Re: Oracle / LDAP ACLs

From: Mikhail Velikikh <mvelikikh_at_gmail.com>
Date: Mon, 8 Jul 2024 22:51:43 +0100
Message-ID: <CALe4Hp=zOWUtUxLQ-hwdUDJ7H8phJ1PjxUi9-Z6CENRsX5hdFQ_at_mail.gmail.com>



You can set the events below to enable extended debugging of the network ACL component:

alter session set events '10937 level 6:trace[xsacl]'; -- run the problem code causing ORA-24247 -- disable debugging
alter session set events '10937 off:trace[xsacl] off';

The output of event 10937 is discussed in https://berxblog.blogspot.com/2021/05/tracing-network-acls.html

On a different topic, you have not mentioned your Oracle version but the procedures you are using have been deprecated since 12.1: https://docs.oracle.com/database/121/ARPLS/d_networkacl_adm.htm#ARPLS74568

Best regards,
*Mikhail Velikikh*

On Mon, 8 Jul 2024 at 15:01, Scott Canaan <dmarc-noreply_at_freelists.org> wrote:

> I’m trying to allow Oracle to connect to LDAP using ACLs. The user that
> requested it is still getting “ORA-24247: network access denied by access
> control list (ACL)”. This is what I’ve tried:
>
>
>
> BEGIN
>
> DBMS_NETWORK_ACL_ADMIN.create_acl (
>
> acl => 'ldap_acl_file.xml',
>
> description => 'ACL to grant access to LDAP server',
>
> principal => 'APEX_EBA',
>
> is_grant => TRUE,
>
> privilege => 'connect',
>
> start_date => SYSTIMESTAMP,
>
> end_date => NULL);
>
> end;
>
> /
>
> begin
>
> DBMS_NETWORK_ACL_ADMIN.assign_acl (
>
> acl => 'ldap_acl_file.xml',
>
> host => 'ldap.rit.edu',
>
> lower_port => 389,
>
> upper_port => NULL);
>
> end;
>
> /
>
>
>
> begin
>
> DBMS_NETWORK_ACL_ADMIN.assign_acl (
>
> acl => 'ldap_acl_file.xml',
>
> host => 'ldap.rit.edu',
>
> lower_port => 686,
>
> upper_port => NULL);
>
>
>
> COMMIT;
>
> END;
>
> /
>
>
>
> I don’t see what is wrong here.
>
>
>
> *Scott Canaan ‘88*
>
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>

--
http://www.freelists.org/webpage/oracle-l
Received on Mon Jul 08 2024 - 23:51:43 CEST

Original text of this message