RE: Using OID

Hey Jay,

Sorry for the late reply. I took a day off to partially mangle (remodel) my rec room at home.

We haven't started the migration to have Oracle authenticate against OiD. This started out as a way to authenticate a 3rd party package, while keeping in mind that we want to eventually get to single sign-on with our HP and Solaris, as well as Oracle logins and maybe -- with Divine Intervention -- Windohs.

As far as using OiD as a "centralized authentication repository", I would have to say "Yes". It would seem that authentication would be one of LDAP's primary functions. Each application would have to be looked at to see what changes would need to be made, if any. Since our 3rd party app already supported LDAP, there were no major changes to be made in the app itself. For telnet authentication (or rlogin or ssh, etc), you'll need to approach it from the server platform. You'll need to research how to authenticate to generic LDAP, since OiD is just Oracle's implementation of LDAP.

If I was able to do this over again, I would like to have been more familiar with basic LDAP concepts and terminology before starting to tackle OiD with replication. The "standard" command line LDAP tools like "ldapsearch" and "ldapmodify" are included with OiD, as well as Oracle-only command line tools and a GUI or two.

Hope this is coherent enough -- got to get some work done now... :)

Rich Jesse                           System/Database Administrator
Rich.Jesse_at_qtiworld.com              Quad/Tech International, Sussex, WI USA

> -----Original Message-----
> From: Jay Mehta [mailto:Jmehta_at_ctisinc.com]
> Sent: Tuesday, April 09, 2002 12:54 PM
> To: Multiple recipients of list ORACLE-L
> Subject: RE: Using OID
>
>
> Hi Rich,
>
> Thanks much for detailed information. I was glad to see an OID
> implementation out in the field. Couple of more questions:
>
> I know TNSNAMES.ORA can be replaced by OID, but have you
> taken the next step
> and migrated Oracle accounts to OID? We are looking at OID to
> centralize
> user management tasks that have become very resource
> intensive, given large
> number of Oracle databases at our site. I was researching
> Oracle web sites
> and other sites, but didn't find any white paper about OID
> and centralized
> user management. Sure, our goal is to have single-sign-on, but our
> applications are not SSO compliant yet, and are not going to be
> SSO-compliant any time soon. So, we are looking at only
> migrating accounts
> to OID if that's possible. Could OID be used as a centralize
> authentication
> repository? Does it require applications modifications? Any
> experience with
> this task?
>
> Thanks,
> Jay

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jesse, Rich
  INET: Rich.Jesse_at_qtiworld.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).