RE: authenticate from Windows network account to backend Oracle d atabase
- From: mkb <mkb125@xxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Thu, 26 Aug 2004 13:11:13 -0700 (PDT)
Didn't see the earliet post. I'm just in the middle
of trying to do something like this. It's in a very
experimental stage at the moment but the goal is to
eventually have Oracle users in OID only and have two
directories: one AD and the other OID, and just as
Dennis mentioned, to replicate user account info
between the two so that they are synched up.
One of my first goals right now is to get things
configured such that I can login into SQL*Plus using
an account that I have created in OID only i.e. the
account exists in the OID directory but not in the
database itself.
Don't know how far I'll get, but right now, I'm having
a bear of a problem just getting OID to accept SSL
connections.
I've been reading through all the documentaion and
looking over the Metalink notes. The documentation
points in a lot of different directions so you end
going through many pages that refer back to some other
doc and so on.
Anyway, every time I seem to make progress, I end up
hitting another problem some place.
I've been able to setup my own certificate signing
authority and seem to have most of the pieces in
place. The only problem...the pieces don't seem to
communicate over SSL.
Hopefuly, by the time I'm done, I can post a write up,
but don't hold your breath too long.
--
mohammed
--- DENNIS WILLIAMS <DWILLIAMS@xxxxxxxxxxxxx> wrote:
> Paula - Since I don't see where anyone responded to
> your email, I'll take a
> swing at it just based on personal observations, not
> experience:
>
> 1. By Windows network account I assume you mean MS
> Active Directory.
> 2. I understand Oracle client can be configured to
> use MS AD to validate
> users. However specific information is required in a
> format Oracle is
> expecting.
> 3. Normally Oracle expects to use OID (Oracle
> Internet Directory). This is
> an LDAP-compliant authentication service. Since MS
> AD has an LDAP interface,
> in theory it is possible to replicate user
> information from OID to MS AD. In
> other words, use OID to maintain your userids and
> transfer that information
> to MS AD periodically. If anyone has accomplished
> this feat, please post!
>
> Prior discussions on this topic are available in the
> archives by searching
> on keywords such as LDAP, Novell, OID.
>
> Dennis Williams
> DBA
> Lifetouch, Inc.
>
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx
> [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
> On Behalf Of Paula_Stankus@xxxxxxxxxxxxxxx
> Sent: Tuesday, August 24, 2004 2:33 PM
> To: oracle-l@xxxxxxxxxxxxx
> Subject: RE: authenticate from Windows network
> account to backend Oracle
> database
>
> Guys,
>
> I have this new request to accomplish this and I
> haven't done this =
> before. Would I need to setup oracle internet
> directory to active =
> service directory? If the user is using
> client-server tools and is not =
> going through 9ias - can I do this just through
> Net9?
>
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
