RE: How to setup LDAP
Date: Mon, 14 Jan 2008 10:41:09 -0700
Oracle OID has the identity management framework and that had two parts the database naming (tnsnames/onames functionality) and the external/global user administration and authentication functionality. When I converted/complemented ONAMES with OID I found from Oracle Sales and Metalink that the database naming partition of OID was free since Oracle 10g treats ONAMES as "He who shall not be named", pun not intended. The user administration and global authentication portion WAS NOT FREE.
The database naming (tnsnames functionality) can be done with sqlnet.ora directory path including LDAP and an ldap.ora or using DNS entries that advertise a well known ldap host.
You should clarify with your account representative on the use of the OID identity management framework for external/global user administration since that part is a separately licensed ($$) component. I believe this is mentioned in Rich's and Jared's responses.
I haven't been following the entire thread, but I also found out that in 10g the distribution of OID coming through the RBDMS install is not production and one through IAS app distribution is. I discovered that when I was looking for the onamesproxy which we tested in 9.2 OID and not available in 10g OID.
Please feel free to correct if your experience and information is current and different.
President/Executive Architect, Quasar Database Technologies, LLC
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
On Behalf Of Mayen.Shah_at_lazard.com
Sent: Monday, January 14, 2008 9:53 AM
To: Jared Still
Subject: Re: How to setup LDAP
Hi Jared and all,
We want to use local tnsnames and use LDAP for user authentication only. As always money is an issue here so I am not a liberty to consider solution that requires additional money.
Here is what I did.
update sqlnet.ora on database server
NAMES.DIRECTORY_PATH= (TNSNAMES,LDAP) On database :
create user LDAPTEST identified globally as 'CN=LDAPTEST,ou=Service Accounts,ou=Users,ou=Administrative,ou=.Lazard,dc=lazard,dc=com';
Specification sting was given to me by LDAP admin.
I am sure I need to do more then this as above is not working.
I apologize for my lack of knowledge in this matter and really appreciate help from you all.
"Jared Still" <jkstill_at_gmail.com>
Jan 11 2008 07:00 PM
Mayen Shah/ITS/Lazard_at_Lazard NYC
Re: How to setup LDAP
Our management has decided to have all authentication done through
(existing) LDAP. Please forgive my ignorance, but I do not have any idea how
to set/test in test environment.
If it is just for database authentication, it's a simple entry in sqlnet.ora.
Most of search directs me to OID. I am not sure I need to use OID. Do we need license to use LDAP?
You can use OID for database authentication without any extra licensing fees.
See the Oracle Software Investment Guide for details.
(sorry, you'll have to google for that yourself)
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- http://www.freelists.org/webpage/oracle-lReceived on Mon Jan 14 2008 - 11:41:09 CST