There aren’t, as far as I know, very many good GUI tools for LDAP in general -and certainly none can handle Oracle’s specific tnsnames requirements. Oracle’s own Network Manager won’t, for example, talk to a generic LDAP server, which is certainly unfortunate.
However, all is not lost. There are a number of zero-cost LDAP ‘browsers’ out there, each of which lets you point-and-click your way through the LDAP hierarchy tree. An excellent one is produced by Apache -it is really slick and polished and does all that you could wish. For this article, though, I’m going to run with quite a nice LDAP browser called Jxplorer. It’s available for free at http://jxplorer.org/index.html and requires a Java Runtime Engine before it will run (one of those can be downloaded here).
Once Jxplorer is installed, you click File > Connect and fill in the login details screen like so:
You obviously need to point the tool at the LDAP directory by specifying its IP address. Note we’re using the version 3 of the LDAP protocol (which is not the same thing as the version of the OpenLDAP software you’ve installed). The “Base DN” is simply your domain name, spelled out in the classic ‘dc separated’ fashion with which you are probably becoming familiar.
The security credentials bit is interesting. Where I’ve selected User+Password, you could actually select Anonymous, which makes life simpler in that you don’t have to fill in any other details. However, although an anonymous logon will let you view all the OpenLDAP details (which might be a security problem in itself, of course), it won’t let you modify any of the details. So, if you actually want to add and delete new TNSnames entries to your LDAP server, you’ll have to do as I’ve done. Note that your “username” is actually the fully-qualified combination of username+dc separated domain name.
If you supply all the right login credentials, you’ll see something like this:
Navigate through the tree on the left and you’ll eventually see the TNSnames entry we made earlier -in my case, for a database called lindb. Note the key elements for this database entry, displayed on the right:
- cn – the TNS alias for the service name
- objectClass – “top”
- objectClass – “orclNetService”
- orclNetDescString – the complex string that defines the host, port and sid where the Oracle instance you want to connect to lives
Knowing this, it becomes quite a simple matter to right-click the OracleContext tree item back on the left-hand side of the screen and select New from the context menu that then appears:
Doing so will cause this dialog to appear:
Fill in the new TNS alias in the “Enter RDN” box in the top-part of that screen. In this case, I’m creating a fictitious entry for a database called “newdb”. Everything else on the screen can be left as-is: just click OK.
That will take you back to this screen:
The only thing you have to do here is fill in the entry for the orclNetDescString item: you can see in the screenshot that I’ve already pasted my connection string in. I’m afraid there’s no nice way to generate that string from within the tool itself -that’s what I meant about no GUI LDAP tool having support for Oracle’s data structures. You just have to know the basic format for a connection string, amend it as appropriate (in a text editor of some kind) and then paste it in, perfectly formed.
Finish off by clicking the Submit button at the bottom of the screen and you’ll be rewarded with a new branch in your tree hierarchy display:
…after which, a simple attempt to connect in an Oracle database tool of your choice should work:
It’s not perfect, therefore -but it is functional, and does the job of centralised TNS names resolution without too much command line interaction quite nicely!
You can try Apache Directory Studio [1]. Probably overkill for what you’re doing, but very good nonetheless.
[1] http://directory.apache.org/studio/
Thanks for the suggestion Georger. (In case anyone else is wondering what he’s encouraging me to try, Apache Directory Studio is another GUI LDAP browser that integrates nicely into the Eclipse IDE). I did look at it before writing the article and if you were a full-on developer, it’s pretty obviously the way you’d choose to go. But if you just want to browse the LDAP hierarchy and add a new key here and there, I think Georger’s assessment is right: ADS is complete overkill. For basic browsing and the occasional ‘new’, a lot of these tools look and feel much the same, but Jxplorer had the advantages (for me) of being nicely cross-platform and just a 4MB download.
Always good that alternatives get a mention, though, that’s for sure. I’ll edit the article to make a mention of it directly, how’s that?
Hi,
That would be great. Anyone who’s using some LDAP other than Active Directory would benefit from knowing about Apache Directory Studio.
Hi,
After configuration, windows clients are able to connect. However Linux oracle clients do not resolve. This is probably due to OID specific LDAP components.
e.g. ldapsearch -h -x -b “dc=xxxx,dc=xxxx,dc=com”
returns error as the syntax is incorrect.
Following error in the trace file
nnflilc: Opening sync conn to serv1.xxxx.xxxx.com:389
nnflalc: entry
nnflalc: bind call returns 0
nnflalc: exit
nnflilc: exit
nnflrlc: exit
nnflobc: exit
nnflcgc: exit
nnflboot: exit
nnflrne: entry
nnflcgc: entry
nnflcgc: exit
nnfln2x: entry
nnflgcp: entry
nnflgcp: exit
nnfln2x: exit
nnflrne: Quering the directory for dn: cn=rpqr,cn=OracleContext
nnflqbf: entry
nnflqbf: Search: Base: cn=rpqr,cn=OracleContext, Scope: 0, filter: (objectclass=*)
nnflqbf: Search: Attrs[0]: objectclass
nnflqbf: exit
nnflrne: exit
The ldapsearch is from ORACLE_HOME/bin
Update – Oracle instant client on linux works. However connecting from a full database installation doe not work.