Databases
cancel
Showing results for 
Search instead for 
Did you mean: 

Oracle authentication with Active directory using LDPA-UX

Raj Mithal_1
Advisor

Oracle authentication with Active directory using LDPA-UX

Hi,
My client has 4 HP-UX servers in a Veritas cluster. Each of these runs about 40 odd Oracle databases. When the DB fails over to another server in the cluster, Users for that DB have to request a password reset because it uses the local /etc/passwd file.

To work around the password synchronization issue they installed LDAP-UX client to authenticate with windows Active Directory. This works great LDAP checks the /etc/passwd file if the entry exist such as root it will do local authentication not AD. If the user is not in the passwd file it will authenticate with AD. Works perfect.

This is where my problem starts. My OPS$ users in the DB are all o/s authenticated “IDENTIFIED EXTERNALLY”. When they logon to the server with the userid id removed from the /etc/passwd file they get “ORA-01017: invalid username/password;
logon denied”. As soon as you put the entry back into the passwd file the problem disappears.

Any suggestion will be greatly appreciated. Maybe you know of a way to get Oracle to authenticate with AD via LDAP-UX without using OID or making the user typ in a password at the oracle layer as well.