OAM and MS integration Active Directory on non-Windows Server environment
I begin by saying that I'm dealing with a heterogeneous environment here where several systems are managed by different management levels. Our Oracle systems chose to go all * nix (Solaris Oracle and Red Hat Linux) and so we do not have a single Windows Server in our Oracle services and would really like to keep it this way that we prefer to keep a uniform platform in all of our Oracle servers. However, the side our Department Office has chosen to use Microsoft Active Directory, and now we want to integrate and perform authentication against it for our protected sites OAM. We are in the initial phase of installation, but we didn't want to implement a critical server like OAM on the Windows platform and focus rather OAM running on a Red Hat Linux server to Active Directory. We will also use OID as run us portal but do not want to use it as our authority for Oracle products authentication (local policy is that Active Directory is the authority of the credential is valid on the site as we head towards the true Single Sign On our desktop and web applications). I have a few questions.1. it is possible using native or to run the version of Windows of OAM?
2. If you must run OAM on Windows to use AD for authentication, is it possible to install the Windows of OAM version as kind of an interface for our main server of OAM running under Red Hat Linux to make the AD Auth?
3. can it be done using some kind of interface such as Oracle Virtual Directory in interface with the interface LDAP to Active Directory MS?
Hi David,
Answers online
1. it is possible using native or to run the version of Windows of OAM?
You can run all servers in OAM on * nix and just point to AD as a source of data on the machine: port AD running on OAM. There is no need for the components of the OAM on Windows.
2. If you must run OAM on Windows to use AD for authentication, is it possible to install the Windows of OAM version as kind of an interface for our main server of OAM running under Red Hat Linux to make the AD Auth
As above, this is not necessary.
3. can it be done using some kind of interface such as Oracle Virtual Directory in interface with the interface LDAP to Active Directory MS?
Yes, it is quite possible. Even if it is not necessary in your situation, it provides more flexibility front the user store with OVD, for example when the addition/change of name of Windows domains, or by specifying some branches for users and so on.
Kind regards
Colin
Tags: Fusion Middleware
Similar Questions
-
Active directory Migration from Windows Server 2003 to Windows server 2012
Hi all
Currently, I use the windows Server 2003 R2 Enterprise SP2 with AD, DNS and DHCP server. I want migration of these services to new fresh Windows Server 2012 R2 Standard machine. I migrate to active directory after this statement: http://social.technet.microsoft.com/wiki/contents/articles/22249.migrate-active-directory-from-windows-server-2003-r2-to-windows-server-2012-r2.aspx, he gets with success, but the IP configuration on the source server not migrated to the destination server. So, all of you know that why the source server IP configuration cannot migrate to the destination server?
Help please give me an advice.
Thank you
Hello
Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.
http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer
TechNet forums:
https://social.technet.Microsoft.com/forums/en-us/home
MSDN forums:
https://social.msdn.Microsoft.com/forums/en-us/home
See you soon.
-
The ODI 11 g integration Active Directory
Hello experts.ODI 11 g integration Active Directory requires any separate identity under license of Oralce management component to be part of the technological landscape, so that integration to be achieved - or he will communicate directly with Active directory.
This will include security based on roles in ODI - or is it only the authentication user name?
see you soon,
John
Hi John,.
Please check the doc https://support.oracle.com/epmos/faces/DocumentDisplay?id=1510392.1&displayIndex=1
The user should create natively studio and privileges also benefit from studio as well... just authentication of connection occur with Active Directory.
I hope this helps!
See you soon!
SH! going
-
Do you have Oracle Fusion Middleware Infrastructure Installer 12.2.1 and content Webcenter 12.2.1 Support windows server 2008 R2?
Hi Saif,
This is not supported for the content... Please check the certificate of the MOS
Support content 12.2.0.1 MS x 64 64 bit 2012 and 2012R2 and same is applied to the installation of Oracle Fusion Middleware Infrastructure program.
Thank you
Amey
-
Integrating Active Directory and UCS Manager
I'm looking to create an LDAP authentication provider in the UCS Manager that will authenticate users in Active Directory. I see the configuration guide UCS that a schema change is required to add a new attribute for user accounts and the guide details what the new attribute should be. However there are no detailed instructions on how to make the change to AD. I imagine some sort of import LDIFDE is required, but does anyone have more detailed steps on how to do it?
Thank you
You can ssh in your UCS, go to the NxOS prompt and test authentication as follows:
Laurel - A (nxos) # test cpaggen aaa cisco group ldap
the user has been authenticated
Laurel - A (nxos) # test aaa group ldap cpaggen cisco1
user authentication failed
Laurel - A (nxos) # test aaa group ldap foo doesntexist
user authentication failed
Laurel-a. (nxos) #Make sure that this part of work. The role assignment comes from CiscoAVPair and the value must be a shell: roles = 'admin' If you want the user to be an administrator. CiscoAVPair must be an attribute of the user object. I've attached a screenshot of Wireshark for a successful authentication and authorization.
You will also find the definition of the user and configuration of my UCS.
-
Cisco VPN client v5 and integration Active Directory 2008
Hi all
I need to know if I can integrate Single Sign On for my Cisco VPN Client v.5 with my Active Directory which run on windows 2008
THX in advance
No, unfortunately, Single Sign On is only supported on Clientless SSL VPN (WebVPN), not on the IPSec VPN Client AnyConnect VPN Client.
-
OUD and ObjectClass mapping Active Directory?
Hello, my company wants strategically use OUD as our product of directory services (currently we use OVD in limited function - for the most part as a proxy for our back-end systems to retrieve attributes).
My question is (and I really hope that I missed narrowly a page in the documentation) OVD, there was a Mapper of objectclass from Active Directory to AD 'user' look like 'inetorgperson' that we use when integrated with products like the OIF and OAM. then in OUD, this same feature is present or is it a completely different approach? If it is present, where is the documentation and/or how can I do for mapping IDs?
I didn't know anything about it in the documentation plugins integrated to objectclass mapping, so I'm a little worried that we won't get the same functionality as OVD provided for us.
Hello
There is no fully packed sort of template to map an AD user to InetOrgPerson person available right now.
However, the implemennt building blocks such mapping are available. It's called transformation OUD.
The transformations are described at http://docs.oracle.com/cd/E49437_01/admin.111220/e22648/proxy_functionality.htm#A1002261697
-Sylvain
------
When closing a thread as answered don't forget to mark the messages correct and useful to make it easier for others to find their
-
Where can I find and download the Active Directory users and computers for Windows 7
Where can I find and download Active Directory users and computers for Windows 7
Thank you
Fred Tarpley
Announcement is not a consumer product. You'll be much more likely to get an answer as to where you can buy it on TechNet (for IT Pro)
This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
If you give us a link to the new thread we can point to some resources it -
separate authentication and authorization for Active directory groups
Hi all
After a long search and failure, I write the question.
I use apex oracle 4.2 on windows server 2012 on oracle 12 c, all 64 bits.
We have configured Microsoft Active directory with LDAP.
in LDAP, we have a core group which is say A and an is down there students and the two groups.
According to the staff, there are many other groups and students, there are a lot of groups.
I created a mobile application, it has a main page that is publicly accessible without username and password.
in this home page, I have a list that contains two elements, personnel and another is a student.
When one of the list item, the login screen appears.
now I want to control when the user clicks on the staff list, only personnel should be authenticated.
If the end user is a student, it doesn't have to be authenticated.
the same goes for the student list item, if the end-user click on list of students, only students must be authenticated.
someone please guide me, I'm failed in research and testing.
Thank you.
Kind regards.
Hi Maahjoor,
Try this (it is written all the attributes for the user) by logging in to your schema to SQL Developer:
DECLARE -- Adjust as necessary. l_ldap_host VARCHAR2(256) := 'hct.org'; l_ldap_port VARCHAR2(256) := '389'; l_ldap_user VARCHAR2(256) := 'cn=hct\itnew'; l_ldap_passwd VARCHAR2(256) := 'itnew'; l_ldap_base VARCHAR2(256) := 'DC=hct,DC=org'; l_retval PLS_INTEGER; l_session DBMS_LDAP.session; l_attrs DBMS_LDAP.string_collection; l_message DBMS_LDAP.message; l_entry DBMS_LDAP.message; l_attr_name VARCHAR2(256); l_ber_element DBMS_LDAP.ber_element; l_vals DBMS_LDAP.string_collection; BEGIN -- Choose to raise exceptions. DBMS_LDAP.USE_EXCEPTION := TRUE; -- Connect to the LDAP server. l_session := DBMS_LDAP.init(hostname => l_ldap_host, portnum => l_ldap_port); l_retval := DBMS_LDAP.simple_bind_s(ld => l_session, dn => l_ldap_user||','||l_ldap_base, passwd => l_ldap_passwd); -- Get all attributes l_attrs(1) := '*'; -- retrieve all attributes l_retval := DBMS_LDAP.search_s(ld => l_session, base => l_ldap_base, scope => DBMS_LDAP.SCOPE_SUBTREE, filter => l_ldap_user, attrs => l_attrs, attronly => 0, res => l_message); IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN -- Get all the entries returned by our search. l_entry := DBMS_LDAP.first_entry(ld => l_session, msg => l_message); << entry_loop >> WHILE l_entry IS NOT NULL LOOP -- Get all the attributes for this entry. DBMS_OUTPUT.PUT_LINE('---------------------------------------'); l_attr_name := DBMS_LDAP.first_attribute(ld => l_session, ldapentry => l_entry, ber_elem => l_ber_element); << attributes_loop >> WHILE l_attr_name IS NOT NULL LOOP -- Get all the values for this attribute. l_vals := DBMS_LDAP.get_values (ld => l_session, ldapentry => l_entry, attr => l_attr_name); << values_loop >> FOR i IN l_vals.FIRST .. l_vals.LAST LOOP DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200)); END LOOP values_loop; l_attr_name := DBMS_LDAP.next_attribute(ld => l_session, ldapentry => l_entry, ber_elem => l_ber_element); END LOOP attibutes_loop; l_entry := DBMS_LDAP.next_entry(ld => l_session, msg => l_entry); END LOOP entry_loop; END IF; -- Disconnect from the LDAP server. l_retval := DBMS_LDAP.unbind_s(ld => l_session); DBMS_OUTPUT.PUT_LINE('L_RETVAL: ' || l_retval); END; /NOTE: The DN parameter on line 29 requires exact unique name for the user. In addition, on line 37 to filter, you can use username i.e. "cn = firstname.lastname."
You can specify a specific attribute must be extracted from the user in order by changing line 33 of the:
l_attrs(1) := '*';
TO
l_attrs(1) := 'title';
Then you can write a function based on above the code to extract the attribute LDAP user as follows:
create or replace function fnc_get_ldap_user_attr_val ( p_username in varchar2 , p_password in varchar2 , p_attrname in varchar2 ) return varchar2 as -- Adjust as necessary. l_ldap_host VARCHAR2(256) := 'hct.org'; l_ldap_port VARCHAR2(256) := '389'; l_ldap_user VARCHAR2(256) := 'cn='||p_username; l_ldap_passwd VARCHAR2(256) := p_password; l_ldap_base VARCHAR2(256) := 'DC=hct,DC=org'; l_retval PLS_INTEGER; l_session DBMS_LDAP.session; l_attrs DBMS_LDAP.string_collection; l_message DBMS_LDAP.message; l_entry DBMS_LDAP.message; l_attr_name VARCHAR2(256); l_attr_value VARCHAR2(256); l_ber_element DBMS_LDAP.ber_element; l_vals DBMS_LDAP.string_collection; BEGIN -- Choose to raise exceptions. DBMS_LDAP.USE_EXCEPTION := TRUE; -- Connect to the LDAP server. l_session := DBMS_LDAP.init(hostname => l_ldap_host, portnum => l_ldap_port); l_retval := DBMS_LDAP.simple_bind_s(ld => l_session, dn => l_ldap_user||','||l_ldap_base, passwd => l_ldap_passwd); -- Get specific attributes l_attrs(1) := p_attrname; l_retval := DBMS_LDAP.search_s(ld => l_session, base => l_ldap_base, scope => DBMS_LDAP.SCOPE_SUBTREE, filter => l_ldap_user, attrs => l_attrs, attronly => 0, res => l_message); IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN -- Get all the entries returned by our search. l_entry := DBMS_LDAP.first_entry(ld => l_session, msg => l_message); << entry_loop >> WHILE l_entry IS NOT NULL LOOP -- Get all the attributes for this entry. DBMS_OUTPUT.PUT_LINE('---------------------------------------'); l_attr_name := DBMS_LDAP.first_attribute(ld => l_session, ldapentry => l_entry, ber_elem => l_ber_element); << attributes_loop >> WHILE l_attr_name IS NOT NULL LOOP -- Get all the values for this attribute. l_vals := DBMS_LDAP.get_values (ld => l_session, ldapentry => l_entry, attr => l_attr_name); << values_loop >> FOR i IN l_vals.FIRST .. l_vals.LAST LOOP DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200)); l_attr_value := l_vals(i); END LOOP values_loop; l_attr_name := DBMS_LDAP.next_attribute(ld => l_session, ldapentry => l_entry, ber_elem => l_ber_element); END LOOP attibutes_loop; l_entry := DBMS_LDAP.next_entry(ld => l_session, msg => l_entry); END LOOP entry_loop; END IF; -- Disconnect from the LDAP server. l_retval := DBMS_LDAP.unbind_s(ld => l_session); DBMS_OUTPUT.PUT_LINE('L_RETVAL: ' || l_retval); DBMS_OUTPUT.PUT_LINE('Attribute value: ' || l_attr_value); return l_attr_value; END fnc_get_ldap_user_attr_val; /Then create an Application AI_USER_AD_TITLE tell you item request-> shared components.
Create following procedure to define the point of application on the connection of the user in your APEX application:
create or replace procedure ldap_post_auth as l_attr_value varchar2(512): begin l_attr_value := fnc_get_ldap_user_attr_val ( p_username => apex_util.get_session_state('P101_USERNAME') , p_password => apex_util.get_session_state('P101_PASSWORD') , p_attrname => 'title' ); apex_util.set_session_state('AI_USER_AD_TITLE', l_attr_value); end ldap_post_auth;Change the "name of procedure after authentication' in your 'ldap_post_auth' authentication scheme
Then modify the process in charge on your homepage to your application of PORTALS to:
begin if :AI_USER_AD_TITLE = 'Student' then apex_util.redirect_url(p_url=>'f?p=114:1'); else apex_util.redirect_url(p_url=>'f?p=113:1'); end if; end;I hope this helps!
Kind regards
Kiran
-
Hi all
We get the following configuration:
11.1.2 OAM
OVD 11.1.1.6 to access the user information
8.1.1.9 Siebel
Is there a document explaining how to integrate OAM and OVD (or any LDAP repository) with this version of Siebel.
I can only find documents speaking of OAM 10g, not in OAM 11 g in combination with Siebel.
Thank you in advance.
Filip HuysmansHi Filip,
If OVD can provide an attribute that contains a user name that Siebel, then it will be great for the integration of Siebel - this is the same as for any other LDAP server. The only documentation I can suggest is the General documentation of the OAM (Administrator's Guide).
Kind regards
Colin -
Hello!!
We are working on a mapping between a promoter Cisco ISE group and a user group in Active Directory, but the customer wants the mapping through a RADIUS SERVER, to avoid the ISE by querying directly activate Directory.
I know it is possible to use a RADIUS SERVER as source of external identity for ISE... but, is possible to use this RADIUS SERVER for this sponsor group manages?
Thank you and best regards!
Hi Rodrigo,
The answer is no. There is no way to integrate the portal Sponsor config with a RADIUS server. Your DB for authentication Portal Sponsor options;
AD
LDAP
User internal ISE DBSent by Cisco Support technique iPhone App
-
Customization of the user and Desktop Integration to connect security non - ADF
Hi all
Our application has its own connection authorization. I have some doubts about the MDS (personalization of the user between sessions) and integration of ADF Office for an application that doesn't use the ADF security.
(1) is ADF Desktop integration taken in charge for the connection of non - ADF security. If so, is there a working example or how to establish a session to the user of the excel workbook with the username of connection of our application.
(2) of this thread ( customization through the MDS user Sessions ), I understand that, if we write our own customization class, persistence of the MDS in the sessions should not be a problem. However, how we store this persistence to a database. Any example pointers / functional would be really useful.
Thank you
BalaHi Balasumbramanian,
I just write a 3 part series on SDM that should help you with the second http://www.oracle.com/technology/pub/articles/adf-development-essentials/index.html question. See, in particular, the third article ("part 10")
John
-
"Weblogic" user ID does not work after integration Active Directory ID
Hello
I recently joined Active Users Dir to OBIEE successfully (after trying too many things too many times).
But now the problem is that I am not able to connect to the responses of BI (where I create dashboards and reports) using the id "Weblogic.
I can connect to Weblogic (WLS) and Manager of the company (GE) but not to the responses of BI using the id "Weblogic.
Also, I can connect to BI answers using the AD users too.
Seems to me that the multiple authentication does not work.
Your help is greatly appreciated.
JD
I had (virtualize = true) who already have. But this time I did a complete "Stop the Services" & "Start service" rather than a "reboot" of EM.
This helped. Now I can use the id "weblogic.
Learn something new every day!
-
Create folder option on desktop and in the sub directory folder on windows vista__
One day after running a secure deletion of files program, I tried to create a new file on my desktop using the standard approach right of the mouse. However, the possibility of creating a new folder was missing. I still have the options to make a compressed folder paper towel, etc, but the option for a folder of the aircraft disappeared. I tried to create a folder in a subdirectory, and again, the opportunity to make a new folder has disappeared.
I tried to change the folder options in the menu folder in Explorer without result options. Can someone give me a solution so I can retrieve the new files option
Any help will be greatly appreciated.
Thank you
Here is the procedure to restore the option of new files (as well as all the other default values that you don't need, but will take place at the same time and not harm harm) to the context menu in Vista: http://www.vistax64.com/tutorials/154554-new-context-menu-restore-default-menu-items.html.
I hope this helps.
Good luck! Lorien - a - MCSE/MCSA/network + / A +.
-
How can I back up Active Directory on Windows Server 2003... ?
Hello
I installed the Services Active Directory on my windows Server 2003 and I need to take help if necessary backup...!
These MS Answers forums are intended for the home rather than the it professional user. Please transfer your question in the relevant Microsoft Technet forum here:
http://social.technet.microsoft.com/Forums/en-us/category/windowsserver .
Thank you. :)
(I'm sorry, but I can't move this thread for you because the two forums are working on separate platforms)
Maybe you are looking for
-
Pavilion laptop 15-p-141ne: audio beats does not not on win 10 pavilion notebook 15-p-141ne
I have HP pavilion notebook 15-p-141ne, but after that audio 10 beats windows does not work I tried to install the driver of win 8 but little still an error please help
-
HP touch smart Office: product key
My hard drive crashed. I bought a new. I have disks to reinstall the operating system, but she asks for product key. I don't know where it is or how to get it. I called hp tech line and they say that my computer is too old, they can't help me. Anyone
-
Another problem of mine. > I use Windows Vista. > I can't uninstall the game in Control Panel. > When I click on uninstall, it says: *****************************************************"An error has occurred trying to uninstall (games).It may have a
-
Postgres.exe has encountered a problem and needs to close
I get the above error message when I start my computer. IN response, I get the following information from microsoft: "Download updates for." "Generic Host process for Win32 Services" error occurs after you start or restart your computer. The error a
-
Blue Screen of Death: IRQL not less than or equal problem
Hi, I've been BSOD quite frequently recently, which seem to happen randomly while playing games, etc. Here are the details of the problem given by Windows: Signature of the problem:Problem event name: BlueScreenOS version: 6.1.7601.2.1.0.768.3Locale