Oracle Internet Directory Light for tnsnames Resolution

Since a few days the Oracle Authentication Service for Linux (http://www.oracle.com/technology/products/oid/oracleauthenticationservices.html) is available. Mainly this technology preview is addressed to handle User Authentication of Linux Desktops.

I had a closer look on this product and what I saw is, that the Oracle Authentication Service for Linux is an Oracle Internet Directory (OID) just as an RPM-File (Size 70 MB Smile). The installation is really simple, download the OID Light and the Oracle XE Database for Linux, and run as root user "rpm -Uhv oracle-oid-10.1.4.2.0-1.0.i386.rpm oracle-xe-univ-10.2.0.1-1.0.i386.rpm".

After this you have to configure the Oracle XE Database and the Oracle Internet Directory, execution as root user of the script "/etc/init.d/oracle-oid configure" and answer the following questions:

  1. Password of sys user of your XE Database
  2. Password of the OID administrator (cn=orcladmin)
  3. Ports (Non-SSL and SSL) for the OID
  4. Naming Context of your OID (e.g. dc=trivadis,dc=com)
  5. If you want to use SSL Authentification for your OID

And now the interesting part. Many people are planning to migrate their local tnsnames.ora to be stored in an Oracle Internet Directory. Up to now all them had to use the Oracle Application Server 10.1.4.0.1 Identity Management (nearly 1.3 GB Tongue Tied) and an Oracle Database Enterprise Edition. For small companies this is really an overhead! Now you can use this lightweight environment of the Oracle XE Database and the OID Light for Linux.

Following steps need to be performed to load your tnsnames.ora into the OID Light and to configure your clients against it.

  1. In your Oracle Client configure the sqlnet.ora
    NAMES.DIRECTORY_PATH = (LDAP)
    NAMES.DEFAULT_DOMAIN = trivadis.com # adjust to your domain
  2. In your Oracle Client configure the ldap.ora
    DIRECTORY_SERVERS = (oassrv01.trivadis.com:389:636) # adjust to your servername and LDAP ports
    DEFAULT_ADMIN_CONTEXT = "dc=trivadis,dc=com" # adjust to your Naming Context
    DIRECTORY_SERVER_TYPE = OID

After this configuration steps start your netmgr and connect to your OID:

 

Over the menu option "Command / Directory / Export Net Service Names..." you can import your actual tnsnames.ora into OID Light

 

For testing whether your Oracle Client is really using your OID or not, just make a small test with tnsping. You should see then "Used LDAP adapter to resolve the alias".

The Oracle Internet Directory Light is really a cool alternative to the huge Oracle Application Server 10g Identity Management, but as usual there are some small limitations in the OID Light (e.g. no MultiMaster Replication, no OPMN, no Cluster Options). But for a small environment or just for testing it is really cool stuff Wink 

Published 09 September 2007 04:07 von Dirk Nachbar
Abgelegt unter: , ,

Kommentare

# Sven Vetter said on 09 September, 2007 07:57

Sicherlich eine gute Möglichkeit, einfach einen TNSNAMES-Ersatz zu haben.

Ich würde aber den produktiven Einsatz nur sehr bedingt empfehlen. Datenbank für "OID Light" ist Oracle XE, Version 10.2.0.1.

Für diese Version gibt es bis jetzt noch weder Patchsets noch CPUs. Das heisst, alle bekannten Sicherheitslücken dieser Version sind nicht gefixt - und können dadurch ausgenutzt werden.

# Dirk Nachbar said on 11 September, 2007 05:29

Salut Sven,

da hast Du vollkommen recht. Mal schauen, ob ich die Konfigurationsskripte des OID Light anpassen kann, so dass eine "User-Defined" Datenbank verwendet werden kann.

# hfr said on 18 Oktober, 2007 03:20

Hallo,

in meinem Oracle Net Manager gibts den Punkt "Command / Directory / Export" nicht, nur einen Punkt "Test Service". Verwende die Version 10.2.0.0.0 (wo finde ich die jeweils aktuelle, bin auf otn nicht fündig geworden?).

Beste Grüße

# Sven’s Technik-Blog » Blog Archive » Oracle Internet Directory Light said on 19 Oktober, 2007 05:46

Ping Antwort von  Sven’s Technik-Blog  » Blog Archive   » Oracle Internet Directory Light

# Dirk Nachbar said on 20 Oktober, 2007 01:22

Hallo hfr,

in meinem Beispiel habe ich den netmgr aus der Oracle 10g Release 2 (10.2.0.3) verwendet.

Die Software findest Du unter www.oracle.com/.../index.html (10.2.0.1.0) und den entsprechend letzten Patch bekommt man im Metalink http://metalink.oracle.com

Gruss Dirk Nachbar

Kommentar abgeben

(verpflichtend) 
(verpflichtend) 
(optional)
(verpflichtend)