the basic :
you have tns resolution over ldap. To change from ldap to ldaps, you modify :
jdbc:oracle:thin:@ldap://ldap.example.com:389/DB01,cn=OracleContext,dc=example,dc=com
to
jdbc:oracle:thin:@ldaps://ldap.example.com:636/DB01,cn=OracleContext,dc=example,dc=com
now the advanced :
Oracle Support mentions, there is no support for Mode 2 SSL (note 1664857.1)
So one approach was to either not use ldaps, or to use level 1, which means no Server authentication. But both are annoying for your directory server administrators.
There is a way to use Mode 2 with a fresh driver.
TestConnect.java
import java.util.Properties;
import java.sql.*;
public class TestConnect {
public static void main(String argv[]) throws SQLException {
String url = "jdbc:oracle:thin:@ldaps://ldap.example.com:636/DB01,cn=OracleContext,dc=example,dc=com";
Properties props = new Properties();
props.setProperty("user", "scott");
props.setProperty("password", "tiger");
DriverManager.registerDriver(new oracle.jdbc.OracleDriver());
Connection conn = DriverManager.getConnection(url, props);
ResultSet res = conn.
prepareCall("select 'Hello SSL World' txt from dual").
executeQuery();
res.next();
System.out.println(res.getString("TXT"));
}
}
javac TestConnect.java java -cp ojdbc8.jar:oraclepki.jar:. -Doracle.net.ldap.ssl.walletLocation=cwallet.sso TestConnect Hello SSL World
OracleDriver (Oracle Database JDBC Java API Reference) documents five oracle.net.ldap parameters. It seems to be a 21c new feature.
|
Property Name
|
|---|
|
oracle.net.ldap.ssl.walletLocation
|
|
oracle.net.ldap.ssl.walletPassword
|
|
oracle.net.ldap.security.authentication
|
|
oracle.net.ldap.security.principal
|
|
oracle.net.ldap.security.credentials
|
This is quite nice ! Just get the ojdbc8.jar from the 21c instant client and start testing 🙂