Integrate Oracle Apps R12 with Microsoft Active Directory

Similar Messages

• Portal Integration with Microsoft Active Directory

  We are working on a project to integrate Oracle9iAS Portal with Microsoft Active Directory. I am wondering if anyone has any experience with this and hence suggestions. Particularly, I'm wondering if its possible and how to use Active Directory to manage the Portal user accounts and group relationships?

  Please note that we finally got this working. For Active Directories sake, I would suggest using userPrincipalName or sAMAccountName as the Unique Attribute. Also, note that Active Directory uses OUs for organization, not CNs, so the search base should be either just the DN of the domain or an OU in the domain. Also, be sure to specify the full DN of the Bind DN as in CN=Administrator,CN=Users,DN=domain,DN=com

• Integrate Oracle EBS R12 with third party Fax

  Hi,
  We are trying to integrate Oracle EBS R12 with third party Fax. Can anyone share any documents stating the high level solution approach for this kind of integrations?
  Please send me any docs on --> [email protected]
  Thanks
  Suman

  Can you pl elaborate on why you need 3rd party fax ? Can you not use XML Publisher ? See Chapter 7 of the XML Publisher Admin Guide http://download.oracle.com/docs/cd/B40089_10/current/acrobat/120xdoig.pdf
  HTH
  Srini

• Deploying Oracle Password filter for Microsoft Active Directory.

  We created the Oracle Wallet w/ Self-Signed Certificate. When we setup the Oracle Password filter for Microsoft Active Directory from LDAP server. We are getting the error. Certificate is not valid.
  Is this OK or Can we get the success message.

  You can't ignore it. A valid certificate is important to make it work.
  --olaf                                                                                                                                                                               

• Problem with Oracle external procedures and Microsoft Active Directory

  Hi,
  Our server was recently updated to use Microsoft Active Directory. However, we noticed that all external procedure calls keeps on failing with ORA-28575: unable to open RPC connection external procedure agent. Everything was working fine before we migrated to Active Directory which is why we can say that the listener is configured correctly.
  Any idea on how we can make extproc calls with Active Directory?
  thanks.

  Michael,
  Oracle Forms does support Single Sign-On (SSO). Take a look at Oracle Containers for J2EE Security Guide: OC4J Java Single Sing-On. Also take a look at the Oracle Forms 10g Sample Code and scroll to the SSO demo under the Forms Services Demo section. There are also, numerous other documents available via Google. ;-)
  Craig B-)
  If someone's response is helpful or correct, please mark it accordingly.

• How to install the Oracle Apps R12 with an existing OAS 10g

  Hi All,
  I am planning to install the Oracle Apps R12 and I already downloaded the media-pack from edelivery.oracle.com.
  But I am not sure how to do it because I have tree-tier architecteur at home :
  One computer with LINUX OS (OEL 5.5) which hold the Oracle Database 11gR2 -- Database tier
  One computer with LINUX OS (OEL 5.5) which hold the Oracle Application Server 10g ver 10.2.0 (infra and middle) -- Midel-tier
  One computer with XP OS -- Client tier
  Could any one explain me how to install it?
  Regards,

  But I am not sure how to do it because I have tree-tier architecteur at home :
  One computer with LINUX OS (OEL 5.5) which hold the Oracle Database 11gR2 -- Database tier
  One computer with LINUX OS (OEL 5.5) which hold the Oracle Application Server 10g ver 10.2.0 (infra and middle) -- Midel-tier
  One computer with XP OS -- Client tier The above is two tier architecture (not three tier) as the client tier is not considered as a tier in Oracle Apps installation.
  Could any one explain me how to install it?Do you already have a Database and Oracle AS10g installed? Please elaborate more.
  Oracle Apps R12 comes with 11gR1 database, and to do multi-node installation please refer to these threads.
  R12 Multinode installation
  Re: R12 Multinode installation
  Install oracle EBS R12 on 2 machines
  Install oracle EBS R12 on 2 machines
  To upgrade the database later to 11gR2, please refer to:
  11gR2 11.2.0.2 Database Certified with E-Business Suite
  http://blogs.oracle.com/stevenChan/2010/11/db_11gr2_11202_ebs.html
  Thanks,
  Hussein

• Oracle Database Authentication against Microsoft Active Directory

  Hello
  Does anyone know if it is possible or can point me in the right direction of some documentation that discuss Oracle database user authentication against and Enterprise Directory Service, in my cases MS AD?
  My environment consists of Oracle RDBMS 10.2.0.3 on Linux Red Hat AS 4. Our users connect in from Window clients. I would like to know if there is a way to autheticate users from Windows to the database using LDAP based (AD) authentication. In oters words how do I configure authentication to be done for "identified globally accounts"? I know that the identified by globally accounts require the use of the CN which I have done, but it seems like there is some piece missing. Perhaps an Oracle schema or modification to Active Directory??
  So my questions are
  1. Is it possible to authenticate users against AD without the implementation of OID?
  2. Is there documentation someone has or can point me to that outlines the required steps?
  3. Anything I should know?
  I appreciate any help. The documentation I have found so far doesn't seem to be what I need... So I am looking for some advice.
  Thanks.

  Sure, two methods to auth from Oracle DB to MSAD:
  OID and OVD
  I am working on our own proof of concept configuring EUS connect to OVD with an MSAD as auth at the moment. OVD basically is presenting the database with OracleSchema and OracleContext info. And when you connect via netca (ldap.ora), you assign it as OID directory authentication type.
  Here's an OVD manual on Integrating with EUS (chapter 7 is for MSAD)http://www.oracle.com/technology/products/id_mgmt/ovds/pdf/e10286.pdf
  And this would be what the EUS config should look like:
  http://www.oracle.com/technology/deploy/security/database-security/howtos/eus-how-to.html
  If you've done everything in the first doc...
  Hope this answers your questions.

• ODI Integration With Microsoft Active Directory to bring User id to Table

  Hi All,
  I have to bring the USER Id of  Employees from the Microsoft Active Directory based on the Mai id of the user.
  I have a table like below:
  User_name
  Mail_id
  Vishwas
  [email protected]
  John
  [email protected]
  Depak
  [email protected]
  I need to bring the User id of that employees from Active Directory and load it to another table
  Now the Issues is What are the Things i have to perform in ODI to do this:
  I have gone through some of the Blogs for the same but every where i found using ODI for External Authentication.
  Can i get the User Ids in a relational tables so that i can join it with above table and load it to target ?
  Please let me know if any body have the solution for it
  Thanks
  Regards

  I think you can user ldap driver to read entries from your ldap server. Please check the documentation at LDAP Directories - 11g Release 1 (11.1.1)

• SSO (single sign on) on NetWeaver 7.0 Enterprise Portal based on spnego with Microsoft Active Directory

  Hi,
  we are using SAP Netweaver Enterprise Portal 7.0 (SP25) based on Windows 2008 R2/Oracle 11g.
  When we setup the Portal, we used the UME of the ECC - ABAP.
  The portal is used internally only.
  Now we want to provide SSO.
  User authenticate against Windows Active Directory (Windows 2003).
  We thought SSO via spnego would be the best solution.
  Any better alternates, we should use?
  We are following the SAP documentation:
  SAP-Bibliothek - Benutzerauthentifizierung und Single Sign-On
  We still want to create users in ABAP and assign them the portal roles. LDAP access should only have read access, to verify the security token from Active Directory.
  When we setup the portal from scratch using ABAP as its UME, in the system configuration, LDAP can't be selected/add as data source.
  In case we understand the documentation correctly, we would now need to add LDAP via the configtool for read access.
  What is not clear to us, when we active now LDAP via config tool, if we would now lose the ABAP connection.
  Is there a tutorial for SSO Netweaver 7.0 EP, like for EP 7.3, available?
  In 7.3 SSO is pretty simple to get it running, thanks to the many tutorials here and on the internet.
  Thanks for your help.
  Best regards
  Carlos Behlau

  Hi,
  I was able to generate the key via ktab program.
  But when I am enable SSO, nothing is happening when I try to log-on via SSO to the portal.
  I installed WebDiag tool on the portal server and ran trace.
  The users are located in domain: company.com of activate directory.
  The Java AS are located in domain: sap.company.com of activate directory.
  The sap.company.com domain acts as child of company.com.
  When I check the WebDiag trace, I see for the SPNegoLoginModule - the entry "... no key (etype: 23) for realm sap.company.com available ..."
  I would except company.com as realm key, as the keytabs have been generated on the domain controller of company.com.
  Is it possible to get SSO with child domain running?
  Based on the statement of the network folks, child and father domain having a trust.
  Thanks for your help.
  Best regards
  Carlos

• ACS Integration with Microsoft Active Directory Services

  Hello Everyone,
  I've been tasked to design the integration of ACS with MS AD. What I want to know is the below assuming I have a software ACS or a ACS device and the protocol for authentication is Radius
  - What is the criteria for the AD to integrate with ACS software of appliance
  - Should that AD be hosted on the domain controller or not?
  - If not, on what (Domain Controller, Tree, Forest, Branch, Flower, Fruit  ) should the AD be hosted on?
  - What will I have to do to authenticate users logging into Cisco Security Manager with ACS integrated with AD?
  - Are there any other dependencies that I will have to categorically mention in my design document?
  Thanks,
  Rishi

  In ACS v5.x, there is a screen for integrating the ACS with AD. 
       (Users and Identity Stores > External Identity Stores > Active Directory)
  Just enter the local domain name (domain.com) and a valid AD administrator account username and password, and the ACS will connect to the domain.  This allows you to use existing AD credentials to login and administer your network devices. 
  Tying the ACS to AD really only takes one screen and less than a minute, but you will still have to tell the ACS which AD groups get which permissions (for example, read-only or read-write access), and you will have to setup a search sequence (Users and Identity Stores > Identity Store Sequences) to tell ACS to first look at AD for credentials, then check the local ACS user database for valid accounts.  The permissions part is still fairly quick, and it only takes me about 45 minutes to build an ACS from scratch including all AD integration and custom RADIUS attributes for some of our devices. 
  The authentication would occur like this:
  User SSH/telnet/console to device
  Device contacts ACS using TACACS or RADIUS
  User receives login prompt and enters AD credentials
  Devices sends credentials to ACS
  ACS validates credentials in AD
  ACS sends authentication OK message to Device
  Device logs user in.
  Command Authorization looks something like this:
  User enters a command
  Device sends command authorization request to ACS
  ACS looks at which AD group the user belongs to and looks up permissions configured in ACS for that group
  Based on the permissions you have assigned, ACS either sends an allow or deny message to the Device
  Device allows or denies the user command.
  Criteria:  We use an ACS 5.2 virtual machine and have had it work perfectly with Server 2003 and Server 2008.
  AD is hosted on our local domain controller (Bonus:  no planting of flowers required!)
  Dependencies: 
  Issue:  The Device looks to ACS.  ACS looks to AD.  If AD fails, users cannot use their AD credentials to login.
            Device ---> ACS ---> AD
  Solution:  Configure the Device to look at ACS first, then a local table if ACS is not available.  Also, configure the ACS to look at AD first, then a local ACS account list if AD is not available.  (You can configure local user accounts on the Device and in the ACS) 
            Device ---> ACS ---> AD
            Device ---> ACS ---> AD ---> ACS local
            Device ---> ACS ---> AD ---> ACS local ---> Device local
  The new version of Cisco ACS is UNIX-based, and you can download a free trial to load up and try before you buy.  It is far FAR superior to the old ACS v3.3 that we had for years.
  I hope this helps for your design document!
  --Chris

• Integration of oracle apps R12 with thirdy party mobile application

  Hi All,
  Any can help how to integrate third party mobile application with our R12 apps..
  please share any documents on it .

  Hi;
  Please check Steven Chan blog
  https://blogs.oracle.com/stevenChan/entry/mobile_devices_ebs
  Regard
  Helios

• Scan IP confusion while implementing ORACLE apps R12 with 11gR2

  Hi All,
  We are planning to implement a R12 apps with 11.2.0.3.
  As i know that when we install oracle 11gR2.scan listener and scan vip got created in GRID_HOME. The scan listener comes with default port.
  As R12 by default comes with 11.1.0.7. As per oracle note ID-823587.1
  We need to follow the below steps.
  srvctl add listener -l listener_ebs -o <11gR2 ORACLE_HOME> -p <EBS Database port>
  srvctl setenv listener -l listener_ebs -T TNS_ADMIN= $TNS_ADMIN
  srvctl add scan_listener -l listener_scan -p 1521
  My question is Do i need to configure TNSNAMES.ora? Entry of tnsnames.ora contains scan-vip or virtual vip.
  What should be tha value of remote listener and local listener.
  Please help.
  Thanks and Regards

  My question is Do i need to configure TNSNAMES.ora? Entry of tnsnames.ora contains scan-vip or virtual vip.See "3.7.1 Steps to Perform On All Oracle RAC Nodes" in the same doc.
  What should be tha value of remote listener and local listener.See (Appendix D : Enabling/Disabling SCAN Listener Support in Autoconfig) in the same doc.
  Thanks,
  Hussein

• HTML DB with Microsoft Active Directory access

  HTML DB Authentication works fine, but autherization gives the following error. We hope someone has similar experience in this forum. The following error we got after we added password to the is_member function. If use NULL for password it always gives No autherization to page error.
  Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid
  credentials. 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext
  error, data 525, vece
  Exception encountered .. exiting

  Thanks Scott, We got answers from your earlier discussion on following threads.. We are posting the points in your discussion again and it may help others..
  LDAP Setup - How ?
  Let's focus on authentication first. I assume you have a login page in the app. Create a new authentication scheme based on the LDAP model (follow the wizard.) Edit the scheme, changing the authentication function from -LDAP- to: return function_name;, giving the name of a function in your schema which does the ldap authentication. This function must have the signature(p_username in varchar2, p_password in varchar2) return boolean. Null out any other ldap-related fields in this new authentication scheme and make sure it points to the login page in your app for the Invalid Session Page attribute. Save changes and then make this the current scheme. Your login page is already set up to call the HTML DB login API and because your authentication scheme specifies an authentication function, that's what it will use to check credentials when the login page which captured username and password is submitted. If the credentials check out, the login API will redirect to the page specified in the login pages login process' p_flow_page argument, e.g., p_flow_page=>&APP_ID.:1, for page 1. Change this page ID as required.
  Authorization schemes are simpler. They will probably be of type PL/SQL function returning boolean which will use the current value of :APP_USER to consult the LDAP directory for specific information. After creating the schemes, you can attach them to whatever components you need to, e.g., regions, buttons, processes.
  function userInGroup(p_username in varchar2,p_group in varchar2)
  return boolean
  as
  l_retval PLS_INTEGER := -1;
  l_session DBMS_LDAP.session;
  l_attrs DBMS_LDAP.string_collection;
  l_message DBMS_LDAP.message;
  l_entry DBMS_LDAP.message;
  l_attr_name VARCHAR2(256);
  l_ber_element DBMS_LDAP.ber_element;
  l_vals DBMS_LDAP.string_collection;
  l_found boolean := false;
  begin
  DBMS_LDAP.use_exception := false;
  --connect to LDAP and authenticate
  l_session := DBMS_LDAP.init(hostname => g_host,
  portnum => g_port);
  l_retval := DBMS_LDAP.simple_bind_s(ld => l_session,
  dn => g_ldap_user,
  passwd => g_ldap_pwd);
  --Get Group Membership
  l_attrs(1) := 'memberOf';
  l_retval := DBMS_LDAP.search_s(ld => l_session,
  base => g_ldap_user_base,
  scope => DBMS_LDAP.SCOPE_SUBTREE,
  filter => 'cn='||p_username||'*',
  attrs => l_attrs,
  attronly => 0,
  res => l_message);
  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
  -- Get all the entries returned by our search.
  l_entry := DBMS_LDAP.first_entry(ld => l_session,
  msg => l_message);
  l_attr_name := DBMS_LDAP.first_attribute(ld => l_session,
  ldapentry => l_entry,
  ber_elem => l_ber_element);
  l_vals := DBMS_LDAP.get_values (ld => l_session,
  ldapentry => l_entry,
  attr => l_attr_name);
  << values_loop >>
  FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
  if l_vals(i) like '%'||p_group||'%' then
  l_found := true;
  exit; --exit if found
  end if;
  END LOOP values_loop;
  END IF;
  --must unbind from LDAP
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  if l_found then
  return true;
  else
  return false;
  end if;
  exception
  when others then
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  return false;
  end userInGroup;

• OracleApps HRMS-R12.1.3 Integration with MS Active Directory (win 2008 R2)

  Dear Friends,
  we are using Oracle Apps R12.1.3 and the Microsoft Active Directory : Windows 2008 R2
  we have the following requirement:
  (1)From Oracle Apps to Active Directory.
  -Employee master information needs to be interfaced to Active Directory on a regular interval which should be updated in the active directory.
  (2)From Active Directory to Oracle system.
  -Whenever new email address for an employee is created in Active directory, the information needs to flow to Oracle HRMS.
  Please let us know the method to achieve with minimal latest oracle softwares?
  can it be done over coding from oracle apps without new softwares?
  Is Oracle Apps R12.1.3 certified with Windows 2008 R2 Active Directory?
  Regards,
  DB

  user564706 wrote:
  Dear Friends,
  we are using Oracle Apps R12.1.3 and the Microsoft Active Directory : Windows 2008 R2
  we have the following requirement:
  (1)From Oracle Apps to Active Directory.
  -Employee master information needs to be interfaced to Active Directory on a regular interval which should be updated in the active directory.
  (2)From Active Directory to Oracle system.
  -Whenever new email address for an employee is created in Active directory, the information needs to flow to Oracle HRMS.
  Please let us know the method to achieve with minimal latest oracle softwares?
  can it be done over coding from oracle apps without new softwares?
  Is Oracle Apps R12.1.3 certified with Windows 2008 R2 Active Directory?
  Regards,
  DBPlease update your original thread(s) instead of creating new one(s) -- Integrate Oracle Apps R12 with Microsoft Active Directory
  Thanks,
  Hussein

• Integrate ODSEE 11.1.1.5 with Oracle Apps R12

  Hi All,
  I want to Integrate Oracle Apps R12.1.3 with ODSEE 11.1.1.5, can you provide some detail setup for this integration.
  e.g:- what Oracle Fusion components need to be installed and if any document available for this integration.
  Thanks
  HS

  Hi OrAC
  I want to know can we upgrade database to 11.2.0.2 from version 11.2.0.1 in apps 11i env?Yes
  In technote *Oracle Applications Release 11i with Oracle 11g Release 2 [ID 881505.1]* its mentioned:
  This note is the master document describing the use of Oracle E-Business Suite Release 11i with Oracle Database 11g Release 2 (11.2.0.x), where x denotes the patch set level (currently 1).*
  From this i understand in future if oracle release any patchset on the base release 11.2.0.1, then by default its certified. Correct
  Regard
  Helios