RE: Someone using LDAP to authenticate users to NDS?

• From: "Michael Fontana" <mfontana@xxxxxxxxx>
• To: <oracle-l@xxxxxxxxxxxxx>
• Date: Fri, 13 Feb 2004 14:00:15 -0600

Oracle has a package, dbms_ldap, which will read and load foreign LDAPs.

Don't have much detail about how the developers are using it here, but
it seems to basically load the foreign ldap data into a relational
table.  Probably not too efficient, but they're happy with it.

Script to implement can be found in $ORACLE_HOME/rdbms/admin/catldap.sql

Michael Fontana
Sr. DBA
NTT/Verio



-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of DENNIS WILLIAMS
Sent: Friday, January 30, 2004 2:35 PM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: RE: Someone using LDAP to authenticate users to NDS?


Ana 
   Correction: . . . can you switch to OID? The latter (OID) is
obviously simpler to implement with Oracle, compared to the issues of
using two LDAPs.


Dennis Williams
DBA, 80%OCP, 100% DBA
Lifetouch, Inc.
dwilliams@xxxxxxxxxxxxx 


-----Original Message-----
From: DENNIS WILLIAMS 
Sent: Friday, January 30, 2004 2:08 PM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: RE: Someone using LDAP to authenticate users to NDS?


Ana
   Thanks for clarifying what NDS is.
   You can get some of our previous discussion threads by going to
Google and searching on oracle-l ldap.
   Your approach will depend somewhat on your purpose for LDAP. Also,
does your organization have a strong commitment to NDS, or can you
switch to OID. The latter is obviously simpler.
   You may want to study LDAP in some detail, particularly the LDIF
format, since that is probably how OID and NDS will exchange
information.
   LDIF is simply a format, like XML (from a simple DBA's crude
understanding). Each application, like Oracle, must specify what
information it expects and the format it expects it in. So somehow this
information must be populated. The formats can be rather complex.

Dennis Williams
DBA
Lifetouch, Inc.
dwilliams@xxxxxxxxxxxxx 
   

-----Original Message-----
From: Ana Choto [mailto:achoto@xxxxxxxxxxxx]
Sent: Friday, January 30, 2004 1:49 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: Someone using LDAP to authenticate users to NDS?






Thanks Dennis,

NDS is the Novell Directory Server.  I don't know much about LDAP, just
what I've been reading since asked to look into authenticating our users
via LDAP.  I've also been reading information on OID.

We have several Oracle instances in versions starting on 8.1.6 to 9i R2.
Operating systems NT, Windows 2000 and Sun Sparc Solaris 5.8.

We have users that log on to the network, oracle, unix, and/or Datatel
(The db is Unidata.  Yes, not a relational database, but it's our main
application for registration, finances, etc).  We have our datawarehouse
and other web applications on Oracle.

What we want to do is to have one place where to authenticate users and
where to keep their information.  The intent is not only ease of
management, but to enforce password management in all of our
applications the same way it's done in Novell.  We're planning on using
profiles in the Oracle Databases.  We have  already created a test
profile that enforces the same password rules as NDS'.

I've opened a TAR with Oracle support and I'm waiting to hear from them.
I've searched Metalink, and what I've read suggest OID is the way to go.
I just have to figure out, as you say, how to synchronize the LDAP's.

Thanks

Ana E. Choto
American University
e-Operations - Information Technology
Phone (202) 885-2275
Fax      (202) 885-2224


 

             DENNIS WILLIAMS

             <DWILLIAMS@LIFETO

             UCH.COM>
To 
             Sent by:                  "'oracle-l@xxxxxxxxxxxxx'"

             oracle-l-bounce@f         <oracle-l@xxxxxxxxxxxxx>

             reelists.org
cc 
 

 
Subject 
             01/30/2004 02:14          RE: Someone using LDAP to

             PM                        authenticate users to NDS?

 

 

             Please respond to

             oracle-l@freelist

                   s.org

 

 





Ana
   I have been studying some of these issues, but haven't implemented
anything yet, so I sincerely hope you get some good responses. I hadn't
heard of NDS before, so if you can explain that a little, you may get
more assistance.
   LDAP as you know is an industry standard.
   OID supports LDAP, as do other vendor offerings, like Microsoft
ActiveDirectory.
   I think a number of people have implemented LDAP using OID.
   Today, if you choose to use another LDAP, you probably have to also
implement OID and figure out how to keep the two LDAPs synchronized. In
theory this is possible, but I haven't heard from anyone who has
implemented this.
   My guess is that as LDAP systems mature, standardization and
interaction will mature as well. Eventually Oracle will have to satisfy
customers who have chosen an LDAP other than OID because they support
more applications than Oracle.

Dennis Williams
DBA
Lifetouch, Inc.
dwilliams@xxxxxxxxxxxxx

-----Original Message-----
From: Ana Choto [mailto:achoto@xxxxxxxxxxxx]
Sent: Friday, January 30, 2004 1:03 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: Someone using LDAP to authenticate users to NDS?






We're looking into authenticating our users via LDAP to NDS.  We are on
8.1.7.2 and Solaris 5.8.  We're also using 9iAS release 1.

I understand that LDAP is not suported in 9i and above and that OID may
be the way to go.  We don't have OID installed in 8i, we probably go
that way when upgrading to 9i, but that is not going to happen in the
near future.

Is someone out there doing this type of authentication?  If so, what are
your thoughts?  And how did you go about setting this up without OID?

Thanks

Ana E. Choto
American University
e-Operations - Information Technology
Phone (202) 885-2275
Fax      (202) 885-2224

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

• Follow-Ups:
  • RE: Someone using LDAP to authenticate users to NDS?
    • From: Ana Choto

Other related posts:

• » Someone using LDAP to authenticate users to NDS?
• » RE: Someone using LDAP to authenticate users to NDS?
• » RE: Someone using LDAP to authenticate users to NDS?
• » RE: Someone using LDAP to authenticate users to NDS?
• » RE: Someone using LDAP to authenticate users to NDS?
• » RE: Someone using LDAP to authenticate users to NDS?
• » RE: Someone using LDAP to authenticate users to NDS?
• » RE: Someone using LDAP to authenticate users to NDS?

1. Home
2. oracle-l
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---