10.1.1 About the cman.ora File

You can set parameters in the cman.ora file to configure the computer that hosts Oracle Connection Manager.

The cman.ora file resides on the computer that hosts Oracle Connection Manager, and is located in the ORACLE_BASE_HOME/network/admin directory. If the cman.ora file is not present in the ORACLE_BASE_HOME/network/admin directory, then look for the file in ORACLE_HOME/network/admin directory.Oracle Connection Manager will not start if the cman.ora file does not exist. This file includes the following components:

  • Listening endpoint
  • Access control rule list
  • Parameter list

Each Oracle Connection Manager configuration is encapsulated within a single name-value (NV) string, which consists of the preceding components.

One computer can host any number of Oracle Connection Managers, each with its own entry in the cman.ora file. When defining more than one Oracle Connection Manager in the file, you can assign a default by giving only one a fully qualified host name.

You can specify multiple rules for both client and Oracle Connection Manager Control utility (CMCTL) connections. The following guidelines apply when making changes:

  • You must enter at least one rule for client connections and one rule for CMCTL connections. Omitting a rule results in the rejection of all connections for the rule type omitted.
  • Oracle Connection Manager does not support wildcards for partial IP addresses. If you use a wildcard, then use it in place of a full IP address. The IP address of the client may be, for example, (SRV=*).
  • Oracle Connection Manager supports only the /nn notation for subnet addresses. In Example 10-1, in the first rule, /24 represents a subnet mask that comprises 24 left-most bits. Only the first 24 bits in the client's IP address are compared with the IP address in the rule.

Note:

Oracle Connection Manager supports IPv6 addressing. See "Using Oracle Connection Manager as a Bridge for IPv4 and IPv6".

Example 10-1 shows a cman.ora file that contains a configuration entry for an Oracle Connection Manager called CMAN1.

Example 10-1 Sample cman.ora File

CMAN1=
  (CONFIGURATION=
    (ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
    (RULE_LIST=
      (RULE=(SRC=192.0.2.32/24)(DST=sales-server)(SRV=*)(ACT=accept)
        (ACTION_LIST=(AUT=on)(MCT=120)(MIT=30)))
      (RULE=(SRC=192.0.2.32)(DST=proxysvr)(SRV=cmon)(ACT=accept)))
    (PARAMETER_LIST=
      (MAX_GATEWAY_PROCESSES=8)
      (MIN_GATEWAY_PROCESSSES=3)))

Example 10-1 shows the following rules:

  • In the first rule in the example, the following parameters are set:
    • SRC=192.0.2.32/24 is for client connections. It designates the IP address of the client, or source.
    • DST=sales-server designates the destination host name. The ACT parameter specifies the action, that is, accept, reject, or drop. The ACTION_LIST parameter sets attributes for a connection if it is accepted, enabling you to override default parameter settings on a connection-by-connection basis.
  • In the second rule, the following parameters are set:
    • SRC=192.0.2.32 and DST=proxysvr represent the same server, indicating that Oracle Connection Manager and CMCTL must reside on the same computer.

    See Also:

    "Enabling Access Control"

Table 10-1 describes the rule-level parameters in the cman.ora file.

Table 10-1 Rule-Level Parameters in cman.ora File

Parameter Description

SRC

The source host name or IP address of the client. The IP address can be a subnet, such as 192.0.2.62/24.

DST

The destination host name or IP address of the database server. The IP address can be a subnet, such as 192.0.2.62/24.

SRV

The service name of the Oracle database obtained from the SERVICE_NAMES parameter in the initialization parameter file (init.ora).

The service name is given by the client as part of the connect descriptor when connecting to the listener. This service name is compared to the service name specified in the rule list.

ACT

To accept, reject, or drop incoming requests based on the preceding three parameters.

You can define multiple rules in the RULE_LIST. The action (ACT) in the first matched RULE is applied to the connection request. If no rules are defined, then all connections are rejected.

In the following example, client computer client1-pc is denied access to the service sales.us.example.com, but client 192.0.2.45 is granted access to the service db1. 

(RULE_LIST=
  (RULE=(SRC=client1-pc)(DST=sales-server)(SRV=sales.us.example.com)(ACT=reject))
  (RULE=(SRC=192.0.2.45)(DST=192.0.2.200)(SRV=db1)(ACT=accept)))

See Also:

Oracle Database Net Services Reference for additional information about Oracle Connection Manager parameters

Parent topic: Setting Up Oracle Connection Manager