Enterprise User Security (EUS) really appeals to me and so I was very keen to get a proof of concept up and running. It’s something I’d looked into in the past, but one thing or another had come in the way of actually getting it done. Mainly other demands on my time, but also the politics around LDAP management in organisations slowing down or stopping projects.
After getting OID setup in my lab, creating a user called “martin” in the directory and registering the database in the directory (OID) via DBCA it was time to test logging in:
[oracle@cs-03 ~]$ sqlplus martin SQL*Plus: Release 188.8.131.52.0 Production on Sat Jul 21 13:58:18 2012 Copyright (c) 1982, 2011, Oracle. All rights reserved. Enter password: Connected to: Oracle Database 11g Enterprise Edition Release 184.108.40.206.0 - 64bit Production With the Partitioning option SQL> select sys_context('userenv','current_user') current_user, 2 sys_context('userenv','authenticated_identity') authenticated_identity, 3 sys_context('userenv','enterprise_identity') enterprise_identity 4 from dual; CURRENT_US AUTHENTICA ENTERPRISE_IDENTITY ---------- ---------- ---------------------------------------- GLOBAL_EUS MARTIN cn=martin,cn=Users,dc=orasavon,dc=com SQL>
All looking good.
As one of my clients had plans to use EUS for managing access for developers (to development databases) it seemed logical to try to connect using Oracle’s SQL Developer (as that’s the only “development tool” I have running on my laptop).
I got the following error:
[SQL Developer version 3.1.06]
This was going to be a bit of a problem. Not everyone likes working with SQL*Plus as much as I do.
It was some time before I got chance to investigate properly, but when I did the following MOS note seemed relevant:
How to Connect to an EUS Database Using 11g Thin JDBC Driver? [ID 793673.1]
The key part of the note is the need to set
I had to work out how to change the Java options for SQL Developer, which turns out to be very simple.
The following applies to a Mac, but the .conf file will be in the same location relative to the top level “sqldeveloper” directory regardless of the platform. For example, on my “Oracle Developer Days” Linux VM it is /opt/sqldeveloper/sqldeveloper/bin/sqldeveloper.conf.
- Backup /Applications/SQLDeveloper.app/Contents/Resources/sqldeveloper/sqldeveloper/bin/sqldeveloper.conf
- Open the file with your preferred text editor
- Add the following as a new option: AddVMOption -Doracle.jdbc.thinLogonCapability=o3
- Save the file
- Restart SQL Developer
Now connection to the EUS authenticated account works.