|OUD-EUS configuration steps (Doc ID 1675625.1)|
- Configuring ASO Kerberos Authentication with a Microsoft Windows 2008 R2 Active Directory KDC (Doc ID 1304004.1)
- Step By Step Guide To Configuring 11.2 Kerberos Authenticated Enterprise User Security (Doc ID 1365372.1)
- Configuration (OUD+EUS+PTA) is for customers who did not want to install the dll on their AD server ( I mean EUS DLL Option )
- The PTA workflow element offers a feature allowing to locally store the password hash when a successful bind is executed, thus allowing EUS to work. The big drawback is that the local password copy is created only if the user performs a ldap bind through OUD (meaning that if a user modifies his password in AD , he must also do a ldapbind through OUD in order to refresh the local copy of the password).
- AD uses MS proprietary hash, and besides, it does not allow LDAP clients to read password field. EUS, on the other side, does not perform LDAP bind, but instead reads user’s hashed password, and than compares the hash it produced itself out of clear-text password provided by DB user.
Ref : http://docs.oracle.com/cd/E52734_01/oud/OUDAG/proxy_functionality.htm#BGBDADJE