Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: iDirectory

RE: iDirectory

From: Gogala, Mladen <MGogala_at_oxhp.com>
Date: Wed, 12 Mar 2003 14:04:58 -0800
Message-ID: <F001.00568414.20030312140458@fatcity.com> 





One thing that is seldomly mentioned is that SQL*Net is completely
compatible with any LDAP server produced by Oracle Corp. 
The way to use non-oracle LDAP server with SQL*Net is hidden in
Hogwarts chamber of secrets and only Harry Potter can find it.



> -----Original Message-----

> From: Jesse, Rich [mailto:Rich.Jesse_at_qtiworld.com]

> Sent: Wednesday, March 12, 2003 3:39 PM

> To: Multiple recipients of list ORACLE-L

> Subject: RE: iDirectory

> 

> 

> Hey LeRoy (Go Badgers! Go Panthers!),

> 

> 1.  That's what Oracle claims, but only if you have the 

> Advanced Security

> option, which you must purchase.

> 

> 2.  It depends on the box, the version of OS, and other factors.  For

> example, LDAP authentication will not work on HP/UX 11.0 with 

> the Trusted

> System option.  LDAP (in this case, OiD) does not know what 

> instance to

> grant access to.  That will still be handled by each database with the

> CREATE USER command.  Check out the IDENTIFIED GLOBALLY clause of the

> statement, provided you have purchased Advanced Security.

> 

> 3.  Yes, the two can be used simultaneously, but for most 

> users I don't

> think this wouldn't be a good idea (maintenance nightmare!).  

> Perhaps for IT

> folks, though.  It would be on a client-by-client basis.

> 

> 4.  After doing a brief search, OiD MAY or MAY NOT be LDAPv3-compliant

> (contrary to my past posts!), but it does seem to break the rules for

> RFC2849 (LDIF format), which will be needed if you want to 

> customize it's

> use for other LDAP usage (i.e. LDIFs are not transportable 

> between OiD and

> other LDAPs).  No, you cannot use another LDAP in OiD's place 

> -- sort of.

> You MUST still use OiD for all Oracle interaction, whether it 

> be network

> naming or user authentication.  Oracle says you can use 

> another LDAP, but

> they don't say that you can only use them with Oracle's OiD 

> "gateway" that

> does some hokey "replication" between OiD and the other LDAP. 

>  I haven't

> used it, as the cost of OiD and Advanced Security (OiD comes 

> with 9iAS --

> NOT the DB!) along with the poor stability and implementation 

> of OiD, IMHO,

> forced us to use SunOne and forgo the Oracle solution.

> 

> Talk with your Oracle Rep!  I can't see them expecting a 

> large deployment of

> OiD unless they significantly reduce the costs.  It won't 

> cost us $100Ks and

> then annual maintenance for all of our users to have separate 

> Oracle DB

> logins.

> 

> 

> HTH!  GL!


> Rich

> 

> Rich Jesse                        System/Database Administrator

> rich.jesse_at_qtiworld.com           Quad/Tech International, 

> Sussex, WI USA

> 

> 

> -----Original Message-----

> Sent: Wednesday, March 12, 2003 12:09 PM

> To: Multiple recipients of list ORACLE-L

> 

> 

> All-

> 

> I am researching the technology of the Internet Directory.  

> Does anyone

> have experience with this?  I am currently using tnsnames files on all

> my boxes, I am running on Unix.  I realize this directory 

> would replace

> the tnsnames files but lots of confusion on how it works.

> 

> 1.  Would the directory be able to give users authentication to

> different instances on the same box with multiple logins?

> 

> 2.  I assume the directory will allow the user to go between physical

> boxes but will it know what instance to go to and the security of the

> user coming in?

> 

> 3.  Once this directory is in place, can tnsnames be used at the same

> time or does it have to be one or the other?

> 

> 4.  Also, since this directory is LDAP compliant can this directory be

> replaced by another LDAP compliant directory of my choice?  

> Assuming the

> necessary attributes were include.

> 

> Just a few thoughts and concerns.

> 

> Any info would be great.

> 

> Thanks,

> 

> LeRoy

> -- 

> Please see the official ORACLE-L FAQ: http://www.orafaq.net

> -- 

> Author: Jesse, Rich

>   INET: Rich.Jesse_at_qtiworld.com

> 

> Fat City Network Services    -- 858-538-5051 http://www.fatcity.com

> San Diego, California        -- Mailing list and web hosting services

> ---------------------------------------------------------------------

> To REMOVE yourself from this mailing list, send an E-Mail message

> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> the message BODY, include a line containing: UNSUB ORACLE-L

> (or the name of mailing list you want to be removed from).  You may

> also send the HELP command for other information (like subscribing).

> 


-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Gogala, Mladen
  INET: MGogala_at_oxhp.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Wed Mar 12 2003 - 16:04:58 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US