OpenLDAP – Care and Feeding of Your LDAP Server

This is part 4 of a multi-part blog post on using OpenLDAP for Net Service Name Resolution.  Part 1 can be found here.

Congratulations!

You should now have a correctly installed and fully configured LDAP server, that’s up to the task of doing Net Service Name resolution.  So, now you’ve come this far, you probably have a whole list of Net Service Names that you want to load into your LDAP server.  We’ve reviewed the LDIF format for Net Service Names, but, unless you have a very small number of Net Service Names, converting them from tnsnames.ora format to LDIF format could prove to be a very tedious task, indeed.  In my case, I had approximately 250 Net Service Names, that I needed to load.  So, I wrote a small C program, that I called tns2ldif, for this task.

tns2ldif

I wrote a small C program (less than 100 lines), that’s a filter, that will convert your tnsnames.ora file to LDIF format.  You should download tns2ldif.c, and then compile it.

But, before I continue, I’d like to take a brief moment to thank my management at ProQuest, especially Roger Valade, for allowing me to open source and publish this work.

Compilation can be achieved with the following command:

make tns2ldif

You don’t need a makefile for this program, the default make rules should do the job without any issues.  Once the program is compiled, executing is a fairly straightforward task, as well.  This program is written as a filter, as many Unix/Linux utilities are.  As such, the program reads from stdin and writes to stdout.  Any errors are written to stderr.  So, a sample execution, with an input file called tnsnames.ora and output file called tnsnames.ldif, would look like this:

tns2ldif < tnsnames.ora > tnsnames.ldif

Unless you have a truly enormous tnsnames.ora file or glacially slow I/O, the program should run very quickly.  (In less than a second.)  In the example run above, stdin and stdout are being redirected to files, so, you should not see any output to the console.  Any output that you see on the console would be an error message written to stderr.

Limitations

tns2ldif is a very simple utility that I wrote to “scratch an itch”.  i didn’t want to have to convert over 250 Net Service Name definitions to LDIF format by hand, and it gave me an opportunity to brush up on my C programming skills.  As such, it isn’t exactly full-featured.  First, if any of your Net Service Names have a domain specified, it won’t know how to deal with that.  My world is “flat”.  So, all Net Service Names are unique, and do not specify a domain.  So, I have “mydb1″, “mydb2″, “thisdb”, “thatdb”.  I don’t have “mydb.this.domain” or “mydb.that.domain”.  There is a version 2 of this utility in the works, which should be able to deal with this, but it’s not available yet.  Second, since there is no logic to handle domains, when it generates the LDIF output, it assumes a default domain.  If you edit the C source code in your favorite text editor, towards the top there is a #define for DEFAULT_DOMAIN, that allows you to set the domain that you’d like it to use.  Look for a line in tns2ldif.c that looks like this:

#define DEFAULT_DOMAIN "dc=proquest,dc=com"

Simply edit this, to reflect your appropriate default domain, and recompile the program.  If you have different sets of Net Service Names, that you want to fall under different domains, you don’t need to recompile the source before each run.  Just use the ‘-d’ option to set a different default domain, for a particular execution.  So, if I executed this:

tns2ldif -d dc=home,dc=net < tnsnames.ora > tnsnames.ldif

The program would override the value of DEFAULT_DOMAIN, and use “dc=home,dc=net” in it’s place.  In the next release, I envision that you could have Net Service Names and Net Service Aliases with various different domains, and the code would do the right thing on a per Net Service Name basis.  So, using tns2ldif, you should be in a good position to easily convert your enterprise-wide tnsnames.ora file into LDIF format for loading into your new LDAP server.  To load the newly converted tnsnames.ora into your LDAP server, execute the following command:

ldapadd -c -x -D "cn=admin,dc=proquest,dc=com" -W -f tnsnames.ldif

That should load all your Net Service Names into your LDAP server.  Go ahead and try a few out, to make sure the load was successful.

Next, I’ll review the installation, configuration, and usage of a GUI tool to help with day to day management of your LDAP server.

Stay tuned for OpenLDAP – phpldapadmin – Install and Configure.

About these ads

4 comments on “OpenLDAP – Care and Feeding of Your LDAP Server

  1. […] So, now what?  What happens if you have a tnsnames.ora file with hundreds, or even thousands of entries?  Converting a large file, to LDAP format, for loading into your LDAP server, could be a very laborious and time consuming task, indeed.  What about modifying specific Net Service Names?  Is there a GUI available to do that?  In the next installment, I’ll introduce a simple C program filter, called tns2ldif.c, which I think you’ll find very convenient for converting large numbers of entries in your tnsnames.ora to LDIF.  Also, I’ll look at a GUI based tool for editing individual Net Service Names.  Stay tuned for my next blog, OpenLDAP – Care and feeding of your LDAP server. […]

  2. You do realize that standard Oracle Network tooling will do this (convert tnsnames to ldap) just fine? Iirc, Oracle NetManager will do just that (yep: see http://docs.oracle.com/cd/E11882_01/network.112/e10836/naming.htm#NETAG273), as well as OEM

  3. mbobak says:

    Hi Frank. Nope, I must admit I had no clue this was possible with NetManager or OEM. I’ll definitely have to look in to that. Thanks!

  4. mbobak says:

    Hi Frank,

    Just a quick follow-up here. I took a look at netmgr, and there is, in fact, an ‘Export’ function, and I was able to successfully use it to read my tnsnames.ora file. However, it seems to me, once the file is read, it attempts to load the entries directly into the LDAP server. This is fine if you’re using OID, but it failed with my OpenLDAP server. netmgr was not able to load the information into OpenLDAP.

    I have not looked at OEM, but if it provides similar functionality, I wouldn’t expect it to work either. If it converts to an actual text file in LDIF format, that would be useful.

    Thanks,

    -Mark

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s