Skip to Main Content

DevOps, CI/CD and Automation

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

A question about External Authentication With PHP OCI8 using a wallet store

dariyooshJun 5 2013 — edited Jun 6 2013
Hello,
SQL> SELECT * FROM v$version;

BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE	11.2.0.1.0	Production
TNS for Linux: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production

SQL> 
OS: Linux Fedora Core 17 (x86_64)
PHP Version: 5.4.14
Apache version (httpd): Apache/2.2.23 (Fedora) 
I have a question about OCI8 connection to oracle database via wallet which as I understand is a good practice because we don't hard code users password. Currently I'm reading pages 117 and 118 of the online book The Underground PHP and Oracle Manual in order to learn how to setup a wallet. I proceeded step by step as explained in these two pages (except that at the end I connect as a normal user not a privileged user) yet, apparently PHP doesn't detect the user.

Here is what I write in my script
$connection = 
                oci_connect 
                    (
                        "training", 
                        "", 
                        "php_ora_usr", 
                        "AL32UTF8"
                    );
training is the name of the user I use in my PHP scripts in order to connect to oracle database and the password is mypassword (is not real, just for the purpose of this thread :) ) The above code gives me the following error:
Warning: oci_connect(): ORA-01005: null password given; logon denied in /var/www/html/myscript.php on line 91

Fatal error: Connection step: ORA-01005: null password given; logon denied in /var/www/html/myscript.php on line 13
But if I provide also the password that is,
$connection = 
                oci_connect 
                    (
                        "training", 
                        "mypassword", 
                        "php_ora_usr", 
                        "AL32UTF8"
                    );
Obviously this works, but at the same time, it means that my wallet is not operational.

So I'm going to write down here, step by step, how I proceeded according to the instructions in the pages 117 and 118 of the above mentioned book and I would appreciate if you could kindly tell where I made mistake(s)

The following was run as my linux oracle user (therefore group dba)

Step 01:_
I created and provided the password for the wallet directory
mkstore -wrl /home/oracle/wallet_dir -create
Step 02:_
I created an entry for my oracle user which will be used in my PHP scripts to connect to oracle
user: training
password: mypassword
mkstore -wrl "/home/oracle/wallet_dir" -createCredential php_ora_usr training mypassword
I also checked that the entry was in fact created for my user in the wallet
$ mkstore -wrl "/home/oracle/wallet_dir" -listCredential
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:                
   
List credential (index: connect_string username)
1: php_ora_usr training
$ 
Step 03:_
I added the following to my $TNS_ADMIN/tnsnames.ora
.  .  .
php_ora_usr = 
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = db02)
    )
  )
.  .  .
Step 04_
I added the following to my $TNS_ADMIN/sqlnet.ora
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

ADR_BASE = /u01/app/oracle

WALLET_LOCATION =
    (SOURCE =
        (METHOD = FILE)
        (METHOD_DATA =
            (DIRECTORY = /home/oracle/wallet_dir)
        )
    )
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
Step 05_
The TNS_ADMIN environment variable is already defined properly in */etc/sysconfig/httpd* so I didn't need to do anything for this step


Step 06_
I gave to Apache (being as root) access to the wallet directory(actually it seems that the linux oracle (dba) user has also the required privileges in order to grant this access to apache)
# setfacl -m u:apache:rx /home/oracle/wallet_dir
# setfacl -m u:apache:r /home/oracle/wallet_dir/{cwallet.sso,ewallet.p12}
Step 07_
Restart Apache
# service httpd restart
Step 08_
Finally doing a connection test by using the connection string php_ora_usr whose entry was created above. And the test was not successful as indicated above
$connection = 
                oci_connect 
                    (
                        "training", 
                        "", 
                        "php_ora_usr", 
                        "AL32UTF8"
                    );
The error message:
Warning: oci_connect(): ORA-01005: null password given; logon denied in /var/www/html/myscript.php on line 91

Fatal error: Connection step: ORA-01005: null password given; logon denied in /var/www/html/myscript.php on line 13
I would appreciate if you could kindly make some clarification.

Thanks in advance,
Dariyoosh
This post has been answered by Christopher Jones-Oracle on Jun 5 2013
Jump to Answer

Comments

Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Jul 4 2013
Added on Jun 5 2013
5 comments
6,203 views