ORACLE LDAP (OID) Authentication Using Java

 Overview

Basically, Oracle LDAP requires OID to connect LDAP using java, So we need some prerequisites, follow the below setup.

ORACLE SERVER or ORACLE LDAP SERVER [ if you have already an oracle server, just follow this link and set up the LDAP server in the oracle server]

After following those steps you might get this kind of error, while you trying with java code or third-party tool.

x

Caused by: oracle.net.ns.NetException: JNDI Package failure javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=oracle-context,dc=test,dc=com'

Cause : 
            It's searching for the available object in the LDAP directory tree, but it's not available, so we might check the correct object name. if it's any typo or checks and provide the right object name.

I debugged the Oracle driver and saw orclNetDescString is empty, That's why the Oracle LDAP connection is not connected. So it requires some OID schema. 

Solution : 

     Download the LDIF files that I mentioned below, those files help to connect to Oracle LDAP authentication.

     Create a folder and copy LDIF files in that location

1.  oidbase.ldif
2.  oidnet.ldif
3.  oidrdbms.ldif
   
   

Add the above files to the LDAP server

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/oracle-ldap/oidbase.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/oracle-ldap/oidnet.ldif

           ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/oracle-ldap/oidrdbms.ldif

Create the /etc/openldap/testdb.ldif file and paste the below lines

dn: cn=testdb,dc=itfits,dc=biz

objectclass: top

objectclass: orclNetService

cn: testdb

orclNetDescString: (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=testdb)))

Build the structure of the directory service

ldapadd -x -W -D "cn=Manager,dc=test,dc=com" -f testdb.ldif

Oracle server-side changes are required, follow the below steps 

The LDAP server is ready to serve our oracle. However, our oracle  might not be prepared for talking with an LDAP server therefore we should spend some time configuring them we must create an “$ORACLE_HOME/network/admin/ldap.ora” file, with the following content:

Note: If you don't have the ldap.ora file, then create a new ldap.ora file under this $ORACLE_HOME/network/admin/ldap.ora

# ldap.ora

# Place this file in the network/admin subdirectory or your

# $ORACLE_HOME location.

DIRECTORY_SERVERS = (<Hostname or IP>:389:636)

DEFAULT_ADMIN_CONTEXT = "dc=test,dc=com"

DIRECTORY_SERVER_TYPE = OID

once completed with the all steps just restart the oracle server and LDAP server, just for safety purposes.

Finally, make the LDAP JDBC URI connect to oracle

jdbc:oracle:thin:@ldap://<Hostname or IP>:389/cn=testdb,dc=test,dc=com

Use any third-party tool to connect oracle LDAP connection, Here we are using Oracle SQL server

Oracle LDAP authentication code example

package testdb.oracle.jdbc;

import java.sql.Connection;

import java.sql.DriverManager;

import java.sql.ResultSet;

import java.sql.SQLException;

import java.util.Properties;

public class LDAPConn {

    public static void main(String[] args) throws SQLException {

        String url = "jdbc:oracle:thin:@ldap://<ip or hostname>:389/cn=testdb,dc=test,dc=com";

        Properties props = new Properties();

        props.setProperty("user", "testuser");

        props.setProperty("password", "ldappassword");

        DriverManager.registerDriver(new oracle.jdbc.OracleDriver());

        Connection conn = DriverManager.getConnection(url, props);

if(!conn.isClosed()){

            System.out.println("<<<< LDAP auth connected successfully >>>>");

        }

        ResultSet res = conn.

                prepareCall("select 'Hello LDAP sirthik World' txt from dual").

                executeQuery();

        res.next();

        System.out.println(res.getString("TXT"));

    }

}

Output