11 LDAP Parameters in the Connect Identifier
This chapter describes the LDAP parameters that you can directly specify in the database client connect identifier, when using the Directory Naming method.
- About Using LDAP Parameters in the Connect Identifier
The Directory Naming method provides an alternative method to specify LDAP name lookup, by using LDAP parameters in the connect identifier. - Allowed Parameters in the Connect Identifier
These are the LDAP parameters that you can use in the connect identifier.
11.1 About Using LDAP Parameters in the Connect Identifier
The Directory Naming method provides an alternative method to specify LDAP name lookup, by using LDAP parameters in the connect identifier.
This eliminates the need for external configuration files (ldap.ora
and sqlnet.ora
) to connect to the database. The values that are specified as part of ldap.ora
and sqlnet.ora
for LDAP name lookup are directly passed in the connect identifier.
If ldap.ora
or sqlnet.ora
is present and you use LDAP parameters in the connect identifier, then the connect identifier values take precedence.
Related Topics
Parent topic: LDAP Parameters in the Connect Identifier
11.2 Allowed Parameters in the Connect Identifier
These are the LDAP parameters that you can use in the connect identifier.
- Protocol-Specific Parameters
These connect identifier parameters (PROTOCOL
,HOST
,PORT
,NAME
, andCONTEXT
) are name-value pairs that define the LDAP connection. - AUTHENTICATE_BIND
TheAUTHENTICATE_BIND
parameter specifies whether the LDAP naming adapter should use a wallet for authentication. - AUTHENTICATE_BIND_METHOD
TheAUTHENTICATE_BIND_METHOD
parameter specifies authentication method for the client LDAP naming adapter. - DIRECTORY_SERVER_TYPE
TheDIRECTORY_SERVER_TYPE
parameter specifies the directory server to be used for LDAP-based name lookup. - WALLET_LOCATION
TheWALLET_LOCATION
parameter specifies the directory where an Oracle wallet is stored.
Parent topic: LDAP Parameters in the Connect Identifier
11.2.1 Protocol-Specific Parameters
These connect identifier parameters (PROTOCOL
, HOST
, PORT
, NAME
, and CONTEXT
) are name-value pairs that define the LDAP connection.
Purpose
To configure name-value pairs that define the LDAP connection.
Usage Notes
Parameter | Description | Required |
---|---|---|
|
Protocol, either The |
Yes |
|
Host name where your LDAP directory server is running. |
Yes |
|
Port number for the LDAP connection. The default port for the |
No |
|
LDAP entry to resolve the connect descriptor. This entry must be contained in the |
Yes |
|
Directory naming context containing The default value for this parameter is: For example, a context can be:
|
No |
Example
Here is a sample connect identifier, specified with all the LDAP connection parameters:
scott/password@ldaps://ldapserver:636/cn=orcl,cn=OracleContext,dc=example,dc=com
Related Topics
Parent topic: Allowed Parameters in the Connect Identifier
11.2.2 AUTHENTICATE_BIND
The AUTHENTICATE_BIND
parameter specifies whether the LDAP naming adapter should use a wallet for authentication.
Purpose
To specify whether the LDAP naming adapter should attempt to authenticate using a specified wallet, when it connects to the LDAP directory to resolve the service name in the connect string.
Usage Notes
When set to FALSE
, the LDAP connection is established using an anonymous bind.
When set to TRUE
, the LDAP connection is authenticated using an Oracle wallet. You must specify the wallet location using the WALLET_LOCATION
parameter.
Values
TRUE
| FALSE
Default
FALSE
Example
AUTHENTICATE_BIND=TRUE
Related Topics
Parent topic: Allowed Parameters in the Connect Identifier
11.2.3 AUTHENTICATE_BIND_METHOD
The AUTHENTICATE_BIND_METHOD
parameter specifies authentication method for the client LDAP naming adapter.
Purpose
To specify the authentication method that the client LDAP naming adapter should use while connecting to the LDAP directory to resolve connect string names.
Usage Notes
The simple authentication method over LDAPS (LDAP over TLS connection) is supported.
You store the directory entry DN and password in an Oracle wallet. When the client connects to the LDAP server, it is authenticated using the credentials stored in this wallet. The wallet trust store must contain root certificates issued by the certificate authority of the LDAP server.
The LDAP naming adapter uses the oracle.ldap.client.dn
and oracle.ldap.client.password
entries from the wallet for authenticating to the LDAP server. If these entries are not present, then the client attempts an anonymous authentication using LDAPS.
Values
-
LDAPS_SIMPLE_AUTH
-
NONE
Default
NONE
Example
AUTHENTICATE_BIND_METHOD=LDAPS_SIMPLE_AUTH
Related Topics
Parent topic: Allowed Parameters in the Connect Identifier
11.2.4 DIRECTORY_SERVER_TYPE
The DIRECTORY_SERVER_TYPE
parameter specifies the directory server to be used for LDAP-based name lookup.
Purpose
With the Directory Naming method, connect identifiers are mapped to connect descriptors contained in an LDAP-compliant directory server. You can specify a directory server to be used, such as Oracle Internet Directory, Oracle Unified Directory, or Microsoft Active Directory.
Values
-
OID
for Oracle Internet Directory or Oracle Unified Directory -
AD
for Microsoft Active Directory
Default
OID
Example
DIRECTORY_SERVER_TYPE=AD
Related Topics
Parent topic: Allowed Parameters in the Connect Identifier
11.2.5 WALLET_LOCATION
The WALLET_LOCATION
parameter specifies the directory where an Oracle wallet is stored.
Purpose
To specify the LDAP directory where the client wallet is stored. This wallet is used for making Transport Layer Security (TLS) connections to the LDAP directory.
Note:
This is a client-side parameter, and is not applicable to the database connection.Usage Notes
The database client searches for the client wallet in this order:
-
The client first looks for the
WALLET_LOCATION
parameter value in the connect identifier. -
If no wallet is present, then the client searches for the
WALLET_LOCATION
parameter value in thesqlnet.ora
file. -
If no wallet is present, then the client uses the wallet from the operating system's default certificate store.
Default
None
Example
WALLET_LOCATION=/home/oracle/wallet
Related Topics
Parent topic: Allowed Parameters in the Connect Identifier