WLS6.0 sp1 and MS Active Directory

Hi,
Is it possible to configure WLS' LDAP security realm to use MS' Active
Directory to authenticate users? A quick yes or no would be appreciated -
I'll worry about the finer details of how later!!
Regards
Laura Allen

Custom realm of course with the weblogic....ldaprealmv2.LDAPRealm
implementation class.
We did not use Kerberos authentication - just the plain password
authentication in "cleartext". Our servers are inside a secure data center -
no encryption required. That's why we did not need jdk1.4.
"Marc Carrion" <[email protected]> wrote in message
news:[email protected]...
>
Are you telling that you configured the ldap realm of WL to use activedirectory?
or you used your custom realm?
To use the authentication with Kerberos you need to use GSS-API and it'snot
included in jdk1.3 neither in jaas, that's why I needed to use jdk1.4
Can you explain how did you do that?
Thanks,
Marc
"Roy Cornell" <[email protected]> wrote:
Hi Laura:
No, BEA did not confirm the compatibility. We did our own investigation
and
found that the two systems work well together. One of the highlights
of the
research was the fact that the configuration of the WLS custom realm
for
Active Directory was more similar to Netscape Directory or Open LDAP
than to
the MS Site Server.
I am attaching the sample settings for the LDAP realm:
server.host=<some-ip-or-name>
server.principal=CN=wlsadmin001,OU=WLSMEMBERS1,DC=company,DC=com
user.filter=(&(cn=%u)(objectclass=user))
user.dn=OU=WLSMEMBERS1,DC=company,DC=com
group.filter=(&(cn=%g)(objectclass=group))
group.dn=OU=WLSGROUPS1,DC=company,DC=com
membership.filter=(&(member=%M)(objectclass=group))
We used the AD for authenticating the users and for authorizing the EJB
methods. AD contained the users and their security roles and the
deployment
descriptiors of the EJB's contained the permissions for the security
roles.
We ran repeated tests and were more or less satisfied.
Regards
P.S.
we used WLS 6.1 Jdk 1.3
----- Original Message -----
Sent: Tuesday, September 18, 2001 5:40 AM
Subject: WLS6.0 and Active Directory
Forgive me contacting you directly, but did you recieve a reply fromBEA
as
to whether WLS supports interaction with Active Driectory? And wereyou
attempting to use Active Directory just for user authentication? Anyinfo
on how WLS and Active Directory interact would be appreciated!
Regards
Laura Allen
The information in this e-mail and any attached files is confidential.It
is intended solely for the use of the addressee. Any unauthorised
disclosure or use is prohibited. If you are not the intended
recipient
of
the message, please notify the sender immediately and do not disclosethe
contents to any other person, use it for any purpose, or store or copythe
information in any medium. The views of the author may not necessarily
reflect those of the Company.
"Laura Allen" <[email protected]> wrote in message
news:[email protected]...
Hi,
Is it possible to configure WLS' LDAP security realm to use MS' Active
Directory to authenticate users? A quick yes or no would be
appreciated
I'll worry about the finer details of how later!!
Regards
Laura Allen

Similar Messages

Integration of sap R/3 (4.7) and Microsoft active directory (2003)

Hi All,
I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
Pls help me with this issue.
Thanks in advance,
Regards,
Raghav.

Hi,
First You should read:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
Regards,
Jarek

SCCM report to show last logged on user and the Active Directory department attribute of that user.

I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.

You problem is here.
right
join v_R_User USR on USR.ResourceID
= CS.ResourceID
USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
end up with unreliable results.
Anyways you need to make these changes to your query.
left
join v_R_User USR on USR.Unique_User_Name0
= CS.UserName0
http://www.enhansoft.com/

User base Synchronization between SAP and MS Active Directory Server

Dear all!
I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
i successfully implemented the synchronization of user data between SAP and the ADS.
My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
Currently I don't have a clue how to do this.
Regards,
Christoph

Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
Regards,
Marc g

OID and MS Active Directory LDAP information Synchronization

Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?

Hi, I have the same question.
Thanks,
Malin

JNDI and MS ACTIVE DIRECTORY

i am Emanuele,an young italian programmer,i have a question
for you on
ldap & MS active directory.
How can i permit to an simple user (NOT an administrator) to
access and
modify his data with JNDI.
Only with userid and password of an administrator i can do this WHY?
When i try to access i receive this error :
javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308:
LdapErr: DSID-0C090290, comment: AcceptSecurityContext error,
data 531,
v893
thanks in advance Emanuele

OK!
I think I found a solution for this Error. Seems to be a BUG in a protocol Win 2000! With service pack 2 or 3 it works! :-o
They(MS) wrote that you maybe could not connect to the ADS with SUN because, SP1 could not handle organisational and pure date in one packeage... what ever this mean...
Another thing is, that ADS needs the principal in this way
env.put( Context.SECURITY_PRINCIPAL, "[email protected]" );
not like IPlanet
env.put( Context.SECURITY_PRINCIPAL, "uid=THEUSER, ou=People o=domain.com" );
now it works fine

I have windows server 2012 R2 and install active directory

My question is I install active directory in windows server 2012 R2 and create Group Policy. ( These set-up is only for test)
Have not registered domain only install active directory to test.
So the problem is when I created Group policy for my user and put software restriction policy but its affected to my administrator accounts too, No when I open VMware (install Virtual Machine windows XP) and start os then its shows you can not user this
software as you restricted from installing software (Something like that don't know exact Error). I could not start installed Virtual Machine.
Please give me a solution for this.
This is the setup for a test use only so their not big environment connect with my pc.
Thanks in advance.
Regards,
Krunal

Hi,
The following article is talking about creating and managing Group Policy on a Windows Server 2012:
http://www.thomas-krenn.com/en/wiki/Creating_and_managing_a_Group_Policy_on_a_Windows_2012_Server
As Darren Blanchard mentioned, if you want to apply the GPO, you could link it to an OU that contain the computer or user.
Group Policy Overview
http://technet.microsoft.com/en-us/library/hh831791.aspx
Please feel free to let us know if you need further assistance.
Regards.
Vivian Wang

Cisco ISE 1.2 and 2 Active Directory Domains

Hi Support,
does anyone know whether I can perform Certificate Authentication for two different Active Directory domains using the same ISE host / deployment?
We have two forests with a trust link between them.
We have a seperate PKI in each domain.
I am thinking that the ISE can only be joined to a single domain, but because we have a trust between the two forests, the ISE can have two certificate profiles in an identity source sequence which can then use in a single authorisation policy.
I take it that I would need local certs from each CA in the local certificate store of the ISE?
We are performing a company merger and we cannot migrate users to the primary AD domain due to several reasons so we would like to use the same ISE deployment to authenticate Wireless users on both AD domains.
Thanks
Mario

Mario,
This is possible. Here are the guidelines for the Multi-Forest support in ISE 1.2:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#pgfId-1350874
You would have to set a new Certificate Authentication Profile for each domain and use the Authentication Policies to determine which of the Certificate Authentication Profiles to use.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#pgfId-1349174
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton

Oracle context and MS Active Directory

Hello,
I have one pc with Windows Server 2003 and Oracle 10g r2
When I add a user from my Active Directory in the External OS Users of the Oracle Managed Object (via mmc), I get this error:
ORA-30041: Cannot grant quota on the tablespace
And when I try to connect with this user (Active Directory user) to isqlplus, I get another error:
ORA-28030: Server encountered problems accessing LDAP directory servic
Someone know how to resolve these errors ?
Server's Configs
Active directory name: cyclops.home.com
Host name: server.cyclops.home.com
My database name in the Oracle context object of my Active directory: oracle_db
My Oracle context: “CN=OracleContext,DC=home,DC=com"
#Ldap.ora
DEFAULT_ADMIN_CONTEXT = "DC=cyclops,DC=home,DC=com"
DIRECTORY_SERVER_TYPE = AD
#Listener.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\product\10.2.0\db_1)
(PROGRAM = extproc)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
#Sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (LDAP)
#Tnsnames.ora
PROJET =
     (DESCRIPTION =
          (ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
          (CONNECT_DATA =
               (SERVER = DEDICATED)
               (SERVICE_NAME = oracle_db)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)

When I use this cmd ldapbind -h cyclops.home.com that works.
If I log to isqlplus with the system user and do select username from all_users; I can see my Active Directory user.
I also changed the LDAP_DIRECTORY_ACCESS parameter to PASSWORD (default was SSL) but that changed nothing.
Maybe the problem is from the Oracle wallet, I did one when I have created the database but I don't know well about it and the use. I think I should have something in my sqlnet.ora file related to the wallet but I don't know how to set.
I search on internet, some homepages said I should use Oracle Net Manager to set the wallet location but I found nothing in Oracle Net manager for it.

Import and Export Active Directory users

Hello,
I want to export my Active Directory users and import them to different domain.
I try to use ldifde without any success.
Do anyone have any idea??
Thanks,
Lior

I would suggest the Active Directory Migration tool.
http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
D/L link: http://www.microsoft.com/en-us/download/details.aspx?id=8377
If you have 2012, it will be a little more complicated.

Oracle Discoverer 10G and mapping Active Directory to use SSO/OID

Could anybody point me please to the right direction?
1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
Thanks you in advance

Hi Randy;
As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
Regard
Helios

WL 7.0 and MS Active Directory.

Hi all,
I'm trying to use MS Active directory to authenticate my WL users. I did
everything that the documentation tells to do but I'm still getting the
following exception:
<Aug 15, 2002 3:18:05 PM EDT> <Notice> <Management> <140005> <Loading
configurat ion E:\bea\user_projects\testsecuritydomain4\.\config.xml>
<Aug 15, 2002 3:18:12 PM EDT> <Notice> <Security> <090082> <Security
initializin g using realm myrealm.> <Aug 15, 2002 3:18:12 PM EDT> <Critical>
<WebLogicServer> <000364> <Server faile d during initialization.
Exception:java.lang.SecurityException: Authentication f or user weblogictest
denied
java.lang.SecurityException: Authentication for user weblogictest denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>
<Aug 15, 2002 3:18:12 PM EDT> <Emergency> <WebLogicServer> <000342> <Unable
to i nitialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogictest
den ied
java.lang.SecurityException: Authentication for user weblogictest denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogictest denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogictest
den ied
java.lang.SecurityException: Authentication for user weblogictest denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
User weblogictest is present in both WL and AD and is a member of
Administrators group on both.
The problem is that I can't find anything to tell me what the reason for
authentication failure is and therefore it's hard to figure out what to do
next.
Thank you,
Eugene Khosid

Hi all,
It did work after all. Apparently there were some issues with AD replication
that we have set up...
However I immediately ran into the next problem:
If I drop the WL Default Authenticator I'm getting the following exception
while trying to boot
<Aug 21, 2002 10:25:36 AM EDT> <Critical> <WebLogicServer> <000364> <Server
fail
ed during initialization. Exception:java.lang.SecurityException: User
weblogictest is not permitted to boot the server
java.lang.SecurityException: User weblogictest is not permitted to boot the
server
at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
yServiceManager.java:1076)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
anager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>
<Aug 21, 2002 10:25:36 AM EDT> <Emergency> <WebLogicServer> <000342> <Unable
to
initialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: User weblogictest is not permitted
to boot the server
java.lang.SecurityException: User weblogictest is not permitted to boot the
server
at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
yServiceManager.java:1076)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
anager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: User weblogictest is not permitted to boot the
server
at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
yServiceManager.java:1076)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
anager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: User weblogictest is not permitted
to boot the server
java.lang.SecurityException: User weblogictest is not permitted to boot the
server
at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
yServiceManager.java:1076)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
anager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
My guess is that for some reason WL server does not recognize the fact that
that weblogictest is an administrator... I wonder if we should write our own
Authorization provider or a Role mapper...
Any ideas?
Thanks,
Eugene
"Vimala Ranganathan" <[email protected]> wrote in message
news:[email protected]...
Hi,
You should not see this error is the user is defined in both wls andactivedir
and belongs to Administrators group.
Can you change the value of the control flag accordingly to check whetherthe
issue is from active directory or wls default provider ?
You can make the ControlFlag for ActiveDir as optional and check whetherthe
error goes away.
You would have start the server to do any changes in the console.
You could start the server by deleting the UserConfig folder under thedomain
but you would lose all the Security config settings.
Vimala
Eugene Khosid wrote:
Hi all,
I'm trying to use MS Active directory to authenticate my WL users. I did
everything that the documentation tells to do but I'm still getting the
following exception:
<Aug 15, 2002 3:18:05 PM EDT> <Notice> <Management> <140005> <Loading
configurat ion E:\bea\user_projects\testsecuritydomain4\.\config.xml>
<Aug 15, 2002 3:18:12 PM EDT> <Notice> <Security> <090082> <Security
initializin g using realm myrealm.> <Aug 15, 2002 3:18:12 PM EDT>
<Critical>
<WebLogicServer> <000364> <Server faile d during initialization.
Exception:java.lang.SecurityException: Authentication f or userweblogictest
denied
java.lang.SecurityException: Authentication for user weblogictest denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>
<Aug 15, 2002 3:18:12 PM EDT> <Emergency> <WebLogicServer> <000342><Unable
to i nitialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for userweblogictest
den ied
java.lang.SecurityException: Authentication for user weblogictest denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>
>>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogictest denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for userweblogictest
den ied
java.lang.SecurityException: Authentication for user weblogictest denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>>
User weblogictest is present in both WL and AD and is a member of
Administrators group on both.
The problem is that I can't find anything to tell me what the reason for
authentication failure is and therefore it's hard to figure out what todo
next.
Thank you,
Eugene Khosid

AADSync and Azure Active Directory Device Registration Service

Now I try to implement Azure Active Directory Device Registration Service with AADSync.
According to step-by-step guide, it has to execute "Enable-MSOnlineObjectManagement" cmdlet.
Step-by-Step Guide for On-premises Conditional Access using Azure Active Directory Device Registration Service
https://msdn.microsoft.com/en-us/library/azure/dn788908.aspx
Unfortunately, AADsync doestn't have "Enable-MSOnlineObjectManagement", and can't find similar cmdlet.
I'm looking for cmdlet for device object synchronization.
Does anyone know alternate cmdlet?

Hi,
Thanks for your post.
You need to use the command import-module DirSync in PowerShell, then running the command "get-command -m Microsoft.Online.Conexistence.PS.config", you will find the cmdlet "Enable-MSOnlineObjectManagement"
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Oracle Non-Windows DB and MS Active Directory

Question:
How can one configure a Microsoft Active Directory (LDAP-compliant directory
service) with an Oracle Database when the Database resides on a unix server
without the need of the Oracle LDAP? Is it possible ? If yes, please explain.

Question: I have been looking at examples of using the LDAP packages but I am not sure if the examples are explaining the ldap_base and groups for MS AD OR an example for Oracle OID.
Can you explain is this Oracle OID
GC$ldap_user VARCHAR2(256) := 'cn=orcladmin';
GC$ldap_passwd VARCHAR2(256) := 'welcome1';
GC$ldap_base VARCHAR2(256) := 'cn=my_cn,dc=my_dc,dc=fr';
Can you give an example for MS AD?

Enable SSO APEX 4 and MS Active Directory

Hi,
I want enable SSO on my APEX applications. Actually, we use Microsoft Active Directory and Windows 2003 (tomorrow maybe Windows 2008).
Regarding your experiences, what is the best solution that I can us in order to implement SSO ?
Thanks for your help,
I have forget to give this informations :
- Our Oracle Server is under Linux.
- We use Oracle Database 11GR2.
- Our domain controller is under Windows 2003 (we will probably upgrade to 2008 this year).
- Our APEX version is 4.1.0.00.32.
Edited by: user7224400 on 3 févr. 2012 16:23

Morten -- Interesting. I wish we had found that before we implemented WebLogic and the APEX listener, it may have been an interesting other option to consider. I'm not sure it would have made it past our change control folks as they might bark at the supportability/security, but it is a intriguing option.
Patrick -- (You have a great blog by the way.). We are talking about upgrading our APEX 3.1 instances this year so I am very interested in the new authentication type. Is it doing anything other than simply retrieving the logon_user? i.e., is it actually authenticating against anything or would it just read the logon_user and let them in if they matched a known username?
AJ -- We just converted from Oracle Portal last year. When I had Oracle Portal, I had it setup to use Windows Native Authentication following the supported solution for that and then had APEX set up as a partner application for portal. So if someone hit portal first, they'd automatically logon as their active directory user through WNA and would be dropped into portal. If they then hit a link for APEX in portal, it would (in rapid succession) go to APEX, redirect back to the portal SSO server, see they were authenticated in app server, and drop them into APEX with barely a visible screen flicker. It worked flawlessly UNTIL we started upgrading to Windows 7. Then a number of changes and patches are required to get WNA to work with app server 10g and Windows 7. If you are using portal in your 10g IAS, you may want to consider that route.
Pardon me while I hop on my soapbox briefly -- I think if our friends in Oracle land could come out with a fully supported method of using NTLM or similar technologies to automatically login to APEX applicaitons, it would help considerably in the adoption of APEX and the APEX listener in customers that have Oracle databases and Active Directory which is a pretty decent size market.
Ok, soapbox moment ended. :-)
Rgds/Mark M.

WLS6.0 sp1 and MS Active Directory

Similar Messages

Maybe you are looking for