How to Configure Centrally Managed Users For On-Premise Databases Release 18c or Later Releases
(Doc ID 2462012.1)
Last updated on NOVEMBER 20, 2023
Applies to:
Oracle Database - Enterprise Edition - Version 18.1.0.0.0 and laterAdvanced Networking Option - Version 18.3.0.0.0 and later
Information in this document applies to any platform.
Goal
Starting with 18c database users can be directly authenticated and authorized against Active Directory without using Oracle Enterprise User Security (EUS) or another intermediary directory service. Users can authenticate to the Oracle Database using credentials stored in Active Directory and also be associated with database schemas and roles using Active Directory groups. Microsoft Active Directory users can be mapped to exclusive or shared Oracle Database schemas and associated with database roles in the directory.
This note is intended to provide a quick overview on the steps needed to quickly setup authentication for CMU users and a few troubleshooting steps for the known issues.
You should have read and be familiar with the following documents to understand the concepts of Centrally Managed Users.
Oracle Database Release 21 Security Guide, Chapter 6 "Configuring Centrally Managed Users with Microsoft Active Directory".
Important !!!
1. The minimum version requirement for Active Directory server is Windows 2012.
2. CMU is not available as a feature in Standard Edition, see Licensing Information.
3. Apply the Mandatory Patches for CMU in 18C / 19C Database as explained in <Note 2716598.1>
<Patch 31404487> replaces <patch 28994890>.
If patch 28994890 was applied on top of a 18c database DBRU (where DBRU version is lower than 18.11), then roll back patch 28994890, and only apply patch 31404487 to database 18c.
If the 18c database version is equal to or higher than DBRU 18.11, where bug 28994890 has been included in the base line DBRU, then apply patch 31404487 on top of the 18c DBRU directly.
Note that the patches are only applicable to on-premise databases. The content of the patches have been included in Autonomous Databases (ADBS) for CMU. For configuring CMU with Microsoft Active Directory on Autonomous Databases, refer to the documents at:
"Use Microsoft Active Directory with Autonomous Database"
"Configure CMU with Microsoft Active Directory on Autonomous Database"
Note : Microsoft plans to desupport 2012 in 2026
We recommend customers to migrate to a later AD version before their version is desupported by Microsoft
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| I Download the latest version of 'opwdintg.exe' for Password Authentication Integration |
| II Configure the integration between Microsoft Active Directory and the Oracle Database |
| III Configure Password Authentication for Centrally Managed Users |
| IV Configure Authorization for Centrally Managed Users |
| V Configure Kerberos Authentication |
| VI Configure TLS authentication |
| VII Known Issues and Troubleshooting Steps |
| VIII How to investigate connection issues |
| Additional Information: |
| References |