Forum Stats

  • 3,840,201 Users
  • 2,262,573 Discussions
  • 7,901,168 Comments

Discussions

Database resolution on OUD SSL 1636 Port only!

Hi Oracle Experts,

Is it mandatory to use Non-SSL port 1389 for Database resolution? Can DB resolution work only on 1636 port? I have end user Oracle DB client on windows laptop with below ldap.ora.

DIRECTORY_SERVERS= (testoud.org.com::1636)

DEFAULT_ADMIN_CONTEXT = "dc=sslTesting,dc=com"

DIRECTORY_SERVER_TYPE = OID

Example: tnsping EUSTEST

TNS-03505: Failed to resolve name.

Comments

  • Bhanuchandar Bobbili
    Bhanuchandar Bobbili Member Posts: 214 Bronze Badge

    Success: tnsping works from windows DB client.

    DIRECTORY_SERVERS= (testoud.org.com:1389:1636)

    DEFAULT_ADMIN_CONTEXT = "dc=sslTesting,dc=com

    DIRECTORY_SERVER_TYPE = OID

    [27/Jun/2022:11:59:20 -0400] CONNECT conn=1141 from=10.216.89.59:56028 to=10.142.41.179:1389 protocol=LDAP

    [27/Jun/2022:11:59:20 -0400] BIND REQ conn=1141 op=0 msgID=1 type=SIMPLE dn="" version=3

    [27/Jun/2022:11:59:20 -0400] BIND RES conn=1141 op=0 msgID=1 result=0 authDN="" etime=1

    [27/Jun/2022:11:59:20 -0400] SEARCH REQ conn=1141 op=1 msgID=2 base="cn=EUSTEST,cn=OracleContext,DC=sslTesting,DC=com" scope=base filter="(objectclass=*)" attrs="objectclass,orclNetDescString,orclNetDescName,orclVersion"

    [27/Jun/2022:11:59:20 -0400] SEARCH RES conn=1141 op=1 msgID=2 result=0 nentries=1 etime=5

    [27/Jun/2022:11:59:20 -0400] UNBIND REQ conn=1141 op=2 msgID=3

    [27/Jun/2022:11:59:20 -0400] DISCONNECT conn=1141 reason="Client Disconnect"


    Failure:

    DIRECTORY_SERVERS= (testoud.org.com::1636)

    DEFAULT_ADMIN_CONTEXT = "DC=sslTesting,DC=com"

    DIRECTORY_SERVER_TYPE = OID

    [27/Jun/2022:11:59:37 -0400] CONNECT conn=1142 from=10.216.89.59:56034 to=10.142.41.179:1636 protocol=LDAPS

    [27/Jun/2022:11:59:37 -0400] DISCONNECT conn=1142 reason="I/O Error" msg="Client requested protocol SSLv3 not enabled or not supported"

  • DebA-Oracle
    DebA-Oracle Member Posts: 20 Employee

    >> The first question answered in this KM:

    OUD12c - Is it Possible Implement EUS Using OUD Non-SSL Port? (Doc ID 2498608.1)

    >> Failure reason could be provided in any one of the following KMs:

    OUD11g - Disconnect Error "Client requested protocol SSLv3 not enabled or not supported" in EUS Implementation (Doc ID 2243482.1)

    OUD running with IBM JDK - SSL Handshake Failures when LDAP Client Requests SSL v3 (Doc ID 1925390.1)

    OUD11g/12c - EUS Reports Error "ORA-28030: Server encountered problems accessing LDAP directory service" (Doc ID 1986819.1)

    OUD 11g / 12c - OUD-EUS Error when Attempting to Log in Using Sqlplus - "ORA-01017: invalid username/password; logon denied" (Doc ID 2118421.1)

    >> For extra information, I am providing the below KM as a reference:

    OUD - How to Verify that SSLv3 is Disabled (Doc ID 2017561.1)

    I hope that helps.

    -Deb

    Bhanuchandar Bobbili
  • Bhanuchandar Bobbili
    Bhanuchandar Bobbili Member Posts: 214 Bronze Badge

    Thanks for reply Deb.

    Yes, EUS requires 1636 SSL Port. Does it mean that 1389 Non-SSL connection handler can be disabled completely?

    EUS may work with out Non-SSL port, but database resolution ( tnsping) with OUD doesn't seem me to work without using two ports 1389, 1636 in ldap.ora file!!

  • DebA-Oracle
    DebA-Oracle Member Posts: 20 Employee

    That is correct. The client(s) first contact the clear port to determine what protocols are supported - then it will use the secure port.

    I hope that helps.

    Bhanuchandar Bobbili