Recently I’ve setup Oracle Enterprise User Security (EUS) with Oracle Unified Directory (OUD) on my favorite linux test system. Among regular 220.127.116.11 and 18.104.22.168 databases I do also have a 22.214.171.124 Container Database. EUS work like a charm on the regular databases but not on the PDB.
ORA-28305: WALLET_LOCATION IN sqlnet.ora file FOR container DATABASE IS NOT
Warning: You are no longer connected TO ORACLE.
The error seems to be a bit weird. So fare I’ve explicitly set the wallet location to make sure the wallet it somewhere I decided. I have a shared
sqlnet.ora file, where I use
$ORACLE_SID in the path for the different instances. An excerpt from my
(METHOD = File)
(METHOD_DATA = (DIRECTORY = /u00/app/oracle/admin/$ORACLE_SID/wallet)))
The action described for the Oracle Error Message ORA-28305 is clear. Remove WALLET_LOCATION from
sqlnet.ora to use EUS also for Container Databases.
- DB_NAME : TDB12C
- DB_DOMAIN :
- INSTANCE : 1
- INSTANCE_NAME : TDB12C
- SERVER_HOST : o-sec
- SESSION_USER : C##SOE
- PROXY_USER :
- AUTHENTICATION_METHOD : PASSWORD
- IDENTIFICATION_TYPE : GLOBAL SHARED
- NETWORK_PROTOCOL :
- OS_USER : oracle
- AUTHENTICATED_IDENTITY: SOE
- ENTERPRISE_IDENTITY : cn=soe,cn=Users,dc=trivadistraining,dc=com
- ISDBA : FALSE
- CLIENT_INFO :
- PROGRAM : sqlplus@o-sec (TNS V1-V3)
- MODULE : SQL*Plus
- IP_ADDRESS :
- SID : 39
- SERIAL# : 47117
- SERVER : DEDICATED
- TERMINAL : pts/6
PL/SQL PROCEDURE successfully completed.
The corresponding Oracle Bug 17758886 has been rejected as “not a Bug”. Oracle® Database Net Services Reference 12c Release 1 (12.1) WALLET_LOCATION does not mention PDB’s. There is only some information in the Oracle® Database Reference 12c Release 1 (12.1) Using LDAP_DIRECTORY_ACCESS with PDBs.
It seems, that with PDB’s it is not possible to explicitly set a wallet location. If the default location is not appropriate for your database environment, you have to use soft links use an alternative location for your wallet.
By the way, the wallet for TDE or for Secure External Password Store (SEPS) is not affected. You may still set WALLET_LOCATION for SEPS or ENCRYPTION_WALLET_LOCATION for TDE.
Some links related to this topic.
- Oracle® Database Error Messages 12c Release 1 (12.1) ORA-28305
- Oracle® Database Reference 12c Release 1 (12.1) Using LDAP_DIRECTORY_ACCESS with PDBs
- Bug 17758886 ENABLING EUS FOR PDB BREAKS SSL CLIENT-SERVER CONNECTIVITY
- How to configure SEPS for the pluggable databases [1980698.1]
If time permits, I’ll write a few blog post about setting up and configuring EUS with OUD.