Directory naming configuration and usage (ldap.ora) – part 3

 

Preamble

In first part we have seen WebLogic installation and configuration, in second part we have seen Oracle Internet directory (OID) installation and configuration. This final third part is about configuring directory naming for your client to make use of Oracle connect descriptors you have inserted in LDAP directory.

Directory naming configuration

We are finally ready to add Oracle connect descriptors in our newly created OID. What I recommend to do is to use the SQL*Net layer of your Oracle database repository.

In $ORACLE_HOME/network/admin directory of your repository database activate directory naming by creating a ldap.ora file that should looks like:

DIRECTORY_SERVERS = (server1.domain.com:3060:3131)
DIRECTORY_SERVER_TYPE = OID
DEFAULT_ADMIN_CONTEXT = "dc=sgp, dc=st, dc=com"

And modify below parameter in sqlnet.ora file in same directory to handle LDAP directory. I prefer to keep TNSNAMES first to let a chance to user to overwrite LDAP entries, could be dangerous but more flexible for them. This sqlnet.ora file should be modified for all clients that you wish to use your directory server.:

NAMES.DIRECTORY_PATH= (TNSNAMES, LDAP)

Execute Network Manager (netmgr):

directory_naming57
directory_naming57

Expand directory part and connect with cn=orcladmin account and password you specified when installing OID:

directory_naming58
directory_naming58

Press green arrow in left toolbar when selection is Service Naming to create a new LDAP Oracle connect descriptor. You can even create one for your repository database as a test:

directory_naming59
directory_naming59

Protocol for your Oracle connect descriptor:

directory_naming60
directory_naming60

Server and port where is the database:

directory_naming61
directory_naming61

Service of the listener:

directory_naming62
directory_naming62

Test or finish to validate:

directory_naming63
directory_naming63

It now appears as a new entry under directory structure:

directory_naming64
directory_naming64

If you rush to test it it will most probably fail:

[oracle@server1 admin]$ tnsping orcl
 
TNS Ping Utility for Linux: Version 12.1.0.2.0 - Production on 13-JUN-2016 16:14:33
 
Copyright (c) 1997, 2014, Oracle.  All rights reserved.
 
Used parameter files:
/u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora
 
TNS-03505: Failed to resolve name

We have to change one property of OID to allow anonymous bind. And Enterprise Manager we have just configured will be of great help. Connect to it, still on http://server1.domain.com:7001/em, expand Identity and Access and select oid1. In management menu choose Administration and Server Properties as shown below:

directory_naming65
directory_naming65

Allow Anonymous bind as below and push Apply button to save:

directory_naming66
directory_naming66

If you do not have the graphical interface (in the case on no WebLogic) follow MOS note 947285.1. Create a text file like:

[oracle@server1 ~]$ cat ~oracle/anonymousbind.ldif
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclAnonymousBindsFlag
orclAnonymousBindsFlag: 1

Then execute it with ldapmodify binary to change your LDAP directory (OID) property:

[oracle@server1 ~]$ export ORACLE_HOME=/u01/Middleware/Oracle_IDM1
[oracle@server1 ~]$ export PATH=$PATH:$ORACLE_HOME/bin
[oracle@server1 ~]$ ldapmodify -D cn=orcladmin -q -p 3060 -h server1.domain.com -f ~oracle/anonymousbind.ldif
Please enter bind password:
modifying entry cn=oid1,cn=osdldapd,cn=subconfigsubentry

Then when retesting the newly created OID service naming it should positively answer:

[oracle@server1 admin]$ tnsping orcl
 
TNS Ping Utility for Linux: Version 12.1.0.2.0 - Production on 13-JUN-2016 16:15:57
 
Copyright (c) 1997, 2014, Oracle.  All rights reserved.
 
Used parameter files:
/u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora
 
Used LDAP adapter to resolve the alias
Attempting to contact (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=server1.domain.com)(PORT=1531)))(CONNECT_DATA=(SERVICE_NAME=orcl)))
OK (10 msec)

Notice the Used LDAP adapter to resolve the alias sentence to confirm Oracle connect descriptor has been resolved by your directory and not by your local tnsnames.ora file…

If you do not like Network Manager to handle your Oracle connect descriptors you can also use a generic LDAP browser as OID behaves like a normal LDAP directory. Here is an example with the first free one I have found searching on Google (JXplorer):

directory_naming67
directory_naming67

This graphical tool can also be used to modify LDAP property of your directory, for example the famous anonymous bind one from 2 to 1:

directory_naming71
directory_naming71

References

One thought on “Directory naming configuration and usage (ldap.ora) – part 3

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>