Partly as a result of having problems with conflicting versions or bitness with the full installation of Oracle client, my development team (of which I'm a member) has been moving towards using Oracle Instant Client and avoiding the installation on our development machines for most new projects. This has worked out pretty well, even to the point that we deploy to production with this setup. Since we're mostly a .NET shop, we're using the native client (with .NET wrappers), rather than the Java one.
Now a client is requiring that we register the database service with an LDAP server and use the LDAP server for name look up. They have provided sqlnet.ora and ldap.ora files (and an accompanying encryption config file) that appear to be correct. In particular, the sqlnet.ora file does specify LDAP as a possible source for looking up net service names:
names.directory_path=(tnsnames,ldap)
I am confident that the machine I'm working with can use LDAP to access the service since I was able to do so using SQL Developer (which allowed me to input the LDAP information directly). Assuming they are correct, how can I get Instant Client to recognize this configuration and use LDAP for the name look up?
What I've tried so far
I have tried setting the TNS_ADMIN environment variable to the directory that contains the provided files, and while this works fine for making Instant Client recognize a tnsnames.ora file, it doesn't seem to be enough to get it to start looking at LDAP. Here are the results (with paths, usernames, and passwords changed):
(The following commands happen to be Windows Command Prompt, but I imagine something similar is doable on Linux. The sqlplus seen here is the Instant version as well, with accompanying Instant Client binaries in the same directory.)
C:\TEMP>SET TNS_ADMIN=C:\path\to\sqlnet\ldap\and\tnsnames\ora\files
C:\TEMP>echo %TNS_ADMIN%
C:\path\to\sqlnet\ldap\and\tnsnames\ora\files
C:\TEMP>sqlplus.exe USERNAME/PASSWORD@LOCALTNSNAME
SQL*Plus: Release 11.2.0.2.0 Production on Mon Jul 7 10:22:25 2014
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Produ
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
C:\TEMP>sqlplus.exe USERNAME/PASSWORD@LDAPTNSNAME
SQL*Plus: Release 11.2.0.2.0 Production on Mon Jul 7 10:24:21 2014
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS:could not resolve the connect identifier specified
Side note
Are there tags for TNS, LDAP, or Instant Client (or even just normal Oracle Client) that could be added to this question? I couldn't locate any.
2 Answers 2
Place the sqlnet.ora and ldap.ora files in your $ORACLE_ADMIN directory and make sure to set the environment variables. I made mine the TNS_ADMIN directory
(Linux) my .bashrc
export TNS_ADMIN=/opt/oracle/instantclient_12_1/network/admin
export ORACLE_ADMIN=${TNS_ADMIN}
[ku14lts:/opt/oracle/instantclient_12_1/network/admin]
$ ls
ldap.ora sqlnet.ora tnsnames.ora
And I was able to connect to a DB not in my tnsnames.ora
Using an Oracle 19c instant client, I found it necessary to copy the OH/[network|/mesg]/oraus.ms[bg] files from a 19c server, to the same location in instant client.
The tns files were copied so that tnsping would work, and the ldap files so that LDAP resolution would work.
$ ls -l $(pwd)/{ldap,network}/mesg/*
-rw-r--r-- 1 oracle dba 136704 Jul 21 06:20 /opt/oracle/instantclient_19_16/ldap/mesg/ldapus.msb
-rw-r--r-- 1 oracle dba 185547 Jul 21 06:20 /opt/oracle/instantclient_19_16/ldap/mesg/ldapus.msg
-rw-r--r-- 1 oracle dba 50688 Jul 21 06:12 /opt/oracle/instantclient_19_16/network/mesg/tnsus.msb
-rw-r--r-- 1 oracle dba 259879 Jul 21 06:12 /opt/oracle/instantclient_19_16/network/mesg/tnsus.msg
$ tnsping js01
TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 21-JUL-2023 06:26:34
Copyright (c) 1997, 2021, Oracle. All rights reserved.
Used parameter files:
/opt/oracle/instantclient_19_16/network/admin/sqlnet.ora
Used LDAP adapter to resolve the alias
Attempting to contact (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=ora11203fs)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=js01)))
OK (0 msec)
where(C:\TEMP\sqlplus.exe). To be more specific,sqlplusis not "installed" on the machine. It's just sitting in the current directory, with the client binaries beside it. It's definitely picking up on thetnsnames.orafile using theTNS_ADMINenvironment variable, since that is off in a completely different directory.where oci.dll, too. It also gives the expected result:C:\TEMP\oci.dll.