Hey LeRoy (Go Badgers! Go Panthers!),
- That's what Oracle claims, but only if you have the Advanced Security
option, which you must purchase.
- It depends on the box, the version of OS, and other factors. For
example, LDAP authentication will not work on HP/UX 11.0 with the Trusted
System option. LDAP (in this case, OiD) does not know what instance to
grant access to. That will still be handled by each database with the
CREATE USER command. Check out the IDENTIFIED GLOBALLY clause of the
statement, provided you have purchased Advanced Security.
- Yes, the two can be used simultaneously, but for most users I don't
think this wouldn't be a good idea (maintenance nightmare!). Perhaps for IT
folks, though. It would be on a client-by-client basis.
- After doing a brief search, OiD MAY or MAY NOT be LDAPv3-compliant
(contrary to my past posts!), but it does seem to break the rules for
RFC2849 (LDIF format), which will be needed if you want to customize it's
use for other LDAP usage (i.e. LDIFs are not transportable between OiD and
other LDAPs). No, you cannot use another LDAP in OiD's place -- sort of.
You MUST still use OiD for all Oracle interaction, whether it be network
naming or user authentication. Oracle says you can use another LDAP, but
they don't say that you can only use them with Oracle's OiD "gateway" that
does some hokey "replication" between OiD and the other LDAP. I haven't
used it, as the cost of OiD and Advanced Security (OiD comes with 9iAS --
NOT the DB!) along with the poor stability and implementation of OiD, IMHO,
forced us to use SunOne and forgo the Oracle solution.
Talk with your Oracle Rep! I can't see them expecting a large deployment of
OiD unless they significantly reduce the costs. It won't cost us $100Ks and
then annual maintenance for all of our users to have separate Oracle DB
logins.
HTH! GL!
Rich
Rich Jesse System/Database Administrator
rich.jesse_at_qtiworld.com Quad/Tech International, Sussex, WI USA
-----Original Message-----
Sent: Wednesday, March 12, 2003 12:09 PM
To: Multiple recipients of list ORACLE-L
All-
I am researching the technology of the Internet Directory. Does anyone
have experience with this? I am currently using tnsnames files on all
my boxes, I am running on Unix. I realize this directory would replace
the tnsnames files but lots of confusion on how it works.
- Would the directory be able to give users authentication to
different instances on the same box with multiple logins?
- I assume the directory will allow the user to go between physical
boxes but will it know what instance to go to and the security of the
user coming in?
- Once this directory is in place, can tnsnames be used at the same
time or does it have to be one or the other?
- Also, since this directory is LDAP compliant can this directory be
replaced by another LDAP compliant directory of my choice? Assuming the
necessary attributes were include.
Just a few thoughts and concerns.
Any info would be great.
Thanks,
LeRoy
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Jesse, Rich
INET: Rich.Jesse_at_qtiworld.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Wed Mar 12 2003 - 14:39:01 CST
