Niall's Oracle Pages

Thoughts, discoveries and otherwise maybe useful stuff about the Oracle RDBMS

Monday, November 28, 2005

Using Active Directory in Oracle Express 

A recent post on the Oracle XE forum about replacing mod_ntlm as an authentication mechanism for applications on Windows prompted me to write up a mechanism you can use to authenticate users of your application against a Microsoft Active Directory. It works as follows. You create a custom authentication function for HTMLDB this must take two parameters of specific names, and only those two parameters, and return a boolean indicating success or failure. My function merely takes the username and password supplied by the end-user and attempts a simple LDAP bind against AD. By default this will work for all AD users in your organisation and the user will be authenticated. If it fails the user won't be authenticated. The function itself can be downloaded here. A step by step guide is below:

Create a new database user U1 – I used the HTMLDB
interface for user administration.

Login as u1 and create demo application

Navigate to the sql workshop

Load the authenticate_aduser script and edit for the
domain controller hostname and your domain (in the post windows2000
format)

Run the script

You should check that the script was successful

Return to your application in application builder and
choose shared components>authentication schemes and create a new
authentication scheme from scratch.

You only need enter a name for the scheme – I used ad_auth

Click the new scheme to edit it, ensure that you enter the
authentication function as shown below.

Now change the authentication scheme to ad_auth and test

Permalink posted by Niall @ 4:05 PM

About

This page contains my thoughts and ramblings about the Oracle RDBMS. In addition you will find scripts that I have found useful and presentations delivered to various audiences around the world.

You won't find marketing or - too much - advocacy on these pages, I am more interested in getting useful use out of the technology than RDBMS wars.

If you find anything useful, wrong or intriguing drop me a line

Links

• Newsgroup Archives
• The Oracle Users' Co-operative FAQ
• Connor McDonald's useful site
• Site run by Howard Rogers
• The Oak Table
• Oracle Underground FAQ
• Mark Rittman's Oracle Weblog - good for developers and BI

Scripts

A word of hopefully commonsense warning. These scripts are provided as-is and without warranty. You are free to use them, and I do hope they prove useful, but I cannot accept liability if they don't do exactly what you thought. They are all unencrypted so you should be able to see what they do. That all said it makes sense to check them out on a test system first to work out what they do. Read the comments - they are an aide-memoire for me but they might help you get the idea. Don't just apply them without thinking to your production database.

I do welcome feedback, and if you are going to quote me publicly then at least give me a little advance warning. A legal language version of this - that is, the license - is available by clicking on the link or picture below.
These works are licensed under a Creative Commons License.

Resources

• Webutils - Generate email from PL/SQL
• Simple Profiler - Generate a resource profile from Extended SQL Trace
• Manual Standby Scripts for windows - accompanies the presentation
• Demonstration of tablespace fragmentation using auto-allocate LMT
• Read the alert log from pl/sql
• Check when objects were analyzed
• Memory Usage vs Elapsed timings for PL/SQL bulk operations
• Utility to monitor the cause of arbitrary server errors
• Display more informative execution plans in 9i and above.
• Order in where clause does not need to match order of index creation
• Execute an arbitrary number of concurrent sql scripts - OraLoader
• A Guide to setting up Generic Connectivity

Presentations

• The Oracle Myths Presentation given to the UK and South African Oracle Users Groups
• You Probably Don't Need DataGuard - running a standby database on Standard Edition
• A la recherché du temps perdue - In search of lost time. Practical response time based tuning presentation given to the UKOUG DBMS sig
• Snatches of Eternity - End-to-End tracing in Oracle 9i and below.

archives

• 03/01/2004 - 03/31/2004
• 04/01/2004 - 04/30/2004
• 05/01/2004 - 05/31/2004
• 06/01/2004 - 06/30/2004
• 07/01/2004 - 07/31/2004
• 08/01/2004 - 08/31/2004
• 09/01/2004 - 09/30/2004
• 11/01/2004 - 11/30/2004
• 12/01/2004 - 12/31/2004
• 01/01/2005 - 01/31/2005
• 03/01/2005 - 03/31/2005
• 04/01/2005 - 04/30/2005
• 05/01/2005 - 05/31/2005
• 06/01/2005 - 06/30/2005
• 07/01/2005 - 07/31/2005
• 08/01/2005 - 08/31/2005
• 09/01/2005 - 09/30/2005
• 10/01/2005 - 10/31/2005
• 11/01/2005 - 11/30/2005
• 12/01/2005 - 12/31/2005
• 01/01/2006 - 01/31/2006