Prev: Is there way to do Custom installation of 11gR2?
Next: Recommend SQL Server Book
From: kkausu on 10 Jun 2010 09:50
Hi,

I want that users can login to Oracle 10g without creating account in
Oracle. I have to install a new server and want that my users can
login using their AD-Accounts. I have Windows Server 2008 and dont
wont to change the scheme if posible.

I found only old pdf´s which describes how to use IDM. But I´m looking
for a simple solution using ldap, if posible.

Please help

kkausu
From: Michel Cadot on 10 Jun 2010 11:10

"kkausu" <kkausu(a)googlemail.com> a �crit dans le message de news:
d4408f47-991b-48fe-a1b0-575b7423994f(a)q12g2000yqj.googlegroups.com...
Hi,

I want that users can login to Oracle 10g without creating account in
Oracle. I have to install a new server and want that my users can
login using their AD-Accounts. I have Windows Server 2008 and dont
wont to change the scheme if posible.

I found only old pdf�s which describes how to use IDM. But I�m looking
for a simple solution using ldap, if posible.

Please help

kkausu

----------------------------------

You have to go through OVD (Oracle Virtual Directory)
to interface with ldap and this ldap must contain Oracle
extensions (tree).

Regards
Michel


From: Rob Burton on 11 Jun 2010 04:38
On Jun 10, 2:50 pm, kkausu <kka...(a)googlemail.com> wrote:
> Hi,
>
> I want that users can login to Oracle 10g without creating account in
> Oracle. I have to install a new server and want that my users can
> login using their AD-Accounts. I have Windows Server 2008  and dont
> wont to change the scheme if posible.
>
> I found only old pdf´s which describes how to use IDM. But I´m looking
> for a simple solution using ldap, if posible.
>
> Please help
>
> kkausu

kkausu, depending on what exactly that you want.

If your client and server have SQLNET.AUTHENTICATION_SERVICES= (NTS)
set in the sqlnet.ora and os_authent_prefix=ops$ in the database (You
don't need this prefix)

Then for domain user domain\kkausu - creating the DB user - > create
user ops$domain\kkausu identified externally; - will let that user
connect to the database using their domain authentication - sqlplus ops
$domain\kkausu(a)DB will authenticate externally to let you in. This
doesn't quite sound like what you want to do but is a good method to
authenticate users in a Windows environment.

Rob..
From: kkausu on 11 Jun 2010 07:42
Hi Rob,

I work in a school. In the last years we created usersaccounts for the
students in our Oracle DB.
Now we have a Active Directory (Windows Server 2008) and a Oracle
Server on a Windows 2008 Server.
I don't want to create account in AD and Oracle. Is there a easy way
to configure Oracle to use the AD for authentication?
Some software-products can use LDAP or RADIUS to authenticate a user
on AD before access the software.

I read some documents about oracle SSO, OVD and OIM but I think I
don't need this big products?! In postgres for example you to
configure a few lines.

I don't wont to administrate the user in 2 directorys (AD and oracle).
The user should login in oracle and oracle should ask the AD - ready.

Is this posible???

Thanks
kati

From: BicycleRepairman on 11 Jun 2010 10:58
On Jun 11, 7:42 am, kkausu <kka...(a)googlemail.com> wrote:
> Hi Rob,
>
> I work in a school. In the last years we created usersaccounts for the
> students in our Oracle DB.
> Now we have a Active Directory (Windows Server 2008) and a Oracle
> Server on a Windows 2008 Server.
> I don't want to create account in AD and Oracle. Is there a easy way
> to configure Oracle to use the AD for authentication?
> Some software-products can use LDAP or RADIUS to authenticate a user
> on AD before access the software.
>
> I read some documents about oracle SSO, OVD and OIM but I think I
> don't need this big products?! In postgres for example you to
> configure a few lines.
>
> I don't wont to administrate the user in 2 directorys (AD and oracle).
> The user should login in oracle and oracle should ask the AD - ready.
>
> Is this posible???
>
> Thanks
> kati

You can't (easily) get rid of the requirement to have a user account
in oracle to which the user logs in, but you can use Windows native
authentication to make the management burden of users/groups/roles and
rights pretty easy.
Rob's description is correct, although you'll probably find it easier
to set the
os_authent_prefix=""
and create the users as
create user mydomain/myuser identified externally;
You can make this very easy with the Oracle Admin Assistant for
Windows, which will let you create the users in bulk based on an AD
role, and you can use AD roles to permit/restrict oracle permissions.
Bottom line -- you can do this with the tools Oracle's bundled with
the system, you don't need anything special, and there's very little
management overhead if you play your cards right.
 |  Next  |  Last
Pages: 1 2
Prev: Is there way to do Custom installation of 11gR2?
Next: Recommend SQL Server Book