Re: oracle-l Digest V7 #366

From: Simon Palmer <>
Date: Fri, 7 Jan 2011 10:33:01 -0800 (PST)
Message-ID: <>

Hi Ste,

I'm assuming you've googled/MOS for this so I guess you might have already come 
across this, but isn't this what you're looking for?

The link is for 10.1 but I guess it could work in 11.2...? Unless in 11.2 Oracle 
no longer support it to force you down the OID route?


Creating an OracleContext in Microsoft Windows 2003 Active Directory [ID  

How to Manually Create an Oracle Context in Active Directory [ID 820134.1] 


Ensure that Administrator can modify Schema in Active Directory
Register Schema using NetCA (one time for the entire AD forest)
Create Naming Context using NetCA (once per domain)
Register Database in AD using DBCA or Net Manager
Configure Directory Naming  and Directory Usage (AD) using NetCA (on
systems that want to use AD)
Set NAMES.LDAP_AUTHENTICATE_BIND= Yes in  SQLNET.ORA on all 11g client systems

To support pre-11g clients

Enable anonymous bind in AD
Change ACLs for Oracle Naming Context and Database/Net Services
objects to allow anonymous access

I worked on a site to try and get this working with AD 2008 and we hit a bug. 
The client I was working for raised an SR with MOS....and I'm still waiting to 
hear back to go finish off...

Hope this is of help, although being slightly old now, I guess it could be out 
of date somewhat.



             Stefano Cislaghi                                              
             .com>                                                      To 
             Sent by:                   Oracle L <>  
             oracle-l-bounce_at_f                                          cc 
                                         Database authentication and Active  
             2010.12.20 23:22          Directory                          
             Please respond to                                             

Hi all,

I'm looking around to check if there's a solution that does not force
me to buy Oracle Internet Directory. Problem is rather simple, I want
to authenticate my database user against active directory.
This want to say that user are phisically present in database and only
password verification is done in active directory. Grants, roles and
other properties are stored in database server.

Users should be able to connect to database either from their own
workstation with applications similar to SQLDeveloper and from third
parties applications that does not reside on user workstation (maybe
oracle BI).
Metalink has no valid solution and also administrator guide does not
provide any interesting hint. Database is 11.2 .

OID is another expensive product I'm not able to buy today.


Received on Fri Jan 07 2011 - 12:33:01 CST

Original text of this message