In our enterprise, we have a large number of Oracle databases and (obviously) large number of users with access to different databases. We would like to ease the procedure to create/drop/modify users on an enterprise level. A LDAP solution comes to mind but the solutions from Oracle Corp are too expensive. Needless to say, my mgmt asked me to research and come up with an alternative. I read about OpenLDAP. My questions:
- How do I setup OpenLDAP for oracle user security authentication ?
- Can I use OpenLDAP as a standalone or does it have to be integrated with any Oracle product like OID, OVD, ODSEE etc?
- Are there are any certified install procedures for setting up OpenLDAP w/ Oracle database?
I didn’t find anything on the internet for setting up OpenLDAP. Any help/pointer would be appreciated. The goal is to avoid any products from Oracle Corp purely for cost reasons.
Permitted Features, Options, and Management Packs by Oracle Database Offering
Enterprise User Security is a feature for directory-based management
of database users. It requires a corresponding Oracle Identity
Management Directory Services Plus to be licensed.
Enterprise User Security: The Big Picture
Enterprise User Security requires Oracle Internet Directory 10g
(9.0.4) or higher. Other LDAP-compliant directory services are
supported by using Oracle Internet Directory Integration Platform to
synchronize them with Oracle Internet Directory. Another directory
services product, Oracle Virtual Directory, provides a single, dynamic
access point to multiple data sources through LDAP or XML protocols.
Oracle Virtual Directory can provide multiple application-specific
views of identity data stored in, for example, Oracle Internet
Directory, Microsoft Active Directory and Sun Java Systems Directory
instances, and can also be used to secure data access to the
application-specific sources and enhance high-availability to existing
- Through Oracle Virtual Directory or Oracle Unified Directory.
- See above. Technically it should be possible to use as standalone, but not supported at all.
- None for direct connection. See above.