OpenEdge DataServer for Oracle supports external password credentials. Specifically, the DataServer for Oracle uses Lightweight Directory Access Protocol (LDAP) through the OCI driver to provide directory authentication through the global user management capabilities of the Oracle Internet Directory (OID).

The Oracle DataServer makes database connections through the bound OCI client library that is capable of interfacing with an Oracle Server using Oracle Advanced Security. When an Oracle database environment is configured to use external authentication, a centralized service is shared by Oracle and other application environments to provide security and single sign-on capability. For instance, an LDAP directory service can be configured to provide global user authentication and authorization using the ldap.ora or tnsnames.ora configuration files. LDAP directory services can be configured in many different ways with Oracle databases to provide centralized enterprise-level authentication services.

An OpenEdge DataServer client can obtain external authentication by sending a connection request with only a user id and password delimiter, absent the actual user id and password. For instance:

/@<tnsnames-server>.<ora-instance>

Depending on the mechanism used, external credentials may or may not be provided independent of the global user management features of the OID. For instance, public key infrastructure (PKI) digital certificates can be passed directly to a target Oracle Enterprise server. Oracle Wallets can also be provided in an external password store and may perform authentication in conjunction with a particular external authentication server.