Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> Auth via Active Directory
Is there any way to get Oracle 8i (or 9i; we're planning to upgrade)
Enterprise Edition to authenticate against Active Directory, short of
buying Oracle Advanced Security?
My goal is to remove the need to maintain a separate database of passwords. Ideally, we could do also do away with having the database users enter passwords by handling Kerberos tickets, but I'd be happy with them just entering the same password they enter to login to Windows. And if we still need to manually add/remove users, that's okay, too. (We'd probably want to, anyway; not everyone in the domain should have an Oracle account.)
In my fantasy world, authentication would all be done through a function that I could modify. Then I could just create my users with something like:
create user "DOMAIN\USER" identified externally;
as you would for OS$ authentication and then do something vaguely like:
create or replace function system.my_authenticate_user ( p_username in varchar, p_password in varchar ) return boolean as v_usertype varchar2(30); v_session dbms_ldap.session; begin select authtype from dba_users where username = p_username; if authtype = 'EXTERNAL' then v_session := dbms_ldap.init('my-domain-controller', 389); return dbms_ldap.simple_bind_s(v_session, p_username, p_password); end if; return standard_authenticate_user(p_username, p_password); exception when no_data_found return false; end; / show errors
but I'm not aware of any such hook. There are logon triggers, but just of the after type, not "instead of". ("create trigger ... after logon on database" or something, for audit trails, I think.)
Does anything like this exist? Or is there another way, however convoluted?
Thanks,
Scott Lamb
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Scott Lamb
INET: slamb_at_slamb.org
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Fri Aug 15 2003 - 18:49:23 CDT