From: kkausu on 10 Jun 2010 09:50 Hi, I want that users can login to Oracle 10g without creating account in Oracle. I have to install a new server and want that my users can login using their AD-Accounts. I have Windows Server 2008 and dont wont to change the scheme if posible. I found only old pdf´s which describes how to use IDM. But I´m looking for a simple solution using ldap, if posible. Please help kkausu
From: Michel Cadot on 10 Jun 2010 11:10 "kkausu" <kkausu(a)googlemail.com> a �crit dans le message de news: d4408f47-991b-48fe-a1b0-575b7423994f(a)q12g2000yqj.googlegroups.com... Hi, I want that users can login to Oracle 10g without creating account in Oracle. I have to install a new server and want that my users can login using their AD-Accounts. I have Windows Server 2008 and dont wont to change the scheme if posible. I found only old pdf�s which describes how to use IDM. But I�m looking for a simple solution using ldap, if posible. Please help kkausu ---------------------------------- You have to go through OVD (Oracle Virtual Directory) to interface with ldap and this ldap must contain Oracle extensions (tree). Regards Michel
From: Rob Burton on 11 Jun 2010 04:38 On Jun 10, 2:50 pm, kkausu <kka...(a)googlemail.com> wrote: > Hi, > > I want that users can login to Oracle 10g without creating account in > Oracle. I have to install a new server and want that my users can > login using their AD-Accounts. I have Windows Server 2008 and dont > wont to change the scheme if posible. > > I found only old pdf´s which describes how to use IDM. But I´m looking > for a simple solution using ldap, if posible. > > Please help > > kkausu kkausu, depending on what exactly that you want. If your client and server have SQLNET.AUTHENTICATION_SERVICES= (NTS) set in the sqlnet.ora and os_authent_prefix=ops$ in the database (You don't need this prefix) Then for domain user domain\kkausu - creating the DB user - > create user ops$domain\kkausu identified externally; - will let that user connect to the database using their domain authentication - sqlplus ops $domain\kkausu(a)DB will authenticate externally to let you in. This doesn't quite sound like what you want to do but is a good method to authenticate users in a Windows environment. Rob..
From: kkausu on 11 Jun 2010 07:42 Hi Rob, I work in a school. In the last years we created usersaccounts for the students in our Oracle DB. Now we have a Active Directory (Windows Server 2008) and a Oracle Server on a Windows 2008 Server. I don't want to create account in AD and Oracle. Is there a easy way to configure Oracle to use the AD for authentication? Some software-products can use LDAP or RADIUS to authenticate a user on AD before access the software. I read some documents about oracle SSO, OVD and OIM but I think I don't need this big products?! In postgres for example you to configure a few lines. I don't wont to administrate the user in 2 directorys (AD and oracle). The user should login in oracle and oracle should ask the AD - ready. Is this posible??? Thanks kati
From: BicycleRepairman on 11 Jun 2010 10:58 On Jun 11, 7:42 am, kkausu <kka...(a)googlemail.com> wrote: > Hi Rob, > > I work in a school. In the last years we created usersaccounts for the > students in our Oracle DB. > Now we have a Active Directory (Windows Server 2008) and a Oracle > Server on a Windows 2008 Server. > I don't want to create account in AD and Oracle. Is there a easy way > to configure Oracle to use the AD for authentication? > Some software-products can use LDAP or RADIUS to authenticate a user > on AD before access the software. > > I read some documents about oracle SSO, OVD and OIM but I think I > don't need this big products?! In postgres for example you to > configure a few lines. > > I don't wont to administrate the user in 2 directorys (AD and oracle). > The user should login in oracle and oracle should ask the AD - ready. > > Is this posible??? > > Thanks > kati You can't (easily) get rid of the requirement to have a user account in oracle to which the user logs in, but you can use Windows native authentication to make the management burden of users/groups/roles and rights pretty easy. Rob's description is correct, although you'll probably find it easier to set the os_authent_prefix="" and create the users as create user mydomain/myuser identified externally; You can make this very easy with the Oracle Admin Assistant for Windows, which will let you create the users in bulk based on an AD role, and you can use AD roles to permit/restrict oracle permissions. Bottom line -- you can do this with the tools Oracle's bundled with the system, you don't need anything special, and there's very little management overhead if you play your cards right.
|
Next
|
Last
Pages: 1 2 Prev: Is there way to do Custom installation of 11gR2? Next: Recommend SQL Server Book |