This discussion is archived
8 Replies Latest reply: Mar 27, 2013 7:27 AM by marksmithusa RSS

user management centralized

Street Newbie
Currently Being Moderated
Hello

We have over 30 databases. And now I'm looking for a centralized user administration. We don't wont use ldap to microsoft active directory. Have someone any solutions or idears?

Thanks.

Best regards.

Roger
  • 1. Re: user management centralized
    John Stegeman Oracle ACE
    Currently Being Moderated
    My suggestion:
    We don't wont use ldap
    change this.

    See:

    http://www.oracle.com/technetwork/database/security/index-099042.html
  • 2. Re: user management centralized
    sybrand_b Guru
    Currently Being Moderated
    Oracle Internet Directry is Oracle's implementation of Microsoft Active Directory.

    Your question sounds like you want to drive a car without using petrol.

    ---------------
    Sybrand Bakker
    Senior Oracle DBA
  • 3. Re: user management centralized
    John Stegeman Oracle ACE
    Currently Being Moderated
    Oh, sybrand... please allow me to be pedantic :)
    Oracle Internet Directry is Oracle's implementation of Microsoft Active Directory.
    No, Oracle Internet Directory is Oracle's implementation of LDAP
    Microsoft Active Directory is Microsoft's implementation of LDAP
    Your question sounds like you want to drive a car without using petrol.
    What if I have a diesel car? ;)

    At any rate, your sentiment is right on... if you want to do centralised user management, you need, well, a central place to manage them (such as an LDAP directory)
  • 4. Re: user management centralized
    marksmithusa Journeyer
    Currently Being Moderated
    Names/whatever Oracle call their LDAP now - using LDAP is the best way. Bear in mind, that's not for USER management, but more for standardizing connections.

    Do you mean 'locking users, changing passwords' and so on when you say 'user management'?
  • 5. Re: user management centralized
    Street Newbie
    Currently Being Moderated
    We have a lot of DBA Users. and we will centralized the user for changing password. Only the DBA Users. The "normal" users will identfied directly on the specific databases.
  • 6. Re: user management centralized
    marksmithusa Journeyer
    Currently Being Moderated
    Do your security policies actually allow you to do this? The consequence would be that a person with malintent was able to get one password, they would know them for all 30 databases.
  • 7. Re: user management centralized
    Street Newbie
    Currently Being Moderated
    Thanks for the hint. What is state of the art, that we have personally accounts and can not connect to all databases with one password?

    Thanks for your support.
  • 8. Re: user management centralized
    marksmithusa Journeyer
    Currently Being Moderated
    I would certainly not have something that automated the process. If you got audited, that would be a red flag right there. Of course, your security policies may allow this - it's something you should check.

    There's nothing stopping you HAVING the same password for each user, but to have a documented/semi-automated process is not a good idea. Personally, I have a set of passwords that I group into 'super-critical' (which all have different passwords), 'Production', 'QA', 'Development and Test'. Aside from the 'super-critical' set, that only means you have to remember three passwords, which is not that bad.

    Of course, you could just create a .sql script which you run from a box which has all the TNS aliases you want available.

    sqlplus system/whatever123@bigprod1 @/u01/app/oracle/admin/scripts/.hiddenfile.sql
    sqlplus system/whatever123@bigprod2 @/u01/app/oracle/admin/scripts/.hiddenfile.sql
    sqlplus system/whatever123@bigprod3 @/u01/app/oracle/admin/scripts/.hiddenfile.sql

    And so on.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points