OID (Oracle Internet Directory) not to be confused with Oracle Data Integration (ODI), is not necessary anymore for DB Authentication with AD. The strategy now is to leverage OUD (Oracle Unified Directory) OUD&EUS Take 2: DB Accounts Proxy-ed by OUD into existing Directories (Sylvain Duloutre's Weblog) | | | | | | | | | | | OUD&EUS Take 2: DB Accounts Proxy-ed by OUD into exi...Blogs.Oracle.Com - Sylvain Duloutre's Weblog | | | | View on blogs.oracle.com | Preview by Yahoo | | | | | Either via password into AD or via Kerberos with AD... This blog explains the architecture of both. There are a variety of Oracle partners and Oracle consulting folks who have helped folks do this type of thing. here is a link to one such partner who helped a large company out with this effort: Enterprise User Security (EUS) - Hub City Media | | | | | | | | | Enterprise User Security (EUS) - Hub City MediaEnterprise User Security (EUS) Improve Database User Security As the number of databases in an organization increases, so do the number of database identities. | | | | View on www.hubcitymedia.com | Preview by Yahoo | | | | | From: Don Seiler <don@xxxxxxxxx> To: Niall Litchfield <niall.litchfield@xxxxxxxxx> Cc: ORACLE-L <oracle-l@xxxxxxxxxxxxx> Sent: Tuesday, December 16, 2014 3:37 PM Subject: Re: Looking for customer experiences on Oracle EUS/ODI I believe in this case Oracle RDBMS would talk to ODI, which would be the passthrough for LDAP/MSAD. On Tue, Dec 16, 2014 at 2:26 PM, Niall Litchfield <niall.litchfield@xxxxxxxxx> wrote: Your sales rep should be able to help with reference sites. I'd also be sceptical since I started with Oracle in, well another millennium and I've never seen Enterprise Users setup in AD. SSO is almost always done with purely Oracle tech. Of course authentication of users to an ldap directory respecting external ldap roles *ought* to be a built in feature but c'est la vie. On 16 Dec 2014 20:00, "Don Seiler" <don@xxxxxxxxx> wrote: Afternoon all. My organization is looking at using Oracle EUS/ODI to facilitate single-sign-on authentication with our Active Directory. There are a few people that are very nervous about this, namely at the thought of something going wrong and suddenly a lot of the infrastructure is locked out. They've asked if we could find some real-world customer experiences/testimonials to put them at ease, or cement their fears. If anyone is willing to share, I'd love to pick your brains. -- Don Seiler http://www.seiler.us -- Don Seiler http://www.seiler.us