LDAP is the directory protocol that Net8 uses when you choose to use the directory naming method for name resolution. To configure LDAP on a client, you need to create an ldap.ora file that contains at least the following information: -
The host and port numbers for the LDAP directory server -
A default admin context -
The type, or brand, of LDAP server that you are using The ldap.ora file goes in the same directory as sqlnet.ora , tnsnames.ora , and your other Net8 configuration files. Chapter 6 talks in detail about the use of Oracle's directory productOracle Internet Directoryfor net service name resolution. 3.5.1 Identifying the LDAP Directory From a client perspective, if you are using LDAP, the most important thing is to identify the specific LDAP server that you are using. There are two parts to this. You must identify the brand, and you must specify the network address of the actual server. To specify the brand of LDAP server that you are using, place a DIRECTORY_SERVER_TYPE entry into your ldap.ora file. The following entry specifies that the LDAP server is an instance of the Oracle Internet Directory: DIRECTORY_SERVER_TYPE = OID There are other type codes besides OID. Table 3.4 gives a complete list. Table 3.4. Directory Server Type Codes Code | Directory Server Product | OID | Oracle Internet Directory | AD | Microsoft Active Directory | NDS | Novell Directory Services | To identify the network address of the specific LDAP server that you want to use, place a DIRECTORY_SERVERS entry into your ldap.ora file. For example: DIRECTORY_SERVERS = (ldap01.gennick.org:389:636, ldap02.gennick.org:389:636) If you list multiple servers, Net8 tries them in the order in which they are listed. The port numbers shown here are the defaults used by OID. Port 389 is used for unsecured connections, and port 636 is used for Secure Socket Layer (SSL) connections. 3.5.2 Choosing a Default Admin Context Net8 ignores your default domain setting when LDAP is used. Instead it looks for a DEFAULT_ADMIN_CONTEXT setting in your ldap.ora file. Here's an example of a default admin context that corresponds to the gennick.org domain: DEFAULT_ADMIN_CONTEXT ="dc=gennick, dc=org" When LDAP is being used, and Net8 encounters an unqualified net service name, it appends the default admin context to the end of that name. The result is a distinguished name that Net8 uses in querying the LDAP directory. For example, with the setting shown here in place, if you specified an unqualified name of prod , Net8 would translate that to the following distinguished name: "cn=prod, cn=OracleContext, dc=gennick, dc=org" Notice the cn=OracleContext in the distinguished name. This does not come from the default admin context, nor from the unqualified name entered by the user . Net8 always adds this. In an LDAP directory, net service names are always expected to reside under an OracleContext entry. |