Wednesday 1 October 2008

EUS with OAS4OS

This is a beautifull acroniem heavy heading. We are combining Enterprise User Security, e.g. Database users from an ldap directory with Oracle Authentication for Operating System, e.g. Operating System users from an ldap server.
An OS session where sqlplus is used looks as follows:

login as: HeemskerkACW
mailto:HeemskerkACW@linuxmachine1 password:
Last login: Wed Oct 1 15:15:59 2008 from 10.100.1.172

aliases: DB1
HeemskerkACW@linuxmachine1::/home/HeemskerkACW
$ DB1
HeemskerkACW@linuxmachine1:DB1:/home/HeemskerkACW
$ sqlplus HeemskerkACW@DB1

SQL*Plus: Release 10.2.0.3.0 - Production on Wed Oct 1 15:18:27 2008

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

Enter password: ********

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit Production
With the Partitioning, Real Application Clusters, OLAP and Data Mining options

SQL> show user
USER is "SHARED_SCHEMA_USER"
SELECT
SYS_CONTEXT('USERENV','EXTERNAL_NAME')
,SYS_CONTEXT('SYS_LDAP_USER_DEFAULT','mail')
,SYS_CONTEXT('SYS_LDAP_USER_DEFAULT','telephoneNumber')
,SYS_CONTEXT('SYS_LDAP_USER_DEFAULT','uid')
FROM DUAL
7 /

SYS_CONTEXT('USERENV','EXTERNA
--------------------------------------------------------------------------------
SYS_CONTEXT('SYS_LDAP_USER_DEF
--------------------------------------------------------------------------------
SYS_CONTEXT('SYS_LDAP_USER_DEF
--------------------------------------------------------------------------------
SYS_CONTEXT('SYS_LDAP_USER_DEF
--------------------------------------------------------------------------------
cn=heemskerk\, acw (xander),cn=users,dc=nl,dc=oracle,dc=nl
xheemske@googlemail.nl
+31 30 6698443
HeemskerkACW

SQL>


As can be seen the same userid is used for both the OS as the database session. What can't be seen but you can take on "my blog entry" is that the same password is used.
The userid and the password came from the Oracle Internet Directory ldap server.
How to set this up will be in a next blog.

No comments: