RE: Help with 10g AS and OID

  • From: "Johnson, George" <GJohnson@xxxxxxx>
  • To: "Oracle-L" <oracle-l@xxxxxxxxxxxxx>
  • Date: Wed, 11 Jan 2006 07:50:50 -0000

                We are currently in our implementation phase and it is the 
biggest PITA going. We are going for full 4 site, 8 server replication with DR 
fallbacks, complete with full Sign-On and Active Directory integration. Oracle 
support and consultancy in the UK have been absolutely useless, given next to 
support or guidance, sent us down dead-end routes and I have sneaking suspicion 
have been using us a test bed to see if this works. We have even had to write 
our own AD password syncing DLL to put password changes from AD to OID because 
9i DB's can't support the Kerberos authentication that AD, OID and 10g DBs will 
support, although Oracle assured us it works fine! Oh and we have just upgraded 
a 9i to 10g, which screwed the OID repository up as you are supposed to 
un-register before you upgrade then re-register afterwards, otherwise you lose 
all the security settings for that DB! Once this SSO "works" will be moving the 
TNS lookups into it, please spare me a prayer! Other than that, it's fine!
                Thanks for letting me get that off my chest!
                Seriously, as with all things that can impact the business, 
before you start letting management/sec. officer types get sold on this central 
management/SSO stuff, take a serious long look at what you want and do some 
very thorough research, we have been seriously burned by Oracle over the OID 

        -----Original Message-----
        From: oracle-l-bounce@xxxxxxxxxxxxx 
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Baumgartel
        Sent: 10 Jan 2006 22:50
        To: Oracle-L
        Subject: Re: Help with 10g AS and OID
        I actually had good results with 9i OID replication using AR.  What I 
*couldn't* get running was using "LDAP replication" with 10g (you can choose 
either LDAP replication or Advanced Replication, and being adventurous and 
foolish, I chose the former). 
        On 1/10/06, Jesse, Rich <Rich.Jesse@xxxxxxxxxxxxxxxxx> wrote: 

                I did that in 9i (9.0.1) on Linux and it was *very* unreliable. 
 It was explained to me that the 9i OID replication was really not full-blown 
Oracle AR due to the fact that some of the LDAP object attributes or tree or 
something (I forget) had to be different between the two servers, which AR 
wouldn't allow.  Anyway, we could not get it stable for more than a week or two 
at a time and Oracle Support couldn't replicate it, so we junked it.
                Maybe 10g will be more reliable...  ;)

                        -----Original Message-----
                        From: oracle-l-bounce@xxxxxxxxxxxxx [mailto: 
oracle-l-bounce@xxxxxxxxxxxxx <mailto:oracle-l-bounce@xxxxxxxxxxxxx> ] On 
Behalf Of Paul Baumgartel
                        Sent: Tuesday, January 10, 2006 2:50 PM
                        To: Mark.Bobak@xxxxxxxxxxxxxxx
                        Cc: Jason Heinrich; oracle-l@xxxxxxxxxxxxx
                        Subject: Re: Help with 10g AS and OID
                        Just depends on which direction you're facing!
                        "Export" from tnsnames.ora...?
                        Glad it worked.  Just don't try setting up LDAP 
replication to a second OID server...I suffered through that for weeks and 
finally gave up! 

        Paul Baumgartel

This message contains confidential information and is intended only 
for the individual or entity named.  If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.  
Please notify the sender immediately by e-mail if you have received 
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of this 
message which arise as a result of e-mail transmission.  
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is 
regulated or licensed in those jurisdictions as required.

Other related posts: