Re: SQL Developer / Oracle Directory Server

Hi Niall & Oracle-l,

I was trying to work out what the issue with kerberos and SQLDeveloper (without oracle client) was.

Niall is right however i.e. "if sqlplus works: oracle client (instant client with oci will do)" and SQLDeveloper should work.

Some people do not like having to install Oracle Client (or instant client).

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Thank you for your time,
Turloch

On Mon, Apr 3, 2017 at 1:06 PM, Turloch O'Tierney <turloch_at_gmail.com> wrote:

> Hi Niall,
>
> SQLDeveloper kerberos works - certainly configure with sqlplus if it does
> not work immediately to confirm your configuration
>
> OSMFT does not work (there is a similar new way of referring to cache) due
> to programming oversight - ie need a file reference (or type in password on
> login ie no cache).
>
> Have not tried it with non authenticated LDAP (should not matter)
> Enterprise User Security might not work.
> https://docs.oracle.com/cd/B28359_01/network.111/b28528/
> concepts.htm#DBIMI152
>
> I have not done a SQLDeveloper and Kerberos blog it has been a feature
> since 2008.
>
> The views expressed on this blog are my own and do not necessarily reflect
> the views of Oracle.
>
> Thank you for your time,
> Turloch O'Tierney
>
> On Sat, Apr 1, 2017 at 1:13 PM, Niall Litchfield <
> niall.litchfield_at_gmail.com> wrote:
>
>> I find the easiest thing to do here is to ignore SQL Developer's
>> "kerberos" config but instead configure an oracle client (instant client
>> with oci will do) for kerberos authentication, Then configure SQL Developer
>> to use the client.
>>
>> On Fri, Mar 31, 2017 at 8:19 PM, Noveljic Nenad <
>> nenad.noveljic_at_vontobel.ch> wrote:
>>
>>> Thank you, Turloch. It is a good idea to fall back to the connection
>>> type “advanced“. “advanced” works perfectly with the password
>>> authentication, but I still haven’t got it working with the Kerberos
>>> authentication.
>>>
>>>
>>>
>>> I’m getting “Client not found in Kerberos database(6)”. Does somebody
>>> know how to configure Kerberos with SQL Developer and JDBC driver?
>>>
>>>
>>>
>>>
>>>
>>> *From:* Turloch O'Tierney [mailto:turloch_at_gmail.com]
>>> *Sent:* Freitag, 31. März 2017 18:05
>>> *To:* Noveljic Nenad
>>> *Subject:* Re: SQL Developer / Oracle Directory Server
>>>
>>>
>>>
>>> Hi Noveljic,
>>>
>>>
>>> On LDAP:
>>>
>>>
>>> Note you can use url based LDAP calls (connection type -> advanced) -
>>> awkward - the ldap server is queried at connect time (for host port etc).
>>>
>>> Note there is a different syntax depending on whether you are using
>>> thick(oci/C) or thin(pure java) driver.
>>>
>>> These 'refer to ldap by url' connections can be exported imported etc as
>>> normal.
>>>
>>>
>>> Old semi related LDAP blog:
>>> http://totierne.blogspot.co.uk/2009/03/sqldeveloper-ldap-suc
>>> cess-and-failure.html
>>>
>>> The views expressed on this blog are my own and do not necessarily
>>> reflect the views of Oracle.
>>>
>>>
>>>
>>> Thank you for your time,
>>>
>>> Turloch O'Tierney
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Feb 24, 2017 at 7:01 PM, Noveljic Nenad <
>>> nenad.noveljic_at_vontobel.ch> wrote:
>>>
>>> The other tools don't do subtree search. It is specific to SQL Developer.
>>>
>>>
>>> Gesendet über BlackBerry Work (www.blackberry.com)
>>>
>>> *Von: *Niall Litchfield <niall.litchfield_at_gmail.com>
>>>
>>> *Datum *Freitag, 24. Feb. 2017, 6:17 PM
>>>
>>> *An: *Noveljic Nenad <nenad.noveljic_at_vontobel.ch>
>>>
>>> *Cc: *oracle-l_at_freelists.org <oracle-l_at_freelists.org>
>>>
>>> *Betreff: *Re: SQL Developer / Oracle Directory Server
>>>
>>>
>>>
>>> I don't have an answer, but I am surprised that it works elsewhere. I'd
>>> expect em and other tools to fail as well.
>>>
>>>
>>>
>>> On 24 Feb 2017 15:40, "Noveljic Nenad" <nenad.noveljic_at_vontobel.ch>
>>> wrote:
>>>
>>> Dear fellows,
>>>
>>>
>>>
>>> I use Oracle Directory Server (ODS) 11.1.1.7.0 for database name
>>> resolution which works perfect except for SQL Server Developer. I'm
>>> currently on the version 4.1.5, but the problem reproduces on other
>>> versions as well.
>>>
>>>
>>>
>>> The sole purpose of the ODS in question is names resolution. It is worth
>>> noting that the Oracle context is defined under the root DSE
>>> (DEFAULT_ADMIN_CONTEXT = "").
>>>
>>>
>>>
>>> I'm getting following error when SQL Developer tries to load Oracle
>>> Contexts: "LDAP:error code 32 - No Such Object"
>>>
>>>
>>>
>>> By looking into the ODS logs, I deduced the ldapsearch done by SQL
>>> Developer:
>>>
>>> $ORACLE_HOME/bin/ldapsearch -h hostname -p port -b "" -s sub
>>> "objectClass=*" cn dn
>>>
>>>
>>>
>>> The problem can also be reproduced by running the ldap search above. The
>>> reason for the error is that, unlike other types of LDAP, ODS doesn't allow
>>> the subtree searches on root DSE. What SQL Developer is trying to do is to
>>> discover all of the oracle contexts under the base entry, which in my case
>>> happens to be the root DSE.
>>>
>>>
>>>
>>> I’ve investigated following options so far, though without success:
>>>
>>> - enabling the subtree search on root DSE in ODS
>>>
>>> - disabling the subtree search for oracle contexts in SQL Developer. In
>>> my case, it would be sufficient to take just the oracle context under the
>>> configured DEFAULT_ADMIN_CONTEXT.
>>>
>>>
>>>
>>> Have I overlooked something? Any other ideas how to solve this problem?
>>>
>>>
>>>
>>> I would like to avoid the migration of OracleContext to another subtree.
>>>
>>>
>>>
>>> Many thanks,
>>>
>>>
>>>
>>> Nenad Noveljic
>>>
>>>
>>>
>>> Twitter: _at_NenadNoveljic
>>>
>>> Home page: http://nenadnoveljic.com
>>>
>>>
>>>
>>>
>>>
>>> ____________________________________________________
>>>
>>> Please consider the environment before printing this e-mail.
>>>
>>> Bitte denken Sie an die Umwelt, bevor Sie dieses E-Mail drucken.
>>>
>>>
>>> Important Notice
>>> This message is intended only for the individual named. It may contain
>>> confidential or privileged information. If you are not the named addressee
>>> you should in particular not disseminate, distribute, modify or copy this
>>> e-mail. Please notify the sender immediately by e-mail, if you have
>>> received this message by mistake and delete it from your system.
>>> E-mail transmission may not be secure or error-free as information could
>>> be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
>>> processing of incoming e-mails cannot be guaranteed. All liability of the
>>> Vontobel Group and its affiliates for any damages resulting from e-mail use
>>> is excluded. You are advised that urgent and time sensitive messages should
>>> not be sent by e-mail and if verification is required please request a
>>> printed version.
>>>
>>>
>>>
>>>
>>> Important Notice
>>> This message is intended only for the individual named. It may contain
>>> confidential or privileged information. If you are not the named addressee
>>> you should in particular not disseminate, distribute, modify or copy this
>>> e-mail. Please notify the sender immediately by e-mail, if you have
>>> received this message by mistake and delete it from your system.
>>> E-mail transmission may not be secure or error-free as information could
>>> be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
>>> processing of incoming e-mails cannot be guaranteed. All liability of the
>>> Vontobel Group and its affiliates for any damages resulting from e-mail use
>>> is excluded. You are advised that urgent and time sensitive messages should
>>> not be sent by e-mail and if verification is required please request a
>>> printed version.
>>>
>>>
>>>
>>>
>>> Important Notice
>>> This message is intended only for the individual named. It may contain
>>> confidential or privileged information. If you are not the named addressee
>>> you should in particular not disseminate, distribute, modify or copy this
>>> e-mail. Please notify the sender immediately by e-mail, if you have
>>> received this message by mistake and delete it from your system.
>>> E-mail transmission may not be secure or error-free as information could
>>> be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
>>> processing of incoming e-mails cannot be guaranteed. All liability of the
>>> Vontobel Group and its affiliates for any damages resulting from e-mail use
>>> is excluded. You are advised that urgent and time sensitive messages should
>>> not be sent by e-mail and if verification is required please request a
>>> printed version.
>>>
>>
>>
>>
>> --
>> Niall Litchfield
>> Oracle DBA
>> http://www.orawin.info
>>
>
>

--
http://www.freelists.org/webpage/oracle-l