Top 60 Oracle Blogs

Recent comments


Trusted Information Sharing – ABAC Architecture

In my previous post, I introduced you to the two concepts of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). ABAC resolves a number of the limitations associated with RBAC, as I discussed in that post. In this post, I wanted to drill into the architecture underlying ABAC a little bit more.

In simple terms, there are four main parts of the ABAC architecture. These are:

Referencing LDAP for JDBC thin client connections….

Just a quick note, to mention something that I just recently discovered.  (Yes, this has been available since at least Oracle 10.1, but I wasn’t aware of it!)

When composing a JDBC thin client connect URL, we have been using something of the form:

This is fine, but if you have a mix of Oracle OCI clients and JDBC thin clients, and if the OCI clients are all configured to use an LDAP server for Net Service Name resolution, then, whenever you make any kind of reconfiguration, you need to update the LDAP server, and then still need to update the hardcoded connection information in the JDBC Thin URL.

However, what i recently discovered, is that it’s possible to define your JDBC Thin URL, thus:

OpenLDAP – Using phpldapadmin to Maintain your LDAP Server

This is the final part of a multi-part blog post on using OpenLDAP for Net Service Name Resolution.  Part 1 can be found here.

Ok, now that you have installed and configured phpldapadmin, you’ll want to do some customization, that will facilitate using phpldapadmin specifically for maintaining Net Service Names.  Remember, phpldapadmin is a generic tool, that can be used to manage any LDAP server, with virtually any type of content.  At this point, you can use it to manage your LDAP server, but, I’ll provide you two new custom templates, for managing Net Service Names and Net Service Aliases.

Basic phpldapadmin Navigation

OpenLDAP – phpldapadmin – Install and Configure

This is part 5 of a multi-part blog post on using OpenLDAP for Net Service Name Resolution.  Part 1 can be found here.

Day to Day Management

The tns2ldif program is great for converting a large number of Net Service Names into the LDIF format, for subsequent bulk loading into the LDAP server.  But, for day to day operation, where you may want to add or delete individual Net Service Names or modify an existing Net Service Name, hand editing LDIF files is probably not an optimal solution.  So, is there a GUI solution that may help with this type of day to day work?  There are a few free LDAP GUIs available.  The one I have chosen is phpldapadmin.


OpenLDAP – Care and Feeding of Your LDAP Server

This is part 4 of a multi-part blog post on using OpenLDAP for Net Service Name Resolution.  Part 1 can be found here.


You should now have a correctly installed and fully configured LDAP server, that’s up to the task of doing Net Service Name resolution.  So, now you’ve come this far, you probably have a whole list of Net Service Names that you want to load into your LDAP server.  We’ve reviewed the LDIF format for Net Service Names, but, unless you have a very small number of Net Service Names, converting them from tnsnames.ora format to LDIF format could prove to be a very tedious task, indeed.  In my case, I had approximately 250 Net Service Names, that I needed to load.  So, I wrote a small C program, that I called tns2ldif, for this task.

OpenLDAP – Configuration for Net Service Name Resolution

This is part 3 of a multi-part blog post on using OpenLDAP for Net Service Name Resolution.  Part 1 can be found here.

Configuration for Net Service Name Resolution

Ok, now that you have an OpenLDAP server installed and configured (optionally with master/slave replication configured), it’s time to “teach” it how to handle Oracle Net Service Names.  The first thing you’ll want to do is  create a directory under /etc/openldap, thus:

mkdir /etc/openldap/oidschema

OpenLDAP – Installation and Basic Configuration

This is part 2 of a multi-part blog post on using OpenLDAP for Net Service Name Resolution.  Part 1 can be found here.


Installing and configuring OpenLDAP on Oracle Linux 6 is a fairly simple and straightforward process.  (Note that I’m working with Oracle Linux 6.4, this process may differ on other Linux distributions and/or versions.)

Installation of OpenLDAP consists of simply executing the following command as root:

yum -y install openldap-servers openldap-clients

That’s it for installation.  Now, you’ll need to do the basic OpenLDAP configuration, and finally set it up to handle Oracle Net Service Names.


Using OpenLDAP for Net Service Name Resolution

OID is Oracle’s official solution

Several years ago, I was struggling with a solution to managing hundreds of net service names across several dozen database servers and many hundreds of Oracle client machines.  At the time, Oracle had just discontinued ONAMES (which I never had an opportunity to use), and the “official” Oracle solution was the OIM/OID software suite.  Well, after weeks of struggling with OID, I decided it was an unwieldy beast, and was just plain painful to set up.  (I don’t think I ever did get it completely working.)  Just as things were looking down, I spotted a bit of sunlight, through the fog.