{"id":408,"date":"2017-11-13T19:17:58","date_gmt":"2017-11-13T18:17:58","guid":{"rendered":"https:\/\/ilmarkerm.eu\/blog\/?p=408"},"modified":"2017-11-13T19:22:38","modified_gmt":"2017-11-13T18:22:38","slug":"syncronising-users-from-active-directory-to-oracle-database-using-ansible","status":"publish","type":"post","link":"https:\/\/ilmarkerm.eu\/blog\/2017\/11\/syncronising-users-from-active-directory-to-oracle-database-using-ansible\/","title":{"rendered":"Syncronising users from Active Directory to Oracle Database using Ansible"},"content":{"rendered":"

We have hundreds of developers who need access to production database for incident management purposes. But we don’t want to use shared accounts to access the database, each user has their own access to the database that is audited and has privileges according to the users access level.
\nManaging all these users manually on Oracle Database side is just too much, especially that all their access details are already described in Active Directory. Wouldn’t it be nice if we can just syncronise the AD users to the database side? Luckily we have an Ansible module for this task.<\/p>\n

First, on the database side need to create a dedicated profile for the syncronised users:<\/p>\n

CREATE PROFILE ldap_user LIMIT password_life_time UNLIMITED;\n<\/code><\/pre>\n
I assume you are already familiary with Ansible<\/a>, so I’ll go straight to the point.
\nFirst you need to clone the ansible-oracle-modules to your playbook directory:<\/p>\n
git clone https:\/\/github.com\/oravirt\/ansible-oracle-modules library\n<\/code><\/pre>\n
This contains, among other goodies, a module that does exactly what is required \ud83d\ude42 The module is called oracle_ldapuser<\/strong>.
\nThis module requires extra python-ldap module to be installed. Install it using yum, not pip. Pip will install wrong version.<\/p>\n
yum install python-ldap\n<\/code><\/pre>\n
The playbook looks like this:<\/p>\n