Lars,
Wow! This is an excellent doc on setting up NDS
authentication!
Eric - Thanks for sharing it.
I have a few comments:
> But now you should stop your Oracle server (not
> Netware) and restart
> it. The Oracle software will find the database
> object, you've created
> in NDS, and fill in the NDS naming adapter
> information.
Actually it's the listener that populates the info in
NDS, so it's only necessary to stop and restart the
listener.
There are also a few restrictions on the server side
for using NDS authentication:
- Partition must be master read/write partition
Otherwise the ORASCHEM.NLM which extends the schema
with the Oracle object info won't be able to do so.
This is automatically run during installation, but can
be run at any time (you'll get errors if the schema
has already been extended, but they can be ignored).
ORACLEAN.NLM removes the schema extensions.
- Partition must reside on the same server on which
Oracle resides.
- Oracle object must be in the same Org Unit (OU) as
the server object.
HTH,
- Anita
- "Eric D. Pierce" <PierceED_at_csus.edu> wrote:
>
> ------- Forwarded message follows -------
> To: "Netware 4 Discussion List"
> <Netw4l_at_mail.otherwhen.com>
> Date sent: Tue, 20 Jun 2000 11:34:22 +0200
> Send reply to: Netw4l_at_mail.otherwhen.com
>
> Hi everyone,
>
> It seems quite a few would like my tips on Oracle,
> so here they are:
>
> *** Basic installation
>
> First of all: Oracle on Netware runs fine without
> any NDS
> integration. So do that for a start: install Oracle
> - and make sure
> it works. The important test is to install the
> server and a client,
> and make sure the client can connect to the server.
> The best test is
> to use SQL Plus to connect and browse a little
> around, however, Net8
> Easy Config will allow you to setup a connection and
> test it
> directly.
>
> *** Snap-in
>
> Next, you need to be able to load the NWAdmin Oracle
> snapin. This is
> no fun, it took me a long time. There's some old
> versions around, and
> the setup is not obvious. So:
>
> You'll need three files: nwora80.dll, zna80us.dll,
> and zna80us.hlp.
> With NWAdmin32, nwora80 must be in
> sys:public\win32\snapins, and the
> two zna80us files in sys:public\win32 - or whatever
> path you have to
> your NWA.
>
> The versions that works for me are:
>
> nwora80.dll Feb. 16, 1998
> zna80us.dll Oct. 3, 1996
> zna80us.hlp Sep. 27, 1996
>
> The final thing to be aware of is that you must have
> Oracle's client
> software installed and working for the snapin to
> load. In other
> words: If you copy the snapin to your server, be
> prepared to have a
> load error from the snapin every time you run NWA on
> a machine
> without the Oracle client installed.
>
> *** Integration
>
> Oracle/NDS integration is not one, but _two_ things!
> Takes a while to
> figure out...
>
> *** Name services
>
> As if we didn't have enough name services around,
> Oracle has invented
> their own. It's called TNS. There's nothing magic
> about it, it's just
> yet another name service. Configuring it, though,
> requires quite a
> few steps.
>
> The Oracle client must be able to lookup the server
> in some way;
> you'd think you could just supply the IP and of you
> go, but this is
> not the case. On the contrary, you must supply a
> name that can be
> resolved in some way.
>
> For the client, this is configured in the file
> sqlnet.ora, which can
> be found in the subdir net80\admin under the base
> directory. This
> file has a line like
>
> NAMES.DIRECTORY_PATH= (NOVELL, TNSNAMES, HOSTNAME)
>
> which means: Use NDS first, then TNS, then DNS.
> Hostname is the usual
> mix of a hostfile and DNS, TNS is Oracle's native
> system, and Novell
> is, you guessed it, NDS. TNS is just a 'host' file
> like the one known
> from IP, however, it's pretty complex and easiest
> setup using Net80
> Easy Config. It's physical location is
> net80\admin\tnsnames.ora
> (still under the client base directory). It can be
> distributed like a
> host file.
>
> TNS uses a DNS like naming system - with a default
> 'domain' of
> '.world'. This means that if you create a database
> reference called
> 'myserver', it's real name will be 'myserver.world',
> but as '.world'
> is default, you can connect to it using the name
> 'myserver' as well
> as the name 'myserver.world'. If you can't, you have
> a basic problem
> with you setup that has nothing to do with NDS.
>
> Whilst I'm going into details about TNS, you really
> don't want to use
> it. The charm of NDS integration is, among other
> things, that you
> won't need it - the Oracle client can lookup the
> nescessary details
> directly in NDS. You'll only need it for the initial
> connect before
> you have NDS integration running.
>
> Asuming you can now connect without NDS, lets start
> the fun:
>
> Using NWAdmin, you should now create an NDS object
> for your database
> instance. Open NWAdmin, and create an 'Oracle
> Instance' object.
> You'll have to answer a few basic questions, with
> the host NW server
> beeing one of the most important. When you've
> created you object,
> you're done for now. It _won't_ work at the moment -
> if you go into
> the tab named 'Connect Address', the fiels 'NDS
> Naming Adapter
> Connection Information' is empty.
>
> If you want a little testing at this stage, though,
> you can fill in
> the edit box called 'Service Name' with a valid TNS
> name known to
> work. Save this, reopen your object, and you should
> be able to test
> the connection using the status button found on the
> 'Identification'
> tab. After a little while, it should say 'Available,
> Running'.
>
> But now you should stop your Oracle server (not
> Netware) and restart
> it. The Oracle software will find the database
> object, you've created
> in NDS, and fill in the NDS naming adapter
> information. Verify this
> by going to the 'Connect Address' tab. Set a check
> mark next to
> 'Enable NDS Naming', and you're almost through.
>
> Close the object (saving your changes) and reopen
> it, you should now
> be able to get the status of the server without
> using TNS names at
> all.
>
> NDS works now, but you still have to tell your
> client software to use
> NDS. You do this by editing the sqlnet.ora file
> mentioned above to
> include NOVELL in the statement below:
>
> NAMES.DIRECTORY_PATH= (NOVELL, TNSNAMES, HOSTNAME)
>
> You can remove the reference to TNS and hostname, if
> you wish.
>
> From now on, whenever you want to connect to your
> Oracle database,
> you only have to supply the name of the object you
> created in NDS. As
> always with NDS, you can use the full path name like
> ..myserver_db.my_org, but you can also set a default
> context in the
> Oracle software and only supply the object name
> without the context.
>
> You do this by adding the line
>
> NAMES.NDS.NAME_CONTEXT = my_org
>
> to the sqlnet.ora file.
>
> This is the real beauty of NDS: You won't have to
> distribute and
> maintain TNS and/or host files on your client
> machines anymore.
>
> *** User integration
>
> The other half of NDS integration is a lot better
> documented, so I
> won't go into the same details about it. Basically,
> you should now
> the following:
>
> You use NWAdmin to setup various user details. What
> you want is
> typically to map an Oracle user to an NDS group; you
> can then add NDS
> users to these groups, and they will aquire the
> rights of the mapped
> Oracle user.
>
> Before you can do any of this, though, you must
> connect to the
> database. Several tabs in the snapin has a 'Connect'
> button, which
> you need only use once. You should be able to
> connect whether or not
> you use NDS Naming as described above. If you have
> NDS user
> integration running, you do not need to supply any
> login credentials
> to connect to the DB, Oracle will grab them from
> NDS.
>
> There's a lot of options you can set using the
> snapin, but this is
> more regular Oracle stuff, and even the use of the
> snapin is pretty
> well documented.
>
> What's important here is that you'll (again) need to
> setup the client
> software to use NDS for authentication. You do this
> by adding a line
> like
>
> SQLNET.AUTHENTICATION_SERVICES = (NDS)
>
> to the client's sqlnet.ora file.
>
> When you've done that, you should be able to login
> to the DB using
> NDS: Whenever you're asked about a user name, use
> '/' (a forward
> slash) for the name. This is a special Oracle sign
> meaning 'use OS
> user name'. Don't supply a password. You should be
> able to connect
> using the rights you've created in NDS.
>
> *** Summing up
>
> NDS integration is about two distinct areas: Name
> services, used to
> lookup the location of the Oracle server, and user
> authentication,
> used to login the user.
>
> Typically, when you want to access an Oracle
> database, you need to
> supply the following information: Username,
> password, and server
> name. You can use NDS for the first two, and TNS or
> another naming
> service for the last, or you can supply the two
> first in the
> traditional way, and you NDS for the last - or you
> can use NDS for
> all of it.
>
> Do remember that you can configure (and not least
> test) the two parts
> individually.
>
> Whilst full NDS integration is nice, of course, the
> ability to split
> it up can be pretty nice as well: I have written a
> syslog server that
> dumps all information into the Oracle DB. It's
> written using Delphi
> and hence BDE, Borland Database Engine. The latter
> cannot login to
> Oracle using OS authentication anyway, but for my
> app, that's pretty
> smart. The syslog server will login to Oracle as the
> syslog server,
> not as the NDS user who happens to be logged in at
> the moment to the
> machine running the syslog server. It still uses NDS
> Naming to lookup
> the location of the database.
>
> Regards,
> Lars
>
> --
> Lars Skjærlund, Network Consultant, Spinn
> International ApS
> Bukkeballevej 30, 2960 Rungsted Kyst, Denmark
> Tel.: +45 70 25 88 10, Fax: +45 70 25 88 44
> Mail: lars@spinn.dk Web: http://www.spinn.dk
> --
> ----------------
> To get information about how to subscribe to,
> unsubscribe from, complain or
> make suggestions about the NetWare 4 list, just
> double click the line below:
> mailto:maiser_at_mail.otherwhen.com?subject
>
> or surf over to
> http://hostigos.otherwhen.com/mailing_lists.html
> ------- End of forwarded message -------
> --
> Author: Eric D. Pierce
> INET: PierceED_at_csus.edu
>
> Fat City Network Services -- (858) 538-5051 FAX:
> (858) 538-5051
> San Diego, California -- Public Internet
> access / Mailing Lists
>
> To REMOVE yourself from this mailing list, send an
> E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of
Received on Wed Jun 21 2000 - 04:35:25 CDT
