The use case which I will be discussing here is , the user data will be stored will be stored in OID, but for authentication the OID will authenticate against AD. Micorsoft AD will store the password and not OID. This will be useful when the customers want the password to be kept and managed from a single system, whereas other applications may want to use OID as their user identity store like EBS.
The first step would be to configure OID-AD synchronization discussed here .
The steps to configure OID-AD password pass through are as follows:-
-----------------------------------------------------------------------
External Authentication Plug-in Configuration against Active Directory
-----------------------------------------------------------------------
Active Directory external authentication plug-in: Disabled
Active Directory host name: host.domain.com
Active Directory port number: 389
Using SSL to connect to Active Directory: No
Failover to backup Active Directory: Disabled
External authentication invocation naming context: cn=users, dc=XXXXX,dc=XXXX
External authentication invocation request group:
Do you want to change the configuration? [y/n]: y
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
2 – Modify AD Host / Port #
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 2
Please enter host name: ADHost
Please enter port number: 389
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 4
Do you want to enable failover to backup Active Directory? [y/n]: y
Please enter backup host name: ADBackupHost
Please enter backup port number: 389
Do you want to use SSL to connect to backup Active Directory? [y/n]: n
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 5
Please enter invocation naming context: cn=OracleUsers,cn=Users,dc=XXXXX,dc=XXXX
Please enter request group:
[Hit Enter] – No request group
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 1
Please enter 0 to disable or enter 1 to enable [0/1]: 1
.... External authentication plug-ins will be enabled.
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 7
Exit from external authentication plug-in configuration tool...
Test using ldapbind – enter OID ID and corresponding AD Network Password.
The first step would be to configure OID-AD synchronization discussed here .
The steps to configure OID-AD password pass through are as follows:-
- Log into OID Server
- export CLASSPATH=$ORACLE_HOME/ldap/jlib/oidexcfg.jar:$ORACLE_HOME/ldap/jlib/ldapjclnt11.jar:$CLASSPATH
- java -classpath $CLASSPATH oracle.ldap.extplg.oidexcfg -h oidhost -p 3060 -D cn=orcladmin -w XXXXXXXXX -t ad
- Transcript of Command in details.
-----------------------------------------------------------------------
External Authentication Plug-in Configuration against Active Directory
-----------------------------------------------------------------------
Active Directory external authentication plug-in: Disabled
Active Directory host name: host.domain.com
Active Directory port number: 389
Using SSL to connect to Active Directory: No
Failover to backup Active Directory: Disabled
External authentication invocation naming context: cn=users, dc=XXXXX,dc=XXXX
External authentication invocation request group:
Do you want to change the configuration? [y/n]: y
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
2 – Modify AD Host / Port #
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 2
Please enter host name: ADHost
Please enter port number: 389
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 4
Do you want to enable failover to backup Active Directory? [y/n]: y
Please enter backup host name: ADBackupHost
Please enter backup port number: 389
Do you want to use SSL to connect to backup Active Directory? [y/n]: n
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 5
Please enter invocation naming context: cn=OracleUsers,cn=Users,dc=XXXXX,dc=XXXX
Please enter request group:
[Hit Enter] – No request group
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 1
Please enter 0 to disable or enter 1 to enable [0/1]: 1
.... External authentication plug-ins will be enabled.
[1] Enable/Disable the Active Directory external authentication plug-ins
[2] Modify the Active Directory host name and port number
[3] Modify the Active Directory SSL configuration
[4] Modify the Active Directory failover configuration
[5] Modify the invocation naming context or request group
[6] Show the configuration changes
[7] Save the configuration changes and quit
[8] Quit without saving the changes
Please enter 1, 2, 3, 4, 5, 6, 7, or 8: 7
Exit from external authentication plug-in configuration tool...
Test using ldapbind – enter OID ID and corresponding AD Network Password.
