882_01/network.112/e10746/asokerb.htm#ASOAG060 [3] http://fuhm.net/software/msktutil/ [4] http://shop.oreilly.com/product/9781565924918.do -- David Robillard http://www.linkedin.com/in/davidrobillard http://itdavid.blogspot.com/ > Thanks, > > > Chris Taylor > Sr. Oracle DBA > Ingram Barge Company > Nashville, TN 37205 > Office: 615-517-3355 > Cell: 615-663-1673 > Email: > chris.taylor@xxxxxxxxxxxxxxx<mailto:chris.taylor@xxxxxxxxxxxxxxx> -- //www.freelists.org/webpage/oracle-l