From SQLDeveloper 18.4 kerberos works on windows with thin driver and Active Directory Kerberos and using "native credential cache” configured by not entering a file cache name.
Friday, 17 May 2019
Wednesday, 15 May 2019
LDAP - User report no context shown
Hi user
18.2 required an ldap.ora (by mistake on my part).
(you can specify a default context in ldap.ora)
I tried the following:
Windows (2012) 19.1 against oid12 - success without ldap.ora
Mac 19.1 against oid12 - success. (with or without ldap.ora) (the ldap search screens are pure java - not affected by oracle client etc - emulation of ldap.ora support).
Useful for the user to know.
It does not tell you anything if you got the host or port wrong (it is as you report no context shown - please check your host and port are valid - and there Is nothing in the way (firewall) - you could use a previous 'known working' SQLDeveloper version on the same windows machine/user)
Press enter after entering the ldap server to get Context populated.
Load to fill the service entries list (double click from pull down (or type in) to select a service) (What is typed in narrows selection).
Changes in this release:
Performance fix around aliases
Load in pages (i.e. can load in pages over the default 1000 entries). (Loads in pages of 499 - could conflict with old configuration)
Tries subtree, peer and exact search. (uses first one that does not error out/returns data)
Useful for the oid admin to know:
There are two very similar setting one of them is now required, here is one of them
-Turloch
SQLDeveloper team.
Friday, 3 May 2019
ldap - ldap.ora for host and context
ldap - ldap.ora for host and context
combobox - type in - no search required - i.e. no tree search required. (One customer said they could do without search if that was the issue stopping ODS from working)
combobox - type in - no search required - i.e. no tree search required. (One customer said they could do without search if that was the issue stopping ODS from working)
Friday, 1 March 2019
SQLDeveloper 18.4 active directory 'kerberos' login using not file based ticket should work
SQLDeveloper 18.4 active directory 'kerberos' login using not file based ticket should work - i.e. ticket cache name not forced to be a string/file -> one of the defaults tried is internal cache
Tuesday, 6 November 2018
DONE: Retreived existing kerberos/Active Directory internal ticket. TODO: confirm an existing internal ticket based Kerberos/Active directory login to Database with java.
Code:
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/jjdbc/client-side-security.html#GUID-991705F7-C2C5-4BA9-85D1-32749AE2FF64
Kerberos Hello World login:
For testing with Active Directory
krb5.conf or krb5.ini setting required - or copy it to java default place
Cross site registry setting may be required: https://support.microsoft.com/en-gb/help/308339/registry-key-to-allow-session-keys-to-be-sent-in-kerberos-ticket-grant
Old but seems comprehensive notes:
http://cr.openjdk.java.net/~weijun/special/krb5winguide-2/raw_files/new/kwin
Login code:
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/jjdbc/client-side-security.html#GUID-991705F7-C2C5-4BA9-85D1-32749AE2FF64
Replace "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)"+
"(HOST=oracleserver.mydomain.com)(PORT=5221))(CONNECT_DATA=" +
"(SERVICE_NAME=orcl)))" with your connection details.
Replace "/home/Jdbc/Security/kerberos/krb5.conf" with your krb5.ini or krb5.conf (java also has a default place to look if this is not set). (with windows use double back slash \\)
If you want to use internal cache comment out:
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME,
"/tmp/krb5cc_5088");
Look at: "Attempt to connect with the default user:"
Ignore: "Attempt to connect with a specific user:"
use ojdbc8.jar (from sqldeveloper or sqlcl).
javac -cp ojdbc8.jar KerberosJdbcDemo.java
java -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -cp ojdbc8.jar;. KerberosJdbcDemo
You can use these settings in your sqldeveloper.conf (and start sqldeveloper from sqldeveloper/bin) to get this tracing/debugging in sqldeveloper.
(Currently (SQLDeveloper 18.3) internal cache does not work with sqldeveloper - you need an explicit file based cache).
(If you get >>> Found no TGT's in LSA you could need registry setting)
should see: >>> Obtained TGT from LSA: Credentials:
My Active Directory is not linked to my Oracle Database at the moment - so I could not check if this ticket worked for database login.
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/jjdbc/client-side-security.html#GUID-991705F7-C2C5-4BA9-85D1-32749AE2FF64
Kerberos Hello World login:
For testing with Active Directory
krb5.conf or krb5.ini setting required - or copy it to java default place
Cross site registry setting may be required: https://support.microsoft.com/en-gb/help/308339/registry-key-to-allow-session-keys-to-be-sent-in-kerberos-ticket-grant
Old but seems comprehensive notes:
http://cr.openjdk.java.net/~weijun/special/krb5winguide-2/raw_files/new/kwin
Login code:
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/jjdbc/client-side-security.html#GUID-991705F7-C2C5-4BA9-85D1-32749AE2FF64
Replace "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)"+
"(HOST=oracleserver.mydomain.com)(PORT=5221))(CONNECT_DATA=" +
"(SERVICE_NAME=orcl)))" with your connection details.
Replace "/home/Jdbc/Security/kerberos/krb5.conf" with your krb5.ini or krb5.conf (java also has a default place to look if this is not set). (with windows use double back slash \\)
If you want to use internal cache comment out:
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME,
"/tmp/krb5cc_5088");
Look at: "Attempt to connect with the default user:"
Ignore: "Attempt to connect with a specific user:"
use ojdbc8.jar (from sqldeveloper or sqlcl).
javac -cp ojdbc8.jar KerberosJdbcDemo.java
java -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -cp ojdbc8.jar;. KerberosJdbcDemo
You can use these settings in your sqldeveloper.conf (and start sqldeveloper from sqldeveloper/bin) to get this tracing/debugging in sqldeveloper.
(Currently (SQLDeveloper 18.3) internal cache does not work with sqldeveloper - you need an explicit file based cache).
(If you get >>> Found no TGT's in LSA you could need registry setting)
should see: >>> Obtained TGT from LSA: Credentials:
My Active Directory is not linked to my Oracle Database at the moment - so I could not check if this ticket worked for database login.
Monday, 22 October 2018
New Developer Day VM 18.3 (18.2 APEX)
https://www.oracle.com/
Errata:
1/ Occasional SQLDeveloper startup issue:
2/ DBCA trick
3/ JET lab
4/ reset scripts
1/Occasional SQLDeveloper startup issue:
2/ DBCA Trick:
For dbca copy in assistance directory to $ORACLE_HOME from unzip of 18.3 Oracle Database download
https://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
3/JET lab
Automated set up of seconds ords for use in JET lab (2nd ords also be done through sqldeveloper as described in labs)
2nd pdb 2nd ords
newpdbords -Sets up 2nd pdb called 'ORDS'
9090init -Starts up ords on new pdb port 9090
(can start stop with 9090start 9090stop)
#!/bin/bash
. /home/oracle/.bashrc
newpdbords
9090init
sleep 180
cd /home/oracle/sqldeveloper/ords
echo '#!/usr/bin/expect
exp_internal 1
set timeout 1200
spawn $JAVA_HOME/bin/java -jar ords.war user ords_dev "SQL Developer"
expect -regexp "Enter a password for user ords_dev." { send "oracle\r" }
expect -regexp "Confirm password for user ords_dev." {send "oracle\r"}
expect -regexp "Something that will never happen to force keep searching until process end" {send "neverhappen\r"}
interact'| sed 'sZ$JAVA_HOMEZ'"$JAVA_HOME"'Zg' > ~/bin/xp.sh
chmod 755 ~/bin/xp.sh
~/bin/xp.sh
echo '#!/usr/bin/expect
exp_internal 1
set timeout 1200
spawn $JAVA_HOME/bin/java -jar ords.war user ords_admin "Listener Administrator"
expect -regexp "Enter a password for user ords_admin." { send "oracle\r" }
expect -regexp "Confirm password for user ords_admin." {send "oracle\r"}
expect -regexp "Something that will never happen to force keep searching until process end" {send "neverhappen\r"}
interact'| sed 'sZ$JAVA_HOMEZ'"$JAVA_HOME"'Zg' > ~/bin/xp.sh
chmod 755 ~/bin/xp.sh
~/bin/xp.sh
cd -
9090stop
#on ords 9090 reset we want reinstall not uninstall
touch ~/.ordsreinstall
#note 9090init has a 3 minute wait to ensure ords has started
4/reset scripts
Report any issues - if reset fails reimport VM
- Oracle Linux 7
- Oracle Database 18.3 Linux x86-64
- Oracle SQL Developer 18.3
- Oracle Application Express 18.2
- Hands-On-Labs (accessed via the Toolbar Menu in Firefox)
- Oracle REST Data Services 18.3
- Oracle SQL Developer Data Modeler 18.3
- Oracle XML DB
Errata:
1/ Occasional SQLDeveloper startup issue:
2/ DBCA trick
3/ JET lab
4/ reset scripts
1/Occasional SQLDeveloper startup issue:
(java:23682): Gdk-ERROR **: The program 'java' received an X Window System error.
This probably reflects a bug in the program.
The error was 'RenderBadPicture (invalid Picture parameter)'.
(Details: serial 17547 error_code 143 request_code 139 minor_code 7)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the --sync command line
option to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
/u01/userhome/oracle/sqldeveloper/sqldeveloper/bin/../../ide/bin/launcher.sh: line 1606: 23682 Trace/breakpoint trap (core dumped) ${JAVA} "${APP_VM_OPTS[@]}" ${APP_ENV_VARS} -classpath ${APP_CLASSPATH} ${APP_MAIN_CLASS} "${APP_APP_OPTS[@]}"
[oracle@localhost ~]$ which java
~/java/jdk1.8.0_152/bin/java
2/ DBCA Trick:
For dbca copy in assistance directory to $ORACLE_HOME from unzip of 18.3 Oracle Database download
https://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
3/JET lab
Automated set up of seconds ords for use in JET lab (2nd ords also be done through sqldeveloper as described in labs)
2nd pdb 2nd ords
newpdbords -Sets up 2nd pdb called 'ORDS'
9090init -Starts up ords on new pdb port 9090
(can start stop with 9090start 9090stop)
#!/bin/bash
. /home/oracle/.bashrc
newpdbords
9090init
sleep 180
cd /home/oracle/sqldeveloper/ords
echo '#!/usr/bin/expect
exp_internal 1
set timeout 1200
spawn $JAVA_HOME/bin/java -jar ords.war user ords_dev "SQL Developer"
expect -regexp "Enter a password for user ords_dev." { send "oracle\r" }
expect -regexp "Confirm password for user ords_dev." {send "oracle\r"}
expect -regexp "Something that will never happen to force keep searching until process end" {send "neverhappen\r"}
interact'| sed 'sZ$JAVA_HOMEZ'"$JAVA_HOME"'Zg' > ~/bin/xp.sh
chmod 755 ~/bin/xp.sh
~/bin/xp.sh
echo '#!/usr/bin/expect
exp_internal 1
set timeout 1200
spawn $JAVA_HOME/bin/java -jar ords.war user ords_admin "Listener Administrator"
expect -regexp "Enter a password for user ords_admin." { send "oracle\r" }
expect -regexp "Confirm password for user ords_admin." {send "oracle\r"}
expect -regexp "Something that will never happen to force keep searching until process end" {send "neverhappen\r"}
interact'| sed 'sZ$JAVA_HOMEZ'"$JAVA_HOME"'Zg' > ~/bin/xp.sh
chmod 755 ~/bin/xp.sh
~/bin/xp.sh
cd -
9090stop
#on ords 9090 reset we want reinstall not uninstall
touch ~/.ordsreinstall
#note 9090init has a 3 minute wait to ensure ords has started
4/reset scripts
Report any issues - if reset fails reimport VM
Wednesday, 6 June 2018
New Developer day VM
http://www.oracle.com/technetwork/database/enterprise-edition/databaseappdev-vm-161299.html
Virtualbox 5.2.8 or above
for performance use 3GB RAM 2 CPU
New ish:
rest enabled sql
rest enabled jdbc sql username/password@http://...(to ORDS)
+18.1 ORDS SQLDeveloper SQLCL modeller APEX
Oracle Linux 7 update5 (yum updated from 7u3 iso)
executables now under applications->other
(only .txt and .html can be easily clicked on desktop with no popups)
readme.txt and readmeCopy.txt - the same - one sometimes gets half hidden in icon layout.
errata
Same as last release + more recent software
any requests/what does not work let me know in the comments.
Virtualbox 5.2.8 or above
for performance use 3GB RAM 2 CPU
New ish:
rest enabled sql
rest enabled jdbc sql username/password@http://...(to ORDS)
+18.1 ORDS SQLDeveloper SQLCL modeller APEX
Oracle Linux 7 update5 (yum updated from 7u3 iso)
executables now under applications->other
(only .txt and .html can be easily clicked on desktop with no popups)
readme.txt and readmeCopy.txt - the same - one sometimes gets half hidden in icon layout.
errata
Same as last release + more recent software
any requests/what does not work let me know in the comments.
Subscribe to:
Posts (Atom)