{"id":2053,"date":"2015-10-31T14:00:47","date_gmt":"2015-10-31T13:00:47","guid":{"rendered":"http:\/\/www.oradba.ch\/?p=2053"},"modified":"2016-05-10T17:40:11","modified_gmt":"2016-05-10T15:40:11","slug":"wallet_location-in-sqlnet-ora-for-container-databases","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2015\/10\/wallet_location-in-sqlnet-ora-for-container-databases\/","title":{"rendered":"WALLET_LOCATION in sqlnet.ora for Container Databases"},"content":{"rendered":"

Recently I’ve setup Oracle Enterprise User Security (EUS) with Oracle Unified Directory (OUD) on my favorite linux test system. Among regular 11.2.0.4 and 12.1.0.2 databases I do also have a 12.1.0.2 Container Database. EUS work like a charm on the regular databases but not on the PDB. <\/p>\n

\r\nSQL> conn soe\r\nEnter password: \r\nERROR:\r\nORA-28305: WALLET_LOCATION in sqlnet.ora file for container database is not\r\nsupported.\r\n\r\n\r\nWarning: You are no longer connected to ORACLE.\r\n<\/pre>\n
The error seems to be a bit weird. So fare I’ve explicitly set the wallet location to make sure the wallet it somewhere I decided. I have a shared sqlnet.ora<\/code> file, where I use $ORACLE_SID<\/code> in the path for the different instances. An excerpt from my sqlnet.ora<\/code> file<\/p>\n
\r\n...\r\nWALLET_LOCATION =\r\n  (SOURCE =\r\n    (METHOD = File)\r\n    (METHOD_DATA = (DIRECTORY = \/u00\/app\/oracle\/admin\/$ORACLE_SID\/wallet)))\r\n\r\nENCRYPTION_WALLET_LOCATION=\r\n (SOURCE=\r\n  (METHOD=FILE)\r\n   (METHOD_DATA=\r\n    (DIRECTORY=\/u00\/app\/oracle\/admin\/$ORACLE_SID\/tde_wallet\/)))\r\n...\r\n<\/pre>\n
The action described for the Oracle Error Message ORA-28305<\/a> is clear. Remove WALLET_LOCATION from sqlnet.ora<\/code> to use EUS also for Container Databases.<\/p>\n
SQL> conn soe\r\nEnter password: \r\nConnected.\r\nSQL> @sousrinf\r\nDatabase Information\r\n--------------------\r\n- DB_NAME\t\t: TDB12C\r\n- DB_DOMAIN\t\t:\r\n- INSTANCE\t\t: 1\r\n- INSTANCE_NAME \t: TDB12C\r\n- SERVER_HOST\t\t: o-sec\r\n-\r\nAuthentification Information\r\n----------------------------\r\n- SESSION_USER\t\t: C##SOE\r\n- PROXY_USER\t\t:\r\n- AUTHENTICATION_METHOD : PASSWORD\r\n- IDENTIFICATION_TYPE\t: GLOBAL SHARED\r\n- NETWORK_PROTOCOL\t:\r\n- OS_USER\t\t: oracle\r\n- AUTHENTICATED_IDENTITY: SOE\r\n- ENTERPRISE_IDENTITY\t: cn=soe,cn=Users,dc=trivadistraining,dc=com\r\n-\r\nOther Information\r\n-----------------\r\n- ISDBA \t\t: FALSE\r\n- CLIENT_INFO\t\t:\r\n- PROGRAM\t\t: sqlplus@o-sec (TNS V1-V3)\r\n- MODULE\t\t: SQL*Plus\r\n- IP_ADDRESS\t\t:\r\n- SID\t\t\t: 39\r\n- SERIAL#\t\t: 47117\r\n- SERVER\t\t: DEDICATED\r\n- TERMINAL\t\t: pts\/6\r\n\r\nPL\/SQL procedure successfully completed.<\/pre>\n
The corresponding Oracle Bug 17758886<\/a><\/em> has been rejected as “not a Bug”. Oracle\u00ae Database Net Services Reference 12c Release 1 (12.1) WALLET_LOCATION<\/a> does not mention PDB’s. There is only some information in the Oracle\u00ae Database Reference 12c Release 1 (12.1) Using LDAP_DIRECTORY_ACCESS with PDBs<\/a>.<\/p>\n
Conclusion<\/h3>\n
It seems, that with PDB’s it is not possible to explicitly set a wallet location. If the default location is not appropriate for your database environment, you have to use soft links use an alternative location for your wallet.<\/p>\n
By the way, the wallet for TDE or for Secure External Password Store (SEPS) is not affected. You may still set WALLET_LOCATION for SEPS or ENCRYPTION_WALLET_LOCATION for TDE.  <\/p>\n
References<\/h3>\n
Some links related to this topic.<\/p>\n