Oracle Internet Directory Light for tnsnames Resolution

Posted by Dirk Nachbar on Friday, May 23, 2008
Original posted 9th Sept 2007:

Since a few days the Oracle Authentication Service for Linux (http://www.oracle.com/technology/products/oid/oracleauthenticationservices.html) is available. Mainly this technology preview is addressed to handle User Authentication of Linux Desktops.
I had a closer look on this product and what I saw is, that the Oracle Authentication Service for Linux is an Oracle Internet Directory (OID) just as an RPM-File (Size 70 MB :-) ). The installation is really simple, download the OID Light and the Oracle XE Database for Linux, and run as root user "rpm -Uhv oracle-oid-10.1.4.2.0-1.0.i386.rpm oracle-xe-univ-10.2.0.1-1.0.i386.rpm".
After this you have to configure the Oracle XE Database and the Oracle Internet Directory, execution as root user of the script "/etc/init.d/oracle-oid configure" and answer the following questions:
  1. Password of sys user of your XE Database
  2. Password of the OID administrator (cn=orcladmin)
  3. Ports (Non-SSL and SSL) for the OID
  4. Naming Context of your OID (e.g. dc=trivadis,dc=com)
  5. If you want to use SSL Authentification for your OID

And now the interesting part. Many people are planning to migrate their local tnsnames.ora to be stored in an Oracle Internet Directory. Up to now all them had to use the Oracle Application Server 10.1.4.0.1 Identity Management (nearly 1.3 GB :-( ) and an Oracle Database Enterprise Edition. For small companies this is really an overhead! Now you can use this lightweight environment of the Oracle XE Database and the OID Light for Linux.
Following steps need to be performed to load your tnsnames.ora into the OID Light and to configure your clients against it.
  1. In your Oracle Client configure the sqlnet.ora
    NAMES.DIRECTORY_PATH = (LDAP)
    NAMES.DEFAULT_DOMAIN = trivadis.com # adjust to your domain
  2. In your Oracle Client configure the ldap.ora
    DIRECTORY_SERVERS = (oassrv01.trivadis.com:389:636) # adjust to your servername and LDAP ports
    DEFAULT_ADMIN_CONTEXT = "dc=trivadis,dc=com" # adjust to your Naming Context
    DIRECTORY_SERVER_TYPE = OID
After this configuration steps start your netmgr and connect to your OID:


Over the menu option "Command / Directory / Export Net Service Names..." you can import your actual tnsnames.ora into OID Light.


For testing whether your Oracle Client is really using your OID or not, just make a small test with tnsping. You should see then "Used LDAP adapter to resolve the alias".
The Oracle Internet Directory Light is really a cool alternative to the huge Oracle Application Server 10g Identity Management, but as usual there are some small limitations in the OID Light (e.g. no MultiMaster Replication, no OPMN, no Cluster Options). But for a small environment or just for testing it is really cool stuff :-)

Note: I saw that many people are access this blog post, unfortunally this post was done in May 2008 and the "OID Light" solution has been removed from the Oracle Technology Network website :-(
The new solution is the standard Oracle Internet Directory 11g, more details can be found here: http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oracleauthenticationservices-100184.html
Maybe its a good idea, if anybody who is interested in getting back this cool OID Light solution, that you do a Forum Post in the Oracle Technology Network Forum http://forums.oracle.com/forums/forum.jspa?forumID=398&start=0

Additional Note 1st April 2011, Not an Aprils fools joke :-) : As you can see in comments down, I receive a notice by Olaf Stullich (Oracle Product Manager for OID)

The OID 10g (10.1.4.3) RPM can be found on channel (el4_i386_oracle) in the Oracle ULN. When you register your machine on ULN you can install the OID RPM via "up2date oracle-oid".