Table of contents
In first part we have seen WebLogic installation and configuration, in second part we have seen Oracle Internet directory (OID) installation and configuration. This final third part is about configuring directory naming for your client to make use of Oracle connect descriptors you have inserted in LDAP directory.
Directory naming configuration
We are finally ready to add Oracle connect descriptors in our newly created OID. What I recommend to do is to use the SQL*Net layer of your Oracle database repository.
In $ORACLE_HOME/network/admin directory of your repository database activate directory naming by creating a ldap.ora file that should looks like:
DIRECTORY_SERVERS = (server1.domain.com:3060:3131) DIRECTORY_SERVER_TYPE = OID DEFAULT_ADMIN_CONTEXT = "dc=sgp, dc=st, dc=com"
And modify below parameter in sqlnet.ora file in same directory to handle LDAP directory. I prefer to keep TNSNAMES first to let a chance to user to overwrite LDAP entries, could be dangerous but more flexible for them. This sqlnet.ora file should be modified for all clients that you wish to use your directory server.:
NAMES.DIRECTORY_PATH= (TNSNAMES, LDAP)
Execute Network Manager (netmgr):
Expand directory part and connect with cn=orcladmin account and password you specified when installing OID:
Press green arrow in left toolbar when selection is Service Naming to create a new LDAP Oracle connect descriptor. You can even create one for your repository database as a test:
Protocol for your Oracle connect descriptor:
Server and port where is the database:
Service of the listener:
Test or finish to validate:
It now appears as a new entry under directory structure:
If you rush to test it it will most probably fail:
[oracle@server1 admin]$ tnsping orcl TNS Ping Utility for Linux: Version 22.214.171.124.0 - Production on 13-JUN-2016 16:14:33 Copyright (c) 1997, 2014, Oracle. All rights reserved. Used parameter files: /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora TNS-03505: Failed to resolve name
We have to change one property of OID to allow anonymous bind. And Enterprise Manager we have just configured will be of great help. Connect to it, still on http://server1.domain.com:7001/em, expand Identity and Access and select oid1. In management menu choose Administration and Server Properties as shown below:
Allow Anonymous bind as below and push Apply button to save:
If you do not have the graphical interface (in the case on no WebLogic) follow MOS note 947285.1. Create a text file like:
[oracle@server1 ~]$ cat ~oracle/anonymousbind.ldif dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry changetype: modify replace: orclAnonymousBindsFlag orclAnonymousBindsFlag: 1
Then execute it with ldapmodify binary to change your LDAP directory (OID) property:
[oracle@server1 ~]$ export ORACLE_HOME=/u01/Middleware/Oracle_IDM1 [oracle@server1 ~]$ export PATH=$PATH:$ORACLE_HOME/bin [oracle@server1 ~]$ ldapmodify -D cn=orcladmin -q -p 3060 -h server1.domain.com -f ~oracle/anonymousbind.ldif Please enter bind password: modifying entry cn=oid1,cn=osdldapd,cn=subconfigsubentry
Then when retesting the newly created OID service naming it should positively answer:
[oracle@server1 admin]$ tnsping orcl TNS Ping Utility for Linux: Version 126.96.36.199.0 - Production on 13-JUN-2016 16:15:57 Copyright (c) 1997, 2014, Oracle. All rights reserved. Used parameter files: /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora Used LDAP adapter to resolve the alias Attempting to contact (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=server1.domain.com)(PORT=1531)))(CONNECT_DATA=(SERVICE_NAME=orcl))) OK (10 msec)
Notice the Used LDAP adapter to resolve the alias sentence to confirm Oracle connect descriptor has been resolved by your directory and not by your local tnsnames.ora file…
If you do not like Network Manager to handle your Oracle connect descriptors you can also use a generic LDAP browser as OID behaves like a normal LDAP directory. Here is an example with the first free one I have found searching on Google (JXplorer):
This graphical tool can also be used to modify LDAP property of your directory, for example the famous anonymous bind one from 2 to 1:
- Directory naming configuration and usage (ldap.ora) – part 1
- Directory naming configuration and usage (ldap.ora) – part 2
- Directory naming configuration and usage (ldap.ora) – part 3
- Directory Usage Parameters in the ldap.ora File
- 11g OID – Accessing Via Client or NetCA May Yield: ORA-12154,TNS-4409,TNS-4405 or “The directory has not been configured for this usage.” (Doc ID 947285.1)
- Oracle Fusion Middleware 11g Release 1 (188.8.131.52) Oracle Internet Directory – Tasks
7 thoughts on “Directory naming configuration and usage (ldap.ora) – part 3”
Yannick Jaquier says:
Thanks for comment !
Thanks for the post. Crisp and clear. It helped me.
I have a question though.
How can I change the ports used by OID to its default 389 and 636?
Currently my OID is listeneing to ports 3060 and 3131. But we have a requirement to run it on the default Ports.
Yannick Jaquier says:
Thanks for feedback !
You should be able to change it in preference of weblogic web interface (http://weblogic:7001/em).
crisp and clear.. was searching in google about Net Service Name resolution using ldap. Eventually end up here. It explained all sort of things from the scratch . Thanks for this wonderful article.
Yannick Jaquier says:
Thanks for stopping by and enthusiastic comment !