Oracle 参数 LDAP_DIRECTORY_ACCESS 官方解释，作用，如何配置最优化建议

If directory access is turned on, then this parameter also specifies how users are authenticated.

Values

• NONE

  Oracle does not refer to Oracle Internet Directory for Enterprise User Security information.

• PASSWORD

  Oracle tries to connect to the enterprise directory service using the database password stored in the database wallet. If that fails, then the Oracle Internet Directory connection fails and the database will not be able to retrieve enterprise roles and schema mappings upon enterprise user login.

• SSL

  Oracle tries to connect to Oracle Internet Directory using SSL.

Using LDAP_DIRECTORY_ACCESS with PDBs

PDBs can use password or SSL authentication with Oracle Internet Directory for EUS, or Microsoft Active Directory for CMU, when the parameter value is set accordingly.

The LDAP_DIRECTORY_ACCESS initialization parameter is PDB-specific and can be set as follows:

• When you use the ALTER SYSTEM command to set the value of LDAP_DIRECTORY_ACCESS while connected to the CDB root:

  • If you specify the CONTAINER=ALL clause, then the setting applies to the CDB root and all PDBs.
  • If you omit the CONTAINER=ALL clause, or specify the CONTAINER=CURRENT clause, then the setting applies only to the CDB root.

• When you use the ALTER SYSTEM command to set the value of LDAP_DIRECTORY_ACCESS while connected to a PDB, the setting applies only to that PDB.

• When you set the value of LDAP_DIRECTORY_ACCESS in an initialization parameter file, the setting applies only to the CDB root; it does not apply to the PDBs.

For a CDB, if the wallet location is not specified in sqlnet.ora, then the default database wallet path is:

ORACLE_BASE/admin/db-unique-name/pdb-GUID/wallet (if ORACLE_BASE is set)

or:

ORACLE_HOME/admin/db-unique-name/pdb-GUID/wallet (if ORACLE_BASE is not set)

The exception is for the root database, which has a default wallet path of:

ORACLE_BASE/admin/db-unique-name/wallet (if ORACLE_BASE is set)

or:

ORACLE_HOME/admin/db-unique-name/wallet (if ORACLE_BASE is not set)

All PDBs in a CDB have the same database unique name. By placing wallets in the default location, each PDB can have its own identity.

Note that because there is only one sqlnet.ora file for a CDB, the wallet location in sqlnet.ora is only used by the CDB root container. Because each PDB must have its own wallet, a PDB wallet will be specified by the pdb-GUID under the wallet location in sqlnet.ora.

For the root container of a CDB, the wallet location is:

WALLET_LOCATION_specified_in_sqlnet.ora

For each PDB of the CDB, the wallet location is:

WALLET_LOCATION_specified_in_sqlnet.ora/pdb-GUID/

Using LDAP_DIRECTORY_ACCESS with Non-CDBs

For non-CDBs, if the wallet location is not specified in sqlnet.ora, then the default database wallet path is:

ORACLE_BASE/admin/db-unique-name/wallet (if ORACLE_BASE is set)

or:

ORACLE_HOME/admin/db-unique-name/wallet (if ORACLE_BASE is not set)