Single Sign On and LDAP

I hear ya on the consultant bit - we try very hard to get references for them. When they come on site, we monitor them very closely, especially in the beginning. If they turn out to be a dud, we'll chuck them out the door and put the project on hold if we have to. Then we raise holy heck with the consulting firm.
 
As well you should. My point was really to be careful in this particular instance, as there could be plenty of Oracle consultants who don't know JDE very well, plenty of JDE consultants who don't know OAS very well, and only a handful who really know both including the Kerberos piece. Still, a customer might have luck with an Oracle EBS or Portal consultant, as what I recommended for JDE has been done before with EBS and I believe more commonly with Oracle Portal. Once again, no need for Portal.
 
DEar All,

I want to start with only setting up LDAP. Do I only have to configure this in P95928. Can a web user logon on web with windows username and password?

Rival
 
There is more to setting up LDAP than just P95928. You must also configure the Enterprise/Security Server to recognize that LDAP is enabled. See the System Admin guide. Yes, you can login with a Windows username and password provided the usernames and passwords are less than or equal to 10 characters each.
 
I am new to this discussion, but have seen a lot of discussion on achieving Unified Logon kind of setup (where user don't need to provide user id and pwd while logging in JDE and they can use windows authentication), in my scenario we have kerberos setup and on JDE we have Websphere Application Server 6.0.2.13. Can someone suggest a convinient way to setup the unified lind of setup in this scenario with Kereros or LDAP? Please suggest steps.

Thanks in advance.

Prateek Singhal
 
Hi Charles,

WOW, fun reading on this thread. Interesting stuff, but I would like to boil it down a bit to a question I have.

We have current release of E1 on AS400 and OAS 10.1.3.3. on Linux 5.

In the Red piece “Long User ID and Password Support In JD Edwards EnterpriseOne” pages 4-7 it talks about using SSO to authenticate to a LDAP server with long usernames, noted password have a 10 char limit. It goes on to reference a way to map enterprise ID’s in LDAP to E1 short Id’s.

My goal is to authenticate users to MS Active directory using long usernames and a 10 char or less password. Users will enter usernames and password on JDE login web page.

So my question is and I hope I can make this specific enough to be clear. Can OAS 10.1.3.3 with SSO and or LDAP enabled be setup to do this without OID?

I read in your posts that it is required, but not sure if it is in my case. OID on Linux 5 puts us into beta code and we are getting push back from the CIO because of the time and risks.
 
And the stream continues!
Quick answer - in order to log into JD Edwards with a long userid, you have to switch to SSO login - different from JDE login. That long userid is mapped to a short JDE userid in the F00927. The problem is that Oracle SSO requires OID as the base user/password repository, thereby needing OID to sychronize with AD. You are not integrating JDE user DB to AD, but the SSO/OID repository.

Quick note for the BIG user base that wants this integration. Audit your AD usernames and cross reference to your existing JDE usernames! The SSO looks in the F0092 BEFORE going to the F00927, so it can cause a problem. Example:

Jim Smith is added to AD as jsmith
John Smith is added to AD as jsmith2

John Smith is added to JDE (F0092) as jsmith
Jim Smith is added to JDE as jsmith2

Even though the cross reference was set up correctly in F00927...
Because it goes to the F0092 first, when john logs in with his AD user/pass he would become jim in JDE and vice versa!

Time to log an SR I guess!
 
The easies way to get past all of the OID stuff is to find an attribute in the AD schema and use that instead. The long account names can be truncated to 10 chars into that field. We use one of the extension attributes.
 
Back
Top