Table of contents
Preamble
In a big company the need to have a central location for Oracle connect descriptors (SQL*Net connect strings) is more or less a must. At least the team handling PC support will ask for it to ease their job. Imagine that if you have a local tnsnames.ora file on all your clients, what if one day you need to change the name of one server when you migrate a database to a new hardware ?
The solution is called directory naming and is there since very long handle by different products as Oracle release is increasing.
The legacy product that centralize your Oracle connect descriptors (TNS string) entries is Oracle Names Server. This was a simple system process and a text file with all your entries, and yes we still have it:
orans1{oranames}# namesctl status Oracle Names Control for HPUX: Version 9.2.0.6.0 - Production on 09-JUN-2016 11:22:05 Copyright (c) 1993, 2002 Oracle Corporation. All rights reserved. Currently managing name server "orans1.domain.com" Version banner is "Oracle Names for HPUX: Version 9.2.0.6.0 - Production" Version banner is "Oracle Names for HPUX: Version 9.2.0.6.0 - Production" Server name: orans1.domain.com Server has been running for: 249 days 11 hours 32 minutes 53.93 seconds Request processing enabled: yes Request forwarding enabled: yes Requests received: 2707 Requests forwarded: 0 Foreign data items cached: 0 Region data next checked for reload in: not set Region data reload check failures: 0 Cache next checkpointed in: not set Cache checkpoint interval: not set Cache checkpoint file name: /ora_names/software/network/names/ckpcch.ora Statistic counters next reset in: not set Statistic counter reset interval: not set Statistic counters next logged in: not set Statistic counter logging interval: not set Trace level: 0 Trace file name: /ora_names/software/network/trace/names.trc Log file name: /ora_names/software/network/log/names.log System parameter file name: /ora_names/software/network/admin/names.ora Command-line parameter file name: "" Administrative region name: "" Administrative region description: "" ApplTable Index: 0 Contact "" Operational Status 1 Save Config on Stop no |
And the Oracle connect descriptors file:
orans1{oranames}# tail /ora_names/software/network/names/ckpdom.ora ) sid1_DB.world. = (DATA_LIST=(FLAGS=0x1)(TTL=86400) (DATA=(TYPE=a.smd.)(DESCRIPTION=(SOURCE_ROUTE=OFF)(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=server1.domain.com)(PORT=1529)))(CONNECT_DATA=(SID=sid1)(SRVR=DEDICATED))) ) ) sid2_eu.world. = (DATA_LIST=(FLAGS=0x1)(TTL=86400) (DATA=(TYPE=a.smd.)(DESCRIPTION=(SOURCE_ROUTE=OFF)(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=server2.domain.com)(PORT=1525)))(CONNECT_DATA=(SID=sid2)(SRVR=DEDICATED))) ) ) |
On your client you had to setup your sqlnet.ora file with something like:
NAMES.DEFAULT_DOMAIN = world NAMES.PREFERRED_SERVERS = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = orans1.domain.com)(PORT = 1688)) ) NAMES.DIRECTORY_PATH= (ONAMES) |
It was really simple to setup and maintain. But starting with 10gR1 Oracle has decided this was too simple and replaced this implementation by a much complex one based on an LDAP-compliant directory. On latest 12cR1 Oracle client only Microsoft Active Directory (AD) and Oracle Internet Directory (OID) are supported. OID is part of Oracle Identity Management family. Their application server called WebLogic is not mandatory to run OID but without it you will have access to no graphical interface, which is ok if you are a bit familiar with LDAP.
If you install all those Oracle components to exclusively use them to serve Oracle connect descriptors then you have no licenses to purchase.
I started with Oracle Identity Management page and obviously tried latest release (at the time of writing this post) i.e. 11gR2 or more precisely 11gR2PS3 (11.1.2.3.0). After many unsuccessful tries I realized that OID was not yet available in this release which is confirmed by certification page where 1.1.1.9.0 is latest available certification page:
We also see that WebLogic 12cR2 cannot be used as only WebLogic 10.3.6 is certified !
My testing has been done on a virtual machine running Oracle Enterprise Linux 7.2 64 bits with an 12cR1 (12.1.0.2.0) Unicode (AL32UTF8) backend database.
You also need Java JDK on your server, at the time of writing it is 1.8.0_92, that I have installed with the provided rpm (jdk-8u92-linux-x64.rpm) and so under /usr/java. In certification page you can see that only Java 1.7 is certified and it should be the one you install. I’m anyway using latest one as from past experience Java descending compatibility as always been good even for product not yet certified on latest Java. Also from security point of view it makes no sense to install Java 1.7.
WebLogic installation
This component is optional, just remind that without it you will end up with no graphical interface.
From WebLogic 10.3.6 download page the generic Installers with Oracle WebLogic Server and Oracle Coherence cannot be used for OID as you will require below component for OID:
- Java Required Files (JRF)
So the one to use is Installers with Oracle WebLogic Server, Oracle Coherence and Oracle Enterprise Pack for Eclipse, so downloading Linux x86 with 32-bit JVM (1.5 GB) hoping to use the 64 bits Java I have already installed on my server… File oepe-wls-indigo-installer-11.1.1.8.0.201110211138-10.3.6-linux32.bin is an executable so is not launched same as other with java -jar file.jar.
First installation screen:
Choose installation directory (/u01/Middleware for me):
Do you wish to receive security information:
Custom installation for better control:
Keep WebLogic installation option by default:
Choose to add Oracle Application Development Framework:
Choose the JDK you have installed, that is not default option, the ones that come with installation binaries are a bit obsolete. If you refer to certification picture above normally only JDK 1.7.0 is certified:
Let default installation sub directories:
Summary of what will be done:
Ending windows if you got no issue:
WebLogic configuration
Once WebLogic has been installed launch the configuration script available at /u01/Middleware/oracle_common/common/bin/config.sh. Choose to create a new WebLogic domain:
Add Oracle JRF mandatory option:
I have left default name and default deployment directory:
Choose a password for your WebLogic administrator account:
I have chosen production mode with my already installed Java release:
Check Administration Server to benefit from graphical administrative tool:
Feeding with server name and kept default port (7001):
Summary of what will be done:
Ending window with url to be used for graphical interface:
Finally start WebLogic with:
[oracle@server1 ~]$ /u01/Middleware/user_projects/domains/base_domain/startWebLogic.sh |
This will most probably fail after you have interactively entered account with:
Enter username to boot WebLogic server:weblogic Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /u01/Middleware/wlserver_10.3/server/native/linux/i686/libterminalio.so which might have disabled stack guard. The VM will try to fix the stack guard now. It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'. <Jun 10, 2016 12:05:52 PM CEST> <Error> <Security> <BEA-090782> <Server is Running in Production Mode and Native Library(terminalio) to read the password securely from commandline is not found.> <Jun 10, 2016 12:05:52 PM CEST> <Notice> <WebLogicServer> <BEA-000388> <JVM called WLS shutdown hook. The server will force shutdown now> <Jun 10, 2016 12:05:52 PM CEST> <Alert> <WebLogicServer> <BEA-000396> <Server shutdown has been requested by <WLS Kernel>> <Jun 10, 2016 12:05:52 PM CEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN> |
Follow MOS note 1354736.1 to correct it.
Or you can also follow MOS note 475060.1 to avoid to be obliged to supply account/password each time you start it…
This is last one I have decided to follow. In short you create a boot.properties file with account and password:
[oracle@server1 ~]$ cd /u01/Middleware/user_projects/domains/base_domain/servers/server1.domain.com [oracle@server1 server1.domain.com]$ mkdir security [oracle@server1 server1.domain.com]$ cd security [oracle@server1 server1.domain.com]$ vit boot.properties [oracle@server1 server1.domain.com]$ cat boot.properties username=weblogic password=secure_password |
When you start WebLogic server, of course account and password are no more requested, and the file is encrypted to protect password value:
[oracle@server1 ~]$ cat /u01/Middleware/user_projects/domains/base_domain/servers/server1.domain.com/security/boot.properties #Fri Jun 10 12:16:32 CEST 2016 password={AES}mrdERtPxVBTSr5lsdau1gPC2rjVxBN1MdyAaIUD8qQo\= username={AES}p4aYO8sUChgMxKINU2fc8dgc0kidumyPBlDVmKNGthU\= |
You can then access to administrative web interface on http://server1.domain.com:7001/console:
This, optional, first part of the series for directory naming implementation is over (!!). I told you Oracle has not made it simple. Move on to second part with link in references section.
References
- Directory naming configuration and usage (ldap.ora) – part 1
- Directory naming configuration and usage (ldap.ora) – part 2
- Directory naming configuration and usage (ldap.ora) – part 3
- StartWebLogic.cmd Shuts Down after Entering Username with the Error: “Server is running in Production Mode and Native Library (terminalio) to read the password securely from commandline is not found.” (Doc ID 1354736.1)
- How to Bypass username and password prompt when running startWebLogic.sh (Doc ID 475060.1)
- Oracle Fusion Middleware 11g Release 1 (11.1.1.9) Oracle Internet Directory – Tasks