Ldap – Oracle: replacing tnsnames.ora with LDAP lookup

ldaporacle

How do I go about replacing client-side tnsnames.ora with an ldap query?

I'm not interested in running Oracle LDAP, we have an existing LDAP infrastructure.

I need:

format of LDAP entry
how client is configured to fetch the LDAP connection information. Is this automatic in the OCI runtime?

Oracle 10.2 or 11.x if versions matter.

Best Answer

Oracle can "officially" only use OID or AD as LDAP servers. In LDAP.ORA (in $ORACLE_HOME/network/admin or $TNS_ADMIN) put:

DEFAULT_ADMIN_CONTEXT = “ou=ora,dc=company,dc=com”
DIRECTORY_SERVERS = (ldap1.company.com:389, ldap2.company.com:389)
DIRECTORY_SERVER_TYPE = OID

The type can be OID or AD. The multiple servers are for redundancy; it will not try each one in turn. Then in SQLNET.ORA:

NAMES.DIRECTORY_PATH=(LDAP, TNSNAMES)

The means try LDAP first, then try TNSNAMES.ORA, then give up.

If you want to use a third-party LDAP server, Oracle has a product called Virtual Directory that will act as a proxy between them.

Related Solutions

Ldap – Oracle Embedded LDAP Error

Just have to delete (or rename) the domain/servers/server_name/data/ldap directory. Be careful to have read/write access to the new dir you create before restarting Admin server.

Ubuntu – Setting up OpenLDAP + slapo-translucent on Ubuntu 11.04

If it helps you to get started, it's still possible to configure slapd in the old-fashioned way with slapd.conf and then convert that to new format.

slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d

Above would convert /etc/ldap/slapd.conf to the new format, putting the needed data files in /etc/ldap/slapd.d. Just remember to create the destination directory before running the command.

Best Answer

Related Solutions

Ldap – Oracle Embedded LDAP Error

Ubuntu – Setting up OpenLDAP + slapo-translucent on Ubuntu 11.04

Related Topic