12 July 2006

How to set up Oracle Internet Directory with Net


The overview of how to set up Oracle Directory Naming with LDAP

By setting clients to talk to the LDAP directory, you can completely avoid TNSNames.ora and centralize your connection information. On the top of this installation, you can later add company users, manage their access to the different applications, add single sign-on, etc.

Overview of the set-up:
  1. Install required Oracle software
    • For 9.2 version you need Oracle Database 9i Release 2;
    • For OID 10g you will need either Application Sever 10g or Oracle Identity Manager 10g
  2. Patch the software with the latest patch
  3. Create a new database (ex: OIDDB)
  4. Install OID software into the same Oracle home
    • OID has by defaults two ports: 389 for the unsecured connections and 636 for the SSL secured connections
    • Change immediatelly the passwords for "cn=quest" and "cn=proxy" users
    • Decide what will you default conext be
      • For example, if your database is called PRODB.mycompany.com, set up the default context as "dc=mycompany,dc=com"
      • OID automatically adds a branch "cn=OracleContext" underneath.
  5. Import the TNS entries into the OID with: Net Manager--> Command--> Directory --> "Export Net Service Names". As a context, choose "cn=OracleContext,"dc=mycompany,dc=com".
    • Set up the client for LDAP: Oracle Net Configuration Assistant
    • First choose "Naming Methods Configuration" and put only Directory in the "Selected Naming Methods"
    • Secondly, choose "Directory Usage Confirmation". Choose the second option "Select the Directory you want to use and configure it for the Oracle usage". Then just type in the hostname, ports and follow through.
    • Try first to tnsping it and then to connect with sqlplus u/p@PRODB. With the tnsping, the result should look like this:
      • C:\WINDOWS\system32>tnsping prodb
      • TNS Ping Utility for 32-bit Windows: Version 9.2.0.7.0 - Production on 12-JUL-2006 10:28:29
      • Copyright (c) 1997 Oracle Corporation. All rights reserved.
      • Used parameter files:C:\oracle\product\9.2\network\admin\sqlnet.ora
      • Used LDAP adapter to resolve the alias
      • Attempting to contact
        • (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)
        • (HOST=myhost)(PORT=1521)))(CONNECT_DATA=
        • (SERVICE_NAME=prodb.WORLD)))
      • OK (10 msec)

Other notes

OID security

Example of LDAP client files:

tnsnames.ora

It can be left blank.

ldap.ora

# LDAP.ORA Network Configuration File: C:\oracle\product\9.2\network\admin\ldap.ora

# Generated by Oracle configuration tools.
DEFAULT_ADMIN_CONTEXT = "dc=mycompany,dc=com"
DIRECTORY_SERVERS= (ldaphostname.mycompany.com:389:636)
DIRECTORY_SERVER_TYPE = OID

sqlnet.ora

# SQLNET.ORA Network Configuration File: C:\oracle\product\9.2\network\admin\sqlnet.ora

# Generated by Oracle configuration tools.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (LDAP)

Oracle Licenses for Oracle Internet Directory

Enterprise Edition has a "restricted-use" license for OID 10g, if only directory naming is used

JDBC drivers support for OID

JDBC Thin driver supports absolute naming only when the complete DN is used (this means "cn=PRODB, dc=mycompany,dc=com")

If you want to build an application that will communicate with LDAP, there are some JDBC/LDAP drivers available on the market

How to set JDBC driver to connect to the LDAP

Non secure example:

Secure example:


// posted by Tatjana (Tanja) Kane @ 7/12/2006
Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?