RE: How to setup LDAP

From: <krish.hariharan_at_quasardb.com>
Date: Mon, 14 Jan 2008 10:41:09 -0700
Message-ID: <001501c856d4$a767c3b0$6401a8c0@BHAIRAVIPC01>

Oracle OID has the identity management framework and that had two parts the database naming (tnsnames/onames functionality) and the external/global user administration and authentication functionality. When I converted/complemented ONAMES with OID I found from Oracle Sales and Metalink that the database naming partition of OID was free since Oracle 10g treats ONAMES as "He who shall not be named", pun not intended. The user administration and global authentication portion WAS NOT FREE.

The database naming (tnsnames functionality) can be done with sqlnet.ora directory path including LDAP and an ldap.ora or using DNS entries that advertise a well known ldap host.

You should clarify with your account representative on the use of the OID identity management framework for external/global user administration since that part is a separately licensed ($$) component. I believe this is mentioned in Rich's and Jared's responses.

I haven't been following the entire thread, but I also found out that in 10g the distribution of OID coming through the RBDMS install is not production and one through IAS app distribution is. I discovered that when I was looking for the onamesproxy which we tested in 9.2 OID and not available in 10g OID.

Please feel free to correct if your experience and information is current and different.

Regards,

-Krish

Krish Hariharan

President/Executive Architect, Quasar Database Technologies, LLC

(303) 808-5172

http://www.linkedin.com/in/quasardb

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Mayen.Shah_at_lazard.com
Sent: Monday, January 14, 2008 9:53 AM
To: Jared Still
Cc: oracle-l_at_freelists.org
Subject: Re: How to setup LDAP

Hi Jared and all,

We want to use local tnsnames and use LDAP for user authentication only. As always money is an issue here so I am not a liberty to consider solution that requires additional money.

Here is what I did.

update sqlnet.ora on database server

NAMES.DIRECTORY_PATH= (TNSNAMES,LDAP) On database :

create user LDAPTEST identified globally as 'CN=LDAPTEST,ou=Service Accounts,ou=Users,ou=Administrative,ou=.Lazard,dc=lazard,dc=com';

Specification sting was given to me by LDAP admin.

I am sure I need to do more then this as above is not working.

I apologize for my lack of knowledge in this matter and really appreciate help from you all.

Regards
Mayen

"Jared Still" <jkstill_at_gmail.com>

Jan 11 2008 07:00 PM

Mayen Shah/ITS/Lazard_at_Lazard NYC

oracle-l_at_freelists.org

Subject

Re: How to setup LDAP

Our management has decided to have all authentication done through
(existing) LDAP. Please forgive my ignorance, but I do not have any idea how
to set/test in test environment.

If it is just for database authentication, it's a simple entry in sqlnet.ora.

Most of search directs me to OID. I am not sure I need to use OID. Do we need license to use LDAP?

You can use OID for database authentication without any extra licensing fees.

See the Oracle Software Investment Guide for details.
(sorry, you'll have to google for that yourself)

-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist 



--
http://www.freelists.org/webpage/oracle-l

Received on Mon Jan 14 2008 - 11:41:09 CST

This message: [ Message body ]
Next message: Dan Norris: "Re: How to setup LDAP"
Previous message: Dan Norris: "Re: Permissions question"
In reply to: Mayen.Shah_at_lazard.com: "Re: How to setup LDAP"
Next in thread: rajendra.pande_at_ubs.com: "Re: How to setup LDAP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message