One thing that is seldomly mentioned is that SQL*Net is completely compatible with any LDAP server produced by Oracle Corp. The way to use non-oracle LDAP server with SQL*Net is hidden in Hogwarts chamber of secrets and only Harry Potter can find it.
> -----Original Message----- > From: Jesse, Rich [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 12, 2003 3:39 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: iDirectory > > > Hey LeRoy (Go Badgers! Go Panthers!), > > 1. That's what Oracle claims, but only if you have the > Advanced Security > option, which you must purchase. > > 2. It depends on the box, the version of OS, and other factors. For > example, LDAP authentication will not work on HP/UX 11.0 with > the Trusted > System option. LDAP (in this case, OiD) does not know what > instance to > grant access to. That will still be handled by each database with the > CREATE USER command. Check out the IDENTIFIED GLOBALLY clause of the > statement, provided you have purchased Advanced Security. > > 3. Yes, the two can be used simultaneously, but for most > users I don't > think this wouldn't be a good idea (maintenance nightmare!). > Perhaps for IT > folks, though. It would be on a client-by-client basis. > > 4. After doing a brief search, OiD MAY or MAY NOT be LDAPv3-compliant > (contrary to my past posts!), but it does seem to break the rules for > RFC2849 (LDIF format), which will be needed if you want to > customize it's > use for other LDAP usage (i.e. LDIFs are not transportable > between OiD and > other LDAPs). No, you cannot use another LDAP in OiD's place > -- sort of. > You MUST still use OiD for all Oracle interaction, whether it > be network > naming or user authentication. Oracle says you can use > another LDAP, but > they don't say that you can only use them with Oracle's OiD > "gateway" that > does some hokey "replication" between OiD and the other LDAP. > I haven't > used it, as the cost of OiD and Advanced Security (OiD comes > with 9iAS -- > NOT the DB!) along with the poor stability and implementation > of OiD, IMHO, > forced us to use SunOne and forgo the Oracle solution. > > Talk with your Oracle Rep! I can't see them expecting a > large deployment of > OiD unless they significantly reduce the costs. It won't > cost us $100Ks and > then annual maintenance for all of our users to have separate > Oracle DB > logins. > > > HTH! GL! > Rich > > Rich Jesse System/Database Administrator > [EMAIL PROTECTED] Quad/Tech International, > Sussex, WI USA > > > -----Original Message----- > Sent: Wednesday, March 12, 2003 12:09 PM > To: Multiple recipients of list ORACLE-L > > > All- > > I am researching the technology of the Internet Directory. > Does anyone > have experience with this? I am currently using tnsnames files on all > my boxes, I am running on Unix. I realize this directory > would replace > the tnsnames files but lots of confusion on how it works. > > 1. Would the directory be able to give users authentication to > different instances on the same box with multiple logins? > > 2. I assume the directory will allow the user to go between physical > boxes but will it know what instance to go to and the security of the > user coming in? > > 3. Once this directory is in place, can tnsnames be used at the same > time or does it have to be one or the other? > > 4. Also, since this directory is LDAP compliant can this directory be > replaced by another LDAP compliant directory of my choice? > Assuming the > necessary attributes were include. > > Just a few thoughts and concerns. > > Any info would be great. > > Thanks, > > LeRoy > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Jesse, Rich > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Gogala, Mladen INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
