Oracle AD schema extension

  • Last Post 15 September 2015
ThomasVuylsteke posted this 15 September 2015

Hey all,   I got a customer who has an application landscape that involves Oracle (amongst others). They currently seem to use “OID” as a central point to locate databases. As the product OID seems to be considered old, they are looking to replace that. They are considering setting up a new LDAP server(s) or extending the schema of their Active Directory domain.   This is also explained here:   I’m aware that extending the schema isn’t necessarily something to be scared of or avoid at all costs. But mostly I like to explore my options and doublecheck if it’s really necessary. What is your take on this? Anyone active in an environment where they depend on this? Any major drawback of this particular extension?   One thing I can think of that we’ll also need to configure AD delegation so that Oracle people can create/read/update/delete their custom objects.   Kind regards, Thomas

Order By: Standard | Newest | Votes
BrianB posted this 15 September 2015

One thing you might want to look at is using an AD LDS instance that proxies auth to AD for authentication. You can add Schema extensions to the AD LDS while keeping you AD environment pristine. Have you also

looked to see if the product support Radius authentication? Just curious, if this is an option. If so, you could set up a Microsoft NPS server and use Radius to AD auth.


Brian Britt



bdesmond posted this 15 September 2015

I didn’t see an LDIF to eyeball, but, I would look at this from the perspective of whether or not you have the processes in place to populate and maintain the data and of course if the data makes sense to

store in the directory. AD’s schema is designed to be extended so I would take advantage of that where it makes business and technical sense.



Brian Desmond



w – 312.625.1438 | c – 312.731.3132