Through my research, I wasn't able to find a duplicate of this question (a similar format wasn't include in any of these answers), but please mark it as such if it already exists.
I have the following JDBC connection string to connect to an Oracle database that I am trying to reverse engineer to connect elsewhere, but I don't know which components are server and which are database.
jdbc:oracle:thin:#word1://word2:port/word3,cn=word4,dc=word5,dc=word6
This was used to connect as part of a Sqoop job. The username and password are provided separately, so I don't believe any of these components are username or password. Could someone help me map these words and what their use case is?
Are any of these the database?
To reverse engineer this URL you start with #word1.
According to the Oracle documentation (see reference below), the part of the URL following the jdbc:oracle:thin: is the data source. There are a variety of different data source types, and the syntax of the next first component (including the # if present) will determine the type. The documentation lists the following data source types:
Oracle Net connection descriptor - #(...)
Thin-style service name - name#
LDAP syntax - #ldap
Bequeath syntax - oci:path/#
TMSNames alias - #name
If there was no more context, you just read the documentation to decode the rest of the URL, per the data source type.
But you have revealed that there are cn and dc parameters in the URL. That makes it 99.9% likely that this is actually an #ldap data source.
The structure of an JDBC URL with an LDAP data source is:
jdbc:oracle:thin:#ldap://<host>:<port>/<name>,<ldap context param>...
where <host> and <port> are for an LDAP service, and the ldap context parameters are a list of name=value pairs which should include cn=OracleContext.
This tells the JDBC driver to lookup <name> in the LDAP server with the given context, and then use the associated information to establish the database connection. I couldn't find a definitive reference for what <name> actually is. The Oracle documentation just gives an example.
The best I could find is this:
Database Service Name: The database service name tells the driver what database to connect to. For example, if the database is named "dmart", dmart should be entered as the database service name.
(Source: https://razorsql.com/articles/oracle_ldap_jdbc_connect.html)
The "#ldap" can replaced by "ldaps:", which means LDAP over SSL.
References:
Database JDBC Developer's Guide and Reference, Data Sources and URLs
Related
I have a NIFI image running in openshift and a postgres in the cloud "owned" by another department.
They sent to us a certificate(".crt") and a key(".key"), since the log-in is made trough client certificate, instead of username and password. I have succeeded to log-in in pgAdmin 4, but not to connect the NIFI to the Postgres with certificate and key.
I have uploaded the certificate and the key to the image (using a secret and mounting it) so if I go to the pod terminal I can access it.
But, when I pass to a DBCPConnectionPoll service the connection string bellow and activates an ExecuteSQL processor, I receive an exception that the certificate is not valid, as follows:
ERROR
ExecuteSQL[id=...] Unable to execute SQL query <...>;
due to java.sql.SQLException: Cannot create a PoolableConnectionFactory (FATAL: connection requires a valid client certificate).
No FlowFile to route to failure: org.apache.nifi.processor.exception.ProcessException: java.sql.SQLException: Cannot create a PoolableConnectionFactory (FATAL: connection requires a valid client certificate)
I have tried to pass the certificate in two ways to the DBCPConnectionPoll service:
1) as parameters in the connection string ("database connection url" property:
jdbc:postgresql://<ip>:<port>/<username>?user=<username>&sslTrue&sslcert=/etc/.../mycerts/mycert.der&sslkey=/etc/.../mycerts/mykey.key.pk8
2) adding properties in the service (+ button and the just parameter name and the path as the value) and just passing this as url:
jdbc:postgresql://<ip>:<port>/<username>
Both seems to work generally speaking, since I can connect to another postgres I have which not requires ssl certification.
Some considerations:
1) My assumption here is that the connection string in the NIFI does not know to read properly the file path for the certificate and key.
2) I have converted the certificates a bunch of times to different types that java can receive in order to see if that was the problem, but I still receive the same exception. So it seems that the connection pool just does not "achieve" the files at all. Nevertheless, if some one has a say in this topic, it can be handy, after the main problem is solved. So appreciate some tips here as well.
3) I have also read the NIFI source code and it seems that NIFI uses normally JDBC classes to create the connection pool, so a connection string as I passed would have worked in java code, but somehow doesn't work in NIFI (which is written in java).
4) The jdbc driver and everything else is configured properly, since I can work with a non-secure postgres in NIFI.
Thank you very much.
A co-worker found the 'simple solution' to the problem I asked and I would like to share so it can help others.
What was missing was the property sslmode = require. After including that, the service worked perfectly. Actually, I am not sure why it didn't work with sslmode = prefer, since it is what my pgadmin is using for the same database and there it works perfectly. It seems like we must 'force' nifi to use ssl in this case - see documentation here: https://jdbc.postgresql.org/documentation/head/ssl-client.html.
Moreover, some insights:
It worked with certificate in '.der' and key in '.pk8' formats (didn't have to use trust-store and key-store as needed in other services).
One can add in the 'plus' button the properties and give them the right name as we would do in java code, instead of concatenating every property in the connection string (see second option in the question above).
Make it helps others as well.
I have a java application which runs on IBM i. It creates connection to AS400 database using jdbc. It does not specify the database name in JDBC connection URL, means it creates connection to default system database associated with *SYSBAS.
Now I want my application to run on iASP. When running on iASP it fails to connect to database.
IBM i documentation says that we must specify RDB name in "database name" property of jdbc connection URL to connect.
problem here is that,
IBM i documentation says by default RDB name of iASP group is same as primary iASP device name in iASP group. But it can be assigned different name.
I am able to retrieve iASP group name and iASP device name programmatically using JTOPEN(by calling API QUSROBJD). Which means my application will work in default scenario. But when RDB name is assigned different name then my application may fail. I want to retrieve RDB name associated with iASP.
How can I retrieve correct RDB name for an iASP?
I tried using API QUSRJOBI, but it is returning database name as blank.
There are two types of Auxiliary Storage Pool (ASP) on IBM i: System ASPs and independent ASPs (iASP). On DB2 for i, all libraries in the system ASP are treated as a single database and you can qualify tables with a schema name to access a tables in a specific library. According to the documentation that I found, each new iASP creates a new database, and these can be queried in QSYS2.SYSCATALOGS. So you will need a connection to the system database and, from that, you can find the database name and connect to each iASP that you need a connection to. Unfortunately I cannot test this as I do not have an iASP available to me.
I'm trying to create a JDBC data source in Oracle WebLogic server and getting some error. I can log in the web console http://localhost:7001/console using user name + password and I followed the Youtube video / tutorial page - Configuring a JDBC data source as same.
I have a wireless connection and I get the Host name (# 12 in the tutorial ) by typing
ipconfig getifaddr en0
in the Mac OS terminal. It returns 10.131.173.138 ( the same format, I changed three random digits ) and I put it inside the Host name and also filled up all other information's. However, after that when I'm trying to test the set up by clicking Test Configuration, it returns me the following errors that I provided below -
Connection test failed.
Message icon - Error IO Error: The Network Adapter could not establish the connectionoracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:800)oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:793)oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33)oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:614)weblogic.jdbc.common.internal.DataSourceUtil.testConnection0(DataSourceUtil.java:340)weblogic.jdbc.common.internal.DataSourceUtil.access$000(DataSourceUtil.java:22)weblogic.jdbc.common.internal.DataSourceUtil$1.run(DataSourceUtil.java:254)java.security.AccessController.doPrivileged(Native Method)weblogic.jdbc.common.internal.DataSourceUtil.testConnection(DataSourceUtil.java:251)com.bea.console.utils.jdbc.JDBCUtils.testConnection(JDBCUtils.java:751)com.bea.console.actions.jdbc.datasources.createjdbcdatasource.CreateJDBCDataSource.testConnectionConfiguration(CreateJDBCDataSource.java:479)sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)java.lang.reflect.Method.invoke(Method.java:606)org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:870)org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)...
I think it mainly says The Network Adapter could not establish the connection
However, I don't have much knowledge what to do to establish the connection properly. Thanks.
You need a real database with correct values in the jdbc URL:
i.e.
For example, if the database to which you want to connect resides on host prodHost, at port 1521, and system identifier (SID) ORCL, and you want to connect with user name scott and password tiger, then use either of the two following connection strings:
Using host:port:sid syntax:
String connString="jdbc:oracle:thin:#prodHost:1521:ORCL";
I am C# developer and I don't know much about Java, normally in C# when I wanna connect to a database I use the following command:
static SqlConnection cn = new SqlConnection(#"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True");
I read a tutorial about making database connection (Sql Server 2008) in java in MSDN saying that the address must be declared this way:
String connectionUrl = "jdbc:sqlserver://localhost:1433;" + "databaseName=JavaDB;user=UserName;password=*****";
I would like to if there's any way to declare the url the way I do in C#, I mean instead of
"jdbc:sqlserver://localhost:1433;"
I directly point to the database
"AttachDbFilename=|DataDirectory|\Database.mdf;"
thanks
The first part of the URL is prescribed by the JDBC specification, so all drivers will follow the structure jdbc:<vendor-identifier>:<vendor-specific-url>.
In Java creating the connection (at least via java.sql.DriverManager) is independent of the actual Driver implementation that creates the connection (in C# you create a typed vendor-specific connection).
The first part, jdbc:<vendor-identifier> is used as a selection mechanism so a Driver can quickly decide if it will accept an URL or not. Technically multiple driver implementations could accept an URL and create the connection. The <vendor-identifier> is usually the name of the database or company.
The <vendor-specific-url> will usually follow normal URL conventions (MS SQL Server JDBC URLS are an exception to that).
The format of the Microsoft JDBC driver is:
jdbc:sqlserver://[serverName[\instanceName][:portNumber]][;property=value[;property=value]]
See: Building the Connection URL.
Technically, Microsoft could have allowed only the database name in their <vendor-specific-url> and imply that it uses localhost but they decided not to do that.
The official documentation of the SQL JDBC driver does not mention any such thing
http://msdn.microsoft.com/en-us/library/ms378428.aspx
http://msdn.microsoft.com/en-us/library/ms378672(v=sql.110).aspx
so I assume it is not possible
Is it possible to connect to SQL Server using Windows authentication/integrated security from a Mac? I am using the type 4 JDBC driver provided by Microsoft. The front end (a form application) is coded in Java. Everything works perfectly on Windows but one person in the office uses a Mac.
Is this possible? FYI, I have never used Macs so I am very much the novice with them. I have searched all over the Internet but have not found a solution.
Thank you in advance.
This information is hard to come by in my experience. All of my searches turned up wrong (outdated) information since Microsoft changed the rules and added the authenticationScheme parameter. In the interest of helping the next person, here is an example of a connection string that works:
jdbc:jtds:sqlserver://123.123.123;instance=server1;databaseName=students;integratedSecurity=true;authenticationScheme=JavaKerberos
Also in driver properties set "Domain". Do not include the domain in any user name setting.
This was tested using Squirrel SQL (Java) with jtds on Mac OSX. Hopefully the previous sentence has the search terms someone might use who needs to know this information.
Using Kerberos Integrated Authentication to Connect to SQL Server
Beginning in Microsoft JDBC Driver 4.0 for SQL Server, an application
can use the authenticationScheme connection property to indicate that
it wants to connect to a database using type 4 Kerberos integrated
authentication.
The jTDS JDBC driver for SQL Server supports Windows authentication simply using the domain property as described in the FAQ.
domain
Specifies the Windows domain to authenticate in. If present and the user name and
password are provided, jTDS uses Windows (NTLM)
authentication instead of the usual SQL Server authentication (i.e.
the user and password provided are the domain user and password). This
allows non-Windows clients to log in to servers which are only
configured to accept Windows authentication.
If the domain parameter is present but no user name and password are provided, jTDS uses its native Single-Sign-On library and logs in
with the logged Windows user's credentials (for this to work one would
obviously need to be on Windows, logged into a domain, and also have
the SSO library installed -- consult README.SSO in the distribution on
how to do this).
I use jTDS on a mac (10.9).
Using this driver you need to specify the username and password like always, the only difference is that you need to specify domain=WHATEVERTHENTDOMAIN in the connection string (or connection properties if you rather).
So a sample connection string is:
jdbc:jtds:sqlserver://db_server:1433/DB_NAME;domain=NT_DOMAIN_NAME
The jTDS driver then uses NTLM to login to the specified domain with the username and password.
This is an old post but may be relevant for some people. See this other SO post that describes how to connect to a SQL Server with Windows Authentication from a Linux machine through JDBC. This will work on mac as well.
jTDS is inferior to Microsoft's JDBC driver (in particular, it cannot figure out the types of parameters in a prepared statement)
Yes, you can authenticate to MS SQL Server using Active Directory authentication, as Active Directory is just Kerberos + LDAP, which are open source and implemented on Mac
Kerberos config /etc/krb5.conf :
[libdefaults]
default_realm = YOUR_REALM.NET
[realms]
YOUR_REALM.NET = {
kdc = host.your-domain.net
}
I needed to use the fully qualified domain name of the KDC, not just the domain name
JDBC Connection String:
jdbc:sqlserver://$host;database=$db;integratedSecurity=true;authenticationScheme=JavaKerberos
If $host does not have an SPN of MSSQLSrv/$host, add serverSp=$SPN to the JDBC connection string
It is not correct to say that one driver can determine the data types and another driver can't. Any driver has to look at the implied type based on the arguments passed. Both jTDS and Microsoft's driver do this. This is a limitation of the protocol - the database cannot tell the driver which type is correct, because in many queries it can't know what you intend.
In each version, jTDS and Microsoft's driver each have different issues and different advantages. The "best" choice depends on exactly which version of each you look at, and exactly what your needs are. I've had to switch back and forth as different versions come out - Microsoft breaking in a certain way, then later adding something I wanted.
The following connection string worked for me
jdbc:jtds:sqlserver://server_name:port_name;useLOBs=false;databaseName=db_name;useNTLMv2=true;domain=domain_name;
I'm using jTDS 1.3.2 and SQuirreL SQL Client.