Connecting to Oracle data sources with LDAP authentication in DataStage

You can configure the LDAP protocol for Oracle data sources that use the Oracle Database for DataStage connection in DataStage®. You copy configuration files from the Oracle database server to Cloud Pak for Data, and then you create a secret in Cloud Pak for Data that contains those files.

Set up the Oracle database server and identify the configuration files

Set up the Oracle database server for LDAP authentication. Consult the Oracle documentation.

You will need the following configuration files from the Oracle database server to create a secret in Cloud Pak for Data:

  • ldap.ora: Example content: 
    DIRECTORY_SERVERS = (ldapsvr1.fyre.myco.com:3060)
DEFAULT_ADMIN_CONTEXT = "dc=ibm,dc=com"
DIRECTORY_SERVER_TYPE = OID
  • sqlnet.ora: The file must contain the value LDAP for NAMES.DIRECTORY_PATH, as in the following example:
    NAMES.DIRECTORY_PATH = (LDAP, TNSNAMES, EZCONNECT)

Copy the configuration files to Cloud Pak for Data

Copy the ldap.ora and sqlnet.ora files to a location in the Cloud Pak for Data cluster to which you have access. Make note of the directory.

Create the secret in Cloud Pak for Data

  1. Log in to Red Hat® OpenShift Container Platform as a user with sufficient permissions to complete the task:
    oc login -u <username> -p <password> OpenShift_URL:port
  2. Set the context to the project where DataStage is deployed:
    oc project <project/namespace>
  3. Change to the directory where you copied the ldap.ora and sqlnet.ora files.
  4. Create a secret with the name oracle-optimized-ldap-tcps that contains the ldap.ora and the sqlnet.ora files:
    oc create secret generic oracle-optimized-ldap-tcps --from-file=sqlnet.ora=./sqlnet.ora --from-file=ldap.ora=./ldap.ora
  5. Restart the caslite pod.

    It might take a few minutes for the secret to take effect.

  6. Optional: If you have both LDAP and TCPS connections to an Oracle data source, you can create a secret like the following example in a single step:
    oc create secret generic oracle-optimized-ldap-tcps --from-file=sqlnet.ora=./sqlnet.ora --from-file=ldap.ora=./ldap.ora --from-file=cwallet.sso=./cwallet.sso --from-file=ewallet.p12=./ewallet.p12

    The ldap.ora file can contain multiple LDAP server entries and the wallet file can hold or trust multiple server certificates.

  7. Optional: Verify that the secret is mounted correctly under the location /etc/oracle-config-files/ in the datastage-ibm-datastage-caslite service container:
    oc exec `(oc get pods -o jsonpath='{range .items[*].metadata}{.name}{"\n"}' | grep -i caslite)` -- ls -l /etc/oracle-config-files/
    Example output:
    lrwxrwxrwx. 1 root 1000640000 15 Nov  2 13:07 ldap.ora -> ..data/ldap.ora
lrwxrwxrwx. 1 root 1000640000 17 Nov  2 13:07 sqlnet.ora -> ..data/sqlnet.ora

Create the connection in Cloud Pak for Data

  1. In the project, go to Assets > New asset > Data access tools > Connection.
  2. Select the Oracle Database for DataStage connection.
  3. Enter the connection details. For Connection protocol, select LDAP.