Re: Database authentication and Active Directory
Date: Tue, 21 Dec 2010 18:38:27 +0100
Message-ID: <AANLkTimpHd=8yo88d0hde9ODvHzwfHcCH7sE-69QQXTO_at_mail.gmail.com>
Hi all
I appreciate you sharing your opinions and experiences. My questions and ideas are related to two different problems: first to identify the way to connect database to Active Directory (or maybe another external LDAP) without buy OID or other Sun similar product and this seems not possibile. We need at least to buy ASO option for EE.
Second, but depends from the first consideration, was to understand
how to leverage some DB funtions as row level security, provided by
VPD with some applications, maybe to be concrete with Oracle Business
Intelligence.
If you know Oracle BI you have two way to enforce RLS and CLS... one
is to create some logical filters in BI user groups but this works of
course only in BI and also relay the whole security to the BI
administrator. The second is to use VPD (and/or Label Security) in the
database. Using this method you can pass from BI to database same
credentials (that is domain user and password because Fusion
Middleware is linked to Active Directory) and enforse standard VPD
rules. To get this method work you have to maintain the same
credential in the database and also the same password. As active
directory password expires every 90 days without any directory
services for database when you change your password you'll sure be no
more able to use BI...
That's the problem. Maybe, strictly related to Oracle BI (versione 11g) anyone has already identified the problem and its solution...
Stefano
--
http://www.stefanocislaghi.eu
--
http://www.freelists.org/webpage/oracle-l
Received on Tue Dec 21 2010 - 11:38:27 CST