Home / server / Questions / 192359
Accepted
Mark Harrison
Asked: 2010-10-19 21:38:04 +0800 CST

Oracle: replacing tnsnames.ora with LDAP lookup?

  • 772

How do I go about replacing client-side tnsnames.ora with an ldap query?

I'm not interested in running Oracle LDAP, we have an existing LDAP infrastructure.

I need:

  • format of LDAP entry

  • how client is configured to fetch the LDAP connection information. Is this automatic in the OCI runtime?

Oracle 10.2 or 11.x if versions matter.

ldap oracle

2 Answers

  1. Best Answer

    Oracle can "officially" only use OID or AD as LDAP servers. In LDAP.ORA (in $ORACLE_HOME/network/admin or $TNS_ADMIN) put:

    DEFAULT_ADMIN_CONTEXT = “ou=ora,dc=company,dc=com”
DIRECTORY_SERVERS = (ldap1.company.com:389, ldap2.company.com:389)
DIRECTORY_SERVER_TYPE = OID

    The type can be OID or AD. The multiple servers are for redundancy; it will not try each one in turn. Then in SQLNET.ORA:

    NAMES.DIRECTORY_PATH=(LDAP, TNSNAMES)

    The means try LDAP first, then try TNSNAMES.ORA, then give up.

    If you want to use a third-party LDAP server, Oracle has a product called Virtual Directory that will act as a proxy between them.

    • 5

  2. You do not mention, which LDAP platform you use. I use OpenLDAP for that purpose.

    Basically, you need to import some pieces of oid schema. Then you need to have your tns aliases under cn=OracleContext,dc=company,dc=com node.

    I created a web application http://www.tnsadmin.com for easy management of tnsnames in LDAP entries, which may be used with any LDAP server. You can also find OpenLDAP schema there.

    • 2