Estou tentando configurar o freeIPA para lidar com a resolução de nomes do Oracle Database.
Eu segui este tutorial para o link do OpenLDAP
Os arquivos de definição de esquema foram corrigidos para freeIPA e são bem carregados.
ipa-ldap-updater --schema-file /usr/share/ipa/85oidbase.ldif
ipa-ldap-updater --schema-file /usr/share/ipa/86oidnet.ldif
ipa-ldap-updater --schema-file /usr/share/ipa/87oidrdbms.ldif
Tudo funciona bem no freeIPA 3.3.5, mas não consigo fazer nenhuma resolução de nomes para freeIPA > 4
tnsping:
C:\>tnsping DB1.EXAMPLE.COM
TNS Ping Utility for 32-bit Windows: Version 11.2.0.1.0 - Production on 07-JUL-2015 08:27:41
Copyright (c) 1997, 2010, Oracle. All rights reserved.
Used parameter files:
C:\Oracle\product.2.0\client_3\network\admin\sqlnet.ora
TNS-03505: Failed to resolve name
log de acesso do freeIPA
[03/Jul/2015:15:10:12 +0200] conn=125 fd=86 slot=86 connection from 192.168.1.10 to 192.168.1.3
[03/Jul/2015:15:10:12 +0200] conn=125 op=0 BIND dn="" method=128 version=3
[03/Jul/2015:15:10:12 +0200] conn=125 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[03/Jul/2015:15:10:12 +0200] conn=125 op=1 SRCH base="cn=DB1,cn=OracleContext,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="objectClass orclNetDescString orclNetDescName orclVersion"
[03/Jul/2015:15:10:12 +0200] conn=125 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[03/Jul/2015:15:10:12 +0200] conn=125 op=2 UNBIND
[03/Jul/2015:15:10:12 +0200] conn=125 op=2 fd=86 closed - U1
[03/Jul/2015:15:10:31 +0200] conn=9 op=30 SRCH base="ou=sessions,ou=Security Domain,o=ipaca" scope=2 filter="(objectClass=securityDomainSessionEntry)" attrs="cn"
[03/Jul/2015:15:10:31 +0200] conn=9 op=30 RESULT err=32 tag=101 nentries=0 etime=0
Alguém pode me guiar em uma direção para onde olhar. O que mudou na versão 4?
Preciso adicionar alguns atributos de permissão?
#ipa permission_add oracle --right={read,search,compare} --bindtype=anonymous --subtree='cn=OracleContext,dc=example,dc=com' --filter='(objectclass=*)'
#ipa permission-show oracle
Permission name: oracle
Granted rights: read, search, compare
Bind rule type: anonymous
Subtree: cn=OracleContext,dc=example,dc=com
Extra target filter: (objectclass=*)
#ldapsearch -h 192.168.1.3 -x -D "cn=Directory Manager" -b "cn=OracleContext,dc=example,dc=com" "objectclass=*" -w secret
# extended LDIF
#
# LDAPv3
# base <cn=OracleContext,dc=example,dc=com> with scope subtree
# filter: objectclass=*
# requesting: ALL
#
# OracleContext, example.com
dn: cn=OracleContext,dc=example,dc=com
objectClass: orclContext
objectClass: top
cn: OracleContext
# db1, OracleContext, example.com
dn: cn=db1,cn=OracleContext,dc=example,dc=com
objectClass: top
objectClass: orclNetService
cn: db1
orclNetDescString: (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dbnode1.example.com)(PO
RT=1521))(CONNECT_DATA=(SERVICE_NAME=DB1.EXAMPLE.COM)))
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
Ainda a mesma saída no log de acesso e sem resolução.