This post is the first one of a serie focusing on Enterprise User Security (EUS) and Oracle Unified DIrectory (OUD).
Enterprise User Security
(EUS), an Oracle Database Enterprise Edition feature, leverages the Oracle
Directory Services and gives you the ability to centrally manage database users
and role memberships in an LDAP directory. EUS reduces administration costs and
Storing DB Accounts in OUD
OUD is specifically tailored to work seamlessly with EUS. Database user
information, passwords and privileges information for a database or for a
database domain can be stored in OUD.
EUS can leverage existing user and group information stored in OUD to
provide single password authentication and consistent password policy across
enterprise applications. User data, database meta-data, such as DB registration
information, user/role Mappings, and other EUS specific meta-data are stored in OUD using a specific, supported, read-to-use LDAP schema.
These meta-data are stored in a separate OUD suffix, called Oracle Context,
making a clean logical separation between EUS data and user information that
can be shared across applications.
In addition to providing centralized database user management, Enterprise EUS
provides three different methods of user authentication: X.509 certificate
authentication (introduced in DB 8i);
Password-based authentication (since DB 9i);
and authentication via Kerberos (since DB 10g).
OUD support for Password-based authentication for EUS was introduced in OUD 11gR2. The other authentication methods
were introduced in OUD 11gR2PS1.
In the password authentication scenario, the database does not perform user
authentication via LDAP bind to OUD. Instead the database collects user
credentials, hashes the password, and compares the password hash value
retrieved from OUD. More detailed information about EUS can be found in the
Enterprise User Administrator's Guide in the Database documentation section on OTN.