How to find Oracle clients using a specific connect identifier resolved by Oracle LDAP (OID)? If the clients use their local tnsnames.ora file to resolve a connect identifier, there's no way to directly find out which clients use a specific connect identifier. The indirect way is: create a new service in the database, modify the connect identifier to use that service, and check the sessions in the database using that service. ------------------------------------------------------------------------------------------------------------------------ But if you use OID (OUD) or Oracle LDAP for the clients to resolve the connect identifiers and the OID server is Linux, here's how. Suppose you want to find the clients querying connect identifier mydb, on the OID server, trace it like this: $ strace -e trace=recvmsg,read -f -s100 -p$(pgrep oidldapd) 2>&1 | perl -nle '$|=1; print $1 if /recvmsg.*ffff:([^\\]+)/ or /read.*?cn=(\w+)/' | grep -B1 -i mydb mydb So the client with queried mydb. You can of course pass a partial string as the connect identifier to the command; if you have databases pointed at by identifiers hrdbd, hrdbt, and hrdbp (maybe for Dev, Test and Prod respectively) and you want to find all clients querying any of these identifiers, just pass "hrdb" to the command. If you have already collected the strace output (by -o ), you can cat and pipe its content to the Perl command. If you want to see all the connect identifiers being queried instead of a specific one, run this command: $ strace -e trace=recvmsg,read -f -s100 -p$(pgrep oidldapd) 2>&1 | perl -nle 'print $1 if /recvmsg.*ffff:([^\\]+)/ or /read.*?cn=(\w+)/' mydb2 mydb3 mydb4 replication replication changelog The above output says client queried connect identifier mydb2, and later mydb3. Client queried mydb4. Client appeared to query something but didn't (it was our F5 load balancer sending a "heartbeat" to check availability of the OID server and is the source of our tons of "sgslufread: Hard error on read, OS error = 104" errors in log file; Ref: Bug 20360006). Ignore it. Occasionally the Perl one-liner picks up some OID maintenance work; our OID has replication set up. If needed, I can improve the regex pattern to filter them out. Ignore it too. The strace command here adds 2.5% to 3% of CPU on a VM with 2 2.6GHz Intel CPUs. The "-e trace=recvmsg,read" filter is there to reduce CPU in strace itself instead of by Perl; without it CPU overhead would be 5% on this VM. ------------------------------------------------------------------------------------------------------------------------ There *is* a supported method to find those Oracle clients. Before OID 12c, we can set debug flag to 1 according to Doc 1239943.1. Create an ldif file say debug.ldif with these lines: dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry changetype:modify replace:orcldebugflag orcldebugflag: 1 and run on the OID server (if remotely, change $HOSTNAME to OID hostname): $ ldapmodify -h $HOSTNAME -p 389 -D cn=orcladmin -w -f debug.ldif Once enough logs have been created, you can find the client IPs and the connect identifier mydb they queried with this command (change the path as needed): $ for i in /u01/app/oracle/oidinst/diagnostics/logs/OID/oid1/oidldapd01s`pgrep oidldapd`-00??.log; do grep -B1 -i " cn=mydb" $i | perl -nle 'print $1 if /ffff:([^:]+)/ or / cn=(\w+)/'; done where mydb can be just the beginning part of the identifier (e.g. mydbd, mydbp etc). The output is like mydb To turn off, change the value of orcldebugflag in debug.ldif to 0 and run the ldapmodify command. To check its current value, run: $ ldapsearch -h $HOSTNAME -p 389 -D cn=orcladmin -w -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base objectclass=* orcldebugflag orcldebugop The method uses slightly less CPU than strace and the output is cleaner. But the log files grow fast, so it may not be ideal for long-time monitoring. Theoretically, instead of waiting till logs have been generated, you could monitor the logs in real time: $ tail -f /u01/app/oracle/oidinst/diagnostics/logs/OID/oid1/oidldapd01s`pgrep oidldapd`-000?.log | grep -B1 " cn=mydb" | perl -nle 'print $1 if /ffff:([^:]+)/ or / cn=(\w+)/' Modern Linux supports tail -f on multiple files. But this is not working well. Alternatively, you can open as many windows as log files and tail -f on each and pipe to monitor. But the number of log files may also grow. You can control the number by setting orclmaxlogfiles in OID per https://docs.oracle.com/middleware/11119/oid/administer/logging.htm#CHDIACGA Ref: https://community.oracle.com/message/15584466 SR 3-22683363351 2020-03,-04 For OID 12c, this is already turned on. You can use a Perl program to extract some fields interesting to you, e.g. #!/usr/bin/perl -w #extract_ldap_log.pl print "Time IP ConnDN gslsbsSearchBase gsleswrASndResult\n"; open LOG, '<', "$ARGV[0]" or die "Can't open the log file to read: $!"; while () { if (/^\[(20\d\d-\d\d-\d\dT\d\d:\d\d:\d\d)/) { $tm=$1; undef $ip; undef $conndn; undef $srbs; undef $snrs; } elsif (/ConnIP:::ffff:([^:]+).+?ConnDN:(.+)/) { $ip=$1; $conndn=$2; } elsif (/gslsbsSearch \* BASE = "([^"]+)/) { $srbs=$1; } elsif (/gsleswrASndResult.+RESULT=(\d+)/) { $snrs=$1; } elsif (/^END/ or /^\]\]/) { next; } print "$tm $ip $conndn $srbs $snrs\n" if defined($tm) and defined($ip) and defined($conndn) and defined($srbs) and defined($snrs); } and run it like ./extract_ldap_log.pl oidldapd01s12345-0001.log 2020-06