1.170 LDAP_DIRECTORY_ACCESS
LDAP_DIRECTORY_ACCESS specifies whether Oracle refers to Oracle Internet Directory for user authentication information.
               
| Property | Description | 
|---|---|
| Parameter type | String | 
| Syntax | 
 | 
| Default value | 
 | 
| Modifiable | 
 | 
| Modifiable in a PDB | Yes | 
| Basic | No | 
If directory access is turned on, then this parameter also specifies how users are authenticated.
Values
- 
                        NONEOracle does not refer to Oracle Internet Directory for Enterprise User Security information. 
- 
                        PASSWORDOracle tries to connect to the enterprise directory service using the database password stored in the database wallet. If that fails, then the Oracle Internet Directory connection fails and the database will not be able to retrieve enterprise roles and schema mappings upon enterprise user login. 
- 
                        SSLOracle tries to connect to Oracle Internet Directory using SSL. 
See Also:
Oracle Database Enterprise User Security Administrator's Guide for more information on Enterprise User Security
Using LDAP_DIRECTORY_ACCESS with PDBs
PDBs can use password and SSL authentication with Oracle Internet Directory when the default database wallet location is used.
The LDAP_DIRECTORY_ACCESS initialization parameter is PDB-specific and can be set as follows:
                  
- 
                        Prior to Oracle Database 19c, Release Update 19.10, if you set this parameter in a CDB root container, then all PDBs in the CDB will use that setting of the parameter. If you set this parameter in a PDB, then the parameter setting affects only that PDB. You can use ALTERSYSTEMto set this parameter in a PDB.
- 
                        Starting with Oracle Database 19c, Release Update 19.10: - 
                              When you use the ALTERSYSTEMcommand to set the value ofLDAP_DIRECTORY_ACCESSwhile connected to the CDB root:- If you specify the CONTAINER=ALLclause, then the setting applies to the CDB root and all PDBs.
- If you omit the CONTAINER=ALLclause, or specify theCONTAINER=CURRENTclause, then the setting applies only to the CDB root.
 
- If you specify the 
- 
                              When you use the ALTERSYSTEMcommand to set the value ofLDAP_DIRECTORY_ACCESSwhile connected to a PDB, the setting applies only to that PDB.
- 
                              When you set the value of LDAP_DIRECTORY_ACCESSin an initialization parameter file, the setting applies only to the CDB root; it does not apply to the PDBs.
 
- 
                              
For a CDB, if the wallet location is not specified in sqlnet.ora, then the default database wallet path is:
                  
ORACLE_BASE/admin/db-unique-name/pdb-GUID/wallet (if ORACLE_BASE is set)
                  
or:
ORACLE_HOME/admin/db-unique-name/pdb-GUID/wallet (if ORACLE_BASE is not set)
                  
The exception is for the root database, which has a default wallet path of:
ORACLE_BASE/admin/db-unique-name/wallet (if ORACLE_BASE is set)
                  
or:
ORACLE_HOME/admin/db-unique-name/wallet (if ORACLE_BASE is not set)
                  
All PDBs in a CDB have the same database unique name. By placing wallets in the default location, each PDB can have its own identity.
Note that because there is only one sqlnet.ora file for a CDB, the wallet location in sqlnet.ora is only used by the CDB root container. Because each PDB must have its own wallet, a PDB wallet will be specified by the pdb-GUID under the wallet location in sqlnet.ora.
                  
For the root container of a CDB, the wallet location is:
WALLET_LOCATION_specified_in_sqlnet.ora
For each PDB of the CDB, the wallet location is:
WALLET_LOCATION_specified_in_sqlnet.ora/pdb-GUID/
Note:
Oracle databases are registered with Oracle Internet Directory using Database Configuration Assistant (DBCA). For registration with Oracle Internet Directory to work, all the PDBs for a CDB must be registered using DBCA.
Using LDAP_DIRECTORY_ACCESS with Non-CDBs
For non-CDBs, if the wallet location is not specified in sqlnet.ora, then the default database wallet path is:
                  
ORACLE_BASE/admin/db-unique-name/wallet (if ORACLE_BASE is set)
                  
or:
ORACLE_HOME/admin/db-unique-name/wallet (if ORACLE_BASE is not set)
                  
See Also:
Oracle Database Enterprise User Security Administrator's Guide for an example of setting the value of this parameter to SSL in the server parameter file using ALTER SYSTEM