This content has been marked as final. Show 8 replies
We don't wont use ldapchange this.
Oracle Internet Directry is Oracle's implementation of Microsoft Active Directory.
Your question sounds like you want to drive a car without using petrol.
Senior Oracle DBA
Oh, sybrand... please allow me to be pedantic :)
Oracle Internet Directry is Oracle's implementation of Microsoft Active Directory.No, Oracle Internet Directory is Oracle's implementation of LDAP
Microsoft Active Directory is Microsoft's implementation of LDAP
Your question sounds like you want to drive a car without using petrol.What if I have a diesel car? ;)
At any rate, your sentiment is right on... if you want to do centralised user management, you need, well, a central place to manage them (such as an LDAP directory)
Names/whatever Oracle call their LDAP now - using LDAP is the best way. Bear in mind, that's not for USER management, but more for standardizing connections.
Do you mean 'locking users, changing passwords' and so on when you say 'user management'?
We have a lot of DBA Users. and we will centralized the user for changing password. Only the DBA Users. The "normal" users will identfied directly on the specific databases.
Do your security policies actually allow you to do this? The consequence would be that a person with malintent was able to get one password, they would know them for all 30 databases.
Thanks for the hint. What is state of the art, that we have personally accounts and can not connect to all databases with one password?
Thanks for your support.
I would certainly not have something that automated the process. If you got audited, that would be a red flag right there. Of course, your security policies may allow this - it's something you should check.
There's nothing stopping you HAVING the same password for each user, but to have a documented/semi-automated process is not a good idea. Personally, I have a set of passwords that I group into 'super-critical' (which all have different passwords), 'Production', 'QA', 'Development and Test'. Aside from the 'super-critical' set, that only means you have to remember three passwords, which is not that bad.
Of course, you could just create a .sql script which you run from a box which has all the TNS aliases you want available.
sqlplus system/whatever123@bigprod1 @/u01/app/oracle/admin/scripts/.hiddenfile.sql
sqlplus system/whatever123@bigprod2 @/u01/app/oracle/admin/scripts/.hiddenfile.sql
sqlplus system/whatever123@bigprod3 @/u01/app/oracle/admin/scripts/.hiddenfile.sql
And so on.