Database access using LDAP (AD) credentials

I am looking for any information about how to allow users access to a database and underlying applications that rely on DB authentication methods, to be able to access without specifying username/password credentials.
I know that OP$ accounts can be used in which case a user does not need to specify username/password credentials... but last I checked on this I thought there were security concerns related to this and this approach was not generally recommended.
We want users to be able to access databases and applications without login since they have already authenticated to the network using their credentials as authenticated via AD... So my quesrion is...
Is there a way that credentials can be passed from AD/OID using network login credentials of users to allow access to the database and applications? Is there a way to have an Oracle database talk directly to an AD LDAP solution or is it required that you implement OID and SSO?
I hope that makes sense.... Bottom line is we want to not require username/password authentication to every Oracle database application for users. We would like a way to use their AD credentials....
Is this possible?
Or can it only be accomplished with an OID/SSO inplemenetation?
Or is this essentially OPS$ accounts? are there security concerns with ops$ accounts.
Thanks.

This can be achieved by means of an enterprise user.
You may want to read this HowTo Document: How to set up Enterprise User Security.
~ Madrid

Similar Messages

  • Database access using windows authentication

    We are updating our Applications to use single sign on and are running into a problem with database access. We are using CF11 Enterprise and SQL Server 2008 on IIS 7.5.
    We have set up the ColdFusion Application Service to run under an AD service account and have created the data sources in CFAdmin leaving the username and password blank. The data sources verify and all seems good. The problem comes when running a query. The credential passed to the database is the service account and not the windows authenticated user. As such the query fails. What are we missing to get CF to pass the Windows Authenticated user credential instead of the service account?
    Thanks
    Tim

    ColdFusion does not pass user's credentials to the database connections by default, and cannot pass Windows Authentication credentials that way.  It only sends the service account's credentials (if you leave username/password blank as you have done).  The only way to pass user credentials is to put them into the individual query calls themselves, and even then you can't pass Windows Authentication credentials.  You would have to use SQL Server Logins, and create accounts for each user.
    I think most people are using either a dedicated SQL Server login for ColdFusion and run all queries under that account, or they do as you have already done and use Windows Authentication along with the ColdFusion service account.  If you need an audit trail, then pass usernames into the insert/update queries and store them manually along with the other data you are inserting/updating.
    -Carl V.

  • Block database access using toad or other tools

    We have a forms application running on oracle database 10g release 2, with the users created in the application the database can be accessed using the same id's through sql plus or any other tool. We have already restricted sql plus access by product_user_profile. Is there any other way to make sure toad or any other tool can be stopped from accesing the database.
    Thanks
    Eric

    eric_in wrote:
    We have a forms application running on oracle database 10g release 2, with the users created in the application the database can be accessed using the same id's through sql plus or any other tool. We have already restricted sql plus access by product_user_profile. Is there any other way to make sure toad or any other tool can be stopped from accesing the database.
    Thanks
    EricHi Eric
    I've a blog post on this issue. You can look for .exe extentsion of the program which connects to the database
    http://kamranagayev.wordpress.com/2009/10/04/block-developers-from-using-toad-and-other-tools-on-production-databases/

  • Help...create database(access) using java

    i had developed an java application that capture packet using Jpcap but i dont know how to keep the packet captured into database(access).i can save the packet captured in text file but not in database(access).i already had the database conectivity but i don't know how to insert the packet caputred in the table in access, is it using sql statement like INSERT INTO? or else?i realy don't know.can someone help me....?

    i can save the packet captured in to text file but not in database(access).I guess that you wish to get a databse file with your data, not a simple insert sql question.
    1. commercial solution: HXTT Access(http://www.hxtt.com/access.html), which supports create database, create table sql, and batch insert data from any JDBC driver.
    2. free solution: jdbc-odbc bridge and dsn-less jdbc url, you need to prepare a blank mdb file with blank table, then copy that blank mdb file into new mdb file, then repeat insert sql for that new mdb file.

  • Jsp database access using odbc - please help

    Hi friends,
    I�m trying a very simple database access program in jsp data base access using odbc. Odbc has to be used because thin driver or other drivers may not be available in every system of our college and as you know it's not that easy to make changes to those systems. My problem is so simple. I always get an exception in my program.
    My jsp content is as simple as:
    <%@ page import="java.lang.*,java.sql.*,java.io.*,registerbean" %>
    <jsp:useBean id="db" class="registerbean" scope="session"/>
    <%
    String str="insert into reg values('" + db.getName() + "','" + db.getUname() + "','" + db.getPass() + "'," + db.getAge() + ",'" + db.getSex() + "','" + db.getAdd() + "','" + db.getUgcourse() + "','" + db.getUgqual() + "'," + db.getPer() + ",'" + db.getIadd() + "')";
    try
    Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    Connection con=DriverManager.getConnection("jdbc:odbc:yogaesh","scott","tiger");
    Statement stmt=con.createStatement();
    stmt.executeUpdate(str);
    }catch(Exception e1){out.println(str);};
    %>
    the table reg has the structure:
    Name Null? Type
    CNAME VARCHAR2(20)
    UNAME VARCHAR2(20)
    CPSWD VARCHAR2(20)
    CONFPASS VARCHAR2(20)
    CAGE NUMBER
    CSEX VARCHAR2(5)
    CADD VARCHAR2(100)
    COURSE NUMBER
    CQUAL VARCHAR2(10)
    CPER NUMBER
    IADD VARCHAR2(100)
    The registerbean.java file is as below: (This seems to work fine because I tried printing the values using <%= %> tag and it worked out fine and moreover the query string is intact.)
    import java.io.*;
    import java.util.*;
    import java.lang.*;
    public class registerbean
    private String name,uname,pass,cpass,age,sex,add,ugcourse,ugqual,per,iadd,otherugqual,ccode;
    public void setName(String a)
    name=a;
    public void setUname(String a)
    uname=a;
    public void setPass(String a)
    pass=a;
    public void setCpass(String a)
    cpass=a;
    public void setAge(String a)
    age=a;
    public void setSex(String a)
    sex=a;
    public void setAdd(String a)
    add=a;
    public void setOtherugqual(String a)
    otherugqual=a;
    public void setCcode(String a)
    ccode=a;
    public void setUgcourse(String a)
    ugcourse=a;
    public void setUgqual(String a)
    ugqual=a;
    public void setPer(String a)
    per=a;
    public void setIadd(String a)
    iadd=a;
    public String getName()
    return(name);
    public String getUname()
    return(uname);
    public String getPass()
    return(pass);
    public String getCpass()
    return(cpass);
    public String getAge()
    return(age);
    public String getCcode()
    return(ccode);
    public String getSex()
    return(sex);
    public String getAdd()
    return(add);
    public String getUgcourse()
    return(ugcourse);
    public String getUgqual()
    return(ugqual);
    public String getPer()
    return(per);
    public String getIadd()
    return(iadd);
    public String getOtherugqual()
    return(otherugqual);
    I initially thought the problem was with str but then str seems to be perfect and I get a string of the form �insert into reg values('c','c','c',98,'Male','c','B.Tech, Applied Artificial Neural Networks','HSC',9898,'h')� which I verified through a javascript debugger. The session scope used is to get values through the db bean from another jsp file. The problem is in the executeUpdate() line of this code. I even tried changing the updation table, but in vain. What could be done to rectify this? Please help me out and please do remember that I have no option but to use odbc.
    Thanks in advance.
    R. Yogaesh.

    I didn't verify the type of exception and i'm now going to do that, but then when the string is as perfect as needed, what is the need for a prepared statement? What is the basic difference between the two? And basically what is the problem with this piece of code which creates an exception? Please reply as soon as possible.
    Thankyou very much.
    R. Yogaesh.

  • Database access using DAO

    I'm new to Struts and would like to know about accessing database in struts
    using Data Access Object (DAO) pattern.
    It would be better If anybody can point me to any good source on how to write the DAO
    and how to configure the Struts-Config.xml in order to use the DAO pattern,
    Any sample would be better too.
    Any help pretty much appreciated. Thanks in advanced.

    I'm new to Struts and would like to know about
    accessing database in struts
    using Data Access Object (DAO) pattern.
    It would be better If anybody can point me to any
    good source on how to write the DAO
    and how to configure the Struts-Config.xml in order
    to use the DAO pattern,
    Any sample would be better too.
    Any help pretty much appreciated. Thanks in advanced.Hi,
    I am developing a web application with struts and DAO pattern.
    If you study this pattern you will know that it makes connection to database. and there is two way to obtain a connection object from your action class:
    1. througth DriverManageras mention in java tutorial JDBC Basics:
    2. througth Datasource as mention in java 1.3 turorial, chapter 31 "Resource Connections", sections "DataSource Objects and Connection Pools" and "Database Connections". This tutorial show you how to set up Datasource for Sun Java System Application Server Platform througth the j2ee deployment tool.
    in the case of having an different platform from Sun Java System Application Server you must know how to correctly set up the datasource object with your web or ejb container.
    I have chosen the second solution for my webApp. I am using tomcat co-bundle with netbeans 4.0. those ares the configuration files of my web app (according to netbeans 4.0 help context "Setting Up a Tomcat Database Connection Pool"):
    file server.xml
    <Resource name="jdbc/WebForumDB" type="javax.sql.DataSource"/>
    <ResourceParams name="jdbc/WebForumDB">
    <parameter>
    <name>validationQuery</name>
    <value>select * from "PBPUBLIC"."USER_ACCOUNT_TAB"</value>
    </parameter>
    <parameter>
    <name>maxWait</name>
    <value>5000</value>
    </parameter>
    <parameter>
    <name>maxActive</name>
    <value>4</value>
    </parameter>
    <parameter>
    <name>password</name>
    <value>PBPUBLIC</value>
    </parameter>
    <parameter>
    <name>url</name>
    <value>jdbc:pointbase://localhost:9092/WebForumDB</value>
    </parameter>
    <parameter>
    <name>driverClassName</name>
    <value>com.pointbase.jdbc.jdbcUniversalDriver</value>
    </parameter>
    <parameter>
    <name>maxIdle</name>
    <value>2</value>
    </parameter>
    <parameter>
    <name>username</name>
    <value>PBPUBLIC</value>
    </parameter>
    </ResourceParams>
    file context.xml
    <ResourceLink name="jdbc/WebForumDB"
    type="javax.sql.DataSource"
    global="jdbc/WebForumDB"/>
    file web.xml
    <resource-ref>
    <description>Web Forum Database</description>
    <res-ref-name>jdbc/WebForumDB</res-ref-name>
    <res-type>javax.sql.DataSource</res-type>
    <res-auth>Container</res-auth>
    </resource-ref>
    after all configuration work your DAOFactory class should nearly looks like this (my DAO pattern obtain connection througth Datasource object):
    public class PointbaseDAOFactory
    extends DAOFactory {
    private static DataSource ds = null;
    private static String dbJndiName = "java:comp/env/jdbc/WebForumDB";
    /** Creates a new instance of PointbaseDAOFactory */
    public PointbaseDAOFactory(){}
    public static Connection createConnection()
    throws DAOException {
    InitialContext ic = null;
    Connection conn = null;
    try {
    //lookup datasource
    ic = new InitialContext();
    log.info("method: createConnection, lookup dataSource jndi name: " + dbJndiName);
    ds = (DataSource) ic.lookup(dbJndiName);
    if (ds == null){
    throw new DAOException("method: createConnection, null Datasource from jndi lookup");
    // get connection
    conn = ds.getConnection();
    } catch (SQLException e){
    throw new DAOException("method: createConnection, SQLException",e.getMessage());
    } catch (NamingException e){
    throw new DAOException("method: createConnection, NamingException",e.getMessage());
    return conn;
    hope this help you. :-)

  • SO 8 database access using BASIC

    I created a database using StarOffice 8 and I want access it through BASIC. Unfortunately I keep getting the following error:
    Table not found in statement [SELECT ItemDescription FROM Inventory].
    This should work because my SQL query uses the same syntax and it works.
    Here is the code (copied nearly verbatim from the StarOffice BASIC manual):
    Dim DatabaseContext As Object
    Dim DataSource As Object
    Dim Connection As Object
    Dim InteractionHandler as Object
    Dim Statement As Object
    Dim ResultSet As Object
    DatabaseContext=createUnoService("com.sun.star.sdb.DatabaseContext")
    DataSource=DatabaseContext.getByName("TestDatabase")
    If Not DataSource.IsPasswordRequired Then
      Connection=DataSource.GetConnection("","")
    Else
      InteractionHandler=createUnoService("com.sun.star.sdb.InteractionHandler")
      Connection=DataSource.ConnectWithCompletion(InteractionHandler)
    EndIf
    Statement=Connection.createStatement()
    ResultSet=Statement.executeQuery("SELECT ItemDescription FROM Inventory")
    If Not IsNull(ResultSet) Then
      While ResultSet.next
        MsgBoxResultSet.getString(1)
      Wend
    EndIf

    This can be achieved by means of an enterprise user.
    You may want to read this HowTo Document: How to set up Enterprise User Security.
    ~ Madrid

  • Assigning database access using Shared Services

    I need to be able to assign security to a specfic database within an application. We have an application that has two databases. I provisioned the necessary group to the correct application to give them access. However, I only want that group to be able to see one of the two databases. How do assign security using Shared Services to provision access to just that database and not the other.
    Thank you very much for your help.
    Info:
    Version of Shared Services - version 9.3.1

    So I am going to answer my own post just incase anyone else is wondering the answer. I found the information right out of the hyp_security_guide.pdf - Security Administration guide. It states that - In Shared Services, if an Essbase application contains multiple databases, the databases must have the same user security access levels.
    This is just my two cents, but I would think this might be something you would consider adding to Shared Services in future releases.

  • Database access using Entity Beans

    How does it work? In the examples I've seen, there is no SQL statement
    being generated, and I no code establishing the JDBC bridge...
    What am I missing? How do I look up a record in a database using an
    entity bean?
    Thanks!!!
    -Dan

    The Entity Bean remote interface methods access the database.
    InitialContext ic=new InitialContext();
    EntityBHome eh = (EntityBHome)ic.lookup("com.ejb.EntityBHome");
    EntityB entityB=eh.findByPrimaryKey(primarykey pk);
    [email protected] (Dan M) wrote:
    How does it work? In the examples I've seen, there is no SQL statement
    being generated, and I no code establishing the JDBC bridge...
    What am I missing? How do I look up a record in a database using an
    entity bean?
    Thanks!!!
    -Dan

  • Slow DataBase Access using JDK 1.5 and MySQL

    Hi EveryBody,
    I am using Jdk1.5 in my project and mysql 5.0 as my database server.
    The problem is that, to create a connection for the first time it takes upto 20 to 25 seconds.
    when i use the 1.4.2 with the same mysql version it takes only 2 seconds.
    In both the cases i am using the JDBC driver (com.mysql.jdbc.Driver )
    I cannot understand the problem with the jdk1.5,
    so, please help me in resoving this issue.

    I encountered same problem with connecting Oralce.
    It's a bug of JDK1.5.
    You need upgrade JDK1.5 to latest version,or use IP address instead of machine name(such as locahost etc.).
    Message was edited by:
    LucasLee

  • Database access using HTML, JSP, JavaBean, & Access

    I am trying to create an HTML page that a user logs into and can choose to query, add, delete or modify a specified database. I have created the HTML, the JSP, and access database but I can't figure out how to have 4 different JSP pages(one for each option) to get information from one JavaBean. PLEASE HELP

    http://swforum.sun.com/jive/thread.jspa?threadID=53106&tstart=0

  • Database access using servlet MIDlet communication

    Hi all,
    Could anyone please help me?
    I have written a MIDlet connecting to the TOMCAT web server and invokes a Servlet. The Servlet then fetches data (list of names) from MS Sql Server and returns to the MIDlet. Then the MIDlet displays the names in a ChoiceGroup . And MIDlet invokes another servlet to update
    So far everything works well.
    The hard part with this solution is
    1. Servlet has to send the result as delimited strings (with :)
    2. The midlet has to parse the servlet data and extracts the values. this all done through the code only. no routines i used
    3. the url has to have %20 for space otherwise the Connector.open(url) method throws error.
    Can anyone suggest better solutions for this. perhaps easy?
    Regards,
    //Selva

    Ok, so this is the code i use in the MIDlet to post the two parameters, but i can't get them in the servlet. What's wrong?
    HttpConnection c=(HttpConnection)Connector.open(serverURL);
    System.out.println("Connecting");
    c.setRequestMethod(HttpConnection.POST);
    c.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    dos=c.openDataOutputStream();
    dos.writeUTF("user=" + userName);
    dos.writeUTF("&password=" + password);
    dos.writeUTF("\r\n");
    dos.flush();

  • SQL - Database access using Oracle.connect(getCLass(), "connect.properties")..IM LOST

    Hi,
    I use Oracle.connect(getClass(),"connect.properties") before all of my #sql statements. If there are a bunch of methods with #sql statements, I use the connection method. I think this is my problem and Id like some feedback from other people.
    1) Should i be using an Oracle.connect statement before every #sql?
    2) If so, does it create new connections all the time or does it just know there is a current connection so it doesnt keep adding new connections?
    3) Is there a way to get one connection and then test to see if there is a connection so that i dont keep getting new connections?
    4) Do I have to close the connections? I tried Oracle.close(); but got some wierd errors. I read somewhere that If autocommit is true, you dont have to close jdbc connections.
    Thanks for your time and I appreciate any feedback that anyone has to offer.

    Hi Adam,
    Please find the answers inline.
    I use Oracle.connect(getClass(),"connect.properties") before all of my #sql statements. If there are a bunch of methods with #sql statements, I use the connection method. I think this is my problem and Id like some feedback from other people.
    1) Should i be using an Oracle.connect statement before every #sql?No, you don't have to call this each time, just call this once to intialize your DefaultContext and from then on, whenever
    #sql is used, it would fetch the connection from the DefaultContext.
    2) If so, does it create new connections all the time or does it just know there is a current connection so it doesnt keep adding new connections?No, it doesn't create connections each time.
    3) Is there a way to get one connection and then test to see if there is a connection so that i dont keep getting new connections?There would be only one connection
    4) Do I have to close the connections? I tried Oracle.close(); but got some wierd errors. I read somewhere that If autocommit is true, you dont have to close jdbc connections.The connection has to be closed explicitly using Oracle.close();
    For samples on using connect.properties refer to,
    http://otn.oracle.com/sample_code/tech/java/sqlj_jdbc/files/9i_sqlj/9i_sqlj.html#BatchingAndREFCursorSample
    Regards
    Elango.

  • ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

    Hi All,
    I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
    The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
    There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
    The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
    I can only do an all or nothing scenario.
    It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
    Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
    Scenario 2 would be an ideal longer term solution.
    Any thoughts, ideas or assitance would be greatly appreciated.
    Cheers

    This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
    assert(function()
       if ( (type(aaa.ldap.distinguishedName) == "string") and
            (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
    then
           return true
       end
       return false
    end)()
    from the debug dap you can see what Users relates to;
    DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
    My admin account fails to get me in to the same profile:
    DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
    Thanks
    Andrew

  • Filter on the reports created using DIRECT DATABASE ACCESS in obiee 10g

    How do i filter on the report that is created by using DIRECT DATABASE ACCESS in obiee 10g?
    I have reprot A with link to report B, report B is created using DIRECT DATABASE ACCESS. so it is just a table, but i need to filter out 2 columns.
    here is the query in REPORT B:
    select strm, acad_group, crse_id, class_section, count(emplid) from v_crse_enrl
    group by crse_id, strm, class_section, acad_group;
    the link in REPORT A:
    '<a target="_blank" href="'||VALUEOF("bi_link")||'Go&Path=CF_CROSS_TEACHING_LIST&ACTION=Navigate&col1=STRM&val1='||view1_DIMEN.STRM||'&col2=CLASS_SECTION&val2='||TRIM(view1_DIMEN.CLASS_SECTION)||'">' ||view1_dimen.class_id||'</a>'
    from this link to report B.
    thank you!!

    I didnt tested using url, but the same works with using presentation variables.
    To your direct sql add where clause for those two columns like WHERE col='@{col1}' and col ='@{col2}'
    and try to run from url.
    let me know updates

Maybe you are looking for

  • Help my ibook freezes when I connect usb devices

    Hi there I have had problems for weeks when I attached usb devices to my ibook. I have a usb (MAC approved) headset which caused the ibook to freeze when I connect it before or after startup. I also have a usb modem for a broadband connection which c

  • ALE IDOC change pointers - Msgtype CLFMAS

    When making a change to a material class of a material a change pointer is created (as expected) for message class CLFMAS. In the IDOc segment E1OCLFM of CLFMAS, OBTAB = ESTVA (instead of MARA as expected). Where does this config take place?

  • Add to existing network?

    The wireless network in my house runs through my wife's PC. Since she works from home, she is very protective of her internet hookup, so no way to switch to an airport through my iMac. But, can I use an airport express as a part of my existing networ

  • Oracle9i Update Character set Problem

    I have a problem when I change the Oracle9I DB character set by update sys.props$ table to "AR8MSWIN1256" OR TO "UTF8"; The problem appears when I tried to create any DB trigger, the system appear this message : "PLS-00553: character set name is not

  • 2 clips on opening menu

    I need to produce a DVD opening menu in iDVD on which it will have an option to play either one of two different films. (Button A plays film 1 and button 2 plays film 2). Can I just drop these two files onto the menu page to do this or do I need to h