Re: Anyone configured Active Directory Auth to Oracle 11g?

From: Paul Drake <bdbafh_at_gmail.com>
Date: Tue, 3 Dec 2013 23:19:01 -0500
Message-ID: <CAPptggUQpbtaAQU3qVAE1uTFH-+25-3LSYGgrXqHQ3vpepm1iQ_at_mail.gmail.com>

Now that all editions can leverage ms ad for authentication, has anyone implemented that with 11.2.0.3 on ms server 2008 r2? It appears that there is more to it than a few clicks in NetCA to actually get it to work. On Oct 27, 2011 4:04 PM, "Taylor, Chris David" < ChrisDavid.Taylor_at_ingrambarge.com> wrote:

> According to 11g docs, you can do the below but I'm obviously missing
> something since I don't know much about AD:
>
> ------------------------------------------------------------------------------------------------------------
> Creating a User Who Is Authorized by a Directory Service
>
> You have the following options to specify users who are authorized by a
> directory service:
>
> * Creating a Global User Who Has a Private Schema<
> http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authentication.htm#CHDJJDFE
> >
>
> * Creating Multiple Enterprise Users Who Share Schemas<
> http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authentication.htm#CHDJHAIB
> >
>
> Creating a Global User Who Has a Private Schema
>
> The following statement shows the creation of a global user with a private
> schema, authenticated by SSL, and authorized by the enterprise directory
> service:
>
> CREATE USER psmith IDENTIFIED GLOBALLY AS
> 'CN=psmith,OU=division1,O=oracle,C=US';
>
> The string provided in the AS clause provides an identifier (distinguished
> name, or DN) meaningful to the enterprise directory.
>
> In this case, psmith is a global user. But, the disadvantage here is that
> user psmith must then be created in every database that he must access,
> plus the directory.
>
> ----------------------------------------------------------------------------------------------------------
>
>
> What is O=oracle, and C=US? The CN and OU I understand I think it's
> fairly easy to find the AD toolkit...
>
> Anyone mind helping me out?
>
> Thanks,
>
>
> Chris Taylor
> Sr. Oracle DBA
> Ingram Barge Company
> Nashville, TN 37205
> Office: 615-517-3355
> Cell: 615-663-1673
> Email: chris.taylor_at_ingrambarge.com<mailto:chris.taylor_at_ingrambarge.com>
>
> CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential
> and may also be privileged. If you are not the named recipient, please
> notify the sender immediately and delete the contents of this message
> without disclosing the contents to anyone, using them for any purpose, or
> storing or copying the information on any medium.
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Dec 04 2013 - 05:19:01 CET

This message: [ Message body ]
Next message: Nuno Souto: "Re: EM on AIX woes"
Previous message: Fergal Taheny: "RE: allowing developers to create guaranteed restore point"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message