I would like to follow up on Sylvan's post from last year with a focus on Figure 3.
https://blogs.oracle.com/sduloutr/entry/oud_eus_take_2_db
1. I setup oud-proxy for EUS and entered my AD Domain Controllers as back end servers for the user info.
2. I completed post config steps 25.4.2.2 Integrating With Oracle's Enterprise User Security - 11g Release 2 (11.1.2)
3. I updated cn=Common,cn=Products,cn=OracleContext and set orclCommonKrbPrincipalAttribute = userPrincipalName
Good - At this point, I can pass my LDAP DN and authenticate!
Bad - But as the goal is Kerberos Authentication, I tried using JXplorer to connect. I setup a connection using GSSAPI authN:
username: userprincipalname (i.e. samaccountname@addomain.fqdn.com)
Error: Unable to perform Extended request Connection Request operation. // javax.naming.NamingException: login problem: javax.security.auth.login.LoginException: Message stream modified (41)
Does OUD know to send samaccountname @ addomain.fqdn.com to the defined naming context of dc=addomain,dc=fqdn,dc=com which has the list of domain controllers defined?
How do I fix this?
Part 2: Storing EUS config in OUD.
As an OUD-proxy server, I presume the setup above would not store the EUS config and TNSNames. Even if it did store the EUS config within the proxy server, I don't see how to replicate an oud-proxy.
Does that mean I need to setup a separate OUD LDAP store with its own naming context and add that as a Remote EUS Naming Context? Then I would setup replication within that EUS naming context?
Best Regards,
Prakash