Oracle 参数 LDAP_DIRECTORY_SYSAUTH 官方解释,作用,如何配置最优化建议
本站中文解释
LDAP_DIRECTORY_SYSAUTH参数是控制是否允许从 LDAP 目录中获取数据库用户认证信息的一个布尔型参数。
该参数需要与OPERATIONAL_LDAP_AUTH参数一起使用,在指定运行操作模式时,可以设置为TRUE。
正确设置LDAP_DIRECTORY_SYSAUTH参数的步骤如下:
1、使用sysdba权限登录数据库,并设置operational_ldap_auth参数为true:
SQL> alter system set operational_ldap_auth = true;
2、设置LDAP_DIRECTORY_SYSAUTH参数为true:
SQL> alter system set ldap_directory_sysauth=true;
3、重新启动数据库以使参数生效:
SQL >shutdown immediate
SQL >startup;
4、检查LDAP_DIRECTORY_SYSAUTH参数是否已正确设置:
SQL> show parameter ldap_directory_sysauth;
上述操作完成后,即可从LDAP目录中获取数据库用户认证信息。
官方英文解释
LDAP_DIRECTORY_SYSAUTH allows or disallows directory-based authorization for users granted administrative privileges, such as SYSDBA, SYSOPER, SYSBACKUP, SYSDG, and SYSKM.
| Property | Description |
|---|---|
|
Parameter type |
String |
|
Syntax |
|
|
Default value |
|
|
Modifiable |
No |
|
Modifiable in a PDB |
Yes |
|
Basic |
Yes |
When LDAP_DIRECTORY_SYSAUTH is set to yes, directory users are allowed to connect to the database as SYSDBA, SYSOPER, SYSBACKUP, SYSDG, or SYSKM, if they have mapped database global users that are granted corresponding administrative privileges such as SYSDBA, SYSOPER, SYSBACKUP, SYSDG, and SYSKM.
When LDAP_DIRECTORY_SYSAUTH is set to no, directory users are not allowed to connect to the database as SYSDBA, SYSOPER, SYSBACKUP, SYSDG, or SYSKM, even if they have mapped database global users that are granted corresponding administrative privileges such as SYSDBA, SYSOPER, SYSBACKUP, SYSDG, and SYSKM.
When modifying this parameter in a PDB, use the ALTER SYSTEM command with SCOPE=SPFILE.
