Just to let you know: tried a search using ldapsearch command-line provided by Oracle and it works just nice!
++++++++++++++++++ [EMAIL PROTECTED] ~]$ ldapsearch -p 636 -h ldap_server -b "cn=ouruser,ou=colaboradores,ou=usuarios,ou=brt,o=btp" -s sub -w userpass -W "file:/etc/ORACLE/WALLETS/mauricio/" -P walletpass -U 2 "objectclass=*" "brtGtifAuth" cn=BT050524,ou=colaboradores,ou=usuarios,ou=brt,O=btp brtGtifAuth=TRUE [EMAIL PROTECTED] ~]$ ++++++++++++++++++ This contributes to point PL/SQL LDAP packages as the problem of the hang! When discover something more, I'll update the thread to help future people that get stucked with this issue. Em Ter, 2007-01-23 às 12:03 -0600, Joe Kaplan escreveu: > I know nothing about Oracle (never seen it, never touched it), so I can't > help at all there. However, I'd suggest going back to the vendor to help > you troubleshoot this. The fact that the issue seems to be restricted to > their LDAP/SSL stack suggests that they should be able to help troubleshoot > the problem. > > Joe K. > > ----- Original Message ----- > From: "Mauricio de Andrade Ramos" <[EMAIL PROTECTED]> > To: <ActiveDir@mail.activedir.org> > Sent: Tuesday, January 23, 2007 11:43 AM > Subject: Re: [ActiveDir] Search over SSL hangs > > > > Joe, List, > > > > yes! It does sound like it is something with Oracle SSL engine. I let > > the process (search) running for more than 3 hours (so I think it is not > > a problem of slow communication/authentication) and it never returned. > > When it was issued a CTRL+C to abort the procedure (which was running > > from a sqlplus), the stack error it returned pointed to a Oracle package > > (SYS.DBMS_LDAP_API_FFI) in its last level (upper level). The code in > > Pl/Sql follows (SECURITYSOX is our schema user and LDAP is our user > > package): > > > > ########## > > > > SQL> > > 1 declare > > 2 X number; > > 3 begin > > 4 X := -1; > > 5 X := LDAP.VALIDA_USUARIO_LDAP(2,'ldapuser','ldappass'); > > 6 dbms_output.put_line(X); > > 7* end; > > > > SQL> / > > declare > > * > > ERROR at line 1: > > ORA-01013: user requested cancel of current operation > > ORA-06512: at "SYS.DBMS_LDAP_API_FFI", line 134 > > ORA-06512: at "SYS.DBMS_LDAP", line 253 > > ORA-06512: at "SECURITYSOX.LDAP", line 221 > > ORA-06512: at "SECURITYSOX.LDAP", line 581 > > ORA-06512: at "SECURITYSOX.LDAP", line 181 > > ORA-06512: at line 5 > > > > ########## > > > > Nothing appears in oracle's alert.log. No traces are generated in bdump, > > cdump or udump directories like it had nothing to do with/for oracle. > > > > The certificates used were provided by our customer and were tested by > > them and as we can init the session, open the ssl support for that > > session and even authenticate a ldap user/pass, the certificates are out > > of the possible causes of this issue. And even more because, as > > mentioned, we can perform a search over SSL using JXplorer and it is > > almost immediate, no hangs (for the little they could be), no delays, > > nothing, just direct to the result! > > > > I am trying to contact out customer's LDAP admin in order to get > > additional info from the server logs. As soon as I can get this, I will > > update the thread. > > > > Thanks you all for your help! > > > > Em Ter, 2007-01-23 às 10:51 -0600, Joe Kaplan escreveu: > >> If this can happen with any LDAP directory and not just AD, then it > >> sounds > >> like the issue is with the Oracle SSL stack. > >> > >> Does the search hang permanently or just take a long time to execute? > >> Sometimes an SSL operation is slowed down a lot due to client certificate > >> authentication requested by the server or CRL checking. > >> > >> Does Oracle give you any logs? What SSL stack do they use? Can this > >> issue > >> be reproduced with any other SSL stacks (Windows using ldp.exe for > >> example)? > >> > >> Joe K. > >> > >> ----- Original Message ----- > >> From: "Mauricio de Andrade Ramos" <[EMAIL PROTECTED]> > >> To: <ActiveDir@mail.activedir.org> > >> Sent: Tuesday, January 23, 2007 4:28 AM > >> Subject: [ActiveDir] Search over SSL hangs > >> > >> > >> > List, > >> > > >> > surfing google, realized that it is something that happens with a great > >> > frequency and not just with this specific directory we are using > >> > (Active > >> > Directory). Have you ever experienced performing a search to a > >> > directory, through SSL, and the search gets hang? > >> > > >> > It won't happen using a ldap browser client (like JXplorer) but from a > >> > PL/Sql procedure from Oracle....The curious is that when this very same > >> > search is performed through a non-SSL connection (from the database), > >> > it > >> > won't hang, just through SSL! Took a look in lots of messages, forums, > >> > Oracle forums and this issue is reported in enviroments with other > >> > configurations (other directories, database, OS...) but a solution or > >> > workaround or even the pointing of where is the problem is never > >> > explained! > >> > > >> > Additional info: 2 different certificates were used. Both given by our > >> > customer and are a valid ones (tested by them and us, we can > >> > connect/authenticate/search through JXplorer and connect/authenticate > >> > through Oracle). > >> > > >> > Can you give us a light? Thanks you all in advance. Mauricio. > >> > > >> > List info : http://www.activedir.org/List.aspx > >> > List FAQ : http://www.activedir.org/ListFAQ.aspx > >> > List archive: http://www.activedir.org/ma/default.aspx > >> > >> List info : http://www.activedir.org/List.aspx > >> List FAQ : http://www.activedir.org/ListFAQ.aspx > >> List archive: http://www.activedir.org/ma/default.aspx > >> > >> > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx