Hi Niall & Oracle-l,
I was trying to work out what the issue with kerberos and SQLDeveloper
(without oracle client) was.
Niall is right however i.e. "if sqlplus works:
oracle client (instant client with oci will do)" and SQLDeveloper should
work.
Some people do not like having to install Oracle Client (or instant client).
The views expressed on this blog are my own and do not necessarily reflect
the views of Oracle.
Thank you for your time,
Turloch
On Mon, Apr 3, 2017 at 1:06 PM, Turloch O'Tierney <turloch@xxxxxxxxx> wrote:
Hi Niall,
SQLDeveloper kerberos works - certainly configure with sqlplus if it does
not work immediately to confirm your configuration
OSMFT does not work (there is a similar new way of referring to cache) due
to programming oversight - ie need a file reference (or type in password on
login ie no cache).
Have not tried it with non authenticated LDAP (should not matter)
Enterprise User Security might not work.
https://docs.oracle.com/cd/B28359_01/network.111/b28528/
concepts.htm#DBIMI152
I have not done a SQLDeveloper and Kerberos blog it has been a feature
since 2008.
The views expressed on this blog are my own and do not necessarily reflect
the views of Oracle.
Thank you for your time,
Turloch O'Tierney
On Sat, Apr 1, 2017 at 1:13 PM, Niall Litchfield <
niall.litchfield@xxxxxxxxx> wrote:
I find the easiest thing to do here is to ignore SQL Developer's
"kerberos" config but instead configure an oracle client (instant client
with oci will do) for kerberos authentication, Then configure SQL Developer
to use the client.
On Fri, Mar 31, 2017 at 8:19 PM, Noveljic Nenad <
nenad.noveljic@xxxxxxxxxxx> wrote:
Thank you, Turloch. It is a good idea to fall back to the connection
type “advanced“. “advanced” works perfectly with the password
authentication, but I still haven’t got it working with the Kerberos
authentication.
I’m getting “Client not found in Kerberos database(6)”. Does somebody
know how to configure Kerberos with SQL Developer and JDBC driver?
*From:* Turloch O'Tierney [mailto:turloch@xxxxxxxxx]
*Sent:* Freitag, 31. März 2017 18:05
*To:* Noveljic Nenad
*Subject:* Re: SQL Developer / Oracle Directory Server
Hi Noveljic,
On LDAP:
Note you can use url based LDAP calls (connection type -> advanced) -
awkward - the ldap server is queried at connect time (for host port etc).
Note there is a different syntax depending on whether you are using
thick(oci/C) or thin(pure java) driver.
These 'refer to ldap by url' connections can be exported imported etc as
normal.
Old semi related LDAP blog:
http://totierne.blogspot.co.uk/2009/03/sqldeveloper-ldap-suc
cess-and-failure.html
The views expressed on this blog are my own and do not necessarily
reflect the views of Oracle.
Thank you for your time,
Turloch O'Tierney
On Fri, Feb 24, 2017 at 7:01 PM, Noveljic Nenad <
nenad.noveljic@xxxxxxxxxxx> wrote:
The other tools don't do subtree search. It is specific to SQL Developer.
Gesendet über BlackBerry Work (www.blackberry.com)
*Von: *Niall Litchfield <niall.litchfield@xxxxxxxxx>
*Datum *Freitag, 24. Feb. 2017, 6:17 PM
*An: *Noveljic Nenad <nenad.noveljic@xxxxxxxxxxx>
*Cc: *oracle-l@xxxxxxxxxxxxx <oracle-l@xxxxxxxxxxxxx>
*Betreff: *Re: SQL Developer / Oracle Directory Server
I don't have an answer, but I am surprised that it works elsewhere. I'd
expect em and other tools to fail as well.
On 24 Feb 2017 15:40, "Noveljic Nenad" <nenad.noveljic@xxxxxxxxxxx>
wrote:
Dear fellows,
I use Oracle Directory Server (ODS) 11.1.1.7.0 for database name
resolution which works perfect except for SQL Server Developer. I'm
currently on the version 4.1.5, but the problem reproduces on other
versions as well.
The sole purpose of the ODS in question is names resolution. It is worth
noting that the Oracle context is defined under the root DSE
(DEFAULT_ADMIN_CONTEXT = "").
I'm getting following error when SQL Developer tries to load Oracle
Contexts: "LDAP:error code 32 - No Such Object"
By looking into the ODS logs, I deduced the ldapsearch done by SQL
Developer:
$ORACLE_HOME/bin/ldapsearch -h hostname -p port -b "" -s sub
"objectClass=*" cn dn
The problem can also be reproduced by running the ldap search above. The
reason for the error is that, unlike other types of LDAP, ODS doesn't allow
the subtree searches on root DSE. What SQL Developer is trying to do is to
discover all of the oracle contexts under the base entry, which in my case
happens to be the root DSE.
I’ve investigated following options so far, though without success:
- enabling the subtree search on root DSE in ODS
- disabling the subtree search for oracle contexts in SQL Developer. In
my case, it would be sufficient to take just the oracle context under the
configured DEFAULT_ADMIN_CONTEXT.
Have I overlooked something? Any other ideas how to solve this problem?
I would like to avoid the migration of OracleContext to another subtree.
Many thanks,
Nenad Noveljic
Twitter: @NenadNoveljic
Home page: http://nenadnoveljic.com
____________________________________________________
Please consider the environment before printing this e-mail.
Bitte denken Sie an die Umwelt, bevor Sie dieses E-Mail drucken.
Important Notice
This message is intended only for the individual named. It may contain
confidential or privileged information. If you are not the named addressee
you should in particular not disseminate, distribute, modify or copy this
e-mail. Please notify the sender immediately by e-mail, if you have
received this message by mistake and delete it from your system.
E-mail transmission may not be secure or error-free as information could
be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
processing of incoming e-mails cannot be guaranteed. All liability of the
Vontobel Group and its affiliates for any damages resulting from e-mail use
is excluded. You are advised that urgent and time sensitive messages should
not be sent by e-mail and if verification is required please request a
printed version.
Important Notice
This message is intended only for the individual named. It may contain
confidential or privileged information. If you are not the named addressee
you should in particular not disseminate, distribute, modify or copy this
e-mail. Please notify the sender immediately by e-mail, if you have
received this message by mistake and delete it from your system.
E-mail transmission may not be secure or error-free as information could
be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
processing of incoming e-mails cannot be guaranteed. All liability of the
Vontobel Group and its affiliates for any damages resulting from e-mail use
is excluded. You are advised that urgent and time sensitive messages should
not be sent by e-mail and if verification is required please request a
printed version.
Important Notice
This message is intended only for the individual named. It may contain
confidential or privileged information. If you are not the named addressee
you should in particular not disseminate, distribute, modify or copy this
e-mail. Please notify the sender immediately by e-mail, if you have
received this message by mistake and delete it from your system.
E-mail transmission may not be secure or error-free as information could
be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
processing of incoming e-mails cannot be guaranteed. All liability of the
Vontobel Group and its affiliates for any damages resulting from e-mail use
is excluded. You are advised that urgent and time sensitive messages should
not be sent by e-mail and if verification is required please request a
printed version.
--
Niall Litchfield
Oracle DBA
http://www.orawin.info
