LDAP and OID

FYI: I am new to Oracle (<1 month), and new to APEX (<3 weeks) so forgive me if I am asking the obvious.
I would like to have APEX authenticate against LDAP (active directory), and went about trying to set that up. Got all AD settings from our sys admin, and then tried them in the LDAP test tool. I kept getting " Authentication failed!" no matter what I did. Due to the detailed nature of that error message, I started trying to track down every possible avenue so I talked to one of our DBA's about DBMS_LDAP.SIMPLE_BIND_S. The answer I got back was that we don't have access to it because it is part of OIN which we would have to pay outrageous amounts of money for if we wanted to use it. Not likely to happen, so I was hoping that there was another way to authenticate APEX via LDAP.
Any suggestions would be most helpful.

John - DBMS_LDAP is not part of OID so you can use it as part of your existing database product installation. Search this forum for LDAP and AD and you'll find lots of discussions about what you are trying to do.
Also, just to clarify, you're not trying to authenticate Application Express using AD, you'll be authenticating users to your application (essentially a PL/SQL application in the database) using account information stored in AD. The authentication code that gets executed will belong to your application.
Scott

Similar Messages

Developer6i Net8 client and OID/LDAP

Is it possible to get the Net8 client that comes with Devloper 6i to be able to speak LDAP to OID? Even though it has the 'i' suffix, it does not seem to have the 'internet' capabilties that could be used with OID? Is there a patch or an upgrade?
I tried to install the Oracle8i r2 and r3 client software to get the Net8 with ldap functionality, but it said I cannot install into an older Oracle_HOME.
Any insight would be appreciated.
Also please respond to this link below if you an input on this issue.
"What is the benefit in using OID for names resolution?" @ http://technet.oracle.com:89/ubb/Forum60/HTML/000231.html

So you are telling me that the Net8 client version 8.0.6.0.0 that comes with Oracle Forms and Reports 6i is capable of using OID or any other LDAP directory service instead of tnsnames.ora or Oracle Names, to do name lookups?
Can you please email and tell me how?
BTW, I have both OID and IPlanet setup for name resolution, and it works fine with the Net8 client off of the Oracle 8i r3 CD.
;-)

OAS and LDAP or OAS and OID ???

1) Is OAS and LDAP a good combination or OAS and OID ???
how do we connect and make use of LDAP from OAS?
please let me know
thanks in advance

Get hold of Whitepaper 774783.1 LDAP Integration for Oracle Utilities Application Framework based products from My Support

Setting up ldap and enabling sso for disussion service

How to do setup of discussion service site so that user base of the discussion site uses an external ldap like OID? It was very easy with Jive(on which oracle's version si based). It was done at the time of installation.
I thought of using system properties that were defined for jive and using the same for oracle's disussion service but not sure what values I can provide for UserManager and GroupManager. I tried giving the same values as that we used in Jive but after restarting the WLS_Services the login function was not working at all. Is there a document that helps in doing this setup.
Also, do we have a document on how to enable SSO with discussion services site?
-Pratap

I figured out how to do ldap settings for discussions. It is the same approach as that of jive. Go to C:\OracleMiddlewareHome\user_projects\domains\base_domain\config\fmwconfig\servers\WLS_Services\owc_discussions_11.1.1.2.0 and edit the jiveStartup.xml. Change to contain <setup>true</setup> to <setup>false</setup> . And log in to discussion site using the http://localhost:8890/owc_discussions. This will let you go through setup process where we can give the ldap settings.
Can someone please help us in working with SSO?
-Pratap

OIM User Creation Error After OIM and OID Intregation

Hi,
I am new in oim and i am getting popup error message for user creation from OIM application after oim and oid intregation through libovd.
Error message : LDAP create event failed : orclguid attribute has duplicate value.
please guide me for resolving error.
Thanks & Regards,
Rajeev

Hi,
Thanks for reply...i checked1307549.1 in metalink, In that link they are telling us to modify some tables in the data base.i have some question regarding the following steps please help.
=== ODM Solution / Action Plan ===
1. Use the following query to find fields with "plain text" values:
select svr.svr_name, spd.spd_field_name, svp.svp_key, svp_field_value
from svp
inner join spd on spd.spd_key = svp.spd_key
inner join svr on svr.svr_key = svp.svr_key
2. Set these plain text values to null after making backup of table.
*(kashyap:: Which fields values we have to change)*
3. Edit the Directory Server to re-set values.
*(kashyap:: could you please explain this)*
Expected error at this stage:
-- no "System Error call admin...", but that makes sense since the values in question pertained directly to the Directory Server --

DIP synchronization from Domino LDAP to OID

Hi,
has anyone tried using DIP to synchronize users and groups from Lotus Domino LDAP to OID?
There is a connector available with OIM, but since I don't need provisioning was hoping to get away without extra OIM infrastructure. (I will use OIM if I have to).
My attempts are still in the early stage, and wanted to make sure I was going down the right road.
Using 10.1.4.3 OID, creating an import connector using the import openLDAP template.
Looks like I can get the mapping down and a manual bootstrap does work.
1) Can I adapt elements of the OIM adapter to work within the DIP connector?
2) Domino seems to store groups at the root DSE. The DIP connector does not accept empty or "" as a source domain to search for the groups. It needs that the source groups be stored in a container. Anyone run into this type of thing? Is there something to enter into the DIP connector config that will allow using the ROOT DSE of the target as search source?
3) When I enable the connector, Synchronization delivers a success status. Reconcile is errored and unsuccessful. Can I get by with only synchronization working?
4) Going outside of Oracle here...but is anyone aware if Lotus Domino LDAP maintains a changelog? Or does it use modify timestamps as attributes of users/groups?
5) In the eventuality that I need to write a custom agent for Domino or custom 'Reader' or reconcile agent. Has anyone done this or have sample code to look at? Even if not for Domino, but custom for other LDAP?
Thanks

it's either DIP via LDAP or OIM connector via Lotus Java API. I'd go with LDAP...if DIP doesn't work, it's pretty simple to write a script to export records and then import them into OID. There are a lot of LDAP utilities, google is your friend.

Sun Directory Server and OID Synchronization

I'm having a problem with synchronizing OID with our existing Sun Directory Server. This is a one way synchronization, using Sun DS as the source, and OID as the destination. I've successfully installed OID with SSL enabled (this is part of an Oracle Portal installation), and followed what docs I could find. I created an integration profile based off the iPlanet Import profile, and imported a custom mapping profile based off a differing DIT naming convention (o=company.com vs dc=company,dc=com). I have applied an ACI that should allow the synchronization profile user to update entries on the OID side, and a user in Sun DS that has access to the appropriate areas on that side. I was able to successfully bootstrap and import all of our users, and it was also able modify the last changelog number.
Having said all of that, incremental changes aren't propagating to OID. I'm not sure where to look or what steps to take to troubleshoot this, as I'm brand new to OID. There's an agent execution command that is blank in the integration profile, but according to what I've found that's the default and is acceptable.
Am I missing a step here? According to the docs, all I need to do is enable the profile, and away it goes.
One last thing I had to do to overcome an issue with the changelog number not updating was adding our internal root ca's certificate to the local JVM's cacerts file. I accomplished this with the keytool command, and it seemed to work fine. I'm unsure if it's the SSL config that is hosed and is causing this, or if it's a configuration parameter I'm missing.. but I don't have anywhere to start as far as troubleshooting is concerned.

On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
- Brian

Bootstrapping from SunOne LDAP to OID

hi,
Im trying to sync my SunOne LDAP data to OID. below is my mapping file
DomainRules
ou=ssausers,dc=infor,dc=com:cn=Users,dc=infor,dc=com:cn=%,cn=Users,dc=infor,dc=com
AttributeRules
# Mapping rules to map the domains and containers
targetdn:2: :person:krbPrincipalName: :orclUserV2
o: : :organization: o: :organization
ou: : :organizationalunit: ou: : organizationalunit
dc: : :domain:dc: :domain
# Mapping Rules to map users
uid: : :person: uid: :inetorgperson
sn: : :person:sn: :person
cn:1: :person:cn: :person
mail: : :inetorgperson: mail: :inetorgperson
employeenumber: : :organizationalperson: employeenumber: :organizationalperson
c: : :country:c: :country
l: : :locality: l: :locality
telephonenumber: : :organizationalperson: telephonenumber: :organizationalperson
userpassword: : :person: userpassword: :person
# Mapping Rules to map groups
cn: : :groupofuniquenames:cn: :groupofuniquenames
member: : :groupofuniquenames:member: :orclgroup
uniquemember: : :groupofuniquenames:uniquemember: :orclgroup
owner: : :groupofuniquenames:owner: :orclgroup
but when i start the dipassistant i get a msg on the console as
Bootstrapping in progress.....
Bootstrapping completed.
#entries read ..................... 2
#entries filtered ................. 0
#entries ignored .................. 1
#successfully processed entries ... 0
#failures ......................... 1
the log file says something like
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Initializing bootstrap engine.......
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Map engine successully initialized......
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Filter successully initialized......
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Input parameters parsed successfully and initialized....
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Beginning the bootstrap process....
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Initialized the LDAP source connector - 0 to read - ou=ssausers,dc=infor,dc=com
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] LDAP source connector - 0 search filter - null
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Reader Thread - 0 - Total no.of entries read = 2
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Reader Thread - 0 - Total no.of entries filtered = 0
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Reader Thread - 0 - Exiting....
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Initialized the LDAP destination connector - 0
ERROR: [Thu Jan 29 10:25:44 GMT+05:30 2009] Writer Thread - 0 - Error occurred while loading - *
ERROR: [Thu Jan 29 10:25:44 GMT+05:30 2009] Writer Thread - 0 - Invalid name: *
INFO: [Thu Jan 29 10:25:44 GMT+05:30 2009] Writer Thread - 0 - Ignoring the entry - uid=admin,ou=ssausers,dc=infor,dc=com
INFO: [Thu Jan 29 10:25:47 GMT+05:30 2009] Writer Thread - 0 #no of entries - 2
INFO: [Thu Jan 29 10:25:47 GMT+05:30 2009] Writer Thread - 0 #no of entries successfully processed - 0
INFO: [Thu Jan 29 10:25:47 GMT+05:30 2009] Writer Thread - 0 - Exiting....
INFO: [Thu Jan 29 10:25:50 GMT+05:30 2009] Cleaning up the source connector - 0....
INFO: [Thu Jan 29 10:25:50 GMT+05:30 2009] Cleaning up the destination connector - 0....
INFO: [Thu Jan 29 10:25:50 GMT+05:30 2009] Bootstrap process completed.
where could that '*' possibly be?
As to the dipassistant command we only give the prpoerties file, and only entries in that properties file are,,,,,,,,LDAP details and OID details, so i assumed that somewhere in my LDAP there is a '*' (signifying something like all users under the hierarchy)........i tried removing thm,,,,,,,,but the error still persists,,,,,,,,,,,,
Kindly help me out,,,,,,,,and let me know,,,where possibly could i look at.......LDAP side or OID side,
Thanks

Also........when i tried adding users using "ldapadd",,,,my objectclasses are getting added, but since im logged into d "Oracle Directory Manager" using "orcladmin", i just c its details but not the entire useres structures as such, is there any other login like "cn=Directory Manager" where in i can c all the object classes and all which i added.
P.S: When logging into Directory Manager, when we lookup to add "orcladmin" as userid, in that popup i can c all the objectclasses i have added.

Iplanet messaging and OID

I have been trying to setup iplanet messaging
to use Oracle LDAP Server (OID), rather than using iplanet's directory server. I have run into many schema incompatibility issues.
Has anyone ever created this environment and can point me in the right direction.
Thanks,
Brenda

Brenda,
the iPlanet Messaging Server 5.0 Installation Guide mentions the following
Note:
iPlanet Messaging Server 5.0 is compatible with Netscape Directory Server version 4.11 or 4.12.
To configure an existing Directory Server, run the ims_dssetup utility. (See Running the ims_dssetup Utility.)
Step 2 of ims_dssetup also mentions that it will configure a Netscape Directory Server (only).
Same for Messaging Server 4.1 Installation Guide:
Configuring an Existing Directory Server:
Messaging Server 4.1 is compatible with both Netscape Directory 3.x and 4.x versions.
So I would assume that by default only Netscape/iPlanet Directory Servers are supported.
Only chance you have is if you have access to the IMS schema that will be loaded into the Directory and store this into OID.
You should get a hint where this schema is located by looking into the ims_dssetup PERL setup script.
Then you have to figure out the attributes and objectclasses that are needed before trying to load the schema.
You should also contact Netscape support and see if they can confirm if IMS at all is certified to use other Directories besides Netscape/iPlanet.
--Olaf

SSL between SSO Server and OID

Can the communication between SSO Server and OID
be encrypted using LDAP over SSL?
If so, how to set-up?
Thanks,

Hi Bikash,
Doc mentions that communication between AD and connector server is secure with ICF architecture.
Just wanted to confirm if same is true between OIM and connector server.
Saurabh mentions that between OIM and connector server ssl is required? Please confirm.
Thanks

Questions on SSO and OID implementation on oracle EBIZ R12.0.6 ID 376811.1

Hello Guys,
IS ORACLE 10g enterprise edition is same oracle identity management because I am bit confused what is going on when we logged an SR we have been told to use oracle 10g AS (10.1.3.5) but in the note its always says oracle 10g AS 10.1.4.X. which is in turn an Identity management so we need install oracle 10gAS (10.1.3.5) then on top of that we install oracle identity management which comprises of OSSO and OID . is it correct ??
in reference note 376811.1
please advise
thanks
MN

Hello Hussien,
Anyways I upgraded to 10.1.3.5 patch_set 10gAs on ebiz r12.0.6
I have other question regarding the doc ID 376811.1
in there is section
Pre-Install Task 4: Apply the latest certified Application Server Patchset
Oracle E-Business Suite Release 12 is certified with the Application Server Patch Sets listed in the table below:
Certified AS Patchset Download Location One-off Patch details (if any)
Oracle Identity Management 10g Release 3 Patch Set 1 (10.1.4.2) 5983637 8811442
Oracle Identity Management 10g Release 3 Patch Set 2 (10.1.4.3) 7215628 8811442
Oracle Application Server and Oracle Developer Suite 10g Release 2 (10.1.2) Patch Set 2 (10.1.2.2.0) 4960210
Oracle Application Server and Oracle Developer Suite 10g Release 2 (10.1.2) Patch Set 3 (10.1.2.3.0)
5983622
Follow the installation instructions provided in the patch README to install the patch on your Identity Management Server and to check supported operating systems.
Oracle always recommends latest certified AS patchset for E-Business Suite customer
I installed oracle 10gas 10.1.4.0.1 its up and running so do i need to just apply the patchset oracle Identity management 10gR3 patcheset (10.1.4.3)
or I have to apply both 10.1.4.3 and the oracle Application server 10g release 2 (10.1.2)patch set 3(10.1.2.3.0) ???
because in enterprise manager application server control it says version 10.1.2.0.2 and identity management components show 10.1.4.0.1 .
thanks in advance.

SSO and OID concepts

Is there any document which explains the concept and architecure of SSO and OID concepts in simple words ??

Check the following notes/documents:
Overview of Oracle Single Sign-On
http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/toc.htm
Note: 261914.1 - Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On
https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=261914.1
Note: 233436.1 - Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=233436.1

AD and OID connector installation on Base version 11.1.1.5.0 failed.

Hi Experts,
I am trying to install AD and OID connectors on base oim 11.1.1.5.0
OID connector version: Release 9.0.4.12
AD connector version: Release 9.1.1.7
while installing these connectors in 3 steps
a. Configuration of connector libraries
b. Import of the connector XML files (by using the Deployment Manager)
c. Compilation of adapters
first step passed and it is failing at 2nd step and 3rd
Error:
DOBJ.XML_IMPORT_ERROR Missing root objectcom.thortech.xl.dataobj.tcUSR [DataObjectDef] (importable)
can anyone suggest me on this.
Thanks,

What's the error in the log files? full stacktrace?
-Bikash

OD, LDAP and DNS

I am new to LDAP and I believe I have everything setup correctly on the server (everything under Open Directory in SA says "Running", logs don't show any errors). However, I can not access the LDAP server from a client machine using Directory Access. I suspect that client machines still can not "see" my LDAP server.
I believe the issue may be with DNS and I am trying to understand the interaction between DNS and OD, etc. First off, I do not have DNS turned on for my Mac OS X Server since my ISP has always hosted our DNS. Is this a problem? Do I need DNS activated on the same server that I am running this LDAP server? I have tried entering the IP and DNS name on the client server using Directory Access and neither worked.

The requirement is that references using your server's Fully Qualified Domain Name look up to its IP Address and its IP Address looks up to its Fully Qualified Domain Name. If your ISP does that for you, and does it correctly, Merry Christmas!
All others must set up their own tiny DNS service to do the lookups. If you are behind an NAT firewall, you can Make Up whatever names you like and look them up locally, because they are invisible from the Internet.
Remember that each workstation must have the address of the DNS available to it. It needs to be configured in the TCP/IP setup or dispensed via DHCP. If you use your own DNS (highly recommended) you must also dispense or configure the next upstream DNS (your ISP's DNS Address).
"An Open Directory master requires properly configured DNS so it can provide single sign-on Kerberos authentication.
Make sure DNS service is configured to resolve fully qualified DNS names and provide corresponding reverse lookups.
DNS must resolve the fully qualified DNS name and provide reverse lookups for the Open Directory master server, all replica servers, and other servers that are members of the Kerberos realm.
You can use the Lookup pane of Network Utility (in /Applications/Utilities/) to do a DNS lookup of a server's DNS name and a reverse lookup of the server's IP address.
For instructions on setting up DNS service, browse Network Services Overview."
-- from Server Admin 10.4 Help: Kerberos is Stopped on an Open Directory Master or Replica
Message was edited by: Grant Bennet-Alder

How to write Join View Adaptor which will pull data from Siebel and OID ?

Hi Experts,
I wanted to write web service call where OIF will talk to OVD than OVD will have join adaptor which will pull few data like msisdn from Siebel and view data from oid like given name and generate SAML assertion.
I wanted to know how to write join adaptor for the same
Help Appreciated.

Hi Experts,
Is anyone has any idea on webservice call to OIF which will call OVD that will have join adaptor connecting siebel and oid ?
any help is appreciated

LDAP and OID

Similar Messages

Maybe you are looking for