Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: iDirectory

RE: iDirectory

From: Jesse, Rich <>
Date: Wed, 12 Mar 2003 12:39:01 -0800
Message-ID: <>

Hey LeRoy (Go Badgers! Go Panthers!),

  1. That's what Oracle claims, but only if you have the Advanced Security option, which you must purchase.
  2. It depends on the box, the version of OS, and other factors. For example, LDAP authentication will not work on HP/UX 11.0 with the Trusted System option. LDAP (in this case, OiD) does not know what instance to grant access to. That will still be handled by each database with the CREATE USER command. Check out the IDENTIFIED GLOBALLY clause of the statement, provided you have purchased Advanced Security.
  3. Yes, the two can be used simultaneously, but for most users I don't think this wouldn't be a good idea (maintenance nightmare!). Perhaps for IT folks, though. It would be on a client-by-client basis.
  4. After doing a brief search, OiD MAY or MAY NOT be LDAPv3-compliant
    (contrary to my past posts!), but it does seem to break the rules for
    RFC2849 (LDIF format), which will be needed if you want to customize it's use for other LDAP usage (i.e. LDIFs are not transportable between OiD and other LDAPs). No, you cannot use another LDAP in OiD's place -- sort of. You MUST still use OiD for all Oracle interaction, whether it be network naming or user authentication. Oracle says you can use another LDAP, but they don't say that you can only use them with Oracle's OiD "gateway" that does some hokey "replication" between OiD and the other LDAP. I haven't used it, as the cost of OiD and Advanced Security (OiD comes with 9iAS -- NOT the DB!) along with the poor stability and implementation of OiD, IMHO, forced us to use SunOne and forgo the Oracle solution.

Talk with your Oracle Rep! I can't see them expecting a large deployment of OiD unless they significantly reduce the costs. It won't cost us $100Ks and then annual maintenance for all of our users to have separate Oracle DB logins.


Rich Jesse                        System/Database Administrator           Quad/Tech International, Sussex, WI USA

-----Original Message-----
Sent: Wednesday, March 12, 2003 12:09 PM To: Multiple recipients of list ORACLE-L


I am researching the technology of the Internet Directory. Does anyone have experience with this? I am currently using tnsnames files on all my boxes, I am running on Unix. I realize this directory would replace the tnsnames files but lots of confusion on how it works.

  1. Would the directory be able to give users authentication to different instances on the same box with multiple logins?
  2. I assume the directory will allow the user to go between physical boxes but will it know what instance to go to and the security of the user coming in?
  3. Once this directory is in place, can tnsnames be used at the same time or does it have to be one or the other?
  4. Also, since this directory is LDAP compliant can this directory be replaced by another LDAP compliant directory of my choice? Assuming the necessary attributes were include.

Just a few thoughts and concerns.

Any info would be great.



Please see the official ORACLE-L FAQ:
Author: Jesse, Rich

Fat City Network Services    -- 858-538-5051
San Diego, California        -- Mailing list and web hosting services
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L

(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Wed Mar 12 2003 - 14:39:01 CST

Original text of this message