10.2.4 Enabling Oracle Connection Manager in Traffic Director Mode to Use External Password Store

Steps involve creating an Oracle wallet and creating database connection credentials in that wallet for each database service.

Step 1: Create a wallet on Oracle Connection Manager in Traffic Director Mode by using the following syntax at the command line:

mkstore -wrl wallet_location -create

wallet_location is the path to the directory where you want to create and store the wallet.

This command creates an Oracle wallet with the auto-login feature enabled at the specified location:

orapki wallet create -wallet wallet_location -auto_login
Enter password: password
Enter password again: password

The auto-login feature enables Oracle Connection Manager in Traffic Director Mode to access the wallet contents without supplying a password.

Step 2: Create database connection credentials in the wallet by using the following syntax at the command line:

mkstore -wrl wallet_location -createCredential db_service_name username password

wallet_location is the path to the directory where you created the wallet in Step 1. The db_service_name is the service name used by the application in its connect string while connecting to Oracle Connection Manager. The username and password are the tdm user name and password.

Note:

The mkstore wallet management command line tool is deprecated with Oracle AI Database 26ai, and can be removed in a future release.

To manage wallets, Oracle recommends that you use the orapki command line tool.

Repeat this step for each database service that must be accessed by using Oracle Connection Manager in Traffic Director Mode.

For TCP/IP with TLS (TCPS) configuration, Oracle Connection Manager in Traffic Director Mode wallet is already created. In this case, you can skip Step 1 and specify wallet_location in mkstore as the same location used for TCPS configuration.

Note:

• The same tdm user can be used across all services for a given database. However, if required, a different tdm user can also be associated for each service.

• For pluggable database (PDB) services, there are two choices for setting up the tdm user:

  Common tdm user: tdm user can be a common user, in which case Oracle Connection Manager in Traffic Director Mode uses a single set of credentials for proxy authenticating users from different PDBs in a multitenant container database (CDB).

  Per PDB tdm user: tdm user can be a PDB–specific user, in which case Oracle Connection Manager in Traffic Director Mode uses PDB–specific proxy user for proxy authenticating users in a specific PDB.