From: Michel Cadot on 11 Jun 2010 11:30 "BicycleRepairman" <engel.kevin(a)gmail.com> a �crit dans le message de news: fe32dbbb-cfc3-44e8-9c02-bbeadeafcdfe(a)c10g2000yqi.googlegroups.com... On Jun 11, 7:42 am, kkausu <kka...(a)googlemail.com> wrote: > Hi Rob, > > I work in a school. In the last years we created usersaccounts for the > students in our Oracle DB. > Now we have a Active Directory (Windows Server 2008) and a Oracle > Server on a Windows 2008 Server. > I don't want to create account in AD and Oracle. Is there a easy way > to configure Oracle to use the AD for authentication? > Some software-products can use LDAP or RADIUS to authenticate a user > on AD before access the software. > > I read some documents about oracle SSO, OVD and OIM but I think I > don't need this big products?! In postgres for example you to > configure a few lines. > > I don't wont to administrate the user in 2 directorys (AD and oracle). > The user should login in oracle and oracle should ask the AD - ready. > > Is this posible??? > > Thanks > kati You can't (easily) get rid of the requirement to have a user account in oracle to which the user logs in, but you can use Windows native authentication to make the management burden of users/groups/roles and rights pretty easy. Rob's description is correct, although you'll probably find it easier to set the os_authent_prefix="" and create the users as create user mydomain/myuser identified externally; You can make this very easy with the Oracle Admin Assistant for Windows, which will let you create the users in bulk based on an AD role, and you can use AD roles to permit/restrict oracle permissions. Bottom line -- you can do this with the tools Oracle's bundled with the system, you don't need anything special, and there's very little management overhead if you play your cards right. -------------------------------------- Once again, you can do it using OVD to authenticate on database WITHOUT having an account on the database. Once again, you can't do it without using OVD, if you want to use a ldap, and adding some Oracle specific extensions. It is possible (but not recommended) to directly use AD but you can't omit the Oracle extensions. Regards Michel
From: Frank van Bortel on 15 Jun 2010 15:31 On 06/11/2010 01:42 PM, kkausu wrote: > Hi Rob, > > I work in a school. In the last years we created usersaccounts for the > students in our Oracle DB. > Now we have a Active Directory (Windows Server 2008) and a Oracle > Server on a Windows 2008 Server. > I don't want to create account in AD and Oracle. Is there a easy way > to configure Oracle to use the AD for authentication? > Some software-products can use LDAP or RADIUS to authenticate a user > on AD before access the software. > > I read some documents about oracle SSO, OVD and OIM but I think I > don't need this big products?! In postgres for example you to > configure a few lines. > > I don't wont to administrate the user in 2 directorys (AD and oracle). > The user should login in oracle and oracle should ask the AD - ready. > > Is this posible??? > > Thanks > kati > Possible - yes. Easy? Define difficult ;) Cheap: Hell no! You need to licence the Advanced Networking Option (about 8k per CPU - contact your sales rep.) Not sure why you want Oracle - if for SQL study, you're stuck. Did you take a look at Apex? It's free (but "limited" on CPU and storage), and easy to incorporate with nay LDAP, inlcuding AD -- Regards, Frank van Bortel
From: Frank van Bortel on 15 Jun 2010 15:33 On 06/11/2010 05:30 PM, Michel Cadot wrote: > "BicycleRepairman"<engel.kevin(a)gmail.com> a �crit dans le message de news: > fe32dbbb-cfc3-44e8-9c02-bbeadeafcdfe(a)c10g2000yqi.googlegroups.com... > On Jun 11, 7:42 am, kkausu<kka...(a)googlemail.com> wrote: >> Hi Rob, >> >> I work in a school. In the last years we created usersaccounts for the >> students in our Oracle DB. >> Now we have a Active Directory (Windows Server 2008) and a Oracle >> Server on a Windows 2008 Server. >> I don't want to create account in AD and Oracle. Is there a easy way >> to configure Oracle to use the AD for authentication? >> Some software-products can use LDAP or RADIUS to authenticate a user >> on AD before access the software. >> >> I read some documents about oracle SSO, OVD and OIM but I think I >> don't need this big products?! In postgres for example you to >> configure a few lines. >> >> I don't wont to administrate the user in 2 directorys (AD and oracle). >> The user should login in oracle and oracle should ask the AD - ready. >> >> Is this posible??? >> >> Thanks >> kati > > You can't (easily) get rid of the requirement to have a user account > in oracle to which the user logs in, but you can use Windows native > authentication to make the management burden of users/groups/roles and > rights pretty easy. > Rob's description is correct, although you'll probably find it easier > to set the > os_authent_prefix="" > and create the users as > create user mydomain/myuser identified externally; > You can make this very easy with the Oracle Admin Assistant for > Windows, which will let you create the users in bulk based on an AD > role, and you can use AD roles to permit/restrict oracle permissions. > Bottom line -- you can do this with the tools Oracle's bundled with > the system, you don't need anything special, and there's very little > management overhead if you play your cards right. > > -------------------------------------- > > Once again, you can do it using OVD to authenticate on database > WITHOUT having an account on the database. > > Once again, you can't do it without using OVD, if you want to use > a ldap, and adding some Oracle specific extensions. > It is possible (but not recommended) to directly use AD but you > can't omit the Oracle extensions. > > > Regards > Michel > > And the previous options only work for Oracle on MS Windows. Michel offers a generic solution. -- Regards, Frank van Bortel
First
|
Prev
|
Pages: 1 2 Prev: Is there way to do Custom installation of 11gR2? Next: Recommend SQL Server Book |