My Oracle Support Banner

How to Configure Centrally Managed Users For Database Release 18c or Later Releases (Doc ID 2462012.1)

Last updated on MARCH 18, 2021

Applies to:

Advanced Networking Option - Version 18.3.0.0.0 and later
Oracle Database - Enterprise Edition - Version 18.1.0.0.0 and later
Information in this document applies to any platform.

Goal

Starting with 18c database users can be directly authenticated and authorized against Active Directory without using Oracle Enterprise User Security (EUS) or another intermediary directory service.   Users can authenticate to the Oracle Database using credentials stored in Active Directory and also be associated with database schemas and roles using Active Directory groups. Microsoft Active Directory users can be mapped to exclusive or shared Oracle Database schemas and associated with database roles in the directory.

This note is intended to provide a quick overview on the steps needed to quickly setup authentication for CMU users and a few  troubleshooting steps for the known issues.

 

You should have read and be familiar with the following documents to understand the concepts of Centrally Managed Users.

Oracle Database Release 18 Security Guide, Chapter 5 "Configuring Centrally Managed Users with Microsoft Active Directory".

Oracle Database Release 19 Security Guide, Chapter 6 "Configuring Centrally Managed Users with Microsoft Active Directory".

 

 

Important !!! 

1. The minimum version requirement for Active Directory server is Windows 2008.

2. CMU is not available as a feature in Standard Edition, see Licensing Information.

3. Apply the Mandatory Patches for CMU in 18C / 19C Database as explained in <Note 2716598.1>

<Patch 31404487> replaces <patch 28994890>.

If patch 28994890 was applied on top of a 18c database DBRU (where DBRU version is lower than 18.11), then roll back patch 28994890, and only apply patch 31404487 to database 18c.

If the 18c database version is equal to or higher than DBRU 18.11, where bug 28994890 has been included in the base line DBRU, then apply patch 31404487 on top of the 18c DBRU directly.

If the 19c database version is equal to or higher than DBRU 19.10, then no need to apply patch 31404487 on top of the DBRU 19.10 (or higher version), as the fix for bug 31404487 has been included in DBRU 19.10.

Note that the patches are only applicable to on-premise databases. The content of the patches have been included in Autonomous Databases (ADBS) for CMU, if you use Microsoft Active Directory with Autonomous Database.

 

 

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 I Download the latest version of 'opwdintg.exe' for Password Authentication Integration
 II Configure the integration between Microsoft Active Directory and the Oracle Database
 III Configure Password Authentication for Centrally Managed Users
 IV Configure Authorization for Centrally Managed Users
  V Configure Kerberos Authentication
  VI Configure SSL authentication
  VII Known Issues and Troubleshooting Steps
 VIII How to investigate connection issues
 Additional Information:
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.