We recently integrated our 11.5.10.2 instance with 10gAS (10.1.4 Identity management) using external Authentication from Microsoft Active Directory. Automatic USER provisioning from AD to OID to 11i.
The way external authentication happens in 10.1.2 and 10.1.4 is quite different.In 10.1.2 it uses pl/sql plug-in and 10.1.4 it uses java plug-in.
In 10.1.2 you have to run "$ORACLE_HOME/ldap/admin/oidspadi.sh" to register adwhencompare & adwhenbind profiles.
In 10.1.4 you need to run "$ORACLE_HOME/ldap/jlib/oidexcfg.jar oidexcfg -h oidhost -p port -D cn=orcladmin -w password -t AD" to modify the oidexcfg_compare_ad and oidexcfg_bind_ad plug-in's, the same can also be modified by login to ODM and going to Plug-in Management.
After registering run the following commands to check if AD can authenticate you
1) ldapbind -h oidHost -p port -D "cn=ADUser,cn=Users,dc=acme,dc=com" -w adpassword
2) ldapcompare -h oidHost -p port -D "cn=orcladmin" -w iasadminpswd -b "cn=ADUser,cn=Users,dc=acme,dc=com" -a userPassword -v adpassword
In 10.1.4 you can still use pl/sql plug-in for external authentication but make sure you are not hitting bug#5912665
Another important thing is - In 10.1.2 "orclUserPrincipalName" objectclass contains the external identity used for validating to Active Directory and in 10.1.4 "orclSourceObjectDN" is used instead.
Good Luck
Subscribe to:
Post Comments (Atom)
6 comments:
HI
good work...Let me know your mail id i have few doubts.
Shyam.
Do you know how to configure SQL plugin for OID. We want to use OID but still need database login for some users. for them we are planning to do OID modifications using PAM. any ideas
Shyam,
Do you have any idea how to configure OID - PL/SQL plugin.
Sam,
Even in 1.4 you can use pl/sql login, you can't use both, you can use java or plsql plugin not both.
Good Luck
Hi Shyam,
I did the configuration according to metalink note 462144.1, but ldapbind with AD credentials does not work.
OID debug (plugin external and internal) says the following:
BEGIN
2008/08/01:09:44:25 * ServerWorker (REG):8
ConnID:51 * mesgID:1 * OpID:0 * OpName:bind
ConnIP:127.0.0.1 ConnDN: Anonymous
INFO : gslfbidbDoBind * Version=3 BIND dn="-deleted for security reasons..-,dc=de"
method=128
ConnId = 51, op=0, IpAddr=127.0.0.1
09:44:25 * Replacing pwdfailuretime in gslsbmApplyModtoEntry()
09:44:25 * INFO : gsleswrASndResult2 RESULT = 49 nentries=0
END
Do you have and idea what goes wrong?
Regards
Not sure why you getting the error, and in the present project I am no longer working on AD/OID.
I would suggest to open a tar
Good Luck
Post a Comment