[December 8, 2017 bert.rich] For 18.1/12.2.0.2, updated this topic based on Oracle Review comments from engineer yong.hu.

When LDAP_DIRECTORY_SYSAUTH is set to yes, directory users are allowed to connect to the database as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, or SYSKM, if they have mapped database global users that are granted corresponding administrative privileges such as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, and SYSKM.

When LDAP_DIRECTORY_SYSAUTH is set to no, directory users are not allowed to connect to the database as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, or SYSKM, even if they have mapped database global users that are granted corresponding administrative privileges such as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, and SYSKM.