connection string using wallet

[bhargaviaaa]

Is it possible to connect oracle DB using wallet? If yes please provide example.

[MichaelS11]

It should work but I have not tested it myself. Make sure to setup sqlnet.ora and tnsnames.ora. Do not put username and password in connection string. Just pass the tnsname from the tnsnames.ora file.

https://docs.oracle.com/en/cloud/paas/atp-cloud/atpug/connect-preparing.html#GUID-EFAFA00E-54CC-47C7-8C71-E7868279EF3B

[cjbj]

Not all wallets have usernames and passwords so sometimes they are needed in the application parameters. For example when connecting to Oracle Cloud DBs the wallets are only used to enable SSL/TLS. If you are using Oracle cloud, the videos https://www.youtube.com/watch?v=5HlaPpY6gNw and https://www.youtube.com/watch?v=WaVdFZ90Jj8 have some content showing what to do with the wallets. The steps are common for all C based Oracle DB drivers, including go-oci8.

[bhargaviaaa]

Not working. "Unable to connect to oracle:ORA-12154: TNS:could not resolve the connect identifier specified"
Have correct entries in sqlnet.ora and tnsnames.ora files.
Connection string format used is "/@<tns_entryname>"

[MichaelS11]

Just put in the tnsname, no /@

[bhargaviaaa]

Unable to connect to oracle:ORA-01005: null password given; logon denied

[MichaelS11]

What happens when you use sqlplus?

[bhargaviaaa]

sqlplus works with /@tnsname

[MichaelS11]

What happens with sqlplus with just tnsname?

[bhargaviaaa]

Fails to connect

[MichaelS11]

@cjbj Any thoughts on where the issue is? Something needs to change in the go-oci8 (oic) code I assume?

[cjbj]

@bhargaviaaa what kind of wallet do you have - does it have username & password, or does it just set up TLS?

@MichaelS11 If the wallet has username & password, how is OCI_CRED_EXT being set? E.g. via an explicit flag . Also see p 116 of http://www.oracle.com/technetwork/topics/php/underground-php-oracle-manual-098250.html

[bhargaviaaa]

Does not include username and password

[MichaelS11]

@cjbj
It is being set here:

go-oci8/oci8.go

Lines 319 to 334 in cbd8d5b

	credentialType := C.ub4(C.OCI_CRED_EXT)
	if len(dsn.Username) > 0 {
	// specifies a username to use for authentication
	err = conn.ociAttrSet(unsafe.Pointer(conn.usrSession), C.OCI_HTYPE_SESSION, unsafe.Pointer(username), C.ub4(len(dsn.Username)), C.OCI_ATTR_USERNAME)
	if err != nil {
	return nil, fmt.Errorf("username attribute set error: %v", err)
	}
	// specifies a password to use for authentication
	err = conn.ociAttrSet(unsafe.Pointer(conn.usrSession), C.OCI_HTYPE_SESSION, unsafe.Pointer(password), C.ub4(len(dsn.Password)), C.OCI_ATTR_PASSWORD)
	if err != nil {
	return nil, fmt.Errorf("password attribute set error: %v", err)
	}
	credentialType = C.OCI_CRED_RDBMS
	}

[MichaelS11]

@cjbj So what does that mean?

[MichaelS11]

@cjbj Any more thoughts?

[cjbj]

@MichaelS11 can you check how it's being done in https://github.com/oracle/odpi/blob/v3.3.0/src/dpiConn.c#L542 and https://github.com/oracle/odpi/blob/v3.3.0/src/dpiConn.c#L389 ?

[MichaelS11]

@cjbj I am not sure what part of that code you are trying to point out. For the OCISessionBegin the credt should be set to OCI_CRED_EXT which seems correct. What other part of the code is important for connecting with wallet?

[cjbj]

It does seem like that is all that should be needed in the code. Have you created a wallet for testing? https://cx-oracle.readthedocs.io/en/latest/user_guide/connection_handling.html#using-an-oracle-wallet-for-external-authentication

[MichaelS11]

I have not but @bhargaviaaa and other people have.

[MichaelS11]

@cjbj Remember this issue said they were having issues as well #329

[cjbj]

@MichaelS11 someone will need to do some debugging and comparison on this.

[MichaelS11]

Sure, looking for some pointers and how to go about that?

[cjbj]

Run one of the other working drivers and see what it passes? But you'll need a wallet.

[MichaelS11]

Not sure how that is going to help debug this driver. That will tell me that my wallet works but not what is wrong with this driver.

[cjbj]

@MichaelS11 I'm not sure what you want me to do. I can advise and point to examples, but I'm not able to run your code in a debugger.

[MichaelS11]

I am looking for help with debugging Oracle OCI code. This driver is just a interface between the Go SQL packages and the Oracle OCI code/package. Just need normal Oracle OCI help / troubleshooting steps for the OCI driver. Can even think about it as if it was C++ code if that helps.

[cjbj]

@MichaelS11 send me email?

[MichaelS11]

@bhargaviaaa

I got wallet login working on a Oracle database installed on Linux.

---

Wallet create example (replace type_*_here lines):

mkstore -wrl type_path_here -create

mkstore -wrl type_path_here -createCredential type_tnsnames_entry_name_here type_database_username_here

export TNS_ADMIN=type_path_here

echo '
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = type_path_here )))
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
' > type_path_here/sqlnet.ora

Go sql open example (replace type_tnsname_entry_name_here):

db, err := sql.Open("oci8", "@type_tnsname_entry_name_here")

---

So I think the go-oci8 driver is working unless more information can be provided showing otherwise.

[MichaelS11]

@mattn Close this?