Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 536.4K On-Premises Infrastructure
- 138.3K Analytics Software
- 38.6K Application Development Software
- 5.8K Cloud Platform
- 109.5K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.3K Integration
- 41.6K Security Software
Database resolution on OUD SSL 1636 Port only!
Hi Oracle Experts,
Is it mandatory to use Non-SSL port 1389 for Database resolution? Can DB resolution work only on 1636 port? I have end user Oracle DB client on windows laptop with below ldap.ora.
DIRECTORY_SERVERS= (testoud.org.com::1636)
DEFAULT_ADMIN_CONTEXT = "dc=sslTesting,dc=com"
DIRECTORY_SERVER_TYPE = OID
Example: tnsping EUSTEST
TNS-03505: Failed to resolve name.
Comments
-
Success: tnsping works from windows DB client.
DIRECTORY_SERVERS= (testoud.org.com:1389:1636)
DEFAULT_ADMIN_CONTEXT = "dc=sslTesting,dc=com
DIRECTORY_SERVER_TYPE = OID
[27/Jun/2022:11:59:20 -0400] CONNECT conn=1141 from=10.216.89.59:56028 to=10.142.41.179:1389 protocol=LDAP
[27/Jun/2022:11:59:20 -0400] BIND REQ conn=1141 op=0 msgID=1 type=SIMPLE dn="" version=3
[27/Jun/2022:11:59:20 -0400] BIND RES conn=1141 op=0 msgID=1 result=0 authDN="" etime=1
[27/Jun/2022:11:59:20 -0400] SEARCH REQ conn=1141 op=1 msgID=2 base="cn=EUSTEST,cn=OracleContext,DC=sslTesting,DC=com" scope=base filter="(objectclass=*)" attrs="objectclass,orclNetDescString,orclNetDescName,orclVersion"
[27/Jun/2022:11:59:20 -0400] SEARCH RES conn=1141 op=1 msgID=2 result=0 nentries=1 etime=5
[27/Jun/2022:11:59:20 -0400] UNBIND REQ conn=1141 op=2 msgID=3
[27/Jun/2022:11:59:20 -0400] DISCONNECT conn=1141 reason="Client Disconnect"
Failure:
DIRECTORY_SERVERS= (testoud.org.com::1636)
DEFAULT_ADMIN_CONTEXT = "DC=sslTesting,DC=com"
DIRECTORY_SERVER_TYPE = OID
[27/Jun/2022:11:59:37 -0400] CONNECT conn=1142 from=10.216.89.59:56034 to=10.142.41.179:1636 protocol=LDAPS
[27/Jun/2022:11:59:37 -0400] DISCONNECT conn=1142 reason="I/O Error" msg="Client requested protocol SSLv3 not enabled or not supported"
-
>> The first question answered in this KM:
OUD12c - Is it Possible Implement EUS Using OUD Non-SSL Port? (Doc ID 2498608.1)
>> Failure reason could be provided in any one of the following KMs:
OUD11g - Disconnect Error "Client requested protocol SSLv3 not enabled or not supported" in EUS Implementation (Doc ID 2243482.1)
OUD running with IBM JDK - SSL Handshake Failures when LDAP Client Requests SSL v3 (Doc ID 1925390.1)
OUD11g/12c - EUS Reports Error "ORA-28030: Server encountered problems accessing LDAP directory service" (Doc ID 1986819.1)
OUD 11g / 12c - OUD-EUS Error when Attempting to Log in Using Sqlplus - "ORA-01017: invalid username/password; logon denied" (Doc ID 2118421.1)
>> For extra information, I am providing the below KM as a reference:
OUD - How to Verify that SSLv3 is Disabled (Doc ID 2017561.1)
I hope that helps.
-Deb
-
Thanks for reply Deb.
Yes, EUS requires 1636 SSL Port. Does it mean that 1389 Non-SSL connection handler can be disabled completely?
EUS may work with out Non-SSL port, but database resolution ( tnsping) with OUD doesn't seem me to work without using two ports 1389, 1636 in ldap.ora file!!
-
That is correct. The client(s) first contact the clear port to determine what protocols are supported - then it will use the secure port.
I hope that helps.