How To Configure Non-Anonymous Secure Bind for LDAP Net Service Name Resolution when Usercertificate DN does not Match with the Entry DN in OID (Doc ID 456766.1)

Last updated on JULY 03, 2017

Applies to:

Oracle Net Services - Version 11.1.0.6.0 to 11.2.0.4 [Release 11.1 to 11.2]
Oracle Security Service - Version 10.1.2.0 and later
Information in this document applies to any platform.

Goal

You would like to secure TNS net service names stored in Oracle Internet Directory (OID) by disabling anonymous bind.

Non-anonymous bind uses SSL to bind with the OID for net service name resolution. You have the restriction that the DN in the client wallet should match the user entry DN in OID. This article explains on how to configure non-anonymous bind if your user certificate DN does not match with the entry DN in OID.


■ This feature is useful if your Public Key Infrastructure (PKI) certificate authority does not support the use of two common names (cn) in the DN.
■ This also enables you to restructure your Directory without requiring new certificates for users or databases.
■ You no longer have to bother if the DN in user certificate matches with DN in OID or not.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms