"In order for the Oracle Database CMU with Active Directory integration to work, the Oracle database must be able to login to a service account specifically created for the database in Active Directory. The database uses this service account to query Active Directory for user and group information when a user logs into the database. This Active Directory service account must have all the privileges required to query the user and group information as well as being able to write updates related to the password policies in Active Directory (for example, failed login attempts, clear failed login attempts). Users can authenticate using passwords, Kerberos, or PKI and either be assigned to an exclusive schema or a shared schema. Mapping of an Active Directory user to a shared schema is determined by the association of the user to an Active Directory group that is mapped to the shared schema. Active Directory groups can also be mapped to database global roles. An Active Directory security administrator can assign a user to groups that are mapped to shared database global users (schemas) and/or database global roles, and hence update privileges and roles that are assigned to the Active Directory user in a database."
In this post, I'll be explaining how to configure Oracle Centrally Managed Users using Windows server 2019 Active Directory and Oracle database version 19c.
Since the configuration is a bit long with multiple screen shots I have made, I have divided the steps into 4 major parts which are as below
- Part A: AD Configuration
- Part B: Database Server Configuration
- Part C: Enhancing to CMU
- Part D: Enhancing CMU with Shared users and roles
All the steps are explained in the downloadable document. Click below link to download the file.
>>> Centrally Managed Users - orabliss.com <<<
Please make use of the document and share the feedback or any clarification if you have, I'll try to help solve them.
I had to set up my own AD on virtual box for which I have not covered the steps in the document but the first 2 reference links will help you set up one if you need to..
References:
Install the Certification Authority | Microsoft Docs
Authenticate Oracle Database users with MS Active Directory - YouTube
Make Someone Else do the Work - Managing Oracle Database 19c Users in Active Directory (part 1 - Kerberos)
Configuring Centrally Managed Users with Microsoft Active Directory (oracle.com)
PART 1-4: Creating an Oracle 18c Centrally Managed Users Testbed using Oracle Cloud Infrastructure
How to Configure Centrally Managed Users For Database Release 18c or Later Releases (Doc ID 2462012.1)
Configuring ASO Kerberos Authentication with a Microsoft Windows 2008 R2 Active Directory KDC (Doc ID 1304004.1)
Kerberos Troubleshooting Guide (Doc ID 185897.1)
ktpass | Microsoft Docs
Happy CMing Users!!! :)