Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: oid/ldap

Re: oid/ldap

From: Job Miller <>
Date: Fri, 1 Jun 2007 06:19:46 -0700 (PDT)
Message-ID: <>

Oracle Virtual Directory(OVD) now supports EUS with AD and Sun LDAP. (without OID synchronization)    

  eDir was on the list of things to support, but it wasn't certified in the latest release. contact me off-line if you want more info on that. It might be able to be made to work.    

  The data sheet discussing the OVD and EUS integration for Sun and MS AD is here:    

  SSO in general though can be accomplished a number of ways. By your suggestion that you are using EUS, I presume you mean database sso, whereby one id/pw gets you into lots of dbs. Do you have users that log into a lot of different db's? What client application are they logging into dbs with?    

  Do they just want to be able to use the same id/pw, or do they not want to have to sign into those client applications that all directly log them into the db?    

  Oracle also has a Enterprise SSO product that I use on my desktop that logs me into 25 different applications I access. It doesn't matter what the passwords are to those applications, after I log-in once, it remembers the passwords for me in a secure way and intercepts and fills in the requests for access to those applications.    

  other folks take a provisioning approach where you centrally control/provision accounts/roles to lots of individual databases, effectively achieving the same thing as EUS, but the accounts are still separate db managed accounts.    

  others use other forms of external authentication to centrally manage users (ie. kerberos). The accounts still exist locally, but authentication is external.    

  A provisioning approach takes DBAs out of the loop in terms of creating all the accounts in the various target databases for a new user or a self-service request for access to a db, because those account creations and role activations are done through the provisioning framework in place (ie. Oracle Identity Manager). The DBA can still be an "approver" of the account creation, but they need not actually be the one executing the SQL to create new accounts.    

  Job wrote:   

How are folks handling single sign-on with Oracle?

We have implemented Enterprise Users with OID and are trying to migrate that and Oracle Names to 10g OID and have had a fair amount of difficulty. Our ID's, passwords, etc are stored in edirectory and get pushed to OID.

Anyone using any other way to use single sign-on with Oracle other than OID?        

Boardwalk for $500? In 2007? Ha!
Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
-- Received on Fri Jun 01 2007 - 08:19:46 CDT

Original text of this message