Oracle Directory Naming (LDAP)


LDAP is an abbreviation for Lightweight Directory Access Protocol. With Directory Naming service addresses and net service names are stored into a lightweight directory access protocol (LDAP) server, much like a DNS server. Client processes make connection requests using name-network address pairs stored in the LDAP directory server. The client provides a name and the LDAP directory provides the client connection request process with a network connect descriptor or connection string when the client makes a named request to that LDAP directory server, similar to the /etc/hosts and /etc/resolv.conf files on a Solaris Unix box.

LDAP directory servers are intended as central network addressing and routing storage areas for heterogeneous networks. A heterogeneous network is a network containing multiple systems in differing formats. LDAP directory servers are used to provide a common directory structure across multiple types of machines. Oracle networks can use an LDAP server to store database and client network components, user profiling and security. As a result tnsnames.ora files are not required.

Within the LDAP directory server the hierarchy of entries is called DIT (Directory Information Tree). Each entry in the DIT is a unique DN (Distinguished Name). The DN contains details of its exact location with the DIT. The DN contains the least significant component on the left. Each DN contains a set of RDN's (Relative Distinguished Names). A DN contains multiple RDN's where all the RDN's within a DN represent that parent DN. A typical DN could be (dn:cn=<sid>,cn=OracleContext,dc=xyz,dc=com). An LDAP directory server is very similar in nature to an operating system level directory structure in a machine.

Security is maintained in the LDAP server by use of ACLs (Access Control Lists). Clients doing simple lookups in the LDAP server automatically use anonymous authentication; typical for Oracle client users accessing a database (not changing LDAP entries), ie. most of the database users. Obviously administrative type users have to be verified based on the ACL entries.

LDAP Server Access Parameters

These parameters are placed into the $ORACLE_HOME/network/admin/ldap.ora file.