Oracle Enterprise User, OVD and MS Active Directory (AD)
Hi,
I need to authenticate Oracle Users from MS Active Directory.
If I create an Oracle Enterprise User, can I just use OVD or do I need also OID ?
If the answer is YES, I just need OVD do I need just to install OVD or do I need any other installation from OIM in order for it to work?
Thanks in advance for answering this post : )
CMT
Hi,
I am not sure that you are correct.
In the meantime, some one mentioned a white paper to read: "Directory Services Integration with Database Enterprise User Secuirty. In page 10 it mentions a scenario: EUS deployment using Active Directory and OVD
(without OID).
The cons mentioned are: Need to extend AD schema to include EUS meta-data (which I am not sure how its done).
Similar Messages
-
Oracle Non-Windows DB and MS Active Directory
Question:
How can one configure a Microsoft Active Directory (LDAP-compliant directory
service) with an Oracle Database when the Database resides on a unix server
without the need of the Oracle LDAP? Is it possible ? If yes, please explain.Question: I have been looking at examples of using the LDAP packages but I am not sure if the examples are explaining the ldap_base and groups for MS AD OR an example for Oracle OID.
Can you explain is this Oracle OID
GC$ldap_user VARCHAR2(256) := 'cn=orcladmin';
GC$ldap_passwd VARCHAR2(256) := 'welcome1';
GC$ldap_base VARCHAR2(256) := 'cn=my_cn,dc=my_dc,dc=fr';
Can you give an example for MS AD? -
Oracle Linux and Windows Active Directory
I am looking for a good article on joining an Oracle Linux server to a Windows Active directory domain.
We are primarily a Windows shop but need to bring up a couple of Oracle Linux servers (VM Server and VM Manager). I would like to use the existing Windows domain controller for user authentication.I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
Perhaps the following links are useful:
http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
http://www.linuxmail.info/active-directory-integration-samba-centos-5/
http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/ -
I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.
You problem is here.
right
join v_R_User USR on USR.ResourceID
= CS.ResourceID
USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
end up with unreliable results.
Anyways you need to make these changes to your query.
left
join v_R_User USR on USR.Unique_User_Name0
= CS.UserName0
http://www.enhansoft.com/ -
User login report in Active Directory for specific date and time
I want to get User login report in Active Directory for specific date and time e.g user logged in at15-01-2015 from 8:00am to 4:00pm
Is any query, script or any tool available?
Waiting for reply pleaseYou can identify the last logon date and time using my script here: https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771
If you would like to get back in time and see when the user did a logon / logoff then you need to have auditing enabled. Once done, you can records from Security log in the event viewer: https://social.technet.microsoft.com/Forums/windowsserver/en-US/98cbecb0-d23d-479d-aa65-07e3e214e2c7/manage-active-directory-users-logon-logoff-events
I have started a Wiki about how to track logon / logoff and it can help too: http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
User base Synchronization between SAP and MS Active Directory Server
Dear all!
I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
i successfully implemented the synchronization of user data between SAP and the ADS.
My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
Currently I don't have a clue how to do this.
Regards,
ChristophHave you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
Regards,
Marc g -
OAM and MS Active Directory Integration on Non-Windows Server envrionment
I will start by saying that I am dealing with a heterogeneous environment here where multiple systems are run by different levels of management. Our Oracle systems chose to go all *nix (Oracle Solaris and Red Hat Linux) and hence we do not have a single Windows Server in our Oracle services area and would really like to keep it that way as we prefer to keep a uniform platform across our Oracle servers. However, the desktop side of our department has chosen to use Microsoft Active Directory and now we wish to integrate and perform authentication against it for our OAM protected sites. We are in the initial setup phase but we have no desire to implement a critical server such as OAM on the Windows platform and would rather tie OAM running on a Red Hat Linux server to Active Directory. We will also be using OID as we run Portal but do not want to use it as our authentication authority for Oracle Products (local policy is that Active Directory is the only valid credential authority on site as we are moving to true Single Sign On across our desktops and web applications). I have a few questions.
1. Can it be done natively or would we have to run the Windows version of OAM?
2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth?
3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?Hi David,
Answers in-line
1. Can it be done natively or would we have to run the Windows version of OAM?
You can run all of the OAM Servers on *nix, and simply point to AD as an OAM data source on the machine:port that AD is running on. There is no need for the OAM components to be on Windows.
2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth
As above, this is not necessary.
3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?
Yes, this is entirely possible. Even though it is not necessary in your situation, it often provides more flexibility to front-end the user store with OVD, for example when adding/renaming Windows domains, or specifying specific branches for users and so on.
Regards,
Colin -
Problem in provisioning user from oim to active directory using ssl
hi,
problem in provisioning user from oim to active directory using ssl i am getting following error while provisioning user to AD.
15:18:12,984 ERROR [ADCS] Communication Errorsimple bind failed: 172.16.30.35:636
15:18:12,984 ERROR [ADCS] The error occured in tcADUtilLDAPController::connectTo
AvailableAD():simple bind failed: 172.16.30.35:636
15:18:13,015 ERROR [SERVER] Class/Method: tcProperties/tcProperties encounter so
me problems: Must set a query before executing
com.thortech.xl.dataaccess.tcDataSetException: Must set a query before executing
at com.thortech.xl.dataaccess.tcDataSet.checkExecute(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.<init>(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.initialize(Unknown Source)
at Thor.API.tcUtilityFactory.getLocalUtility(Unknown Source)
at Thor.API.tcUtilityFactory.getUtility(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.co
nnectToAvailableNextAD(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.se
archResultPageEnum(Unknown Source)
at com.thortech.xl.schedule.tasks.ADLookupRecon.performReconciliation(Un
known Source)
at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Sour
ce)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionActi
on.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown S
ource)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:520)
can any one help.
Thanks and Regards,
praveen,Are you able to connect to AD over SSL through some LDAP Browser ?
Check the validity of Certificate ?
Does your certificate appear in the list ? -
Pulling "cn=Users" account data from Active Directory issue
I'm using the following general syntax:
ldapsearch -h <active directory server> -p 389 -D "CN=Administrator,CN=Users,dc=ORACLE,dc=COM" -b "DC=ORACLE,DC=COM" -s base objectclass=*
What I get is only "cn=System" output. Any ideas to get the "cn=Users" data?? I can authenticate users in other ways using the Oracle LDAP tools through the same "active directory server". So it's not a matter of it not existing in the Active Directory Server. Also, there is no password right now for the "Administrator" account; so it's not a matter of including/excluding the "-w" option.
Any suggestions??
Thanks.I recommend you to post this here:
Forums Home » Oracle Technology Network (OTN) » Products » Application Server » Oracle Internet Directory
Identity Manager
Joel Pérez
http://otn.oracle.com/experts -
Integration of sap R/3 (4.7) and Microsoft active directory (2003)
Hi All,
I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
Pls help me with this issue.
Thanks in advance,
Regards,
Raghav.Hi,
First You should read:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
Regards,
Jarek -
OID and MS Active Directory LDAP information Synchronization
Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?
Hi, I have the same question.
Thanks,
Malin -
Oracle database and Windows Active directory authentication
Hello,
Our developers have created a couple of web apps which look at our oracle database. Presently they use the APPS user and the user/password is hard coded into the config files.
Is it possible to authenticate these using Windows Active Directory instead? Is it possible to use AD authentication for all developer access to the database?
I'm trying to research this on the web but getting very confused. Would a lot of work be involved to get this up and running?
Is anyone able to offer and advise?
Thank you very much
SarahI don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
Perhaps the following links are useful:
http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
http://www.linuxmail.info/active-directory-integration-samba-centos-5/
http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/ -
Oracle context and MS Active Directory
Hello,
I have one pc with Windows Server 2003 and Oracle 10g r2
When I add a user from my Active Directory in the External OS Users of the Oracle Managed Object (via mmc), I get this error:
ORA-30041: Cannot grant quota on the tablespace
And when I try to connect with this user (Active Directory user) to isqlplus, I get another error:
ORA-28030: Server encountered problems accessing LDAP directory servic
Someone know how to resolve these errors ?
Server's Configs
Active directory name: cyclops.home.com
Host name: server.cyclops.home.com
My database name in the Oracle context object of my Active directory: oracle_db
My Oracle context: “CN=OracleContext,DC=home,DC=com"
#Ldap.ora
DEFAULT_ADMIN_CONTEXT = "DC=cyclops,DC=home,DC=com"
DIRECTORY_SERVER_TYPE = AD
#Listener.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\product\10.2.0\db_1)
(PROGRAM = extproc)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
#Sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (LDAP)
#Tnsnames.ora
PROJET =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = oracle_db)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)When I use this cmd ldapbind -h cyclops.home.com that works.
If I log to isqlplus with the system user and do select username from all_users; I can see my Active Directory user.
I also changed the LDAP_DIRECTORY_ACCESS parameter to PASSWORD (default was SSL) but that changed nothing.
Maybe the problem is from the Oracle wallet, I did one when I have created the database but I don't know well about it and the use. I think I should have something in my sqlnet.ora file related to the wallet but I don't know how to set.
I search on internet, some homepages said I should use Oracle Net Manager to set the wallet location but I found nothing in Oracle Net manager for it. -
Oracle Discoverer 10G and mapping Active Directory to use SSO/OID
Could anybody point me please to the right direction?
1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
Thanks you in advanceHi Randy;
As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
Regard
Helios -
Oracle account and microsoft active directory password synchronisation
Hi
We are migrating our application to use windows active directory authentication. We have separate oracle account for
each logged in user in the application, and these oracle credentials have to be the same as the windows active directory
credentials.
Also, a password change on windows Active directory should change the oracle account password.
Is there a tool available to manage and synchronize the microsoft active directory and oracle account.
We use oracle 10g and application is hosted on Windows 2008 server.
Thanks
KarthikThere's an OOTB connector for Password Synch between AD -> OIM. Please use that.
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
For password synch, OIM- AD/Oracle, you can use triggers.
Enabling update for provisioned user in OIM11g
Maybe you are looking for
-
Flat File Extract - SAP BW System Directory
Hi, I want to export a flat file using data manager so that it is saved in the SAP BW System Directory i.e. the /SAP/ directories. How can I do this? When i use data manager it only gives me options to save in the SAP BPC directory structure. Cheers,
-
Company code merge, take over salesorganization, purchase org and plant
Goodmorning, We have to merge two company codes. The management would like to keep the same salesorganizations, purchase organizations and plant, Does someone know if it is possible to link a plant, purchase organization and salesorganisation from o
-
Director Player Error : Handler not found in object
Hi, I have made an exe to run a video in Director. This was done using old version of director, 8.5 supposedly. When i try to run video through this exe, the video plays in background but i get the following error(snapshot attached): "Handler not fou
-
Final cut pro 10.0.4 crashes when show projects library is opened
I just updated to FCP 10.0.4 this morning. I continued importing video for a wedding--and then I went to create a new project in the timeline this afternoon. When I clicked on "show projects library" to create the new project--FCP X crashed. I reo
-
Device not recognized by Mac Desktop Software
I have tried to sync my Blackberry 8830 World Edition with the latest version of the Mac Blackberry Desktop Software (v. 2.1.3, build 10), but the device is not recognized. I am working on a MacBook Air running under OS 10.6.8. I've tried changing US