1.158 LDAP_DIRECTORY_SYSAUTH

LDAP_DIRECTORY_SYSAUTH allows or disallows directory-based authorization for users granted administrative privileges, such as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, and SYSKM.

[December 8, 2017 bert.rich] For 18.1/12.2.0.2, updated this topic based on Oracle Review comments from engineer yong.hu.

Property Description

Parameter type

String

Syntax

LDAP_DIRECTORY_SYSAUTH = { yes | no }

Default value

no

Modifiable

No

Modifiable in a PDB

No

Basic

Yes

When LDAP_DIRECTORY_SYSAUTH is set to yes, directory users are allowed to connect to the database as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, or SYSKM, if they have mapped database global users that are granted corresponding administrative privileges such as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, and SYSKM.

When LDAP_DIRECTORY_SYSAUTH is set to no, directory users are not allowed to connect to the database as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, or SYSKM, even if they have mapped database global users that are granted corresponding administrative privileges such as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, and SYSKM.