Category Archives: ovid

Set up ovid to use tns with your ldap server

I had a question in my mailbox today about using TNS resolution with an unsupported LDAP Server like Sun Java System Directory Server.

Supported in 9i and above are only Microsoft Active Directory and Oracle Internet Directory. In 8i also Novell.

So I have done this once with OVID.

1) download Oracle Virtual Directory
2) Install the OVID on your server (or on a separate server). The latest release is 10.1.4. I used 3.0.3.


$ sh ./ovid303j.bin -i console
Preparing to install...
...

Enter a uniquely descriptive name for the server. 

used only by ovid, not related to hostname or whatever


Server Name (DEFAULT: Virtual Directory 1): 

Enter the port number on which to provide administrative services. 

a console port, used only by ovid manager


Port Number (DEFAULT: 8888): 

a credential, only for ovid

Root User DN (DEFAULT: cn=Admin): 

Enter a port number to provide LDAP services on (e.g. 389, 636).

this is what will be used by your TNS client, any free port will rule


Port (DEFAULT: 389): 

Please enter the base entry of your directory (e.g. o=YourCompany,c=US) 

not your Server ldap, chose one db domain, here oracle.world.


Directory Base Suffix[dc=YourCompany,dc=com]: dc=oracle,dc=world
...

3) start the OVID

$ ./vde.sh start
Starting VDE...

4) install the OVID manager (GUI-console) on your PC / workstation. I used Windows. It is available for Windows. If you do not have windows, you can edit the XML files directly (good luck)
5) in the ovid manager, create a new project, add your ovid, and start creating adapters. For each possible DB domain, you must create one adaptor, for example if you try to tnsping LSC01.PROD.DB and you have the description stored as cn=lsc01, cn=oracleContext, cn=PROD.DB, ou=tns, ou=appl, dc=lcsys, dc=ch you will need have

root: dc=PROD,dc=DB
remoteBase: cn=PROD.DB,ou=tns,ou=appl,dc=lcsys,dc=ch

This should work. Not sure if you will like OViD, the interface is pretty awful.

Also it is not too flexible, you need to add an adaptor for each db domain. Still better than providing a TopDomain for each DB Domain with anonymous access to root.

Yes, one more point, tns client access the ldap anonymously, so OViD does help to improve security, you set anonymous access to your OViD, you disable ACI on your OViD, and you use a credential to log in to your LDAP. It is safer, because you use a remoteBase, so anonymous access is granted only to that branch of your directory.