My Oracle Support Banner

How To Configure Non-Anonymous Secure Bind for LDAP Net Service Name Resolution when Usercertificate DN does not Match with the Entry DN in OID (Doc ID 456766.1)

Last updated on JULY 03, 2017

Applies to:

Oracle Net Services - Version 11.1.0.6.0 to 11.2.0.4 [Release 11.1 to 11.2]
Oracle Security Service - Version 10.1.2.0 and later
Information in this document applies to any platform.

Goal

You would like to secure TNS net service names stored in Oracle Internet Directory (OID) by disabling anonymous bind.

Non-anonymous bind uses SSL to bind with the OID for net service name resolution. You have the restriction that the DN in the client wallet should match the user entry DN in OID. This article explains on how to configure non-anonymous bind if your user certificate DN does not match with the entry DN in OID.


■ This feature is useful if your Public Key Infrastructure (PKI) certificate authority does not support the use of two common names (cn) in the DN.
■ This also enables you to restructure your Directory without requiring new certificates for users or databases.
■ You no longer have to bother if the DN in user certificate matches with DN in OID or not.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Prerequisites:
 
Step 1 : Create SSL Configset on OID
 Step 2: Create a User in OID 
 
Step 3: Create a wallet that can be used on the client
 

Step 4: Provision the Client User Certificate into OID
 Step 5: Verify SSL Configuration
 Step 6: Restrict Access to Net Service Names in OID
 Step 7: Configure Oracle Client for Net Service Name resolution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.