8.2.5 Specify LDAP Parameters Directly in a Connect Identifier
The Directory Naming method provides an alternative way to specify LDAP name lookup, by using LDAP parameters in a database client connection identifier. With this feature, you do not need to configure external configuration files (ldap.ora or sqlnet.ora) to connect to the database.
The values that are specified as part of ldap.ora and sqlnet.ora for LDAP name lookup are directly passed in the connect identifier. If ldap.ora or sqlnet.ora is present and you use LDAP parameters in the connect identifier, then the connect identifier values take precedence.
Syntax for the Connect Identifier
ldap[s]://host[:port]/name[,context][?parameter1=value1{¶meter2=value2}]For example:
sqlplus "<user_name>/<password>@ldaps://<host_name>:<port>/cn=sales,cn=oraclecontext?DIRECTORY_SERVER_TYPE=oid&WALLET_LOCATION=/oracle/network/admin&AUTHENTICATE_BIND=true&AUTHENTICATE_BIND_METHOD=LDAPS_SIMPLE_AUTH"Here, <user_name>/<password> specify the database user name and password for the connection.
The following are protocol-specific parameters specified using ldap[s]://host[:port]/name[,context]:
| Syntax Element | Description | Default Value |
|---|---|---|
|
|
This is a mandatory parameter. Specifies the protocol, such as The |
Not applicable |
|
|
This is a mandatory parameter. Specifies the host name where your LDAP directory server is running. |
Not applicable |
|
|
This is an optional parameter. Specifies the port number for the LDAP connection. |
|
|
|
This is a mandatory parameter. Specifies the LDAP entry to resolve the service name in the connect string. This entry must be contained in the |
Not applicable |
|
|
This is an optional parameter. Specifies the directory naming context containing For example, a context can be:
|
|
The following are directory usage parameters specified using parameter=value. All these are optional parameters:
| Syntax Element | Description | Default Value |
|---|---|---|
|
|
Specifies the directory server to use for LDAP-based name lookup. The value can be:
|
|
|
|
Specifies whether the LDAP naming adapter should use a wallet for authentication. The value can be See AUTHENTICATE_BIND. |
|
|
|
Specifies the directory where Oracle wallet is stored. See WALLET_LOCATION. |
Not applicable |
|
|
Specifies the authentication method for the client LDAP naming adapter. The value can be |
|
Note:
Thedirectory_server_type, wallet_location, authenticate_bind, and authenticate_bind_method parameters are position independent.
Sample Connect Identifiers
Let us look at some examples on how to specify a connect identifier with different values:
-
With all parameters:
All the required and optional parameters are specified in the string.
"scott/password@ldaps://ldapserver:636/cn=orcl,cn=OracleContext,dc=example,dc=com?DIRECTORY_SERVER_TYPE=oid&WALLET_LOCATION=/wallet&AUTHENTICATE_BIND=true&AUTHENTICATE_BIND_METHOD=LDAPS_SIMPLE_AUTH" -
Without directory server:
The default directory server (OID) is used:
"scott/password@ldaps://ldapserver:636/cn=orcl,cn=OracleContext,dc=example,dc=com?WALLET_LOCATION=wallet&AUTHENTICATE_BIND=true&AUTHENTICATE_BIND_METHOD=LDAPS_SIMPLE_AUTH" -
Without authenticate_bind:
The default
authenticate_bindvalue (false) is used, and thusauthenticate_bind_methodis ignored."scott/password@ldaps://ldapserver:636/cn=orcl,cn=OracleContext,dc=example,dc=com?DIRECTORY_SERVER_TYPE=oid&WALLET_LOCATION=wallet&AUTHENTICATE_BIND_METHOD=LDAPS_SIMPLE_AUTH" -
With admin context:
The context name value is specified as
cn=OracleContext,dc=example,dc=com."scott/password@ldaps://ldapserver:636/cn=orcl,cn=OracleContext,dc=example,dc=com?DIRECTORY_SERVER_TYPE=oid&WALLET_LOCATION=/wallet&AUTHENTICATE_BIND=true&AUTHENTICATE_BIND_METHOD=LDAPS_SIMPLE_AUTH" -
Without admin context:
The context value (
cn=OracleContext,dc=example,dc=com) is null.“scott/password@ldaps://ldapserver:636/orcl?DIRECTORY_SERVER_TYPE=oid&WALLET_LOCATION=/wallet&AUTHENTICATE_BIND=true&AUTHENTICATE_BIND_METHOD=LDAPS_SIMPLE_AUTH" -
With minimal parameters:
A minimal set of protocol-specific parameters are specified (protocol as
ldaps, host asldapserver, port as636, and context that varies in each string)."scott/password@ldaps://ldapserver:636/cn=orcl,cn=OracleContext,dc=example,dc=com""scott/password@ldaps://ldapserver:636/cn=orcl""scott/password@ldaps://ldapserver:636/orcl" -
Uses system wallet:
The
WALLET_LOCATIONvalue is not specified in the connect identifier andsqlnet.orafile. In this case, the client uses wallet from the operating system's default certificate store."scott/password@ldaps://ldapserver:636/cn=orcl,cn=OracleContext,dc=example,dc=com?DIRECTORY_SERVER_TYPE=oid" -
With the LDAP protocol:
The
LDAPprotocol is specified for OID configuration in these strings."scott/password@ldap://ldapserver:2389/cn=orcl,cn=OracleContext,dc=example,dc=com?DIRECTORY_SERVER_TYPE=oid&AUTHENTICATE_BIND=false""scott/password@ldap://ldapserver:2389/cn=orcl,cn=OracleContext,dc=example,dc=com" -
With directory server along with user name and password authentication
The
DIRECTORY_SERVER_TYPEvalue is specified asAD(to use Microsoft Active Directory). TheAUTHENTICATE_BINDandAUTHENTICATE_BIND_METHODvalues specifyLDAPS_SIMPLE_AUTH, which provides user name and password-based authentication."scott/password@ldaps://ldapserver:636/cn=orcl?DIRECTORY_SERVER_TYPE=AD&WALLET_LOCATION=/wallet&AUTHENTICATE_BIND=true&AUTHENTICATE_BIND_METHOD=LDAPS_SIMPLE_AUTH" -
With directory server along with Windows native authentication
The
DIRECTORY_SERVER_TYPEvalue is specified asAD(to use Microsoft Active Directory). TheAUTHENTICATE_BINDvalue is specified astrue, which implies the defaultLDAPS_SIMPLE_AUTH=NONEsetting. This provides Windows native authentication, using Windows login credentials."scott/password@ldap://ldapserver:389/cn=orcl?DIRECTORY_SERVER_TYPE=AD&AUTHENTICATE_BIND=true"
Related Topics
Parent topic: Configuring the Directory Naming Method