Ryan Whaley blog

Bugs Fixed in 1.1.3

These things can't come out quick enough in my opinion. There are many little quirks that rub me the wrong way, like jumping to the top of a script when I highlight and execute a section at the end.

Become Oracle Apps DBA: Integrate OID with AD Part I

This is one of the things that I've done on our system at work that's been the most satisfying. For years I've felt terrible for making our users remember one more username and password when they already had a perfectly good set supplied by the Active Directory (AD) people at our institution. Why should they be forced to keep two?

Oracle OID has made it possible for use to pass the buck on authentication over to the AD people. We simply set up the provisioning so that our OID instance grabs only our department's users (this AD authenticates many other depts as well). We don't have to grab their password (one less sensitive thing to store on our system) since I set up the external authentication plug-in, it just makes a call to the AD server each time someone logs in from that user group. Plus, and this is the big one, we can use the Resource Application Descriptors for each user on the OID to store database accounts for them to use with things like Forms, Reports, OAS 10.1.3.2 apps, and Discoverer (in a very hacky way).

The one big problem that we ran into was grabbing users from two different AD Domains. This meant connecting to two separate DC's to get all our users which made the set up a little more complicated. We stored the users in separate containers on our side which caused some problems since the OID wanted to make both of them the subscriber base (which you should really only have one). It caused some problems with registering new components and eventually made an OAS upgrade post-installation assistant fail (which resulted in about 3 hours of back and forth with Oracle Support in Australia). However, once that was resolved it's run smooth as silk ever since.

I believe the natural extension of this is looking into using Kerberos authentication with the database itself, not just the middle tier. Unfortunately, our edition of the database is missing certain features that would allow us to do such a thing. But maybe you folks at home could give it a try and let me know how it works for you.

I just applied for a position at a dot com out in the bay area. One of the suggestions they had for the application was to write a haiku on the joy and pain of finding a new job. I like a challenge so I wrote one and liked it so much that I figured I would post it here.

I just got my very own 128-bit number that is used to copyright my own little piece of digital media. I'm going to encrypt all of my kitty pictures with that code as a key and heaven help you if you try to decrypt them.

It feels like the wild west in the land of mathematics.

Protip:
F4 60 15 00 2A 3B 64 DA 14 A4 2C CD 4E 40 0D FB

Tom Kyte posted this entry to his blog the other day, here's what he was posting about.

In a way, this makes me happy. If, in fact, this is a sincere post then I know that I am way more professional and clever than at least one person out there.

It's guys like him that give the capslock a bad name.