Re: Database authentication and Active Directory

I appreciate you sharing your opinions and experiences. My questions and ideas are related to two different problems: first to identify the way to connect database to Active Directory (or maybe another external LDAP) without buy OID or other Sun similar product and this seems not possibile. We need at least to buy ASO option for EE.

Second, but depends from the first consideration, was to understand how to leverage some DB funtions as row level security, provided by VPD with some applications, maybe to be concrete with Oracle Business Intelligence.
If you know Oracle BI you have two way to enforce RLS and CLS... one is to create some logical filters in BI user groups but this works of course only in BI and also relay the whole security to the BI administrator. The second is to use VPD (and/or Label Security) in the database. Using this method you can pass from BI to database same credentials (that is domain user and password because Fusion Middleware is linked to Active Directory) and enforse standard VPD rules. To get this method work you have to maintain the same credential in the database and also the same password. As active directory password expires every 90 days without any directory services for database when you change your password you'll sure be no more able to use BI...

That's the problem. Maybe, strictly related to Oracle BI (versione 11g) anyone has already identified the problem and its solution...

Stefano

--

http://www.stefanocislaghi.eu
--

http://www.freelists.org/webpage/oracle-l Received on Tue Dec 21 2010 - 11:38:27 CST