Defect in Enterprise User Security implementation of Oracle 9i
Defect in Enterprise User Security implementation for Oracle 9iProblem:
Recently I observed that Oracle 9i does not allow users to login which has escaped comma in their DN in directory entry.
This situation can arise more frequently when you will try to sync Active Directory Users in Oracle Internet Directory or using Oracle Virtual Directory with Active Directory for Enterprise User Security implementation.
Following are the stpes to reproduce this.
1) Configure Oracle 9i database with OID 10.1.0.4
2) Create global user in Oracle database
3) Create OID user with having DN=test \, test,cn=Users,dc=yourdomain,dc=com
4) Mapped OID user to global user using Enterprise Security Manager
5) Try to login with the User.
You will get Error message in SQLPlus as
ORA-01017: invalid username/password; logon denied
I varified the fix of this problem in Oracle 10g.
Fix:
The solution of this problem is simple
1) Upgrade database from Oracle 9i to Oracle 10g
2) When you synchornize users from active directory to OID, updated map file in DIP profile and map OID CN to SAMAccountName instead ActiveDirectory CN.
I am not sure about any patch oracle has already published. Please let me know if you have any idea about the patch for this problem.
Good Luck with EUS!!
posted by Nishidhdha @ 10:06 AM
0 comments
