Oracle Internet Directory Application Developer’s Guide Oracle8i Application Developer’s

（O管理）对O数据库进行容灾(VVR(VVR))对Oracle数据库进行容灾（VeritasV olumeReplicator(VVR)）随着全球信息化时代的到来，信息数据越来越成为企业关注的焦点，即在各种自然灾害或者人为破坏的情况下，如何保证生产数据的安全和关键业务的不中断运行。

传统的保护方法离线备份、备份介质异地保存在一定程度上可以解决上述问题，但为了能够对业务系统提供更高的实时性和可靠性，保证关键业务7x24不中断，应对激烈的市场竞争和提高客户满意度，企业必须在IT系统围绕“连续”(BC)主题进行构建，实施业务连续/容灾备份计划，包括业务连续性、高可用性管理、容灾、数据复制和恢复方案、安全等，下面就对数据复制技术做一个简单的介绍。

根据数据复制运行的位置，可以将数据复制方式分为以下四种：基于存储(Storage-Based)：代表厂商有EMCSRDF、IBMPPRC/GDPS、HPBusinessCopy、HDSTrueCopy等，特点对主机透明，对应用系统的影响较小，技术成熟，有较多的成功案例，但是投资较大，对网络连接的要求也较高。

基于服务器(Host-based)：代表厂商主要是Symantec公司的VeritasVolumeReplicator(V VR)，是存储卷的复制技术。

需要占用主机一定的系统资源。

基于存储交换机(SAN-Based)：运行于挂接在存储网络上的专用设备中，代表厂商有CISCO 的SANTap，FalconStorIPStor，TopioSANsafe，DataCoreSANsymphony,Asynchrono usInternetMirroring(AIM)等。

基于数据库/软件应用:代表厂商有OracleDataGuard，QuestSharePlex，IBM-DB2的远程Q复制，SYBASE的复制服务器(ReplicationServer)等，这些技术都是对数据逻辑操作的复制，属于逻辑数据复制，而其它3种复制的是数据卷中的数据变化，属于物理数据复制。

Oracle 9iORACLE9i数据库技术Oracle数据库效劳器的最新版本Oracle 9i是Oracle数据库效劳器家族中的新一代旗舰产品。

ORACLE数据库产品具备许多技术特性。

1-先进性ORACLE公司成立以来，在数据库领域始终处于技术领先地位。

通过自身产品在技术的不断创新和对信息技术开展方向的敏锐洞察，始终领导数据库产品的开展。

不管在哪个时期，都具有技术优势。

为了实现事务处理的高性能，Oracle 9i的多线程的、多效劳器的体系结构能够协调处理上万条并发用户请求。

单个请求均被放入队列，并由最少量的效劳器进程处理。

Oracle 9i的可伸缩的，可靠的体系结构推出了无法匹敌的任务关键系统所需的可伸缩性、可用性以及高性能。

Oracle 9i和Oracle 9i Real Application Server能充分利用所有的硬件系统资源，从单处理器，并行多处理器，集群系统(cluster)到大规模并行处理器(MPP)系统。

Oracle支持行级封锁技术来解决写/写冲突，并支持数据多版本来解决读/写冲突。

行级封锁因为占用的系统资源最少，能最大限度地提高系统的吞吐量。

数据多版本(读一致性快照)防止了读锁，使系统对锁的管理因锁种类的减少而大大简化。

Oracle杜绝锁升级，防止死锁的发生。

并且，Oracle有专门的后台进程监控和解决死锁，一旦出现死锁，自动解除死锁。

Oracle9i 的一个功能，是能够将业务数据和索引进行分区。

经分区的数据和索引具有以下优点：缩短对长时间运行的查询的响应时间；分区减少了磁盘I/O 操作减少对并发查询的响应时间；I/O 操作在每个分区上同时进行索引维护更加轻松，因为可进行分区级创立和重构操作可以重建分区上的索引，而不影响在其他分区上的查询可以更改每个本地索引的存储参数，而与其他分区无关对于民政部民政公用政务平台系统，需要存贮大量的资料、档案和各地的业务数据，同时，还需要同协作机构进行数据交换，而Oracle9i支持最大为512Peta bytes的数据库(1 Petabytes = 1000TB =1000,000GB)，较好地支持大型存储设备的管理操作，整个管理过程对用户是完全透明的。

oracle数据库题库1）哪些DBMS的调度器过程可以⽤来启⽤程序？A. ENABLEB. ENABLE_PROGRAMC. VALIDATE_PROGRAMD. SET_ATTRIBUTEE. SET_ENABLED答案: A,D2）下列哪项不是⼀个有效的⽇程表语法元素？A. FREQB. BYHOURC. RUNDATED. INTERVALE. BYMINUTE答案：C3)哪个调度视图可以查询⽬前正在执⾏⼯作？A. DBA_SCHEDULER_JOB_RUN_DETAILSB. DBA_SCHEDULER_RUNNING_JOBS DBAC. DBA_SCHEDULER_CURRENT_JOBSD. DBA_SCHEDULER_JOBS DBAE. DBA_SCHEDULER_EXECUTING_JOBS答案: B,D4)⼀个作业或程序创建时，启⽤属性的默认值是什么？A. TRUEB. FALSEC. There is no default. It must be defined at creation time.D. PENDINGE. NULL5)全球化⽀持是通过Oracle特性中的哪⼀个提供的⽂本和字符处理功能实现？A. RSTLNEB. NLSRTLC. LISTENERD. NLSSORTE. Linguistic sorts答案: B6)以下哪种数据类型存储时区信息到数据库中？A. TIMESTAMPB. DATEC. TIMESTAMP WITH TIME ZONED. TIMESTAMP WITH LOCAL TIME ZONEE. DATETIME答案: C7)你要备份你的100 GB的数据库到⼀台远程磁带设备上。

当转移备份到磁带设备时您必须确保最低⽹络带宽消耗。

你的CPU 的当前消耗是⼤约40％。

你应该执⾏哪种类型的备份？A. standard backup setB. image copyC. compressed backupD. user-managed backup答案: C8)您⽤ASM存储管理Oracle数据库11g数据库。

property when WAR file is not expanded问题分析：出现这个原因是因为部署的时候使用的是war包，weblogic部署应用不像tomcat先将war解压在启动，而是直接使用war启动。

因为我们在很多JSP和Servlet文件中使用了如：this.servletContext.getRealPath("/")等类似写法，因为在war中的文件时没有真实路径的，所以getRealPath("/")取出来的都是意向不到的值，例如null。

解决方法：由于用这种写法获得web效劳器路径的地方很多，一个个去换显然不是一个很好的方法，而且直接使用war部署对后续的应用更新也比拟麻烦，所以准备采用另外一种部署方式，就是文件目录部署。

三、文件目录部署使用文件目录部署指的是用weblogic管理效劳器安装，直接指定本地的应用文件夹，只要该文件夹下面有包含WEB-INF\web.xml，就可以被选中安装。

所以接下来就是建立应用程序的安装目录。

在区别于weblogic域管理目录路径，我们在根路径创立了目录。

/deploy/applications/app/deploy/applications/planapp : 准备用来存放app应用，在文件夹建好以后，将我们的应用〔如:wzfy〕整个文件夹拷贝到app下面。

plan : 这个文件夹当weblogic管理效劳器安装了app下面的应用后，会在这里自动建立app 的部署方案文件。

在管理效劳器中，找到目录/deploy/applications/app ，选中wzfy，开始安装。

第三个问题出现无法访问选定应用程序。

Exception in AppMerge flows' progressionException in AppMerge flows' progression[J2EE:160111]ERROR: Appc can not write to the working directory,'/deploy/applications/app/wzfy'. Please ensure that you have write permission for this directory and try again.通过文字意思的理解，就是对于操作用户来说/deploy/applications/app/wzfy是不可写的。

oracle 10g em、isqlplus访问不了解决方法如果web方式的em，isqlplus访问不了。

1. 检查主机名/IP、端口是否正确安装时的主机名/IP、端口记录在$ORACLE_HOME/install/portlist.ini 文件中。

缺省是：一般用户 http://ip:5560/isqlplusDBA用户 http://ip:5560/isqlplus/dbaEM Database Control http://ip:1158/em/2. 看em, isqlplus服务是否起启动，状态是否正常当然Oracle安装时，要选择安装了“Oracle Enterprise Manager配置数据库”其它问题：3. 换了ip需要重建em，以下是em的相关命令:创建一个EM资料库emca -repos create重建一个EM资料库emca -repos recreate删除一个EM资料库emca -repos drop配置数据库的Database Controlemca -config dbcontrol db删除数据库的Database Control配置emca -deconfig dbcontrol db重新配置db control的端口，默认端口在1158emca -reconfig portsemca -reconfig ports -dbcontrol_http_port 1160emca -reconfig ports -agent_port 3940先设置ORACLE_SID环境变量后,启动EM console服务emctl start dbconsole先设置ORACLE_SID环境变量后,停止EM console服务emctl stop dbconsole先设置ORACLE_SID环境变量后,查看EM console服务的状态emctl status dbconsole配置dbconsole的步骤emca -repos createemca -config dbcontrol dbemctl start dbconsole重新配置dbconsole的步骤emca -repos dropemca -repos createemca -config dbcontrol dbemctl start dbconsolePS1:Oracle10G的EM采用了web方式，并且分成了2个产品，database control和grid control。

P ORTAL 安装配置过程撰写人 : 科森顾问撰写日期: 2003-4-3最新更新: 2003-2-27文档版本: V1.0批准:南汽项目经理科森项目经理复印份数_____文档控制更改记录查阅分发说明事项：如果您得到该文档的电子版并将其打印出来，请您在文档的封面上签上您的姓名，并记录打印的份数。

说明事项：如果您得到该文档的硬拷贝，请您在文档的封面签上您的姓名，以便进行文档控制。

目录文档控制 (1)更改记录 (1)查阅 (1)分发 (1)目的 (3)安装Portal (4)准备工作 (4)安装步骤 (5)FAQ (6)配置WEB Provider (9)FAQ (9)配置Portlet (13)FAQ .................................................................................................................. 错误！未定义书签。

SSO (19)API (19)安装OES (20)准备工作 (20)安装步骤 (20)安装OSA (21)准备工作 (21)安装步骤 (21)其它 (26)已解决的问题 (26)未解决的问题 (26)目的为技术人员安装配置Portal提供技术支持。

安装Portal准备工作安装Windows Services Pack 2设置服务器的DNS名1.打开我的电脑->属性->网络标识2.单击属性3.单击其它在【此计算机的主DNS后缀】框中输入响应的域后缀。

安装步骤FAQ9iAS FAQ/pls/ops/docs/FOLDER/COMMUNI TY/OTN_CONTENT/MAINPAGE/FAQANSWERFINDERSV1/PORTAL309_FAQ_JULY.HTM在第一次通过WEB登录Portal的时候，系统报Windows-396 Exception1.打开文件D:\OraBI\Apache\modplsql\conf\dads.conf2.找到<Location /pls/portal> 段在行PlsqlNLSLanguage AMERICAN_AMERICA.ZHS16GBK后增加行PLsqlCGIEnvironmentList REQUEST_IANA_CHARSET=GBK3.重新启动BI的instanceportal用户的登录密码是什么？1.打开Oracle Directory Manager2.登录OID用户名：cn=orcladmin密码: portal管理员的密码3.找到如下节点条目管理->orclReferenceName=,cn=IAS Infrastructure Databases, cn=IAS, cn=Products,cn=OracleContext（改为响应的值）4.orclpasswodattribute项即为密码9iAS 安装以后如何修改IP？1.查看metalink文章: 209927.1，下载Patch : 2542920查看文章：/docs/cd/B10573_02/relnotes.902/addendum/ipchange.htm2.安装补丁：关闭所有的9iAS服务先对Ora9iAS安装补丁，安装完毕后执行命令'dcmctlupdateConfig -ct oc4j -v’再对OraBI安装补丁。

Oracle Internet Directory (OID) 是Oracle 公司提供的一种企业级目录服务，用于存储和管理用户、组织和应用程序等身份认证信息。

OID 提供了一种中央化、安全和可扩展的方法来管理与身份相关的数据。

以下是Oracle OID 的一些常见用法：
1. 用户认证和授权：OID 可以存储用户身份信息，例如用户名、密码和其他属性，用于用户认证和授权。

用户可以通过OID 进行身份验证，并使用OID 中存储的角色和权限进行访问控制。

2. 身份管理：OID 可以存储组织结构、部门、员工和其他与身份相关的数据。

它可以用于管理和维护用户和组织之间的关系，提供基于角色和组的访问控制。

3. 应用程序集成：OID 可以作为企业级应用程序的用户认证和授权中心。

应用程序可以使用OID 进行单点登录（SSO），将用户的身份认证和授权委托给OID，减少了在每个应用程序中单独管理身份信息的工作量。

4. 数据同步和复制：OID 支持数据的同步和复制功能，可以将身份信息从一个OID 实例同步到另一个OID 实例，实现高可用性和容灾能力。

5. LDAP 支持：OID 实现了Lightweight Directory Access Protocol (LDAP)，使其能够与其他遵循LDAP 标准的应用程序和目录服务进行集成。

6. 安全性管理：OID 提供了对身份信息的安全管理，包括身份验证、授权、加密和证书管理等功能。

它借助于Oracle 数据库的安全性功能来保护存储在OID 中的敏感信息。

LDAP学习⼩结【仅原理和基础篇】 此篇⽂章花费了好⼏个晚上,⼤部分是软件翻译的英⽂⽂档,加上⾃⼰的理解所写,希望学习者能尊重每个⼈的努⼒. 我有句话想送给每个看我⽂章的⼈: 慢就是快,快就是慢 另外更希望更多⼈能从认真从原理学习,分享更多有质量的⽂章,⽽不是仅仅转载别⼈的⽂章. 以下仅介绍了OpenLDAP的基本原理和基本配置,⾄于更⾼级的配置,还需⾃⾏学习,因为有了以下基础,再去建楼,就会 更加容易,⽹上有太多⽂章都太⽼旧,实在难以让初学者对OpenLDAP有⼀个全⾯的基础认识,总搞的⼈云⾥雾⾥,这篇⽂章 希望对想学习OpenLDAP的⼈,打⼀个好的基础,从⽽能深⼊了解它.基本命令我就不贴出来了,希望想深⼊学习的⼈,⾃⾏学习 man⼿册. --------------马帮弟⼦:zcfLDAP: 原理:LDAP: 它是⽤来做统⼀⽤户⾝份认证的.即: 你访问CSDN它说你可以⽤微信登录,你登录微博,它也⽀持微信登录等, 这就是⼀种⽬录服务, 当然它们不⼀定⽤LDAP来做为他们的⽬录服务. LDAP（Light Directory Access Portocol），它是基于X.500标准的轻量级⽬录访问协议。

Linux上实现LDAP的⼯具是 openladp, 通过配置ldap服务器,将⽤户信息存储在其中,就可以使⽤ldap协议, 访问⽤户数据库,来实现LDAP⽤户认证.基本概念: ⽬录树概念 1. ⽬录树：在⼀个⽬录服务系统中，整个⽬录信息集可以表⽰为⼀个⽬录信息树，树中的每个节点是⼀个条⽬。

2. 条⽬：每个条⽬就是⼀条记录，每个条⽬有⾃⼰的唯⼀可区别的名称（DN）。

3. 对象类：与某个实体类型对应的⼀组属性，对象类是可以继承的，这样⽗类的必须属性也会被继承下来。

4. 属性：描述条⽬的某个⽅⾯的信息，⼀个属性由⼀个属性类型和⼀个或多个属性值组成，属性有必须属性和⾮必须属性。

名词: dn(Distinguished Name): “uid=songtao.xu,ou=oa组,dc=example,dc=com”，⼀条记录的位置（唯⼀） uid(User Id): ⽤户ID songtao.xu（⼀条记录的ID） ou(Organization Unit): 组织单位，组织单位可以包含其他各种对象（包括其他组织单元），如“oa组”（⼀条记录的所属组织） dc(Domain Component) :域名的部分，其格式是将完整的域名分成⼏部分,如域名为变成dc=example,dc=com（⼀条记录的所属位置） cn(Common Name): 公共名称，如“Thomas Johansson”（⼀条记录的名称） sn(Surname): 姓，如“许” rdn(Relative dn): 相对辨别名，类似于⽂件系统中的相对路径，它是与⽬录树结构⽆关的部分，如“uid=tom”或“cn= Thomas Johansson”配置openLDAP有两种⽅式: slapd.conf 修改它,需要重新⽣成数据库⽂件, ⽣成后需要重新赋予权限属主属组ldap.ldap . 接着重新加载slapd 进程, 配置才会⽣效.若使⽤单机版，不推荐。

Oracle 数据库与 Windows 的竞合关系界最守口如瓶的秘密之一，，就是 Oracle 对所有在 Microsoft Windows 平台上部署IT 界最守口如瓶的秘密之一的支持为众所周知之外，，Oracle 还数据库的客户所提供的深度支持。

除了对 Linux 的支持为众所周知之外Oracle 数据库的客户所提供的深度支持对接的主要数据库供应商。

并且 Oracle 不是上世纪九十年代中期率先将其软件与 Windows 对接的主要数据库供应商用户社区提供支持。

Oracle 的 Windows 断为规模庞大而强大的 Oracle-on-Windows 用户社区提供支持功能实现互操作，，还可确保集成功能不仅可以确保与 Active Directory 等核心 Windows 功能实现互操作开发工具完美地配合运行。

客户无论是杂货店或其数据库和工具能够与常用的 Visual Studio 开发工具完美地配合运行是跨国公司，，都能够在 Windows 平台上运行 Oracle 数据库数据库，，但这一组合的最大亮点在于适是跨国公司合快速成长的中小企业市场的需要。

合快速成长的中小企业市场的需要客户和行业需求促成了 Oracle/Microsoft 实现互操作在计算机行业，往往不能仅凭表面现象判断事物。

例如，Oracle 和 Microsoft 之间多年来的明争暗夺，一直是媒体热衷的话题。

双方间的战火首先在数据库市场点燃，然后因 Oracle 涉足Linux 而扩大到操作系统市场。

此外在开发工具到中间件和应用程序等领域，双方间大大小小的冲突此起彼伏。

但就在这一明刀明枪的争夺背后，Oracle 和 Microsoft 也不能回避一个市场现实：两家供应商拥有共同的客户群，数以万计的客户同时使用竞争双方出售的产品。

为数众多的客户甚至将Oracle 数据库部署在运行 Microsoft 的 Windows Server 操作系统的平台上。

Oracle Tuxedo Application Runtime for IMS Installation Guide11g Release 1 (11.1.1.3.0)December 2011Oracle Tuxedo Application Runtime for IMS Installation Guide, 11g Release 1 (11.1.1.3.0)Copyright © 2011, Oracle and/or its affiliates. All rights reserved.This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decomposition of this software, unless required by law for interpretability, is prohibited.The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.This software and documentation may provide access to or information on content, products and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.Oracle Tuxedo Application Runtime for IMS Installation Guide Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Installing on UNIX Platforms in Graphics Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Uninstall GUI Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Installing on UNIX Platforms in Console Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Installing on UNIX Platforms in Silent Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Installing in Silent Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Uninstall Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 See Also. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Supported Platform Data Sheets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 AIX 6.1 64-bit on Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2Linux 64-bit on x86_64 (Oracle Enterprise Linux 5.4 or Redhat Linux 5). . . . . . . . . .2Oracle Linux 5.6 (64-bit) on Exalogic 2.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2Oracle Linux 5.6 (64-bit) on Non Exalogic Hardware. . . . . . . . . . . . . . . . . . . . . . . . . .2Oracle Solaris 10 64-bit on Sparc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3Oracle Tuxedo Application Runtime for IMS Installation Guide iiiiv Oracle Tuxedo Application Runtime for IMS Installation GuideOracle Tuxedo Application Runtime for IMS Installation GuideThis chapter contains the following topics:z Overviewz System Requirementsz Supported Platformsz Installing on UNIX Platforms in Graphics Modez Installing on UNIX Platforms in Console Modez Installing on UNIX Platforms in Silent ModeOverviewOracle Tuxedo Application Runtime for IMS software is distributed as an installer file which can be executed on UNIX platforms using any of the following three methods:z Graphical user interface (GUI) installation.z Console installation.z Silent installation.Oracle Tuxedo Application Runtime for IMS 11g Release 1 (11.1.1.3.0) distribution contains the following key components:z Oracle Tuxedo Application Runtime for IMS administrative utilitiesOracle Tuxedo Application Runtime for IMS Installation Guide1Oracle Tuxedo Application Runtime for IMS Installation Guidez Oracle Tuxedo Application Runtime for IMS sample applications (optionally installed)Oracle Tuxedo Application Runtime for IMS is installed in the <ORACLEHOME>/artims_11gR1 directory by default.System Requirementsz JRE version 1.5.0 or aboveSupported Platformsz AIX 6.1 64-bit on Powerz Linux 64-bit on x86_64 (Oracle Enterprise Linux 5.4 or Redhat Linux 5)z Oracle Linux 5.6 (64-bit) on Exalogic 2.0z Oracle Linux 5.6 (64-bit) on Non Exalogic Hardwarez Solaris 10 64-bit on SparcInstalling on UNIX Platforms in Graphics Mode To run GUI-mode installation, the computer console on which you are installing the software must support a Java-based GUI.To install the Oracle Tuxedo Application Runtime for IMS software on UNIX systems ingraphics mode, do the following steps:unch the Oracle Tuxedo Application Runtime for IMS installation program.a.Log on as root or another user with sufficient permissions.b.Execute the installation program: ./installer_name.binThe Introduction screen appears.2.Click Next to proceed with the installation. The Choose Oracle Home Directory screenappears.You can select from the following options:a.Choose existing Oracle Home directoryClick the Choose an Oracle Home directory option button if you already have one ormore Oracle Home directories on your system. Select an Oracle Home directory fromthe list displayed to the right of the option buttons.2Oracle Tuxedo Application Runtime for IMS Installation GuideUninstall GUI Mode All valid Oracle Home directories are displayed in this list. Valid Oracle Homedirectories are directories where Oracle products have been installed using the standard installation program.b.Specify Oracle Home directoryClick the Specify an Oracle Home directory button to enter a valid directory.Note:Oracle Tuxedo Application Runtime for IMS installation will report an error and will not proceed in the event of the following:If an existing Oracle Tuxedo Application Runtime for IMS 11g Release 1(11.1.1.3.0) installation is detected, you are prompted to overwrite it or not. Select“yes” to overwrite the existing installation.3.Click Next to proceed with the installation. The Choose Install Folder screen appears.If the selected Oracle Home does not have Oracle Tuxedo Application Runtime for IMS 11gR1 installed, you can modify the default install directory; otherwise the detecteddirectory name is suggested. The default install directory is<ORACLEHOME>/artims_11gR1.4.Click Next to proceed with the installation. The Sample Install Confirm screen appears.You are prompted to choose install samples or not.5.If the installation process continues, the Pre-Installation Summary screen appears.Review the summary information and click Install if the information is correct.Click Previous to go back and modify any input that you want to change.Click Cancel to terminate the installation process. This is the last chance you have tocancel your installation without copying any files on your target machine.6.The Install Complete screen appears when the installation is finished.Click Done to exit the installation program.Uninstall GUI ModeUnder <INSTALL_DIR> there is a directory named 'uninstaller', which contains the uninstaller and resources specific to the un-installation of the product. To uninstall Oracle Tuxedo Application Runtime for IMS 11gR1 in GUI mode, use the ./uninstall command.Oracle Tuxedo Application Runtime for IMS Installation Guide3Oracle Tuxedo Application Runtime for IMS Installation GuideInstalling on UNIX Platforms in Console Mode To install Oracle Tuxedo Application Runtime for IMS software in console mode on a certified UNIX platform, do the following steps:1.Log on as root or another user with sufficient permissions.2.Execute the installation program in character-based mode: /installer_name.bin -iconsole3.The installation program runs and prompts you for responses as shown in Listing 1.Listing 1 Installation ProgramPreparing to install...Extracting the JRE from the installer archive...Unpacking the JRE...Extracting the installation resources from the installer archive...Configuring the installer for this system's environment...Launching installer...Preparing CONSOLE Mode Installation...========================================================================== =====Introduction------------InstallAnywhere will guide you through the installation ofOracle Tuxedo Application Runtime for IMS 11gR1(11.1.1.3.0).It is strongly recommended that you quit all programs before continuing with this installation.Respond to each prompt to proceed to the next step in the installation. If you want to change something on a previous step, type 'back'.4Oracle Tuxedo Application Runtime for IMS Installation GuideInstalling on UNIX Platforms in Console ModeYou may cancel this installation by typing 'quit'.WARNING: "Quitting" creates an incomplete Oracle Tuxedo Application Runtime for IMS 11gR1 (11.1.1.3.0) installation.You must re-install Oracle Tuxedo Application Runtime for IMS 11gR1 (11.1.1.3.0).========================================================================== =====Choose Oracle Home----------------------------1- Choose existing Oracle Home directory2- Specify Oracle Home directoryEnter a number: 2Specify an Oracle Home directory: /home/user/oracle========================================================================== =====Choose Product Directory---------------------1- Modify Current Selection (/home/user/oracle/artims_11gR1)2- Use Current Selection (/home/user/oracle/artims_11gR1)Enter a number: 2========================================================================== =====Sample Install Confirm---------------------Install Samples?Oracle Tuxedo Application Runtime for IMS Installation Guide5Oracle Tuxedo Application Runtime for IMS Installation Guide->1- No2- YesENTER THE NUMBER OF THE DESIRED CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT:========================================================================== =====Pre-Installation Summary------------------------Please Review the Following Before Continuing:Product Name:Oracle Tuxedo Application Runtime for IMS 11gR1Install Folder:/home/user/oracle/artims_11gR1Link Folder:/local/home/dxfRequired Space:83036116 bytesAvailable Space:23126462464 bytesPRESS <ENTER> TO CONTINUE:========================================================================== =====Installing...-------------=====Installation Complete---------------------6Oracle Tuxedo Application Runtime for IMS Installation GuideInstalling on UNIX Platforms in Console ModeCongratulations. Oracle Tuxedo Application Runtime for IMS 11gR1 has been successfully installed to:/home/user/oracle/artims_11gR1PRESS <ENTER> TO EXIT THE INSTALLER:Uninstall Console ModeUnder <INSTALL_DIR> there is a directory named 'uninstaller', which contains the uninstaller and resources specific to the un-installation of the product. To uninstall Oracle Tuxedo Application Runtime for IMS in console mode, use the./uninstall -i console command.About to uninstall screen: appears to prompt user the un-installation of the product starts.Uninstall Oracle Tuxedo Application Runtime for IMS 11gR1(11.1.1.3.0)----------------About to uninstall...Oracle Tuxedo Application Runtime for IMS 11gR1This will remove features installed by InstallAnywhere. It will not remove files and folders created after the installation.PRESS <ENTER> TO CONTINUE:Uninstall screen: This screen simply shows the uninstall procedure item by item.Uninstalling ...---------------***************************************************************************************************...*Oracle Tuxedo Application Runtime for IMS Installation GuideUninstall Complete screen: After un-installation finishes, this screen appears, and reports the un-installation summary.Uninstall Complete------------------All items were successfully Uninstall.Installing on UNIX Platforms in Silent ModePreparing for Silent Mode InstallationBefore you install Oracle Tuxedo Application Runtime for IMS, complete the following tasks: z Verify that enough disk space is available.z Verify the login ID has proper permission for silent installation.z Create a template file containing the required keyword settings.Creating a Silent Mode Installation Template FileTo create a template file for use in the silent installation process, you must use keywords as shown in Table 1.Table 1 Silent Mode Installation Template FileFor This Keyword…Enter The Following Value…INSTALLER_UI= The mode of installation. The default is silent; do not modify this value. ORACLEHOME=The full pathname of the Oracle Home directory of your choice.USER_INSTALL_DIR The full pathname of the installation directory.INSTALL_SAMPLES=Y|N Specifies whether sample applications are installed or not.OVERWRITE=Y|N If you are using silent mode installation over an existing version of OracleTuxedo Application Runtime for IMS, you must add this line to your templatefile.Any value other than "Y" or "y" will not overwrite the existing Oracle TuxedoApplication Runtime for IMS version and cancels the installation.Installing in Silent ModeSample UNIX TemplateINSTALLER_UI=silentORACLEHOME=/home/user/oracleUSER_INSTALL_DIR=/home/user/oracle/artims_11gR1INSTALL_SAMPLES=YOVERWRITE=YInstalling in Silent ModeTo use silent mode installation on a UNIX system, you must do the following steps:1.Create a file containing the required variables set to valid data.2.At the command line prompt, go to the directory containing the installer executable.3.Enter the following command: Installer_name.bin -f path/installer.dataNote:path is the full path to the variable data file and installer.data is the data file containing the required variables.Verifying Silent Mode InstallationYou can verify successful silent mode installation by checking the installation directory to see if all the Oracle Tuxedo Application Runtime for IMS binaries are listed.If silent mode installation fails, check the following log file:$HOME/ARTIMS_silent_install.log.Uninstall Silent InstallationUnder <INSTALL_DIR> there is a directory named 'uninstaller', which contains the uninstaller and resources specific to the un-installation of the product. To uninstall Oracle Tuxedo Application Runtime for IMS in silent mode, use the ./uninstall -i silent command.See Alsoz Oracle Tuxedo Application Runtime for IMS Users Guidez Oracle Tuxedo Application Runtime for IMS Reference GuideOracle Tuxedo Application Runtime for IMS Installation GuideA P P E N D I X Supported PlatformsTable A-1 lists Oracle Tuxedo Application Runtime for IMS 11g Release 1 (11.1.1.3.0) supported platforms.Table A-1 Oracle Tuxedo Application Runtime for IMS 11g Release 1 (11.1.1.3.0)Supported PlatformsPlatform GA Port/Post-GA Port &Certification Release Date OS EOL DateAIX 6.1 64-bit on Power GA2011.12TBDLinux 64-bit on x86_64 (Oracle EnterpriseLinux 5.4 or Redhat Linux 5)GA2011.12TBD Oracle Linux 5.6 (64-bit) on Exalogic 2.0GA2011.12TBDOracle Linux 5.6 (64-bit) on non ExalogichardwareGA2011.12TBD Solaris 10 64-bit on Sparc GA2011.12TBDSupported PlatformsSupported Platform Data SheetsAIX 6.1 64-bit on PowerThe software requirements for AIX 6.1 64-bit on Power are as follows:z MicroFocus COBOL 5.1z COBOL-IT 2.9.5z IBM XL C/C++ 9Linux 64-bit on x86_64 (Oracle Enterprise Linux 5.4 or Redhat Linux 5)The software requirements for Linux 64-bit on x86_64 are as follows:z MicroFocus COBOL 5.1z COBOL-IT 2.9.5z gcc/g++ 4.1.2Oracle Linux 5.6 (64-bit) on Exalogic 2.0The software requirements for Oracle Linux 5.6 (64-bit) on Exalogic 2.0 are as follows:z MicroFocus COBOL 5.1z COBOL-IT 2.9.5z gcc 4.1.2Oracle Linux 5.6 (64-bit) on Non Exalogic HardwareThe software requirements for Oracle Linux 5.6 (64-bit) on non Exalogic hardware are asfollows:z MicroFocus COBOL 5.1z COBOL-IT 2.9.5z gcc 4.1.2Supported Platform Data SheetsOracle Solaris 10 64-bit on SparcThe software requirements for Oracle Solaris 10 64-bit on Sparc are as follows:z MicroFocus COBOL 5.1z COBOL-IT 2.9.5z C/C++ Sun Studio 12Supported Platforms。

Oracle的响应⽂件复制以下内容并粘贴到⾃⼰电脑，以db_install.rsp命名⽂件然后继续相应的操作（后缀不要更改）###################################################################### Copyright(c) Oracle Corporation1998,2008. All rights reserved. #### Specify values for the variables listedbelow to customize your installation. #### Each variable is associated with acomment. The comment #### can help to populate the variables withthe appropriate values. #### IMPORTANT NOTE: This file contains plaintext passwords and #### should be secured to have readpermission only by oracle user #### or db administrator who owns thisinstallation. ####对整个⽂件的说明，该⽂件包含参数说明，静默⽂件中密码信息的保密 #######################################################################------------------------------------------------------------------------------# Do not change the following system generatedvalue. 标注响应⽂件版本，这个版本必须和要#安装的数据库版本相同，安装检验⽆法通过,不能更改#------------------------------------------------------------------------------oracle.install.responseFileVersion=/oracle/install/rspfmt_dbinstall_response_schema_v11_2_0#------------------------------------------------------------------------------# Specify the installation option.# It can be one of the following:# 1. INSTALL_DB_SWONLY# 2. INSTALL_DB_AND_CONFIG# 3. UPGRADE_DB#选择安装类型：1.只装数据库软件 2.安装数据库软件并建库 3.升级数据库#-------------------------------------------------------------------------------oracle.install.option=INSTALL_DB_AND_CONFIG#-------------------------------------------------------------------------------# Specify the hostname of the system as setduring the install. It can be used# to force the installation to use analternative hostname rather than using the# first hostname found on the system.(e.g., for systems with multiple hostnames# and network interfaces)指定操作系统主机名，通过hostname命令获得#-------------------------------------------------------------------------------ORACLE_HOSTNAME=localhost#-------------------------------------------------------------------------------# Specify the Unix group to be set for theinventory directory.#指定oracle inventory⽬录的所有者，通常会是oinstall或者dba#-------------------------------------------------------------------------------UNIX_GROUP_NAME=oinstall#-------------------------------------------------------------------------------# Specify the location which holds theinventory files.#指定产品清单oracle inventory⽬录的路径,如果是Win平台下可以省略#-------------------------------------------------------------------------------INVENTORY_LOCATION=/data/inventory#-------------------------------------------------------------------------------# Specify the languages in which thecomponents will be installed.# en : English ja : Japanese# fr : French ko : Korean# ar : Arabic es : Latin American Spanish# bn : Bengali lv : Latvian# pt_BR: Brazilian Portuguese lt : Lithuanian# bg : Bulgarian ms : Malay# fr_CA: Canadian French es_MX: Mexican Spanish# ca : Catalan no : Norwegian# hr : Croatian pl : Polish# cs : Czech pt : Portuguese# da : Danish ro : Romanian# nl : Dutch ru : Russian# ar_EG: Egyptian zh_CN: Simplified Chinese# en_GB: English (Great Britain) sk :Slovak# et : Estonian sl : Slovenian# fi : Finnish es_ES: Spanish# de : German sv : Swedish# el : Greek th : Thai# iw : Hebrew zh_TW:Traditional Chinese# hu : Hungarian tr : Turkish# is : Icelandic uk : Ukrainian# in : Indonesian vi :Vietnamese# it : Italian# Example : SELECTED_LANGUAGES=en,fr,ja#指定数据库语⾔，可以选择多个，⽤逗号隔开。

1．Apache服务器和tomcat服务器Apache应用服务器之三：为什么Apache与Tomcat要整合/uid-21266384-id-186473.html一．Apache与Tomcat介绍Apache是当前使用最为广泛的WWW服务器软件，具有相当强大的静态HTML 处理的能力。

Tomcat服务器是一个免费的开放源代码的Web应用服务器，它是Apache软件基金会（Apache Software Foundation）的Jakarta项目中的一个核心项目，由Apache、Sun和其他一些公司及个人共同开发而成。

由于有了Sun的参与和支持，最新的Servlet和JSP 规范总是能在Tomcat中得到体现，Tomcat5支持最新的Servlet 2.4和JSP 2.0规范。

因为Tomcat技术先进、性能稳定，而且免费，因而深受Java爱好者的喜爱并得到了部分软件开发商的认可，成为目前比较流行的Web应用服务器。

Tomcat和IIS、Apache等Web服务器一样，具有处理HTML页面的功能，另外它还是一个Servlet和JSP容器，独立的Servlet容器是Tomcat的默认模式。

二．为什么需要整合整合的最主要原因是为了在现有的硬件条件下提供最大的负载。

如果单独使用Tomcat做JSP服务器，在工作效率上会存在问题,Tomcat处理静态HTML的能力不如Apache，并且所能承受的最大并发连接数也有一定的限制；在测试中，当并发连接较多时，Tomcat就会处于“僵死”状态，对后继的请求连接失去响应。

所以现在提出一个“整合”解决方案：将html与jsp的功能部分进行明确分工，让tomcat只处理jsp部分，其它的由apache这个web server处理。

Apache与Tomcat各司其职，那么服务器的整体效率就能够得到提升。

三．整合的基本原理作为Apache下面的子项目，Tomcat 与Apache之间有着天然的联系。

Graphic Section DividerMicrosoft Active Directory and Windows Security Integration with Oracle DatabaseSantanu Datta Christian Shay Etienne Remillon VP, Development Principal PM Sr. Principal PMTHE FOLLOWING IS INTENDED TO OUTLINE OUR GENERAL PRODUCT DIRECTION. IT IS INTENDED FOR INFORMATION PURPOSES ONLY, AND MAY NOT BE INCORPORATED INTO ANY CONTRACT. IT IS NOT A COMMITMENT TO DELIVER ANY MATERIAL, CODE, OR FUNCTIONALITY, AND SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS. THE DEVELOPMENT, RELEASE, AND TIMING OF ANY FEATURES OR FUNCTIONALITY DESCRIBED FOR ORACLE'S PRODUCTS REMAINS AT THE SOLE DISCRETION OF ORACLE.Program Agenda•Active Directory for Name Resolution •Single Sign On•Web Applications: Security Integration •Enterprise User Security•Q&AOverview▪Store and resolve Net names through Active Directory –Active Directory is used instead of tnsnames.ora–Authenticated connection to Active Directory (11g and later)–Anonymous connection for older clients▪Enhanced tools support for Net naming–Oracle Net Configuration Assistant▪Configures Active Directory▪Configures local ldap.ora–Oracle DB Configuration Assistant and Net Manager ▪Registers Database names/Net Service names in ActiveDirectory–AD Users and Computers Centralize Configuration Reduce Administration(EliminateTNSNAMES.ORA)Directory Structuresales. dev. Oracle ContextDB1.sales.Oracle Contextdev. netsvc1.sales. DB3.dev.netsvc2.dev.Create SchemaRegister DB/NetService NamesCreate NamingContextCreate NamingContext Register DB/Net Service NamesActive Directory for Name ResolutionConfiguration/AdministrationWindows SystemRepository ofDatabase Names and Connect Descriptors2 – Register Schema using NetCADatabase Client Systems on Windows5 - Configure Directory Naming and Directory Usage (AD) using NetCA1 – Ensure that Administrator can modify Schema in Active Directory 3 - Create Naming Context using NetCA4 - Register database in AD using DBCA or Net ManagerActiveDirectory/KDCRun-timeOracle Database2 – User issues Connect RequestRepository (Database Names and Connect Descriptors)3 - Retrieves Connect Descriptor4 - Connect to Database using Connect Descriptor(Any Platform)ActiveDirectory/KDC1 – User signs on to DesktopDemo EnvironmentWindows 7Windows Server 2008 R2 with SP1(Domain Controller)Machine Name:dev User: OracleDatabase Server: orcl OS installed: Windows 7 Machine Name:dev Domain: dev OS installed: Windows Server 2008 R2 with SP1D E M O N S T R A T I O N Active Directory forName ResolutionConfiguration Steps: Summary1.Ensure that Administrator can modify Schema in AD2.Register Schema using NetCA (once for the entire AD forest)3.Create Naming Context using NetCA (once per domain)4.Register Database in AD using DBCA or Net Manager5.Configure Directory Naming and Directory Usage (AD) using NetCA (on systems thatwant to use AD)6.Set NAMES.LDAP_AUTHENTICATE_BIND=Yes in SQLNET.ORA (11g and later clients)To support pre-11g Clients1.Enable anonymous bind in AD2.Change ACLs for Oracle Naming Context and Database/Net Services objects to allowanonymous accessPlease refer to the white paper Configuring Microsoft Active Directory for Net Naming fordetailed informationOID and Active DirectoryClient OS Server OS AD OID Comments Windows Windows Yes YesWindows Any Yes Yes Tools for registering Net Service in AD must be run on WindowsLinux/Unix Any No Yes AD Integration solutions can helpProgram Agenda•Active Directory for Name Resolution •Single Sign On•Web Applications: Security Integration •Enterprise User Security•Q&ASingle Sign On•Windows Native Authentication or OS Authentication (NTS) •Kerberos•SSL•Microsoft Certificate Store Support•set parameter WALLET_LOCATION in sqlnet.ora to:•WALLET_LOCATION = (SOURCE = (METHOD=MCS)) Independent of “Active Directory for Name Resolution” feature•Enabled by default and works across Windows systems •Windows user logon credentials used for database authentication •For using Windows users as Database Administrative Users •Do not need to create corresponding users in Database•Windows tools can be used to manage Windows group membership •For using Windows users as Database Regular Users •Need to create corresponding users in Database•Authorization can be granted through Windows group membership or Database roles•Use Windows & Database tools or Oracle Administration AssistantSYSDBA and SYSOPER Privileges▪ORA_DBA–All members get SYSDBA privileges for all Oracle Databases on the system▪ORA_OPER–All members get SYSOPER privileges for all Oracle Databases on the system▪ORA_<HomeName>_DBA (12c)–All members get SYSDBA privileges for Oracle Databases on a specific Oracle Home ▪ORA_<HomeName>_OPER (12c)–All members get SYSOPER privileges for Oracle Databases on a specific Oracle Home All the groups are on the server systemAdministrative Privileges for ASM Instance•ORA_ASMADMIN (12c)•All members get SYSASM administration privileges on the computer•ORA_ASMDBA (12c)•All members get SYSDBA privileges for ASM Instance on the computer •ORA_ASMOPER (12c)•All members get SYSOPER privileges for ASM Instance on the computerNote: ORA_DBA and ORA_OPER group members get SYSDBA and SYSOPER privileges for ASM instance in 11g and older releases only All the groups are on the server systemSeparation of Privileges•ORA_<HomeName>_ SYSBACKUP (12c)• All members get Backup privileges (SYSBACKUP) for databases on a specific Oracle Home•ORA_<HomeName>_SYSDG (12c)•All members get Data Guard Privileges (SYSDG) for databases on a specific Oracle Home•ORA_<HomeName>_ SYSKM (12c)•All members get Encryption Key Management privileges (SYSKM) for databases on a specific Oracle HomeAll the groups are on the server systemDatabase Administrative Users2 - User attemptsto sign on to Oracle1 - Usersigns on to desktop 4 – Find Windows identity of the user5 – Find Windows Group memberships for the user in pre-defined group(s)3 – Negotiate security protocol and exchange security tokens6 – Allow logon if theWindows user is a member of the required group(s)Active Directory/ KDCMS Active Directory/KDCOracle DatabaseWindows Native AuthenticationDatabase Administrative UsersEnsure that sqlnet.authentication_services is set to NTS on both client and server in sqlnet.ora (default set up)D E M O N S T R A T I O N Windows Native AuthenticationDatabase Regular Users▪An external user needs to be created in Oracle DBe.g. create user “Sales\frank” identified externally;▪Role assignment based on Database Roles (default and most flexible) ▪To enable role assignment based on Windows groups–Set o s_roles to true–Create external rolee.g. create role sales identified externally;–Create corresponding Windows group and add members to that groupe.g. Corresponding Windows group for a database with SID orcl:ORA_orcl_sales_d if this should be a default role.(If Oracle Administration Assistant is used, it makes appropriate changes in AD andDatabase)Database Regular Users2 - User attempts to sign on to Oracle 1 - User signs on to desktop5 – Find Windows Group memberships (if os_roles is true) 3 – Negotiate security protocol and exchange security tokens Active Directory/ KDC MS Active Directory/KDCOracle Database 4 – Use Windows identity to identify as a specific External User 6 – Assign roles based on database roles or group memberships (based on os_roles)Configuration for Database Regular Users▪Ensure that sqlnet.authentication_services is set to NTS on both client and server in sqlnet.ora (default set up)▪Set os_authent_prefix to “” in init.ora▪Set os_roles to true in init.ora if you want to use Windows Group Membership for role authorizationD E M O N S T R A T I O N Windows Native AuthenticationOracle Advanced Security Licensing Changes “Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part ofOracle Advanced Security and are available in all licensed editions of the Oracle database”Please consult Database Licensing Guide for latestinformationKerberos Authentication▪Integrated with Microsoft Key Distribution Center (MSKDC)▪Supports heterogeneous systems– A Windows client can connect to a non-Windows server and vice versa▪Uses External User mechanisms in Database▪Supported with all Database Editions▪Can also be supported with Enterprise User Security▪IPv6 Support▪Constrained Delegation support–Supports Windows Server constrained delegation feature –Middle tier applications can use Kerberos adapter and authenticate to Oracle DB on behalf of the Windows user(uses MS Credentials Cache)▪Connected User dblink support over Kerberos▪Stronger encryption algorithms (AES)–Support default encryption type supported by MS KDC–Encryption type configuration no longer needed in Registry ▪Use DNS Domain Name as Kerberos REALM name by default –Mapping between DNS Domain Name and KerberosREALM name no longer needed in kerberos config file▪Kerberos authentication to Oracle database in a MS cross-domain setup▪Removal of 30 character limit of the Kerberos user name (new limit is 1024 characters)Windows Client ConfigurationCreate Kerberos and sqlnet configuration files using Oracle Net Manager–Set sqlnet.kerberos5_cc_name to “OSMSFT:” in sqlnet.ora so that the credential is retrieved from Microsoft CredentialCacheServer configuration (non-Windows)▪Create Kerberos and sqlnet configuration files on the sever using Oracle Net Manager▪Create an user in Active Directory for Database Server▪On the Domain Controller–Create Database Service Principal in AD–Map the Principal to AD user–Use ktpass utility (available from Microsoft) to create Kerberos "keytab" file▪Copy keytab file to DB server node▪Set os_authent_prefix to “” in init.ora2 - User attemptsto sign on to Oracle1 - Usersigns on to desktop 3 – Exchange security tokens to identify the Kerberos userActive Directory/ KDCMS Active Directory/KDCOracle Database4 –Identify as a specific External User and assign roles based on database rolesExample:SQL> CREATE USER KRBUSER IDENTIFIED EXTERNALLY AS ‘FRANK@SALES';SQL> Grant connect, resource to KRBUSER;•Windows only solution •MS KDC is used implicitly •Uses External Users mechanism inDB•Enterprise User Security notsupported•Direct support of Windows groupmembership for role authorization•All DB Editions – included andconfiguredWindows Native AuthenticationWindows Single Sign OnComparison•Supports heterogeneous platforms•MS KDC is supported•Can use External Users mechanismin DB (default)•Enterprise User Security supported•EUS and AD integration solutions canbe used to support role authorization through Windows group membership; provides more power and flexibility•All DB EditionsKerberosProgram Agenda•Active Directory for Name Resolution •Single Sign On•Web Applications: Security Integration •Enterprise User Security•Q&AUserCommunitiesWeb Applications On Windows(IIS)MS KDC MS KDCWeb User AuthenticationWeb Application to DB AuthenticationWeb Applications on WindowsActiveDirectory/KDCRecommend the use of Application Context/Client ID for end-to-end auditing and securityOracle DatabaseWeb User Authentication Solutions▪ Membership and Role Provider for Oracle–Validate and manage user and authorization information for your web applications in Oracle Database–Oracle Database can be on any platform▪Oracle Identity Management solutions–Integrated with Active Directory–Supports heterogeneous environments–Check/technology/products/id_mgmt/index.htmThese are Oracle provided solutions which can be used in addition to thesolutions provided by MicrosoftUserCommunitiesWeb Applications On Windows(IIS)MS KDCWeb User AuthenticationWeb User Authentication on WindowsActiveDirectory/KDCOracle Database ProvidersOracle Identity Management12221 ASP .NET Providers2 Oracle Identity Management and AD integrationWeb Applications to Database Authentication▪User ID/Password–If you must use it, use Secure External Password Store (in Oracle Wallet) to store the password securely–Database can be on any platform▪Windows Native Authentication or Kerberos–Run Web Applications as Windows Services (specific Windows user) or use IIS mechanisms for mapping Web users to Windows users –Use OS authenticated connection pool for performance–Windows Native Authentication▪Database must be on Windows–Kerberos authentication▪Set up Kerberos to use MS Credentials cache, i.e. "OSMSFT:"▪Database can be on any platformUserCommunitiesWeb Applications On Windows(IIS)MS KDCWeb Applications on WindowsActiveDirectory/KDCOracle DatabaseOracle Identity Management3Web Application to DB Authentication2 3 1 2 31 User id and Password2Windows Native Authentication or Kerberos (no EUS) 3Kerberos (with EUS)3Summary•Oracle Database fully Integrated with Active Directory and Windows Security•Name Resolution•Single Sign On•Security Integration for Web ApplicationsProgram Agenda•Active Directory for Name Resolution •Single Sign On•Web Applications: Security Integration •Enterprise User Security•Q&AEnterprise User Security•Problem Definition•Enterprise Directory Overview and benefitsThe ProblemEach Database is an island. Users are managed separately in each database.The Cost▪User Productivity–Multiple database login names and passwords to remember–No self-service capability for password reset▪Database Administrator time–DBAs manage the same user many times▪Audit & Compliance–Each database must be examined individually to find out who has which privileges▪Security–Hard to ensure user access to all databases is removed–Ensuring passwords meet policy requirements is difficultSolutionCentralized User Management▪Define users in one place▪Assign users’ privileges in one place▪Delegate database user management to the help desk▪Control user’s passwords through a common identity store such as Corporate DirectoryCentralized Database UsersOracle Directory ServicesEach person has oneusername/password for ALLdatabases. Directory identities aremapped to database schemas.Directory groups are mapped todatabase roles.BenefitsManaging Enterprise Authentication▪Authentication Stores–Oracle Unified Directory–Oracle Internet Directory–Oracle Directory Server Enterprise Edition–Active Directory–eDirectory▪Authentication Options–Username/Password , Kerberos, Radius, X.509EUS Account management with Active Directory。