Re: How to login to Oracle using Active Directory Account

From: Michel Cadot <micadot{at}altern{dot}org>
Date: Fri, 11 Jun 2010 17:30:21 +0200
Message-ID: <4c125690$0$30002$426a34cc_at_news.free.fr>


"BicycleRepairman" <engel.kevin_at_gmail.com> a écrit dans le message de news: fe32dbbb-cfc3-44e8-9c02-bbeadeafcdfe_at_c10g2000yqi.googlegroups.com... On Jun 11, 7:42 am, kkausu <kka..._at_googlemail.com> wrote:
> Hi Rob,
>
> I work in a school. In the last years we created usersaccounts for the
> students in our Oracle DB.
> Now we have a Active Directory (Windows Server 2008) and a Oracle
> Server on a Windows 2008 Server.
> I don't want to create account in AD and Oracle. Is there a easy way
> to configure Oracle to use the AD for authentication?
> Some software-products can use LDAP or RADIUS to authenticate a user
> on AD before access the software.
>
> I read some documents about oracle SSO, OVD and OIM but I think I
> don't need this big products?! In postgres for example you to
> configure a few lines.
>
> I don't wont to administrate the user in 2 directorys (AD and oracle).
> The user should login in oracle and oracle should ask the AD - ready.
>
> Is this posible???
>
> Thanks
> kati

You can't (easily) get rid of the requirement to have a user account in oracle to which the user logs in, but you can use Windows native authentication to make the management burden of users/groups/roles and rights pretty easy.
Rob's description is correct, although you'll probably find it easier to set the
os_authent_prefix=""
and create the users as
create user mydomain/myuser identified externally; You can make this very easy with the Oracle Admin Assistant for Windows, which will let you create the users in bulk based on an AD role, and you can use AD roles to permit/restrict oracle permissions. Bottom line -- you can do this with the tools Oracle's bundled with the system, you don't need anything special, and there's very little management overhead if you play your cards right.


Once again, you can do it using OVD to authenticate on database WITHOUT having an account on the database.

Once again, you can't do it without using OVD, if you want to use a ldap, and adding some Oracle specific extensions. It is possible (but not recommended) to directly use AD but you can't omit the Oracle extensions.

Regards
Michel Received on Fri Jun 11 2010 - 10:30:21 CDT

Original text of this message