Home » RDBMS Server » Security » Create oracle session manually
Create oracle session manually [message #169145] Tue, 25 April 2006 05:35 Go to next message
karl_eisner
Messages: 8
Registered: April 2006
Junior Member
Hi!

i know that when a user logs on an oracle session is created for this user. now i want to make it possible that a user can call e.g. a stored procedure without logon to the server. so i have to create a session for this user manually. i call the oracle procedure with a link in microsoft sharepoint portal server 2003. we use the apache server and the modplsql. is this possible?
thank you in advance.
Re: Create oracle session manually [message #169164 is a reply to message #169145] Tue, 25 April 2006 09:00 Go to previous messageGo to next message
smartin
Messages: 1803
Registered: March 2005
Location: Jacksonville, Florida
Senior Member
The closest thing I can think of would be a database link of some kind, but I don't know anything about sharepoint.

Why not log the user in? It doesn't have to be a manual, interactive process. But then they would be executing operations under a specific username that could be tracked and audited and used for tuning purposes. Why wouldn't you want that?

[Updated on: Tue, 25 April 2006 09:01]

Report message to a moderator

Re: Create oracle session manually [message #169178 is a reply to message #169145] Tue, 25 April 2006 09:54 Go to previous messageGo to next message
karl_eisner
Messages: 8
Registered: April 2006
Junior Member
Hi!

thank you for your reply.
The aim is to simplify identity management. when a user logs on he has to logon at the sharepoint server (active directory account). then he uses a sharepoint link to call a stored procedure and he has to logon with the oracle account at the oracle database. the Active directory account and the oracle account are the same. We want that the logon at the ORacle Databaseserver isn't necessary that user have to logon because they are authenticated by sharepoint (AD). when the user has a session at the oracle db the oracle logon isn't necessary. the oracle porcedures are development in pl/sql and we use apache and mod_plsql (DAD) to call the procedures.
hope you have an idea! thank in advance

[Updated on: Tue, 25 April 2006 10:02]

Report message to a moderator

Re: Create oracle session manually [message #169179 is a reply to message #169178] Tue, 25 April 2006 10:06 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
First, see if i am reading your mind.
Are you looking for a combination of SSO(single sign on) and VPD (virtual private database)?
All users are authenticated against an application server (coupled with active directory /LDAP whatever. Apache will support this).
The application will have one database account. All the individual users are managed based on policies set inside the database (using VPD. The LDAP user X can call the procedure and user Y cannot call the procedure.).

Re: Create oracle session manually [message #169186 is a reply to message #169145] Tue, 25 April 2006 10:27 Go to previous messageGo to next message
karl_eisner
Messages: 8
Registered: April 2006
Junior Member
hi!

no. first the user is authenticated at the active directory. we want to avoid the second logon at the oracle account because they are the same (we sychnronize the active directory and oracle account). now we want to know how we can avoid this second logon.

we call the stored procedure (in this case HELLOWORLD, users...DAD) like this (with dad).
http://oracle.test.de/pls/users/HELLOWORLD

when this link is invoked the user has to logon with the oracle account.

and this second logon we want to avoid, because he is already authenticated at sharepoint (AD).
Re: Create oracle session manually [message #169189 is a reply to message #169186] Tue, 25 April 2006 10:48 Go to previous message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Almost similar to what i said (SSO like configuration).
All you to do is, pass the username and password to the login screen from external connections/applications.
Something like that is discussed in metalink note 162438.1.
We have written a custom perl program that does the same
1. User authenticates against the AcitiveDirectory ( OID in my case)
2. User navigates to a page to do business with database.
3. Perl program in background bypasses the login page( the second login) by feeding the username/password fetched from OID

I cannot post the exact code we use, but above said is the what that happens in backround.
Please search metalink for more related information.
Regards
Previous Topic: Duplicate users to another machine
Next Topic: Drop unused Schema
Goto Forum:
  


Current Time: Thu Mar 28 05:58:27 CDT 2024