I am trying to connect Oracle Repository Creation Utility (RCU) with SSL Enabled Oracle Database but not able to make a successful connection. I looked at the docs and online to find information on how to connect SSL enabled database with RCU Utility but no luck. How can I do this?
I assume you are using the command-line utility in silent mode. You need to export RCU_SSL_MODE=true before calling the RCU utility, and then specify these additional arguments to createRepository/dropRepository:
-useSsl
-sslArgs oracle.net.ssl_server_dn_match=false
sslArgs can vary depending on what you need/want. And you're right: there doesn't seem to be any documentation about this. I had to take a look inside wls/oracle_common/jlib/rcu.jar to figure out what I needed to do.
Related
I am trying to export schema using data pump on Oracle Cloud Autonomous database.
I am using cloud shell to export schema.
When I tried to do the final step:
expdp admin/password#DB_HIGH schemas=SCHEMA_NAME directory=data_pump_dir dumpfile=exp%U.dmp filesize=1G logfile=expot.log
I got
UDE-12154: operation generated ORACLE error 12154 ORA-12154:
TNS:could not resolve the connect identifier specified
Do I need Oracle instant client to do export?
The Oracle client code uses one of three ways to look up connect data:
A flat file named tnsnames.ora
Oracle Names service
LDAP
When the complete ORA-12154 error appears with the text line, your program has found a working Oracle client install. However, the specified Oracle service is not listed in tnsnames.ora, Oracle Names or LDAP.
The first step in the troubleshooting process is to determine which name resolution method is deployed at your site. Most sites use tnsnames.ora, but enough use Oracle Names and LDAP, so it’s best to confirm this information.
If you are not the database administrator, get in touch with the people managing your Oracle systems and find out which method you should be using. They may be able to guide you in fixing the problem in accordance with your site’s standards.
The client code decides which mechanism to use based on the file sqlnet.ora. This file and tnsnames can usually both be found in the Oracle install directory (“ORACLE_HOME”), under network/admin/. This location may be overridden with the environment variable TNS_ADMIN.
If the sqlnet.ora file does not exist or does not specify a resolution method, then Oracle Net uses tnsnames.ora.
Example locations of Oracle networking files include:
Windows
ORANTNET80ADMIN
ORACLEORA81NETWORKADMIN
ORAWIN95NETWORKADMIN
ORAWINNETWORKADMIN
UNIX / Linux
$ORACLE_HOME/network/admin/
/etc/
/var/opt/oracle/
If you fix the naming issues, but you still see the ORA-12154 error, check the Oracle service to confirm that it’s available for connections. A power outage, server failure, or network connectivity issue will make this resource inaccessible. It’s also possible that scheduled maintenance or repairs of an unrelated Oracle issue may take that resource temporarily offline.
Thanks
List item
What is the best way to get rid of tnsnames.ora file on each client
pc ?
Can we use Oracle "transparent gateway" - which uses ODBC drivers to
eliminate "tnsname.ora" file alto gather --to facilitate "oracle to
oracle" connections?
We know one can use Oracle "transparent gateway" to connect to
heterogeneous databases connection e.g., DB2, SQL Server. But can
we use it for Oracle to Oracle?
Any suggestions as to how to get rid of tnsnames.ora?
You can do that when you provide a name server which resolves the TNS alias for you.
With current Oracle you can use:
local naming naming method (which requires an tnsnames.ora file)
directory naming naming method (e.g. with an LDAP Server)
easy connect naming method
CDS external naming method
Network Information Service (NIS) external naming method
Check Oracle documentation Configuring Naming Methods, resp. NAMES.DIRECTORY_PATH to get more information.
Thank you very much for your quick response. My problem is that we have more than 20 Oracle databases and every time when someone gets a new PC or new database is created - that TNSNAmes file needs to be updated, We still have a plenty of legacy client server (two-tier - fat client applications. Your suggestion that we can use Oracle internet directory (OID) in conjunction with Microsft LDAP. Correct? Can we use Microsoft LDAP only without OID? this way we can we get rid of client based Tnsname? correct?
For security reasons I asked DB team to add EXTPROC_DLLS:ONLY; but they said this:
"Please be informed that the KEY = EXTPROC1526 doesn’t refer to any
external process at all. This is just a key used by any process needs
to call Oraxxx via IPC protocol. The key can be any value and the same
key value should be passed via the tnsnames.ora"
To me, it seems wrong. Could you please help me on this? What is the exact use of EXTPROC and what happens if we don't add EXTPROC_DLLS:ONLY?
For any program to connect the oracle database you need Extproc agent.
PLS/SQL for example needs Extproc to work with oracle
You can find more information about the securit here
Ill past some of the link
Description
***********
The Oracle database server supports PL/SQL, a programming language. PL/SQ can execute external procedures via extproc. Over the past few years there has been a number of vulnerabilities in this area.
Extproc is intended only to accept requests from the Oracle database server but local users can still execute commands bypassing this restriction.
Details
*******
No authentication takes place when extproc is asked to load a library and execute a function. This allows local users to run commands as the Oracle user (Oracle on unix and system on Windows). If configured properly, under 10g, extproc runs as nobody on *nix systems so the risk posed here is minimal but still present.
and an example here
On contrary to other databases Oracle does NOT allow plugins to access it's own memory address space. In case of MySQL/PostgreSQL a .dll plugin (C stored procedure) is loaded by the main database process.
Oracle lets listener to spawn a new process by calling extproc (or extproc32). This process loads the shared library and the rest of the database talks to this process via IPC.
This approach is safer, because the external library can not crash the database nor corrupt data. On the other hand sometimes C stored procedures might be slower than Java ones.
This option can restrict path for .dlls being loaded by extproc. i.e. those created by CREATE LIBRARY statement.
PS: usage of C stored procedures is VERY rare, if you do not use them you can freely remove the whole extproc stanza from listener.ora.
PS1: there is possible scenario of exploiting the extproc feature.
User must have CREATE LIBRARY, which usually NOT granted
extproc is not configured to run with nobody's privs - but runs as oracle:dba
User creates malicious .so library, which will performs something "evil" during it's initialization.
User puts this lib into /tmp directory
User creates Oracle LIBRARY pointing into /tmp by using CREATE LIBRARY statement
User forces extproc to dlopen this library
exproc will execute evil code with OS privileges oracle:dba
When using this EXTPROC_DLLS:ONLY restriction, developers have to cooperate with DBAs, and only white-listed libraries can be used and loaded.
I am a little lost with the current documentation I have.
I am trying to access an oracle server within a Network, using a Debian Box. Ideally, what I'd need to do is to cron job something into SQL plus, so it performs periodically.
My scripts are ready, but I am not sure how to do the instalation part, or what to install in order to get access to SQLPlus. Does I need the full-fledged oracle client? Oracle XE? Will SquirrelSQL work?
Thanks a lot!
You just need the Oracle client, not the full database install. You can download it here. From the sound of it, you don't need the full client.
We have a requirement to make our products work on Oracle as well as SQL Server (around which they were originally built). Unfortunately we don't have any in house Oracle development experience to speak of but as a senior dev it has fallen to me to lead the project. So far I have managed to make our app connect to an Oracle database (I'm using Oracle XE 11.2) by using the following connection string:
Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=VS010-ORA11GR1)(PORT=1523))(CONNECT_DATA=(SERVICE_NAME=DEVORA)));User Id=dbo;Password=dbo;
The reason we decided to use this type of connection string is because we do not want to rely on changing tnsnames.ora on every client machine. However, as you can see this specifies an Oracle user and associated password. We also need to provide the ability to use the equivalent of SQL Server integrated security.
According to the literature I have read, to do this I simply need to specify / as the user id and then omit the password portion (as this is ignored anyway for Windows authentication). I also created the user in Oracle, making sure it matched the Windows user, with the following snippets:
CREATE USER "OPS$<DOMAIN>\<user>" IDENTIFIED EXTERNALLY;
GRANT CONNECT,RESOURCE TO "OPS$<DOMAIN>\<user>";
I also checked that the sqlnet.ora file on my local machine which hosts the XE instance and my dev environment contained the line:
SQLNET.AUTHENTICATION_SERVICES= (NTS)
I understood that this would enable my app to connect to the Oracle database uing Windows Authentication. However what actually happens is that I get the following Oracle error message:
ORA-01005: null password given; logon denied
this doesn't make much sense because of course its null - it's supposed to be, according to the tutorials I've read.
The app targets .Net Framework 3.5, we are using the System.Data.OracleProvider and the actual connecting and so on is handled by Enterprise Library 5. Incidentally, I am aware of the deprecation of the OracleClient component but I just want this to work before I go into the extra complexities of changing providers.
Can anyone tell me what I'm missing? Have I chosen the wrong type of connection string? I apologise for any basic mistakes but I have always managed to avoid Oracle until now so my knowledge of it is close to zero.
Many thanks
I had the same problem and solved after adding this to conn. string:
Integrated Security=yes
To expand on the answer above by #Stikut. I tested this out with NHibernate 3.3.3.GA and it works.
user id=/;password=;Integrated Security=yes