Connect to ActiveDirectory with ldapsearch on Unix

In ancient times, ldapsearch could query ActiveDirectory without issues. In this examples, I used openldap client 2.4. Other tools may have other parameters. $ ldapsearch -H ldap://example.com:389 -b dc=example,dc=com cn=”Laurent C. Schneider” mail mail: laurent.c.schneider@example.com In Active Directory (AD) it is no longer the default since Windows Server 2003, unless you change dSHeuristics to 0000002… Continue reading Connect to ActiveDirectory with ldapsearch on Unix

poor man ActiveDirectory password checker

To have the same users in multiple databases and no single sign on is quite a nightmare for password expiration, synchronisation and validation. You probably were discouraged by the long long route to kerberos, where the 11.2.0.2 bugs are fixed in 11.2.0.4, the 12.1 bugs are fixed in 12.2. And lot’s of system changes that… Continue reading poor man ActiveDirectory password checker

TNSNAMES and Active Directory

It is highly probable you already have MS AD in your company. Probably you use a local tnsnames.ora. Apart from setting a Oracle Internet Directory or Oracle Virtual Directory, there is one more option that you may want to consider : AD. Ok, here is a bit of a road map : – Schema Extension… Continue reading TNSNAMES and Active Directory

installing OID 10.1.4.2 Preview 1

Download oracle-oid-10.1.4.2.0-1.0.i386.rpm Download oracle-xe-univ-10.2.0.1-1.0.i386.rpm Install the rpm # rpm -i oracle-*.i386.rpm In SLES 10, there is no /bin/cut, let’s create a link as root to avoid a mistake when running config-oid.sh # ln -s /usr/bin/cut /bin/cut Run the configure script as root # /etc/init.d/oracle-oid configure That’s all folks! It created an Oracle XE 10gR2 database,… Continue reading installing OID 10.1.4.2 Preview 1

Configure OID with SSL

First you need to install OID. Check the Installation Guide, the Doc and download the Software. If you do not need the dbconsole, stop it (emctl stop dbconsole) and remove the oracle_home/hostname_sid directory Once you have a running OID, test it with ldapsearch. For this workshop, I use two servers and two usernames. Having the… Continue reading Configure OID with SSL

using ovd as ldap proxy server

Yesterday I posted about tnsnames in Sun Java System Direcotry Server. I have to solve one problem : sqlnet requires anonymous search capability on the ldap server. Which I cannot offer in production. So I created an Oracle Virtual Directory, which matches my anonymous request to an authenticated request to the Sun Directory.

Migration of tnsnames.ora to LDAP (Sun Java System Directory Server)

In this post, I did show how easy it is to use OID to resolve your network service names. Apart OID, AD (Microsoft Active Directory) is also supported. However, I do not want to use such products, as my customer already have a Sun Java System Directory Server running. It is quite easy. Here are… Continue reading Migration of tnsnames.ora to LDAP (Sun Java System Directory Server)

_Workshop _be_informed_

Tomorrow LC Systems is organizing an event about Identity Management in Zurich. The focus will be on Sun Java System Directory Server and Oracle Virtual Directory.

Published
Categorized as event, ldap

no more tnsnames

with netca, it is easy to configure your sqlnet.ora to use LDAP instead of tnsnames.ora. The ldap.ora and sqlnet.ora are updated… than it works, sqlplus user@db is correctly looking in the ldap oracle content

ldap day 2

what can I do with LDAP? what is the difference between LDAP and Oracle Internet Directory? Well, there is quite a lot of interresting documents, pictures and faq on otn : OTN Directory homepage Directory Admin guide Identity Management ReferenceLDAP is a directory server, the info are stored in an Oracle 10.1.0.4.2 database. When you… Continue reading ldap day 2

ldap server

My ldap server is up and running on my notebook with SLES9. Next, next, next, install. That is it. Oracle Application Server creates a 10.1.0.4.2 database and start the Oracle Internet Directory – understand LDAP server – automatically. It can then be configured with the web interface.