Oracle Corner

This situation hapens when you export a schema that has TYPEs and then try to import it into the same database or the replica database. The import will try to create all TYPEs from the dump file using the unique object identifiers which are embedded into the dump file. As each TYPE must have an unique OID, you will get errors:

• . importing LRP017's objects into LRPPROD
  IMP-00017: following statement failed with ORACLE error 2304:
• "CREATE TYPE "LRPTYPE" TIMESTAMP '2006-06-17:13:37:55' OID '"
• "1662950A9F7A50B6E043AC1C2D1550B6' AS OBJECT"
• ...
  
• IMP-00003: ORACLE error 2304 encountered
• ORA-02304: invalid object identifier literal
• IMP-00017: following statement failed with ORACLE error 2304

Resolution:

• If using 10.2 version, just skip to the Data Pump and use the TRANSFORM option:
• expdp directory=DATA_PUMP_DIR dumpfile=source_data.dmp logfile=export.log schemas=SOURCE_SCHEMA
• impdp directory=DATA_PUMP_DIR dumpfile=source_data.dmp logfile=import.log REMAP_SCHEMA=SOURCE_SCHEMA:NEW_SCHEMA TRANSFORM=oid:n
• If using version <10.2
• Create the TYPEs manually and then import
  

The overview of how to set up Oracle Directory Naming with LDAP

By setting clients to talk to the LDAP directory, you can completely avoid TNSNames.ora and centralize your connection information. On the top of this installation, you can later add company users, manage their access to the different applications, add single sign-on, etc.

Overview of the set-up:

1. Install required Oracle software
   
• For 9.2 version you need Oracle Database 9i Release 2;
  
• For OID 10g you will need either Application Sever 10g or Oracle Identity Manager 10g
2. Patch the software with the latest patch
3. Create a new database (ex: OIDDB)
4. Install OID software into the same Oracle home
• OID has by defaults two ports: 389 for the unsecured connections and 636 for the SSL secured connections
• Change immediatelly the passwords for "cn=quest" and "cn=proxy" users
• Decide what will you default conext be
• For example, if your database is called PRODB.mycompany.com, set up the default context as "dc=mycompany,dc=com"
• OID automatically adds a branch "cn=OracleContext" underneath.
5. Import the TNS entries into the OID with: Net Manager--> Command--> Directory --> "Export Net Service Names". As a context, choose "cn=OracleContext,"dc=mycompany,dc=com".
• Set up the client for LDAP: Oracle Net Configuration Assistant
• First choose "Naming Methods Configuration" and put only Directory in the "Selected Naming Methods"
• Secondly, choose "Directory Usage Confirmation". Choose the second option "Select the Directory you want to use and configure it for the Oracle usage". Then just type in the hostname, ports and follow through.
• Try first to tnsping it and then to connect with sqlplus u/p@PRODB. With the tnsping, the result should look like this:
• C:\WINDOWS\system32>tnsping prodb
• TNS Ping Utility for 32-bit Windows: Version 9.2.0.7.0 - Production on 12-JUL-2006 10:28:29
• Copyright (c) 1997 Oracle Corporation. All rights reserved.
• Used parameter files:C:\oracle\product\9.2\network\admin\sqlnet.ora
• Used LDAP adapter to resolve the alias
• Attempting to contact
  
• (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)
• (HOST=myhost)(PORT=1521)))(CONNECT_DATA=
• (SERVICE_NAME=prodb.WORLD)))
• OK (10 msec)

Other notes

• Default OID user used for administration is cn=orcladmin.
• If you encounter any problems, make sure that your OID allows anonymous binds, try to give SYSTEM database user a SYSDBA privilege and try to put SQLNET.AUTHENTICATION_SERVICES=(NTS).
• Traces are in $OH\ldap\log, files like oidmon.log, oidldapdxx.log...

OID security

• OID has 3 levels of authentication: anonymous, pwd-based and certificate-based (SSL)
• MD4 algorithm is used to protect passwords inside of OID
• Public key enctyption with SSL protects the transmitted data
• Message digests (checksumed by MD5 or SHA) with SSL ensure data has not been modified during the transmission

Example of LDAP client files:

tnsnames.ora

It can be left blank.

ldap.ora

# LDAP.ORA Network Configuration File: C:\oracle\product\9.2\network\admin\ldap.ora

# Generated by Oracle configuration tools.
DEFAULT_ADMIN_CONTEXT = "dc=mycompany,dc=com"
DIRECTORY_SERVERS= (ldaphostname.mycompany.com:389:636)
DIRECTORY_SERVER_TYPE = OID

sqlnet.ora

# SQLNET.ORA Network Configuration File: C:\oracle\product\9.2\network\admin\sqlnet.ora

# Generated by Oracle configuration tools.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (LDAP)

Oracle Licenses for Oracle Internet Directory

Enterprise Edition has a "restricted-use" license for OID 10g, if only directory naming is used

JDBC drivers support for OID

JDBC Thin driver supports absolute naming only when the complete DN is used (this means "cn=PRODB, dc=mycompany,dc=com")

If you want to build an application that will communicate with LDAP, there are some JDBC/LDAP drivers available on the market

How to set JDBC driver to connect to the LDAP

Non secure example:

• "jdbc:oracle:thin:@ldap://ldaphostname:389/PRODB,
• cn=Oraclecontext,dc=mycompany,dc=com"

Secure example:

• "jdbc:oracle:thin:@ldaps://ldaphostname:636/PRODB,
• cn=Oraclecontext,dc=mycompany,dc=com"