Overview of Requirements for Using Oracle Database with Active Directory

To use Net Directory Naming with Active Directory, you must have supported Windows operating system and Oracle software releases, and you must create Oracle schema objects and an Oracle Context.

Note:

The Oracle schema objects and Oracle Context can both be created by running Oracle Net Configuration Assistant.
Regardless of the Oracle Database Client and Oracle Database releases you are using, you must be running in a Windows Server domain to integrate Net Directory Naming with Active Directory.

Creating Oracle Schema Objects
You must create Oracle schema objects to use net directory naming features with Active Directory.
Creating an OracleContext
You must create an Oracle Context to use net directory naming features with Active Directory.
About Directory Naming Software Requirements
Directory naming method maps connect identifiers to connect descriptors contained in Microsoft Active Directory server.

Parent topic: Using Oracle Database with Microsoft Active Directory

Creating Oracle Schema Objects

You must create Oracle schema objects to use net directory naming features with Active Directory.

Schema objects are sets of rules for Oracle Net Services and Oracle Database entries and their attributes stored in Active Directory. The following restrictions apply to creating Oracle schema objects to use with Active Directory:

Only one Oracle schema object can be created for each forest.
The Windows server domain controller must be the operations master that allows schema updates. See your operating system documentation for instructions.

To create an Oracle schema object:

Log in as a member of Schema Administrator group or as a member who has rights to update the schema into schema master domain. The logged in client computer must be a part of the schema master domain. Schema master domain administrators are schema administrators by default.
Use Oracle Net Configuration Assistant to create the Oracle schema object. You can create your schema object during or after database installation.

If the Active Directory display is not configured to accept all 24 default languages, then Oracle schema object creation can fail while Oracle Net Configuration Assistant is configuring Active Directory as the directory server. Before running Oracle Net Configuration Assistant to complete directory access configuration, verify that the display specifiers for all 24 languages are populated by entering the following at the command prompt:

ldifde -p OneLevel -d cn=DisplaySpecifiers,cn=Configuration,domain context -f 
temp file

For this command, note the following:

domain context is the domain context for this Active Directory server.

For example, dc=example,dc=com.
temp file is a file where you want to put the output.

If the command reports that fewer than 24 entries were found, then you can still use Oracle Net Configuration Assistant. However, the report indicates that the Oracle schema object creation failed, rather than simply reporting that display specifiers for some languages were not created.

When the Oracle Net Configuration Assistant report shows failure due to less than 24 entries found, create display specifiers manually.

Creating Display Specifiers Manually

When Oracle Net Configuration Assistant creates the Oracle schema object in Active Directory, the display specifiers for Oracle entries are not created. This means you cannot view Oracle database entries in Active Directory interfaces.

You can manually add these entries into Active Directory after the Oracle schema object has been created by doing the following, using the same Windows user identification you used when creating the Oracle schema object with Net Configuration Assistant:

Open a command shell.
Change directory to ORACLE_HOME\ldap\schema\ad.
Copy adDisplaySpecifiers_us.sbs to adDisplaySpecifiers_us.ldif.
Copy adDisplaySpecifiers_other.sbs to adDisplaySpecifiers_other.ldif.
Edit each of these .ldif files, replacing all occurrences of %s_AdDomainDN% with the domain DN for the specific Active Directory into which you want to load the display specifiers (for example, dc=example,dc=com).
Run the following commands:
```
ldapmodify -h ad hostname -Z -f adDisplaySpecifiers_us.ldif
ldapmodify -h ad hostname -Z -f adDisplaySpecifiers_other.ldif
```
where ad hostname is the host name of the Active Directory domain controller to which you want to load the display specifiers.

Related Topics

About Automatic Discovery of Directory Servers

Parent topic: Overview of Requirements for Using Oracle Database with Active Directory

Creating an OracleContext

You must create an Oracle Context to use net directory naming features with Active Directory.

Oracle Context is the top-level Oracle entry in the Active Directory tree. It contains Oracle Database service and Oracle Net service name object information.

You can create only one Oracle Context for each Windows server domain (administrative context).
You must have the necessary permissions to create domain and enterprise objects to create the Oracle Context in Active Directory with Oracle Net Configuration Assistant.
Use Oracle Net Configuration Assistant to create your Oracle Context. You can create the Oracle Context during or after Oracle Database Custom installation.

Running Oracle Network Configuration Assistant
Oracle Net Configuration Assistant is a graphical, wizard-based tool used to configure and manage Oracle Network configurations.

Running Oracle Network Configuration Assistant

Oracle Net Configuration Assistant is a graphical, wizard-based tool used to configure and manage Oracle Network configurations.

To start Oracle Net Configuration Assistant:

Click Start, then click All Programs.
Click Oracle - HOMENAME, Configuration and Migration Tools, then Net Configuration Assistant.
Select the Directory Usage Configuration option, then click Next.
Select Directory Type Microsoft Active Directory, then click Next.

Note:

The Microsoft Active Directory configuration option is only available in the Windows version of Oracle Net Configuration Assistant.
Select the option to configure the directory server for Oracle usage and to create or upgrade the Oracle Schema and Context, then click Next.
Enter the Active Directory host name, then click Next.

Select the option to upgrade the Oracle Schema, then click Next.

The next page must denote successful Directory configuration.

Directory usage configuration complete!
The distinguished name of your default Oracle Context is:
cn=OracleContext,DC=home,DC=com

Click Next, then click Finish.

The earlier message may only denote partial success:

The Assistant is unable to create or upgrade the Oracle Schema
for the following reason: ConfigException: Oracle Schema creation
was successful, but Active Directory Display Specifier creation
failed.oracle.net.config.ConfigException; TNS-04420: Problem
running LDAPMODIFY

Click OK, then click Finish.

If you receive the preceding error, disregard the message and rerun Oracle Net Configuration Assistant using the originally supplied values.
The wizard must complete denoting successful Directory configuration:
```
Directory usage configuration complete!
The distinguished name of your default Oracle Context is:
cn=OracleContext,DC=home,DC=com
```
Click Next, then click Finish.

Parent topic: Creating an OracleContext

About Directory Naming Software Requirements

Directory naming method maps connect identifiers to connect descriptors contained in Microsoft Active Directory server.

A directory server provides central administration of database services and net service names, making it easier to add or relocate services.

Use Oracle Enterprise Manager or Oracle Net Manager to create net service names. To use Microsoft Active Directory naming method, the Oracle Database Client must run on supported Windows operating systems. You must have Oracle Database that is required for registering the database service as an object in Active Directory. The database server can run on any of the supported operating system, not necessarily Windows operating system.

By default, directory naming adaptor connects anonymously to active directory. Authenticated naming method requires client computer to be a part of the active directory domain to resolve a database service or net service name to a connect descriptor stored in a central directory server of its domain.

NAMES.LDAP_AUTHENTICATE_BIND=true parameter in sqlnet.ora file enables authenticated naming method.