1 Reply Latest reply on Aug 21, 2015 11:21 AM by 2998025

    How do I authenticate a DB User by an LDAP Server and then to login with the SQL Devopler, without using  the OID?


      Hello Community,


      my name is Sebastian and i'm a Student from Germany. My latest project is about the design and implementation of an automated account management for Oracle databases.


      There is an LDAP server to which all students have an account. On a web page the students can create a database account with the same login data as on the LDAP server.

      My Problem is : I can automatically create users, but when I try to log on to the database, I get the error message that the login data are wrong.


      CREATE USER 'Student_ID' IDENTIFIED GLOBALLY AS 'LDAP_DN'  is my Term to create the Uer on the DB.


      i already create some ACL files.



          dbms_network_acl_admin.create_acl (

              acl          => 'ldap_access.xml', -- relative to /sys/acls

              description  => 'Permissions to access LDAP servers.',

              principal    => 'Student_ID',

              is_grant     => TRUE,

              privilege    => 'connect'






          dbms_network_acl_admin.assign_acl (

              acl        => 'ldap_access.xml',

              host       => 'LDAP Server', --

              lower_port => 389,

              upper_port => 389






      I'm using a Oracle 12c Database on a virtual machine  and the LDAP Server is a OpenD http://opendj.forgerock.org/J ,LDAP V3.


      I dont understand why i can use DBMS_LDAP Package without any Problems, but the IDENTIFIED GLOBALLY Term  doesnt work. i already tried to activate the Oci/Thick Driver on the Sql Deveolper. But i only got Problems...

      Do you have Ideas howi can solve the Problem without using the OID??


      Perhaps someone can explain how the Identified Globally Term exact  works and which password encryption uses Orace 12c?