Security :: Database Authentication Through Open LDAP
Mar 28, 2013
I'd like to have my 11g database authenticate users against an OpenLDAP service. We'd still create accounts in the database, and do authorization within the database, but I'd just want to the user's passwords authenticated externally, against the OpenLDAP service. Is this possible? My searching through these forums and Google seems to indicate that you can do it if you run an Oracle Internet Directory (OID) service. I do not want to have to install and maintain an Oracle Internet Directory service. I'd like to do it without it.
I have a working PL/SQL function (below) that can authenticate a passed in username & password against our OpenLDAP directory. Is there any way for me to have Oracle call this function for the database user authentication? Or is there any other way for me to get the Oracle database to directly authenticate against OpenLDAP without having to run OID?
create or replace function ldap_authenticate(username varchar2, password varchar2)
return boolean is
begin
begin
if dbms_ldap.success = dbms_ldap.simple_bind_s(
[code]........
View 1 Replies
ADVERTISEMENT
Jan 24, 2013
We like to integrate the window LDAP to a new oracle database for user authentication. For example, this is a new test database and we don't have any users created.Now we like to figure out if we created the users with same id as in LDAP userid, how they can be authenticated externally by LDAP. I read and heard some info on OID provided by oracle but need some more step by step info to experiment.
View 3 Replies
View Related
Jan 22, 2013
I have got single sign on working via the built in LDAP Directory authentication in APEX. But at the moment this is letting everyone who is within AD log inHow can I assign role permissions to each logged in user so some users have an admin role and see certain parts of the application / pages / navigation items while editors and readers have different permissions
And also to restrict access to certain pages within the application
View 3 Replies
View Related
Sep 28, 2012
I am trying to use embedded weblogic server for creating an LDAP authtication secheme but it is not working
I believe that embedded ldap server works on the same port as the admin server of the domain but configuring it has been a pain. I got the following code from forum to test the ldap connection
declare
l_retval pls_integer;
l_retval2 pls_integer;
l_session dbms_ldap.session;
l_ldap_host varchar2(256);
[code]........
Every time I run this, I get the following error
ldap session : 01000000(returned from init)
error: ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials
-31202
View 0 Replies
View Related
Jun 16, 2013
I know how to use database links in various forms, but I've been trying to think through how the authentication works for a connected user link in 11g. If I create the link like this,create public database link using 'orcl';then any user can use the link, provided they have an identical username/password in the two databases. With pre-11g passwords, it was understandable: the password was salted with the username, so the hash of the password would be the same in both databases, and I assumed that the logon through the link used some sort of IDENTIFIED BY VALUES mechanism. But in 11g, the salt will different in the two databases. So the hash will be different. And of course Oracle never stores the actual password. So I don't see how the authentication works.
View 4 Replies
View Related
Jul 25, 2011
I have oracle 10g up and running on Solaris 10, from windows I would like to connect to sql plus through windows authentication, for that I have already made sure that remote_auth = true and have created user in oracle with OPS$. But still I cannot connect.
I have the same setup but with oracle on windows server, the os authentication from windows clients works just fine.
does oracle 10g on solaris 10 supports windows os authentication?
View 4 Replies
View Related
Sep 16, 2011
How can i use OS authentication to login db?
SQL> connect / as sysdba
ERROR:
ORA-01031: insufficient privileges
sqlnet.ora text:
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
#SQLNET.AUTHENTICATION_SERVICES = (NTS)
SQLNET.INBOUND_CONNECT_TIMEOUT=1
View 18 Replies
View Related
Jan 5, 2013
What is happening here:
c:usersjohnhome>
c:usersjohnhome>orapwd file=%ORACLE_HOME%databasePWDorcl.ora password=oracle
c:usersjohnhome>sqlplus sys/garbage@orcl as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jan 5 18:25:06 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
orcl> sho user
USER is "SYS"
orcl> select sys_context('userenv','ip_address') from dual;
SYS_CONTEXT('USERENV','IP_ADDRESS')
---------------------------------------------------------------------------------------------------
127.0.0.1
orcl>Why can I get a sys login, when I am connecting through the listener and giving an incorrect password? The listening address is a loopback address, is Oracle clever enough to realize that I am in fact logged on to the server as a member of the OSDBA group? I didn't think that information was passed through SQL*Net.
View 3 Replies
View Related
Jul 15, 2013
I have been using oracle based database security but company now wants to handle with windows authentication.I have windows os 2008 R2 and oracle 11.2.0.3.
I also have set up the SQLNET.AUTHENTICATION_SERVICES= (NTS).I created user with create user "domainusername" identified Externally! but now how can i connection from application to database!
View 1 Replies
View Related
Jul 17, 2012
When a user is renamed in Active Directory, they can no longer connect to the Oracle DB thru OS authentication. There is no OID/DIP integration.
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, HOSTNAME)
NAMES.DEFAULT_DOMAIN = cal.com.br
create user "CALRENATOH" IDENTIFIED EXTERNALLY
GRANT CREATE SESSION TO "CALRENATOH"
AD User CALRENATOH can connect to DB as 'sqlplus /'
But after renaming AD User CALRENATOH to CALRENATOH1 and dropping DB user CALRENATOH and creating DB user CALRENATOH1 drop user "CALRENATOH"; create user "CALRENATOH1" IDENTIFIED EXTERNALLY;
Now OS authentication 'sqlplus /' fails 'ORA-01017: invalid username/password; logon denied'..Once I recreate the DB user with old AD user name 'CALRENATOH', OS authentication succeeds. create user "CALRENATOH" IDENTIFIED EXTERNALLY;
C:Windowssystem32>set username
USERNAME=RENATOH1
C:Windowssystem32>sqlplus /@rmlab001
SQL*Plus: Release 11.1.0.6.0 - Production on Tue Jul 3 15:16:46 2012
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning and OLAP options
Why the Database is still looking for old AD user name? Does Oracle cache information about OS authenticated users?
View 0 Replies
View Related
Jul 16, 2013
I successfully created a Oracle Wallet in AIX. The wallet is belong to user "oracle" and permission is 755. I can access it with non-oracle user. Note: the non-oracle user is under the same group as "oracle" id.
But when I try to change the Oracle Waller permission to less than 755, I am not able to access it anymore. The error is "ORA-12578: TNS:wallet open failed".
My question is how can I access the Oracle Wallet without using 755 permission?
View 1 Replies
View Related
Jun 10, 2011
I want to configure this
my end user open only one session
means one session per one user only
View 8 Replies
View Related
Dec 14, 2012
My database is 11.1.0.7 and 11.2.0.3 with TDE tablespace encryption, ASM db storage. The wallet needs to be opened for MRP to work in physical standby database. I already have the solution for the primary instances to automate wallet open (e.g. using startup trigger for 11.1.0.7). However, I cannot find solution to automate wallet open operation in standby instances (to issue ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY ""').
Manual operation everytime standby instance is started is not feasible.
View 1 Replies
View Related
Jun 26, 2013
Is it possible to use Database authentication in APEX through database link, and how?Also is it posible to read roles from users through database link?
View 3 Replies
View Related
Sep 10, 2013
We are facing an surprising problem in oracle 10g database. Previously we are able to connect our Oracle 10g database using os authentication with "sqlplus / as sysdba" command. Last wednesday in our linux server maximum number of processes have overflowed and we need to increase the soft limit of our linux server. After that without restarting database every applications [OID 10g] are working fine. But, we are not able to connect with system using OS authentication. It is showing following.
$ export ORACLE_HOME=/a01/OID$ export ORACLE_SID=OID$ export PATH=$PATH:/a01/OID/bin$ sqlplus / as sysdbaSQL*Plus: Release 10.1.0.5.0 - Production on Tue Sep 10 06:45:08 2013Copyright (c) 1982, 2005, Oracle. All rights reserved.Connected to an idle instance.SQL>
Whereas I can connect with instance after providing @OID [SID]$ sqlplus sys@OID as sysdbaSQL*Plus: Release 10.1.0.5.0 - Production on Tue Sep 10 06:47:07 2013Copyright (c) 1982, 2005, Oracle. All rights reserved.Enter password:Connected to:Oracle Database 10g Enterprise Edition Release 10.1.0.5.0 - ProductionWith the Partitioning, OLAP and Data Mining optionsSQL> What am I missing. How can I connect with system with "sqlplus / as sysdba" command?
View 21 Replies
View Related
Jul 16, 2013
Can application connect with windows authentication to oracle 11.2.0.3 database? if so then how can i set it up!
View 3 Replies
View Related
Mar 18, 2011
We have an issue regarding OS level authentication to access Oracle 11gR2(11.2.0.1) database.
Our environment -
UNIX - AIX 5.3 (OS user id password is having kerberos security).
Oracle 11.2.0.1 (32 bit client) installed in server 1
Oracle 11.2.0.1 (64 bit server) installed in server 2.
Everything works fine when we created a general userid test_db in the database and connect through sqlplus test_db@dbname.
But when we try to use the option of OS level authentication using "sqlplus /", it throws following error and could not be connected.
ERROR: ORA-12545: Connect failed because target host or object does not exist
I have created the same OS user name in database (with external password authentication) with prefix OPS$. we have set ORACLE_SID as well.
View 1 Replies
View Related
Jun 15, 2013
I know how to use database links in various forms, but I've been trying to think through how the authentication works for a connected user link in 11g. If I create the link like this,
create public database link using 'orcl';
then any user can use the link, provided they have an identical username/password in the two databases. With pre-11g passwords, it was understandable: the password was salted with the username, so the hash of the password would be the same in both databases, and I assumed that the logon through the link used some sort of IDENTIFIED BY VALUES mechanism. But in 11g, the salt will different in the two databases. So the hash will be different. And of course Oracle never stores the actual password. So I don't see how the authentication works.
View 1 Replies
View Related
Nov 25, 2010
We had an escalation wherein one of team members accidentally deleted an LDAP entry for a database. We use Oracle Net Manager to add/delete the connect descriptor.
Are there any logs using which we can find out as to who deleted the entry.
View 1 Replies
View Related
Nov 17, 2010
We are looking at the possibility to implement LDAP at my place of work. Anything we should look for of not doing or doing to make this work?
View 1 Replies
View Related
Mar 27, 2013
I need to enable authentication over LDAP SSL. I've configured a wallet (auto login) containing required certificates and set accordingly WALLET_PATH and WALLET_PWD settings using apex_instance_admin.set_parameter method. With this, everything is working fine and LDAP over SSL is working well. It confirms that the wallet is properly configured, valid and usable.
So, the wallet was created with auto login option and it seems to work well without specifying password when calling utl_http.
Proof of properly configured auto login wallet (without password).
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- test without wallet
BEGIN show_html_from_url('https://www.verisign.com/'); END;
*
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1527
ORA-29261: bad argument
ORA-06512: at "TEST01.SHOW_HTML_FROM_URL", line 25
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-29024: Certificate validation failure
ORA-06512: at line 1TEST01@DB11G> exec utl_http.set_wallet('file:/u01/app/oracle/product/11.2.0/dbhome_1/network/admin'); -- set wallet info for use without password (autologin)
PL/SQL procedure successfully completed.
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- It works!
PL/SQL procedure successfully completed. So, when I configure WALLET_PATH without WALLET_PWD, it not seems to work as it should with my auto login wallet...
Is it APEX not handling auto login wallets correctly?
Apex Version: 4.2.0.00.27
OS: OEL 6.4
DB: 11.2.0.3 x64
View 0 Replies
View Related
Mar 8, 2013
I am using oracle 10gXE just for basic practice but its showing following Errors
SQL*Plus: Release 10.2.0.1.0 - Production on Fri Mar 8 11:46:34 2
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL> conn sys as sysdba
Enter password:
Connected to an idle instance.
SQL>
SQL>
SQL>
SQL> startup;
ORA-01081: cannot start already-running ORACLE - shut it down fir
SQL>
SQL>
SQL>
SQL> select * from dept;
select * from dept
[code]....
View 3 Replies
View Related
Oct 10, 2013
Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0 Agent is running, dbconsole too. to the database through SQL Developer and SQL Plus connects. when you go to localhost:1158/em opens a BLANK PAGE that contains 2 "squiggles" view"|[ ]]" tried in different browsers, identical. a feeling that most web interface is physically not in folders.
View 0 Replies
View Related
Jun 13, 2011
I have problems in opening the database of the physical standby in read- write mode/ read only mode. I have a primary server which is running on 2 node RAC and the standby on a seperate single server being used as DR. I recently got this server and my aim was to isolate the standby server from primary server and perform few test. As it has never been tested even once.
Primary Database spec: (2 Node Rac on ASM)
Oracle Version : 10.2.0.3.0
O/s : HP-UX B.11.23
Standby Database spec: (Single Node)
Oracle Version : 10.2.0.3.0
O/s: HP-UX db01 B.11.23
Error:
--------------------------------------------------------------------------------
alter database recover managed standby database cancel;
Database altered.
SQL> alter database open
2 ;
alter database open
*
ERROR at line 1:
ORA-16004: backup database requires recovery
ORA-01152: file 1 was not restored from a sufficiently old backup
ORA-01110: data file 1: '+DATA/dprod/datafile/system01.dbf'
--------------------------------------------------------------------------------
Parameters :
log_archive_dest_2 string SERVICE=PROD1 LGWR ASYNC VALID
_FOR=(ONLINE_LOGFILES,PRIMARY_
ROLE) DB_UNIQUE_NAME=PROD
remote_archive_enable string true
fal_client string DPROD
fal_server string PROD1, PROD2
Steps tried so far:
Changed log_archive_dest_2 = DEFER on both the primary nodes
Standby :
startup nomount
alter database mount standby database;
alter database recover managed standby database disconnect;
alter database recover managed standby database cancel;
alter database open/readonly (tried both)
Same error.
On Primary:
SQL> select max(sequence#) from v$log_history;
MAX(SEQUENCE#)
--------------------------------------------------------------------------------
55702
on Standby:
MAX(SEQUENCE#)
--------------------------------------------------------------------------------
33289
Primary Database:
SELECT SEQUENCE#, FIRST_TIME, NEXT_TIME FROM V$ARCHIVED_LOG ORDER BY SEQUENCE#;
SEQUENCE# FIRST_TIME NEXT_TIME
--------------------------------------------------------------------------------
55700 13-JUN-11 13-JUN-11
55700 13-JUN-11 13-JUN-11
55701 13-JUN-11 13-JUN-11
55701 13-JUN-11 13-JUN-11
55702 13-JUN-11 13-JUN-11
60824 rows selected.
Standby Database:
SEQUENCE# FIRST_TIME NEXT_TIME
--------------------------------------------------------------------------------
55698 13-JUN-11 13-JUN-11
55699 13-JUN-11 13-JUN-11
55700 13-JUN-11 13-JUN-11
55701 13-JUN-11 13-JUN-11
15206 rows selected.
Additional Information : There is a delay of 20 minutes before the logs get applied. which has been intentional set by team. Dataguard broker is not configured as well.
View 7 Replies
View Related
Apr 13, 2012
How to check the open http connections in the database as I am getting.
ORA-29270: too many open HTTP requests
View 7 Replies
View Related
Dec 7, 2010
Suddenly I can't open any of my physical standby databases read only. Alert log snippet and trace files follow post. I'm running 9.2.0.1.0 on all hosts, which are running AIX 5.2. I've successfully opened all physical standby databases read only numerous times in the past. Is it possible that these standby databases cannot be switched over to primary should the need arise?
Here's how I typically open a physical standby database read only:
alter database recover managed standby database cancel;
alter database open read only;
Errors in file /ora/product/9.2.0.1.0/rdbms/log/icps1_ora_27382.trc:
ORA-00604: error occurred at recursive SQL level 1
ORA-16000: database open for read-only access
Error 604 happened during db open, shutting down database
USER: terminating instance due to error 604
[code]...
View 2 Replies
View Related
Mar 22, 2010
I am unable to start ACTIVE DATAGUARD in 11g.
SQL> startup
ORACLE instance started.
Total System Global Area 522092544 bytes
Fixed Size 2090224 bytes
[code]...
Database altered.
SQL> select count(*) from scott.test;
select count(*) from scott.test
*
ERROR at line 1:
ORA-01219: database not open: queries allowed on fixed tables/views only
View 6 Replies
View Related
Mar 14, 2012
When we open the database with ResetLogs option. Then in future is there a possibility of restoration from old log sequences.
View 5 Replies
View Related
Aug 31, 2013
I tried to run the duplicate script after transferring new rman backup to standby. Even after transferring the backup, duplicate command and was unable to open the database.
View 1 Replies
View Related
Dec 4, 2012
I am running 10.1.0 and the database went down and I have been trying to get it started again. I have worked through several errors but stuck on this one.When trying to run startup I get this error ORA-01589 must use RESETLOGS or NORESETLOGS option for database open.
View 7 Replies
View Related
