OUD&EUS Take 1: DB Accounts Stored in OUD

This post is the first one of a serie focusing on Enterprise User Security (EUS) and Oracle Unified DIrectory (OUD).

Enterprise User Security
(EUS), an Oracle Database Enterprise Edition feature, leverages the Oracle
Directory Services and gives you the ability to centrally manage database users
and role memberships in an LDAP directory. EUS reduces administration costs and
increases security

Storing DB Accounts in OUD

OUD is specifically tailored to work seamlessly with EUS. Database user
information, passwords and privileges information for a database or for a
database domain can be stored in OUD.

EUS can leverage existing user and group information stored in OUD to
provide single password authentication and consistent password policy across
enterprise applications. User data, database meta-data, such as DB registration
information, user/role Mappings, and other EUS specific meta-data
are stored in OUD using a specific, supported, read-to-use LDAP schema.
These meta-data are stored in a separate OUD suffix, called Oracle Context,
making a clean logical separation between EUS data and user information that
can be shared across applications.

In addition to providing centralized database user management, Enterprise EUS
provides three different methods of user authentication: X.509 certificate
authentication (introduced in DB 8i);
Password-based authentication (since DB 9i);
and authentication via Kerberos (since DB 10g).
OUD support for Password-based authentication for EUS was introduced in OUD 11gR2. The other authentication methods
were introduced in OUD 11gR2PS1.

In the password authentication scenario, the database does not perform user
authentication via LDAP bind to OUD. Instead the database collects user
credentials, hashes the password, and compares the password hash value
retrieved from OUD. More detailed information about EUS can be found in the
Enterprise User Administrator's Guide in the Database documentation section on OTN.

Join the discussion

Comments ( 6 )
  • mo Tuesday, July 9, 2013

    How many MB of schema mods do you need to load before you can make use of EUS? Is it still anything that Oracle ever developed or is it cut down to just EUS requirements?

  • Sylvain Duloutre Tuesday, July 9, 2013

    OUD comes with the EUS schema installed OOTB, so you don't have to deal about schema. Just make sure to enable EUS support when you configure OUD instances.

  • guest Wednesday, September 4, 2013

    Is OUD free for EUS? or any license cost involved?

  • Sylvain Duloutre Wednesday, September 4, 2013

    OUD requires the ODS+ licence as decribed at http://www.oracle.com/us/products/middleware/identity-management/oracle-directory-services/directoryservicesplus-ds-404374.pdf

    It gives you the rights to use all Oracle Directory products.

  • guest Friday, May 8, 2015

    What if the database registered with OUD gets fully refreshed from another database (e.g. a Production database)?

    - After the full refresh, the database need to be re-registered with OUD?

    - What will happen to the authentications defined for EUS users for this database?

    - Finally, what prior activities need to be performed or precautions need to taken before a full refresh of the database that is already registered with OUD?

  • Sylvain Duloutre Wednesday, May 13, 2015
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha

Integrated Cloud Applications & Platform Services