Re: How to setup LDAP
From: Dan Norris <dannorris_at_dannorris.com>
Date: Thu, 24 Jan 2008 11:08:53 -0800 (PST)
Message-ID: <84268.50725.qm@web35413.mail.mud.yahoo.com>
Date: Thu, 24 Jan 2008 11:08:53 -0800 (PST)
Message-ID: <84268.50725.qm@web35413.mail.mud.yahoo.com>
Mayen, I'm not sure I understand your question to the list then. OID is required if you want to perform LDAP authentication for database users and remain supported AFAIK. I'm also interested in hearing of any other solutions, but I don't know that any other solutions exist--if they do, I doubt very much that they're supported. Dan ----- Original Message ---- From: "Mayen.Shah@lazard.com" <Mayen.Shah@lazard.com> To: Dan Norris <dannorris@dannorris.com> Cc: Oracle L <oracle-l@freelists.org> Sent: Thursday, January 24, 2008 12:32:34 PM Subject: Re: How to setup LDAP Hi Dan, Thank you for the information. Unfortunately OID is not an option here. I want to know any one on this list ever has setup user authentication via LDAP and how did they implement it. Thanks Mayen "Dan Norris" <dannorris@dannorris.com> Jan 23 2008 12:10 PM To Mayen Shah/ITS/Lazard@Lazard NYC, "Oracle L" <oracle-l@freelists.org> cc Subject Re: How to setup LDAP Mayen, You need to configure your database for EUS and configure OID to handle those incoming users. If you're like most sites, I expect that Appendix C will also be of keen interest. The doc is http://download.oracle.com/docs/cd/B19306_01/network.102/b14269/toc.htm You will need OID and using OID for this purpose does require a separate license. Until you mentioned it, I forgot about this "catch" in the refactored license scheme in 10g. However, I recall the Oracle sales people telling me that while OID does require licensing, since you typically only need 2-4 CPUs of OID to support a medium-sized database enterprise, the pricing is much lower than the old way of having to buy ASO for all your DBs. So, it isn't completely free, but it's a lot cheaper than what you had to license in 9i. Sorry I forgot to mention that--it is important for sure! Dan ----- Original Message ---- From: "Mayen.Shah@lazard.com" <Mayen.Shah@lazard.com> To: oracle-l@freelists.org Sent: Wednesday, January 23, 2008 10:38:58 AM Subject: Re: How to setup LDAP Hello Everyone, My apologies for not giving any feed back soon. (Got distracted with other production issues). My problem is still unresolved. Here is what I want to achieve. Database version 9.2.0.7 and 10.2.0.3 Local tnsnames.ora Currently I am using database authentication for user login to the database. I want to continue using local tnsnames. Only requirement is to change user authentication from database to LDAP authentication. I am sure some on our list must have done similar setup. Simply creating user as below does not work. Create user LDAPTEST identified globally as 'CN=LDAPTEST,ou=Service Accounts,ou=Users,ou=Administrative,ou=.Lazard,dc=lazard,dc=com'; User gets created without error but connection fails with invalid username/password error. I verified with our sa and DN is correct. I am sure I am missing something but could not find more information. Search on metalink/google mostly points me to OID and I was told by oracle sales rep that OID is licensed product. Any help/pointer is greatly appreciated. Thank you. Mayen "Dan Norris" <dannorris@dannorris.com> Jan 14 2008 01:10 PM To krish.hariharan@quasardb.com, Mayen Shah/ITS/Lazard@Lazard NYC cc oracle-l@freelists.org, "Jared Still" <jkstill@gmail.com> Subject Re: How to setup LDAP >>> The user administration and global authentication portion WAS NOT FREE. That's almost correct. When 10g was introduced, the ASO license was refactored such that EE now includes password-based Enterprise User Security. If you want certificate-based security, that still requires the ASO option to be licensed. I'm not sure that the price list shows that very well, but it is verifiable--I think it's in the docs where they show the features and options list and what editions they're available in. Dan ----- Original Message ---- From: "krish.hariharan@quasardb.com" <krish.hariharan@quasardb.com> To: Mayen.Shah@lazard.com Cc: oracle-l@freelists.org; Jared Still <jkstill@gmail.com> Sent: Monday, January 14, 2008 11:41:09 AM Subject: RE: How to setup LDAP Oracle OID has the identity management framework and that had two parts the database naming (tnsnames/onames functionality) and the external/global user administration and authentication functionality. When I converted/complemented ONAMES with OID I found from Oracle Sales and Metalink that the database naming partition of OID was free since Oracle 10g treats ONAMES as “He who shall not be named”, pun not intended. The user administration and global authentication portion WAS NOT FREE. The database naming (tnsnames functionality) can be done with sqlnet.ora directory path including LDAP and an ldap.ora or using DNS entries that advertise a well known ldap host. You should clarify with your account representative on the use of the OID identity management framework for external/global user administration since that part is a separately licensed ($$) component. I believe this is mentioned in Rich’s and Jared’s responses. I haven’t been following the entire thread, but I also found out that in 10g the distribution of OID coming through the RBDMS install is not production and one through IAS app distribution is. I discovered that when I was looking for the onamesproxy which we tested in 9.2 OID and not available in 10g OID. Please feel free to correct if your experience and information is current and different. Regards, -Krish Krish Hariharan President/Executive Architect, Quasar Database Technologies, LLC (303) 808-5172 http://www.linkedin.com/in/quasardb
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Jan 24 2008 - 13:08:53 CST