Using an LDAP Connection to an Oracle Database
Use this type of connection to use a service definition stored on the LDAP server for the connection information to use. The connection information is substituted in parameters in the JDBC driver when the connection is attempted.
Supported LDAP Services
Oracle Internet Directory (OID) is the LDAP service supported.
Datical DB supports simple bind authentication through LDAP using an anonymous (empty) bind DN.
Constraints on Datical Features for Oracle
Note
You cannot use the Datical Accelerator for Oracle in projects or DbDefs where you are using an LDAP connection..
Prerequisite: LDAP Server Access
These instructions assume that you have done the following:
- The Datical DB host can access the LDAP server through the network.
- You have access to the LDAP server and can create service definitions there.
1. Create the Service Definition on the LDAP Server
Use LDAP commands to create the service definition to use.
In the following example, the service definition on the LDAP server is named ORA_AWS_LDAP
. You may name it as you wish. Use this name for the TNS Alias setting in Datical DB projects.
cn=ORA_AWS_LDAP,cn=OracleContext,dc=us,dc=oracle,dc=com objectclass=top objectclass=orclNetService cn=ORA_AWS_LDAP orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=aws-db1-rhel6.datical.net)(PORT=2484)))(CONNECT_DATA=(SERVICE_NAME=pdborcl.datical.net)))
2. Create a Directory for Oracle Configuration Files
Create a directory on the host where you run Datical DB to use for the wallet file and Oracle configuration files.
The example places it in the oracle_ldap
directory under the <project>
directory in the default location for Datical DB projects. If Oracle is installed on the host, another common location might be $ORACLE_HOME/network/admin
.
Linux
/datical/oracle_ldap
Windows
C:\datical\oracle_ldap
3. Add Configuration Files to the Directory
File | Desription |
---|---|
sqlnet.ora | Profile configuration file for the Oracle database client. Copy this file from the Oracle database server. |
ldap.ora | Configuration file that maps net service names to connect descriptors. Copy this file from the Oracle database server. |
sqlnet.ora
Profile configuration file for the Oracle database client. It specifies the lookup order for connection methods using the NAMES.DIRECTORY_PATH property. Example: TNSNAMES,LDAP,EZCONNECT.
Edit the file so that LDAP is the only configuration method.
NAME.DIRECTORY_PATH=(LDAP)
ldap.ora
Configuration file that identifies the server, server type, and context to use in the connection.
During connection, the servers listed in DIRECTORY_SERVERS are contacted in order to confirm that the service definition exists on LDAP server.
If the service definition does not exist on any server, the connection fails.
DEFAULT_ADMIN_CONTEXT = “ou=oracledatabases,dc=mycompany,dc=com” DIRECTORY_SERVERS = (ldap_server1.mycompany.com:3060:3131, ldap_server2.mycompany.com:389:636, ...) DIRECTORY_SERVER_TYPE = OID
Note
For DIRECTORY_SERVER_TYPE, only OID is supported (Oracle Internet Directory)
3. Set Environment Variables to Locate the Configuration Files
When attempting a connection, Datical DB uses environment variables to find the configuration files, then gets information it needs from them.
Take care to set the variables correctly. There is overlap in the search order.
You need an environment variable for each path:
- Directory path to sqlnet.ora
- Directory path to ldap.ora
Directory Path to sqlnet.ora
Set an environment variable to contain the directory path of the sqlnet.ora file
.
You have some flexibility in the environment variable to use. Datical DB searches in the following order:
- TNS_ADMIN
- ORACLE_HOME/network/admin
If the sqlnet.ora
file is not found, the Oracle default order is used: TNSNAMES,LDAP,EZCONNECT. This will cause the connection to fail.
Directory Path to ldap.ora
Set LDAP_ADMIN to the location of the ldap.ora
file. You may use another variable.
Datical DB searches in the following order:
- LDAP_ADMIN
- TNS_ADMIN
- ORACLE_HOME/network/ldap/admin
4. Set Up Datical Project DbDefs to Use the LDAP Connection
When you create a DbDef in a project and choose Oracle as the database type, you set the following property:
- Connection Type - Choose TNSNAMES/LDAP
- TNS Alias - Specifies the service name in LDAP that contains configuration information for the connection.
See also Configuring Step Settings (DbDefs)#OracleDatabaseStepSettings.