Oracle database and Windows Active directory authentication

Hello,
Our developers have created a couple of web apps which look at our oracle database. Presently they use the APPS user and the user/password is hard coded into the config files.
Is it possible to authenticate these using Windows Active Directory instead? Is it possible to use AD authentication for all developer access to the database?
I'm trying to research this on the web but getting very confused. Would a lot of work be involved to get this up and running?
Is anyone able to offer and advise?
Thank you very much
Sarah

I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
Perhaps the following links are useful:
http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
http://www.linuxmail.info/active-directory-integration-samba-centos-5/
http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

Similar Messages

Oracle Linux and Windows Active Directory

I am looking for a good article on joining an Oracle Linux server to a Windows Active directory domain.
We are primarily a Windows shop but need to bring up a couple of Oracle Linux servers (VM Server and VM Manager). I would like to use the existing Windows domain controller for user authentication.

I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
Perhaps the following links are useful:
http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
http://www.linuxmail.info/active-directory-integration-samba-centos-5/
http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

Oracle account and microsoft active directory password synchronisation

Hi
We are migrating our application to use windows active directory authentication. We have separate oracle account for
each logged in user in the application, and these oracle credentials have to be the same as the windows active directory
credentials.
Also, a password change on windows Active directory should change the oracle account password.
Is there a tool available to manage and synchronize the microsoft active directory and oracle account.
We use oracle 10g and application is hosted on Windows 2008 server.
Thanks
Karthik

There's an OOTB connector for Password Synch between AD -> OIM. Please use that.
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
For password synch, OIM- AD/Oracle, you can use triggers.
Enabling update for provisioned user in OIM11g

Weblogic 10.3.3 and Windows Active Directory connection error

Hi,
A i am trying to set up Windows AD LDAP realm.
But the connection is not working. I have already double checked the passwords, user names and host. Everything is correct - but the only thing that i got in the log file is this (with enabled debug):
<Debug> <JMXCore> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <Invoking method listUsers with (java.lang.String,java.lang.Integer,)>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <list users, user:*,max:1001>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <new LDAP connection to host 192.168.10.253 port 389 use local connection is false>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:""}>
<Debug> <DiagnosticContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <new localDiagnosticContext for thread [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
<Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.management.JMXContext, | SOAP)>
<Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.diagnostics.DiagnosticContext, | MIME_HEADER)>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098144> <BEA-000000> <connection failed netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772 >
<Error> <Console> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098160> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
     at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3479)
     at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3466)
     at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2251)
     at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
     at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:227)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
     at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
     at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
     at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
     at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
     at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
     at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
     at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
     at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
     at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
     at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
     at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
     at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
     at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
     at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
     at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
     at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
     at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
     at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
     at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
     at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
     at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
     at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
     at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
     at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
     at $Proxy149.listUsers(Unknown Source)
     at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
     at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
     at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
     at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
     at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2121)
     at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
     at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
     at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
     at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:159)
     at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:257)
     at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:416)
     at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
     at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
     at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
     at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
     at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
     at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
     at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:429)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
     at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
     at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
     at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
     at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
     at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
     at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:389)
     at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
     at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:212)
     at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
     at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:253)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
     at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
     at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:131)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
     at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4153)
     at weblogic.security.utils.Pool.newInstance(Pool.java:37)
     at weblogic.security.utils.Pool.getInstance(Pool.java:33)
     at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3474)
     ... 117 more
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
     at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
     at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
     at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
     at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
     at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
     at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4130)
     ... 120 more
>
could any one know where is the problem or do i need some patch to apply? I am running out of ideas what could be the cause to it.
Thanks in advance!

Hi ,
From the error stack trace I could find the below error.
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
This error occurs if there is a LDAP authentication issue for the user used to bind to Active Directory, the value
Data 525, refers to user not found error that is used to bind to the Active Directory.
Make sure you have the correct credentials to connect to the Active Directory.
You can simplify the test using the LDAP Broswer, which helps you to connect to the LDAP servers.
A sample usage of LDAP Broswer is given below.
http://weblogic-wonders.com/weblogic/2010/05/20/connecting-to-weblogic-server-embedded-ldap-using-ldap-browser/
Note: The LDAP Browsers help us to traverse the LDAP Tree, there are many LDAP Broswers available in the market.
You can download a sample version of softerra.
http://www.ldapbrowser.com/download.htm
You can also refer the below link for details about WebLogic and Active Directory configuration.
http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
For more details about different LDAP Issues.
http://weblogic-wonders.com/weblogic/2010/11/08/common-ldap-server-issues/
Regards,
Anandraj
http://weblogic-wonders.com

Crystal Reports and Windows Active Directory

Hi,
I am trying to authenticate using the Windows Active Directory. I have created a test group in the Active directory and added myself as a member to that group. On the Crystal reports server side, I have enabled the Windows Active Directory. I can see the group that I created on the Active Directory. But I do not see any users. I have a Java infoview and I changed the web.xml file. I changed the authentication parameter to secWinAD. But does anyone know how to restart the web application server? I restarted the service Intelligent Agent. But when I login using my user id and password it still gives me the same error:
Account Information Not Recognized: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
Any help will be appreciated.
Thanks.

Infoview doesn't even need to be restarted.
You said "I have a Java infoview and I changed the web.xml file" in your original post
If you have .net IIS then it would be a web.config file that needs to be changed. IIS will pick up the changes as soon as you save the file and open an infoview logon page. you may also opt to set authentication.visible to true so users will have the ability to select AD when logging in.
Regards,
Tim

Oracle context and MS Active Directory

Hello,
I have one pc with Windows Server 2003 and Oracle 10g r2
When I add a user from my Active Directory in the External OS Users of the Oracle Managed Object (via mmc), I get this error:
ORA-30041: Cannot grant quota on the tablespace
And when I try to connect with this user (Active Directory user) to isqlplus, I get another error:
ORA-28030: Server encountered problems accessing LDAP directory servic
Someone know how to resolve these errors ?
Server's Configs
Active directory name: cyclops.home.com
Host name: server.cyclops.home.com
My database name in the Oracle context object of my Active directory: oracle_db
My Oracle context: “CN=OracleContext,DC=home,DC=com"
#Ldap.ora
DEFAULT_ADMIN_CONTEXT = "DC=cyclops,DC=home,DC=com"
DIRECTORY_SERVER_TYPE = AD
#Listener.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\product\10.2.0\db_1)
(PROGRAM = extproc)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
#Sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (LDAP)
#Tnsnames.ora
PROJET =
     (DESCRIPTION =
          (ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
          (CONNECT_DATA =
               (SERVER = DEDICATED)
               (SERVICE_NAME = oracle_db)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)

When I use this cmd ldapbind -h cyclops.home.com that works.
If I log to isqlplus with the system user and do select username from all_users; I can see my Active Directory user.
I also changed the LDAP_DIRECTORY_ACCESS parameter to PASSWORD (default was SSL) but that changed nothing.
Maybe the problem is from the Oracle wallet, I did one when I have created the database but I don't know well about it and the use. I think I should have something in my sqlnet.ora file related to the wallet but I don't know how to set.
I search on internet, some homepages said I should use Oracle Net Manager to set the wallet location but I found nothing in Oracle Net manager for it.

Windows Active Directory Authentication

Hi Experts,
I have an enterprise application running in a clustered environment. The jars are diployed in jboss and wars in tomcat servers. The requirement is to authenticate users with thier Windows username/password with active directory itself and depending upon their roles give access to various functionalities in the application. Could someone guide on how the windows authentication should be done?
Thanks

We were able to successfully enable the Windows AD Authentication.
Section 4 would be on the SIA's or server tier. Sections 5,6,and 7 would be for the Java Web app server or web tier.
We got an error when trying to enable SSO though.
The server encountered an internal error (com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Successfully matched service principal "account@domian_name" but not key type (18) + KVNO (32) in this entry: Principal: [1] account@domain_name TimeStamp: Wed Dec 31 19:00:00 COT 1969 KVNO: -1 EncType: 23 Key: 16 bytes, fingerprint = [......] )) that prevented it from fulfilling this request.
We disabled the SSO for the time being, but the Windows AD works fine.

CUCM IM & Presence 9.1 and Window Active Directory 2012 R2

Currently envinronment is
1.CUCM 9.1
2.IM & Presence 9.1
3 AD 2012 R2
i have configured for Jabber for iPhone 9.6.1 and Window 9.7 and use UDS as service profile.
Everything working properly unless i can't use AD user for authentication it appear screen as can't locate server.
Local user in CUCM can login normally and confirm that all AD configuration in CUCM are configured (LDAP directory, authentication and even in service profile)and i can use AD user to login via CUCM and IMAP user option page which mean LDAP integration should be working fine. but i can't log in via Jabber for iPhone or Window.
When i look through CUCM IMAP 9.1 document in LDAP integration support list. it not show AD version 2012 so i am not sure it won't work because it not include in support list or not
This is Problem report from Jabber for iPhone with login user "test". It look like there is network connectivity problem but this client can ping and browse into IMAP correctly
-- 2014-08-06 16:45:55.343 WARNING [3c12018c] - [JabberWerx][log] [LoginMgr]: ha, invalid HA soap server index:1
-- 2014-08-06 16:45:55.354 INFO [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, OnStateChanged CLoginStop::OnStateChanged
-- 2014-08-06 16:45:55.357 INFO [3c12018c] - [JabberWerx][log] [XmppSDK]: CXmppClient::FinalCleanData
-- 2014-08-06 16:45:55.378 INFO [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, OnStateChanged conn, canceled due to no needs. supposed:0, signning-on:0, signed-on:0
-- 2014-08-06 16:45:55.379 ERROR [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, Fire_OnError login, OnError, 9
-- 2014-08-06 16:45:55.380 ERROR [3c12018c] - [JabberWerx][log] [JabberWerxCPP]: JWLoginSink::OnError, lerr:9
-- 2014-08-06 16:45:55.381 DEBUG [3c12018c] - [imp.service][OnLoginError] Entry
-- 2014-08-06 16:45:55.382 INFO [3c12018c] - [imp.service][OnLoginError] ****************************************************************
-- 2014-08-06 16:45:55.384 INFO [3c12018c] - [imp.service][OnLoginError] OnLoginError: (data=0) LERR_CUP_UNREACHABLE <9>:
-- 2014-08-06 16:45:55.385 INFO [3c12018c] - [imp.service][OnLoginError] ****************************************************************
-- 2014-08-06 16:45:55.385 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][GetCredentialsImplForService] ScopedLock to protect access to credentialsMap
-- 2014-08-06 16:45:55.387 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CreateBlankCredentials] ScopedLock to protect access to credentialsMap
-- 2014-08-06 16:45:55.387 INFO [3c12018c] - [csf-unified.services.system.CredentialsManager][CreateBlankCredentials] Unable to find credential object associated with the Authentication ID: WebEx - it was not found in the cache. Initialising a blank credentials object
-- 2014-08-06 16:45:55.388 DEBUG [3c12018c] - [CredentialsImpl][CredentialsImpl] Credentials constructed[authenticatorId=1201;synced=false;username=;password=empty;oAuthToken=empty;rememberMe=false;ssoMode=0;verified=false;userVerified=false]
-- 2014-08-06 16:45:55.388 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][GetSsoMode] Authenticator [1201] has sso mode set to off
-- 2014-08-06 16:45:55.392 DEBUG [3c12018c] - [ConfigStoreManager][getValue] key : [WebEx_UseCredentialsFrom] skipLocal : [0] value: [] success: [false] configStoreName: []
-- 2014-08-06 16:45:55.393 DEBUG [3c12018c] - [ConfigStoreManager][getValue] key : [1201_UseCredentialsFrom] skipLocal : [0] value: [] success: [false] configStoreName: []
-- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CheckDeprecatedSyncSettings] No Standard Config Based Sync Key found for WebEx so check for deprecated sync key
-- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CheckDeprecatedSyncSettings] No deprecated config sync key found for WebEx so check for defaults
-- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] Checking defaults for WebEx
-- 2014-08-06 16:45:55.401 INFO [3c12018c] - [startup-handler][loadConfig] Entering loadConfig
-- 2014-08-06 16:45:55.401 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] No default sync found for WebEx
-- 2014-08-06 16:45:55.401 INFO [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] No sync settings for WebEx credentials configured
-- 2014-08-06 16:45:55.403 DEBUG [3c12018c] - [imp.service][LoginErrortoErrorCode] LoginErrortoErrorCode: 9 mapped to: UnableToConnectToTheServer
-- 2014-08-06 16:45:55.404 DEBUG [3c12018c] - [imp.service][OnLoginError] errCode: UnableToConnectToTheServer
-- 2014-08-06 16:45:55.406 INFO [3c12018c] - [imp.service][OnSignOn] Entry
-- 2014-08-06 16:45:55.406 INFO [3c12018c] - [imp.service][OnSignOn] OnSignOn: false
-- 2014-08-06 16:45:55.407 ERROR [3c12018c] - [imp.service][OnSignOn] OnSignOn failed while in starting state...
-- 2014-08-06 16:45:55.409 INFO [3c12018c] - [imp.service][OnSignOn] Exit
-- 2014-08-06 16:45:55.409 DEBUG [7d81000] - [imp.service][waitForSignedOn] Exit
-- 2014-08-06 16:45:55.409 DEBUG [3c12018c] - [imp.service][OnLoginError] Exit
-- 2014-08-06 16:45:55.410 DEBUG [7d81000] - [imp.service][performSignOn] Exit
-- 2014-08-06 16:45:55.410 DEBUG [7d81000] - [imp.service][performActions] performed call to signedOn: success: false
-- 2014-08-06 16:45:55.411 ERROR [7d81000] - [imp.service][performActions] Unable to login. SignOn Command Failed...
i also have RTMT for ClientProfileAgent, XCP Connection manager, XCP router, tomcatsecuritylog. If anyone want these please let me know

This issue has been solved!
The root cause was compatibility problem between CUCM 9.1 and AD 2012. We need to upgrade CUCM and IM and Presence to version 10.5 to solve this issue.
Many thanks TAC engineer name Tapan Dutt for solved this issue
Have a nice day!!

Oracle database and Windows Vista

When trying to install Oracle database products (9i as well as 10g), I'm politely told that there were known compatibility problems prohibiting installation of Oracle on Vista. Any known way around this? Any schedule for a Vista compatible version of Oracle?

I've sucessfully installed 10gR2 on Vista Bussines
setting the Windows XP SP2 compatibility mode on the
setup.exe file and completly disabling DEP.
Hope this helps ...great, of course this helps. My hat is off to you - I mean, setting compatibility mode for setup.exe is a essentially a no-brainer but how on earth did you manage to find out about DEP having impact on the setup. .
Can we assume that the installation works,i.e. instance up, mounted and anxiously awaits being provided with data? Listener(s) listen and talk as expected?

SSO on WAS 6.20 (unix) using kerberos and Windows Active Directory (AD)

Hi Gurus!!
We are looking for the way to implement the Single Sign On in our R/3 Systems installed on unix of the Active Directory (obviously windows) users using Microsoft Kerberos.
I'm not able to find a documentation about this arquitecture.
Can somebody help me?
Is any documentation related with this topic?
Did Somwbody configure this kind of SSO?
Thank you very much in advanced,
Edorta Ramos

Ramos,
I should have made it clearer. When I referred to AS, I was referring to the SAP ABAP AS (e.g. application server). Of course the KDC (e.g. Microsoft Active Directory) has an AS service as well...
yes, you can Kerberos enable (Kerberize) the SAP ABAP AS and SAP GUI using Kerberos libraries for Windows and AIX. As I mentioned already, since AIX is involved you should consider evaluating and buying SAP certified SNC libraries available from a SAP partner. Your first place to look is in SAP EcoHub (click link at top of this SDN forum to enter EcoHub) and search for SNC or Kerberos.
You asked about gssapi library - as I have said a few times, there is no gssapi (e.g. SNC library) provided by SAP for UNIX or Linux, so if you are using AIX you need to look elsewhere (e.g. SAP partner) and the SAP partner will also provide the compatible/supported library for the Windows workstations as well so you get a complete solution from the vendor.
Thanks,
Tim

Portal integration and Windows Active Directory

Hello experts,
We have a SAP Netweaver Portal SP14 and the UME is configure in one Active Directory of Windows 2003. The UME is working correctly but the SSL connection between the two system doesn't work.
We have applied the help in the link:
"http://help.sap.com/saphelp_nw70/helpdata/en/7d/77fa735e5f47a2a50b5336fd1b5a61/content.htm"
but we got the error
"Peer certificate is not trusted or expired".
The Active Directory server has its own certificate.
We think that the problem is with the trusted certificate but we have not correct it.
In active directory server when we access to https:
myserverAD:636, we got the error that the page could not be show.
Thanks in advanced.
Paco Hernandis.

> https:
myserverAD:636, we got the error that the page could not be show.
The SAP Help is outdated: MS IE doesn't show those certs any more, as you have found.
I'm sure there's a better way, but here's how I get that when I need it: install an OLD version of Firefox (I keep the install EXE for Firefox 1.5.0.8 around just for this) because v.2 responds with an error the same as IE. I use Firefox for this (rather than an old version of IE) so that it doesn't clobber my IE config. Since it's an old release there are many security problems: so don't use it for anything else, and uninstall it immediately afterwards.
http://download.mozilla.org/?product=firefox-1.5.0.8&os=win&lang=en-US

ACS 3.2 for Windows and Windows Active Directory.

I'm using a member W2K server to run ACS 3.2.
I'm using ACS and Windows group mapping but my users always go into default group.
Why?
Thanks.
Andrea.

I'm assuming your ACS \DEFAULT domain has NT Groups mapped to . Use a new Domain Configuration to add your AD and group mappings.
The group name in ACS must match exactly the same group in AD. ie. If your AD group name is "Engineering" , create a ACS group with exactly the same spelling. Also,avoid certain characters such as @#%&*() in the naming of groups, both in AD and ACS.
Hope this helps. let us know.
P

Wlc and window active directory

On the client side "user Credentials", I set "Use Windows logon" to autenticate. Here is my problem, upon boot no drives are mapped so I am assuming windwows is booting before authenication takes place. How can I resolve this? Thanks

The problem is that unless you are authenticating the machine to AD as well, then when you log onto the laptop, you are using
cached domain credentials and then the user is authenticating to the wireless. In order for login scripts, group policy changes, etc to work, the machine must authenticate to the wireless so it is on the domain. Then when you log onto the laptop, you are logging into the domain, just like with a wired PC. So what you need to use is a wireless suplicant like WZC or CSSC that integrates into the msgina of the OS that allows authentication before login. With the WZC, you will see an option to "authenticate as computer when computer information is available" on the Authentication tab of your wireless profile. Check out step 9 of the Client configuration section of this document http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml#t31.
Your RADIUS server would also need to allow computers to authenticate.
Thanks,
Lee

Windows Active Directory Authentication SAP BO XI R4 Distributed Environment.

Hello we have been able successfully implement the Windows AD Authentication in our DEV and UAT environments which are single server environments.
We would like to proceed with doing the implementation in production but there is one difference which the SAP documentation doesn't address. That difference is that our production environment consists of two servers, a Web Tier and a Server Tier.
Which server needs to be configured to support the AD authentication?

We were able to successfully enable the Windows AD Authentication.
Section 4 would be on the SIA's or server tier. Sections 5,6,and 7 would be for the Java Web app server or web tier.
We got an error when trying to enable SSO though.
The server encountered an internal error (com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Successfully matched service principal "account@domian_name" but not key type (18) + KVNO (32) in this entry: Principal: [1] account@domain_name TimeStamp: Wed Dec 31 19:00:00 COT 1969 KVNO: -1 EncType: 23 Key: 16 bytes, fingerprint = [......] )) that prevented it from fulfilling this request.
We disabled the SSO for the time being, but the Windows AD works fine.

SAP User Authentication via Windows Active Directory

The non-profit company I work for as an SAP Security Admin has been using SAP since 1999. We are currently running ECC 6.0, BI 7.0, and CRM 7.0. With fewer than 300 SAP users, we have not implemented CUA, so each of our multiple clients in these systems is managed independently.
The company recently licensed and implemented some non-SAP software to be used by all of our employees (~1200) in keeping track of & catagorizing their work time; a very handy feature of this software is that it depends upon Windows Active Directory for user authentication. Therefore, each employee logs into this time-keeping package by entering his/her standard PC userID & password. If you can log onto your PC, you can log into the time-keeping software.
That got me thinking & researching, because our SAP users - especially those who have access to three or more SAP clients - must maintain their passwords independently in each SAP client that they hope to access in the future. I'm certainly not the first person who has thought of how nice it would be to permit SAP users to log into all SAP clients across the landscape in which they have defined userIDs, using the same password that they are using to log into their PCs (i.e., the password that is stored & maintained in Windows Active Directory). My quest has led me to find presentations on this topic that typically involve modules we aren't using & very complicated configurations that we really lack the time & resources to employ; or, to third-party solution providers who claim to be certified SAP partners who would love to sell us more software to provide this convenience, usually irelated to single sign-on, LDAP, etc. The lowest pricing tier for such software usually would cover many times the number of SAP users we have to serve here - and it feels like trying to push in a tack using a sledgehammer. It is true that we have not used the same userID for our PCs that we have defined in SAP, so there would need to be some way to translate from one to the other, but our PC password rules are consistent with those we have configured in SAP clients, so it seems to me it should be very simple. Can anyone lead me to a more straightforward solution? If not, can you articulate why this has to be so complicated using SAP software when it seems so simple using relatively inexpensive timekeeping sotware?

>
Gagan Deep Kaushal wrote:
> Hi Tim,
>
> Its nice to see video.
>
> Is that mean using different username on OS and SAP level still we can achieve SSO.
>
> Correct if if am wrong.
> The only thing we need to maintain SNC name.
Once installed, yes. This is all you need to maintain when users are added. You can even use LDAP if you like to sync all user info between SAP and MS AD domain, but this cannot sync the password, so using SNC authentication instead of using SAP passwords is ideal.
>
> So for user test1 i can manage name as p:test2..... ??
Yes, that is correct. The mapping is maintained using standard SAP user management, such as su01. The user in AD domain might have long account name, e.g. "firstname.verylonglastname" which is too big for use as a SAP username so you can map this long AD account name onto a SAP user called FIRSTLAST in one or more SAP clients.
>
> I think that is what Ronald is also looking, user name need not to be same.
>
> Regards,
> Gagan Deep Kaushal

Oracle database and Windows Active directory authentication

Similar Messages

Maybe you are looking for