* Can you tell if your client uses LDAP or TNSNAMES to connect to your database? There's no easy way to tell from inside the database whether the client used directory or local tnsnames.ora to find the database net service. v$session_connect_info.authentication_type (or equivalently sys_context('USERENV','AUTHENTICATION_TYPE')) is 'DATABASE' in both cases. However, Oracle LDAP (or previously ONAMES) name resolution differs from TNSNAMES resolution in one useful yet barely documented way: If your SQL contains syntax @abcd in the from clause so it appears that abcd is a DB link, and if the database *server* you currently connect to has LDAP (or ONAMES) configured (usually under $ORACLE_HOME/network/admin on the server) and abcd is a valid entry in LDAP (or ONAMES), then your SQL works as if a database link abcd had really been created by command "create ... database link abcd ...". If you have the same username and password on the current local database and remote database to which abcd points, the SQL runs correctly; if not, you get error "ORA-01017: invalid username/password; logon denied". But if you use TNSNAMES on the local database to resolve names, even if abcd is a valid entry in tnsnames.ora on this server, you get error "ORA-02019: connection description for remote database not found" regardless whether you have the same username/password on the two databases. You can use this feature to tell whether the server side has LDAP (or ONAMES) or TNSNAMES name resolution set up. This of course doesn't tell you what resolution method your client uses to connect to the local database. This "implicit" remote DB name resolution is called global DB link. In 12c or above, you have to explicitly allow is: alter system set allow_global_dblinks=true; in CDB if you use multitenant architecture. * Procedure to install 11gR2 OID for LDAP name resolution If there's no Oracle DB, create one. Minimal config is enough. Then run OUI to install OID. Install and configure Configure without a domain (because this is a minimal installation; no Weblogic is needed) Oracle Middleware Home e.g.: /u01/app/oracle/middleware (The directories are explained at download.oracle.com/docs/cd/E11857_01/install.111/e16847/preparing_for_install.htm) Oracle Home Directory e.g.: oid Oracle Instance Location e.g.: /u01/app/oracle/oidinst Oracle Instance Name e.g.: oidinst1 Deselect Oracle Virtual Directory. Auto port config Create schema, enter system or any DBA's credential OID's password cannot have any punctuation mark! If failed, there're more useful logs to review than the one shown in OUI under /u01/app/oraInventory/logs/, particularly one named rcu.log. Find them all by ls -l /proc//fd | grep log That works on Linux. Other OS'es use different ways to find process open files. lsof on UNIX is universally avaiable. To cleanup and re-install: (1) On OS: ps -fu oracle kill #killing parent processes works the best; kill -9 is not recommended cd /u01/app/oracle rm -rf middleware oidinst (2) In DB: drop user ods cascade; drop user odssm cascade; truncate table system.SCHEMA_VERSION_REGISTRY$; * Change port from 3060 (and 3131) to 389 (and 636) on UNIX/Linux Surpringly, no good documentation exists. Here's what you do... * Autostart on reboot Change N to Y in /etc/oratab for the DB. Add su - oracle -c "ORACLE_HOME=/u01/app/oracle/middleware/oid ORACLE_INSTANCE=/u01/app/oracle/oidinst /u01/app/oracle/oidinst/bin/opmnctl startall" to /etc/rc.local Copy $/bin/dbora to /etc/init.d. Comment out the big if-block before the case line; if won't work. Change $ORACLE_HOME/bin/dbstart $ORACLE_HOME & to su - oracle -c "$ORACLE_HOME/bin/dbstart $ORACLE_HOME" & (do similarly to dbshut). Create symbolic links from /etc/rc3.d using S98dbora, not S99dbora because 99 is for rc.local where OID starts. Add other linsk as needed, such as K01dbora from rc6.d, rc0.d. [Old note below, written in 2004] Simplest way to test using directory (LDAP) naming method for a client to connect to Oracle server Oracle Net directory naming method only supports Oracle's OID and Microsoft Active Directory. If you have OID or AD you can play and break, jump to "Configure LDAP". Otherwise... *** Choose software that contains LDAP Install Oracle9iAS Infrastructure. It may take you a while to find it since it's old. The URL is http://www.oracle.com/technology/software/products/ias/devuse_9ias_r2.html It needs 3.3 GB disk space and 1 GB *combined* RAM and pagefile. The latter is a much easier requirement to satisfy than the memory requirement of AS10g, which refuses to install if you have < 1GB physical RAM. If you do have 1GB RAM, then you can install either AS version. 9iAS infrastructure may still be faster to install, though. *** hosts file issues Oracle AS adamantly insists on fully qualified hostname (commonly called fully qualified *domain* name, FQDN) for installation and won't work with DHCP unless you use AS10g (where you have chgiphost script). Even though I have VMWare Network IPs such as 192.168.203.5/24 [note1] and 10.10.10.3/24 and have added them to c:\windows\system32\drivers\etc\hosts, I still get the error OUI can't continue saying I don't have FQHN. To fix it, I connect this laptop to another computer [note2] and assign a static IP address 10.1.1.7/8 to it, add line 10.1.1.7 myhostname.mycompanydomain myhostname to hosts file, and click the failed Next button again in OUI, it works! (myhostname is what the DOS command hostname returns, and mycompanydomain is the domain I use when this laptop is used in office during the day.) I guess OUI insists on the network connection name to be "Local Area Connection" and ignores others such as "VMWare Network Adapter VMNet1". OUI also ignores 127.0.0.1 line in hosts file even if this IP is followed by FQHN. *** OID port After you install Infrastructure, you can find OID listen ports from http://host:7777/portlist (note: this page in 9iAS show the factory default ports). If you chose non-standard ports, oidldapd command line shows the ports (e.g., tlist on Windows, ps -fp on UNIX). The file %oh%\config\ias_properties also has the port, but only the non-secure one, no SSL port. In general, you can always find the open ports by netstat -ano on Windows and lsof -p on UNIX. --- Configure LDAP --- From this point on, follow "Configuring the Directory Naming Method" in --- "Oracle9i Net Services Administrator's Guide" at http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96580/namingcf.htm#479411 *** Can't launch Net Manager and Config Assistant On the server, if you have installed many other Oracle products, it's possible that you select Net Manager or Net Configuration Assistant from Start -> Programs -> Oracle-SomeOracleHome -> Config Migration Tools and nothing happens. The problem is due to messed-up path. Usually you can trim the path to the minimum necessary, such as c:\windows\system32;c:\oracle\ora92\bin. But in this case, you can completely unset it. So type this in DOS window: set path= Then type the command for Net Manager or Config Assistant in its designated working directory (get both from its properties). For instance: cd C:\Oracle\Ora92\bin C:\Oracle\Ora92\bin\launch.exe "C:\Oracle\Ora92\network\tools"...\network\tools\netmgr.cl *** Can't login Net Manager to check/add service On the server, in Net Manager, go to Directory -> Service Naming. This is where you need to add or modify entries for database services. (If you don't want to add any, you can use the service named iasdb_, which 9iAS created for you, to connect to its IASDB database.) You may be prompted with a window "Directory Server Authentication" for you to enter username/password. You don't type username orcladmin, but cn=orcladmin instead. (OracleAS Single Sign-On Admin Guide says cn=orcladmin, not orcladmin, is the directory superuser.) *** Real work Nothing much is left to do. If you followed the instruction in "Configuring the Directory Naming Method", you may have already done this, so just check. On the client, create ldap.ora at %tns_admin% (or %oh%\network\admin) with lines like this (adjust the IP and ports appropriately): default_admin_context = "" directory_servers = (10.1.1.7:4031:636) directory_server_type = oid And sqlnet.ora should have a line like this: names.directory_path = (ldap, tnsnames) Just make sure ldap is the first one or only one. Then, test by renaming tnsnames.ora file to something else, and type tnsping myservicename in DOS, where myservicename is the one you created or saw on the server in Net Manager under Directory -> Service Naming. If successful, try sqlplus user/pass@myservicename. 9iAS infrastructure doesn't seem to be startable again once your IP is reconfigured (even if the actual IP address remains the same, as in the case of DHCP and you put the DHCP address in hosts when you installed it). But you can start IASDB database (with its listener) and also OID without starting the infrastructure. For our purpose, that's perfectly good enough. Just start them from Service control panel, or equivalently, type the commands in DOS: net start OracleOra9iASTNSListener net start OracleServiceIASDB net start OracleOra9iASInternetDirectory_iasdb Once you start these, you can connect from client again. Obviously, if the server IP is different from last time, client ldap.ora has to change accordingly. [note1] The number after slash is number of 1's counted from first octect of hostname, to be AND'ed to get net mask. Consult a networking book for details. [note2] In fact, instead of connecting to a computer, connecting to a powered-on hub even with no other computer connected to the hub allows you to assign an IP to Local Area Connection.