LDAP (Lightweight Directory Access Protocol) is a protocol used to access and manage distributed directory information services over a network.

An LDAP directory is a specialized database specifically designed for searching and retrieving data. In an LDAP directory, data is organized into objects called entries. Each entry has a unique Distinguished Name and contains a set of attributes that define the characteristics of the object the entry represents (like a user, group, or device). The entries are arranged in a hierarchical tree-like structure.

The LDAP directory is hosted on an LDAP server, which provides the LDAP service by responding to LDAP protocol requests.

The driver supports connecting to the LDAP server using the following connection methods. After establishing a connection to the LDAP server, the driver retrieves the necessary connection details from it and then connects to the database server.

Note: In the procedures and examples provided, the driver uses user ID/password authentication for authenticating to the database server, but you can use any of the supported authentications. For details, see "Authentication".

Unencrypted connection

To connect to the LDAP server using an unencrypted connection:

  • Set the LDAPDistinguishedName connection property to specify the fully qualified path of names in the LDAP directory information tree for the entry containing your connection information. For example: 
    cn=DB122,cn=OracleContext,dc=america,dc=yourcompany,dc=com
  • Set the ServerName connection property to specify the name or IP address of the LDAP server.
  • Set the PortNumber connection property to specify the port number listener of the LDAP server. The default value is 389.
  • Set the LDAPUser connection property to specify your user name for the LDAP server, if authentication is required to access directory information.
  • Set the LDAPPassword connection property to specify your password for the LDAP server, if authentication is required to access directory information.
  • Set the User connection property to specify your user name for the database server.
  • Set the Password connection property to specify the password for the database server.

The following example connection string shows how to configure the driver for an unencrypted connection to the LDAP server:

jdbc:datadirect:oracle://ldap.company.com:389;
LDAPDistinguishedName=cn=MYDB,cn=OracleContext,dc=company,dc=com;
LDAPUser=ldapuser;LDAPPassword=ldappass;user=dbuser;password=dbpass

Encrypted connection: TLS/SSL encryption for server validation

To connect to the LDAP server using TLS/SSL encryption for server validation:

  • Set the LDAPEncryptionMethod connection property to SSL.
  • Set the LDAPDistinguishedName connection property to specify the fully qualified path of names in the LDAP directory information tree for the entry containing your connection information. For example: 
    cn=DB122,cn=OracleContext,dc=america,dc=yourcompany,dc=com
  • Set the ServerName connection property to specify the name or IP address of the LDAP server.
  • Set the PortNumber connection property to specify the port number listener of the LDAP server. The default value is 636.
  • Set the LDAPTrustStore connection property to specify the absolute path to the truststore file that contains certificates that the client uses to verify the LDAP server's certificate.
  • Set the LDAPTrustStorePassword connection property to specify the password that is used to access the truststore file.
  • Set the LDAPValidateServerCertificate connection property to true.
  • Set the LDAPUser connection property to specify your user name for the LDAP server, if authentication is required to access directory information.
  • Set the LDAPPassword connection property to specify your password for the LDAP server, if authentication is required to access directory information.
  • Set the User connection property to specify your user name for the database server.
  • Set the Password connection property to specify the password for the database server.

The following example connection string shows how to configure the driver for an encrypted connection to the LDAP server using TLS/SSL encryption for server validation:

jdbc:datadirect:oracle://ldap.company.com:636;
LDAPDistinguishedName=cn=MYDB,cn=OracleContext,dc=company,dc=com;
LDAPEncryptionMethod=SSL;LDAPTrustStore=C:/certs/truststore.jks;
LDAPTrustStorePassword=trustpass;LDAPValidateServerCertificate=true;
LDAPUser=ldapuser;LDAPPassword=ldappass;user=dbuser;password=dbpass

Encrypted connection: TLS/SSL encryption for both server and client validation

To connect to the LDAP server using TLS/SSL encryption for both server and client validation:

  • Set the LDAPEncryptionMethod connection property to SSL.
  • Set the LDAPDistinguishedName connection property to specify the fully qualified path of names in the LDAP directory information tree for the entry containing your connection information. For example: 
    cn=DB122,cn=OracleContext,dc=america,dc=yourcompany,dc=com
  • Set the ServerName connection property to specify the name or IP address of the LDAP server.
  • Set the PortNumber connection property to specify the port number listener of the LDAP server. The default value is 636.
  • Set the LDAPTrustStore connection property to specify the absolute path to the truststore file that contains certificates that the client uses to verify the LDAP server's certificate.
  • Set the LDAPTrustStorePassword connection property to specify the password that is used to access the truststore file.
  • Set the LDAPKeyStore connection property to specify the absolute path to the keystore file that contains certificates that the client presents in response to the LDAP server’s certificate request.
  • Set the LDAPKeyStorePassword connection property to specify the password that is used to access the keystore file.
  • If required, set the LDAPKeyPassword connection property to specify the password that is used to access the individual keys in the keystore file.
  • Set the LDAPValidateServerCertificate connection property to true.
  • Optionally, set the LDAPHostNameInCertificate connection property to to specify the host name that is specified in the Subject of the certificate. This property provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested. Consult your SSL administrator for the correct value.
  • Optionally, set the LDAPCryptoProtocolVersion connection property to specify the cryptographic protocol you want to use for TLS/SSL encryption. If not specified, the cryptographic protocol used depends on the highest protocol version supported by the server and the highest protocol version supported by the JDK.
  • Optionally, set the LDAPLoginTimeout connection property to specify the amount of time, in seconds, that the driver waits for a connection to be established to the LDAP server before timing out the connection request
  • Optionally, set the LDAPQueryTimeout connection property to specify the default query timeout (in seconds) for queries executed by the driver for fetching connection information from the LDAP server.
  • Set the LDAPUser connection property to specify your user name for the LDAP server, if authentication is required to access directory information.
  • Set the LDAPPassword connection property to specify your password for the LDAP server, if authentication is required to access directory information.
  • Set the User connection property to specify your user name for the database server.
  • Set the Password connection property to specify the password for the database server.

The following example connection string shows how to configure the driver for an encrypted connection to the LDAP server using TLS/SSL encryption for both server and client validation:

jdbc:datadirect:oracle://ldap.company.com:636;
LDAPDistinguishedName=cn=MYDB,cn=OracleContext,dc=company,dc=com;
LDAPEncryptionMethod=SSL;LDAPTrustStore=C:/certs/truststore.jks;
LDAPTrustStorePassword=trustpass;LDAPKeyStore=C:/certs/keystore.jks;
LDAPKeyStorePassword=keypass;LDAPKeyPassword=certpass;
LDAPHostNameInCertificate=ldap.company.com;
LDAPValidateServerCertificate=true;LDAPLoginTimeout=30;
LDAPQueryTimeout=15;LDAPUser=ldapuser;LDAPPassword=ldappass;
user=dbuser;password=dbpass