-
Check that there is a correct wallet_location value in the database's sqlnet.ora file. If not, then use Oracle Net Manager to enter one.
-
If Domain Name System (DNS) server discovery of Oracle Internet Directory is not used, then check that there is a correct ldap.ora file in $LDAP_ADMIN, $ORACLE_HOME/ldap/admin, $TNS_ADMIN or $ORACLE_HOME/network/admin. (See Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory for information about DNS server discovery.)
-
Check that the Oracle Internet Directory SSL port used (by way of DNS discovery or an ldap.ora file) supports SSL with two-way authentication.
-
Check that the LDAP_DIRECTORY_ACCESS parameter is set to SSL in the database initialization parameters file.
-
Check that the database wallet has autologin enabled. Either use Oracle Wallet Manager or check that there is a cwallet.sso file in $ORACLE_HOME/admin/<ORACLE_SID>/wallet/.
-
Use the mkstore command-line utility to check that the database wallet has the database DN in it by using the following syntax:
mkstore -wrl <database_wallet_location> -viewEntry ORACLE.SECURITY.DN
If the wallet does not contain the database DN, then use Database Configuration Assistant to reregister the database with Oracle Internet Directory.
-
Check that the database can bind to Oracle Internet Directory, by using its wallet with the following ldapbind:
ldapbind -h <directory_host> -p <directory_SSLport> -U 3 -W "file:<database wallet_location>" -Q
Please enter SSL wallet password: wallet_password
-
Check to ensure that the database belongs to only one enterprise domain.
Note:
The mkstore utility is for troubleshooting purposes only. The name and functionality of this tool may change in the future.