Connecting to Oracle using LDAP authentication with JDBC

There are four main ways to connect to Oracle databases using Oracle JDBC drivers. These are the following: OCI, LDAP, Basic, and TNS. This article will focus on connecting to Oracle databases using the LDAP method.

To connect to Oracle using LDAP authentication, an Oracle JDBC driver is needed. When possible, the newest version of the Oracle JDBC driver should be used. For this article, we will be using the Oracle 12c JDBC Thin driver. RazorSQL ships with this driver, and it can also be downloaded from Oracle's web site.

There are three pieces of information needed when connecting to Oracle via LDAP. They are the following:

LDAP Server: This is the address and port of the LDAP server. The server and port should be separated by a colon when creating the connection. If there are multiple ports, for example, one port for non-SSL communication and a port for SSL communication, one of the ports should be chosen to make the connection. Here is an example of the format to use for the host and port information:

acmeldap:3000

LDAP Context: This is the context information needed for the LDAP connection. Typically this contains the organization's domain information. For example, an organization named Acme that uses the acme.com domain would have the following context information: dc=amce,dc=com. Also needed here is the Oracle context. This is usually in the following format: cn=OracleContext. All of this information makes up the LDAP context. Here is an example of the LDAP context for Acme:

cn=OracleContext,dc=acme,dc=com

Note: When using RazorSQL to connect to Oracle via LDAP, if the machine has an Oracle client installed, RazorSQL will look for an ldap.ora file defined in the Oracle client directory structure. The ldap.ora file contains information on the LDAP server and context. If RazorSQL finds the ldap.ora file, it will attempt to parse the file and pre-populate the LDAP server and context information on the RazorSQL connection screen. If RazorSQL does not find the ldap.ora file, and you would like to manually point RazorSQL to the ldap.ora file, there is a "Browse" button next to the "LDAP File" field that you can use to point RazorSQL to an ldap.ora file.

Database Service Name: The database service name tells the driver what database to connect to. For example, if the database is named "dmart", dmart should be entered as the database service name.

JDBC URL: Once the LDAP server, context, and database service name have been obtained, a JDBC URL can be constructed. This URL is then used when interfacing with the Oracle JDBC thin driver to make a connection to the database. The JDBC URL for LDAP connections takes the following format:

jdbc:oracle:thin:@ldap://<LDAP Server String>/<Database Service Name>,<LDAP Context>

Below is an example JDBC Thin LDAP URL for connecting to the dmart database for acme.com:

jdbc:oracle:thin:@ldap://acmeldap.acme.com:3000/dmart,cn=OracleContext,dc=acme,dc=com