9i DB authenticaton to OID store
Date: Fri, 15 May 2009 15:45:22 +0100
I have been tasked with getting a 9i ( 18.104.22.168 ) DB to authenticate users through OID. Our OID is already supporting password authentication for a load of 10g databases, so I know for a fact that the OID is authenticating correctly. These are not full blown EUS users, just simply password authentication for local DB users to the OID, backed by the MS AD store.
9i obviously needs to use SSL to authenticate the DB to the OID store, to that end you create a wallet with the correct certs stored inside.
I have the wallet installed, sqlnet.ora is pointing to the wallet. Now as the "oracle" user, who owns the binaries and started the instance, I can successfully authenticate a user within the 9i DB to the OID store ( additionally I can ldapbind with SSL ) so I know the wallet is sound.
Now If I attempt to perform the same test, a simple sqlplus session, using another Unix user ID, userA on the same server, it fails with "Open wallet failed". Now userA can see the wallet files, can see the sqlnet.ora pointing to the wallet.Note there is no TNS involved, purely local connections. Indeed as one more test, as advised by the various MetaLink notes, userA can also use the wallets to perform a sucessful ldapbind using SSL.
I currently have an Oracle Support ticket open, but I just can't make sense of it. The wallet is sound but when sqlplus fires up for any user other than the instance/binaries owne, it refuses to work.
So I wondered, does anyone else have any experience with 9i, wallets, DB authentication to an OID store and may have run into this problem before?
Any suggestions are welcome!
Thanks for your time.
Please consider the environment before printing
This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. To the extent this email has been sent to you by any GAM company domiciled in the EU, being GAM (U.K.) Limited, GAM Sterling Management Limited, GAM International Management Limited, GAM London Limited, GAM Fund Management Limited, or GAM Fonds Marketing GmbH i.L., please note the following details in respect of each such company:
- GAM (U.K.) Limited (a company limited by shares and registered in England and Wales with
company number 01664573);
- GAM Sterling Management Limited (a company limited by shares and registered in England and
Wales with company number 01750352);
- GAM International Management Limited (a company limited by shares and registered in England
and Wales with company number 01802911);
- GAM London Limited (a company limited by shares and registered in England and Wales with
company number with Company Number 00874802) Each of Registered Office: 12 St. James's Place, London, SW1A 1NX GAM Sterling Management Limited, GAM International Management Limited and GAM London Limited are each authorised and regulated by the Financial Services Authority. GAM Fund Management Limited (a company limited by shares and registered in Ireland with no. 156828) of Registered Office: George's Court 54-62 Townsend Street Dublin 2, Ireland GAM Fonds Marketing GmbH, i.L. (a company limited by shares and registered in Germany under No. HRB 66857) of Friedrichstrasse 154, D-10117 Berlin, Germany. The competent Commercial Register is "Amtsgericht Charlottenburg" in Berlin. Liquidator: Daniel Durrer.
Received on Fri May 15 2009 - 09:45:22 CDT