Re: How to setup LDAP

From: Dan Norris <>
Date: Wed, 23 Jan 2008 09:10:48 -0800 (PST)
Message-ID: <>


You need to configure your database for EUS and configure OID to handle those incoming users. If you're like most sites, I expect that Appendix C will also be of keen interest. The doc is

You will need OID and using OID for this purpose does require a separate license. Until you mentioned it, I forgot about this "catch" in the refactored license scheme in 10g. However, I recall the Oracle sales people telling me that while OID does require licensing, since you typically only need 2-4 CPUs of OID to support a medium-sized database enterprise, the pricing is much lower than the old way of having to buy ASO for all your DBs. So, it isn't completely free, but it's a lot cheaper than what you had to license in 9i. 

Sorry I forgot to mention that--it is important for sure!


----- Original Message ----
From: "" <>
Sent: Wednesday, January 23, 2008 10:38:58 AM
Subject: Re: How to setup LDAP

Hello Everyone,

My apologies for not giving any feed
back soon. (Got distracted with other production issues). My problem is
still unresolved.

Here is what I want to achieve.

Database version and

Local tnsnames.ora

Currently I am using database authentication
for user login to the database.

I want to continue using local tnsnames.
Only requirement is to change user authentication from database to LDAP
authentication. I am sure some on our list must have done similar setup.

Simply creating user as below does not

Create user LDAPTEST identified globally
as 'CN=LDAPTEST,ou=Service Accounts,ou=Users,ou=Administrative,ou=.Lazard,dc=lazard,dc=com';

User gets created without error but
connection fails with invalid username/password error. I verified with
our sa and DN is correct. I am sure I am missing something but could not
find more information. Search on metalink/google mostly points me to OID
and I was told by oracle sales rep that OID is licensed product.

Any help/pointer is greatly appreciated.

Thank you.


"Dan Norris" <>

Jan 14 2008 01:10 PM

To, Mayen
Shah/ITS/Lazard@Lazard NYC

cc, "Jared
Still" <>


Re: How to setup LDAP

>>> The
user administration and global authentication portion WAS NOT FREE.

That's almost correct. When 10g was introduced, the ASO license was refactored
such that EE now includes password-based Enterprise User Security. If you
want certificate-based security, that still requires the ASO option to
be licensed. I'm not sure that the price list shows that very well, but
it is verifiable--I think it's in the docs where they show the features
and options list and what editions they're available in. 


----- Original Message ----

From: "" <>


Cc:; Jared Still <>

Sent: Monday, January 14, 2008 11:41:09 AM

Subject: RE: How to setup LDAP

Oracle OID has the identity
management framework and that had two parts the database naming (tnsnames/onames
functionality) and the external/global user administration and authentication
functionality. When I converted/complemented ONAMES with OID I found from
Oracle Sales and Metalink that the database naming partition of OID was
free since Oracle 10g treats ONAMES as “He who shall not be named”, pun
not intended. The user administration and global authentication portion

The database naming (tnsnames
functionality) can be done with sqlnet.ora directory path including LDAP
and an ldap.ora or using DNS entries that advertise a well known ldap host.


You should clarify with your
account representative on the use of the OID identity management framework
for external/global user administration since that part is a separately
licensed ($$) component. I believe this is mentioned in Rich’s and Jared’s


I haven’t been following
the entire thread, but I also found out that in 10g the distribution of
OID coming through the RBDMS install is not production and one through
IAS app distribution is. I discovered that when I was looking for the onamesproxy
which we tested in 9.2 OID and not available in 10g OID.


Please feel free to correct
if your experience and information is current and different.




Krish Hariharan

President/Executive Architect,
Quasar Database Technologies, LLC

(303) 808-5172

Received on Wed Jan 23 2008 - 11:10:48 CST

Original text of this message