Re: How to setup LDAP
Date: Wed, 23 Jan 2008 11:38:58 -0500
My apologies for not giving any feed back soon. (Got distracted with other production issues). My problem is still unresolved.
Here is what I want to achieve.
Database version 220.127.116.11 and 10.2.0.3
Currently I am using database authentication for user login to the database.
I want to continue using local tnsnames. Only requirement is to change user authentication from database to LDAP authentication. I am sure some on our list must have done similar setup.
Simply creating user as below does not work.
Create user LDAPTEST identified globally as 'CN=LDAPTEST,ou=Service Accounts,ou=Users,ou=Administrative,ou=.Lazard,dc=lazard,dc=com';
User gets created without error but connection fails with invalid username/password error. I verified with our sa and DN is correct. I am sure I am missing something but could not find more information. Search on metalink/google mostly points me to OID and I was told by oracle sales rep that OID is licensed product.
Any help/pointer is greatly appreciated.
"Dan Norris" <dannorris_at_dannorris.com>
Jan 14 2008 01:10 PM
krish.hariharan_at_quasardb.com, Mayen Shah/ITS/Lazard_at_Lazard NYC cc
oracle-l_at_freelists.org, "Jared Still" <jkstill_at_gmail.com> Subject
Re: How to setup LDAP
>>> The user administration and global authentication portion WAS NOT
FREE. That's almost correct. When 10g was introduced, the ASO license was refactored such that EE now includes password-based Enterprise User Security. If you want certificate-based security, that still requires the ASO option to be licensed. I'm not sure that the price list shows that very well, but it is verifiable--I think it's in the docs where they show the features and options list and what editions they're available in.
- Original Message ---- From: "krish.hariharan_at_quasardb.com" <krish.hariharan_at_quasardb.com> To: Mayen.Shah_at_lazard.com Cc: oracle-l_at_freelists.org; Jared Still <jkstill_at_gmail.com> Sent: Monday, January 14, 2008 11:41:09 AM Subject: RE: How to setup LDAP
Oracle OID has the identity management framework and that had two parts the database naming (tnsnames/onames functionality) and the external/global user administration and authentication functionality. When I converted/complemented ONAMES with OID I found from Oracle Sales and Metalink that the database naming partition of OID was free since Oracle 10g treats ONAMES as ?He who shall not be named?, pun not intended. The user administration and global authentication portion WAS NOT FREE.
The database naming (tnsnames functionality) can be done with sqlnet.ora directory path including LDAP and an ldap.ora or using DNS entries that advertise a well known ldap host.
You should clarify with your account representative on the use of the OID identity management framework for external/global user administration since that part is a separately licensed ($$) component. I believe this is mentioned in Rich?s and Jared?s responses.
I haven?t been following the entire thread, but I also found out that in 10g the distribution of OID coming through the RBDMS install is not production and one through IAS app distribution is. I discovered that when I was looking for the onamesproxy which we tested in 9.2 OID and not available in 10g OID.
Please feel free to correct if your experience and information is current and different.
President/Executive Architect, Quasar Database Technologies, LLC (303) 808-5172