Skip to Main Content
  • Questions

  • Configure CMU for all PDBs in the CDB

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Barb.

Asked: August 11, 2022 - 12:53 pm UTC

Last updated: August 23, 2022 - 10:46 pm UTC

Version: 19.14

Viewed 1000+ times

You Asked

Has anyone setup CMU to work for all the PDBs within a CDB ?
I have it working for a single PDB but when I created a new wallet based off the GUID it doesn't work I get an ora-1017 but it works for the 1st PDB I setup.

I'm running Oracle 19.14 on Windows 2019.
I don't have an override in the SQLNET.ora, my wallet is in the C:\ORACLE_BASE\admin\<CDB>\<PDB>\wallet as is the dsi.ora file for each PDB.
The Create user IDENTIFIED GLOBALLY is in each PDB.
And CMU_WALLER_DIR is set in each PDB pointing to it correct directory.

So what am I missing to get it to work for the 2nd PDB ?
Should it be setup at the CDB level vs. the PDBs level ?
If so then should the user be created in the CDB as a common user ?

I have a SR open with Support but I'm not getting anywhere.
Any help is greatly appreciate.
Thanks,
Barb.

and Connor said...

Assuming your PDBs are all intended to point a single AD endpoint, I got the following information from the security team.

You should be able to set that up with ldap.ora (and probably with dsi.ora) as well at a single location. This way you don’t need to set up/manage separate dsi.ora/wallets for each PDB.

Plus a few things to look at:
- Since you are on 19c – make sure they have implemented the cumulative patch for CMU for 19c: 31404487
- Make sure you set set the database property CMU_WALLET (CMU_WALLET_DIR is used in the Autonomous context)
- With the patch, they can point CMU_WALLET in every PDB to the location with dsi.ora/wallet. That way all the PDBs can leverage a single set of files instead of duplicating it in different directories.

The team also graciously offered the opportunity to contact them directly, so if you still have troubles, let me know via a review and I'll get you in touch with them directly.

Rating

  (2 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Configure CMU for all PDBs in the CDB

Barb Thomas, August 16, 2022 - 7:32 pm UTC

Hi Connor,
Thanks so much for a response, I would greatly appreciate if you can put me in contact with your team. I have been struggling with support for over 2 months now. I really don't want to give up and find another solution I've invested too much time already.

Yes, all the PDBs would point to the same DNS server in the dsi.ora file.

I also set the wallet up on another CDB that has 6 PDBs at the Container level C:\ORACLE\admin\<CDB>\wallet

And I get the same result I can get only 1 PDB to connect. I also set the CMU_WALLET_DIR = C:\ORACLE\admin\<CDB>\wallet in both PDBs same result. The 1st PDB connects and the 2nd give an ORA-1017.
The traces are pointing to the correct directory as well....
ALTER SYSTEM SET EVENTS='trace[gdsi] disk low' ;

I would rather it be set at the CDB level because I do "hot cloning" refreshes of the PDBs from live production periodically and don't want to have to rebuild each wallet every time I do a refresh.

Thanks any help is greatly appreciate.

Connor McDonald
August 23, 2022 - 10:46 pm UTC

I have arranged contact details.
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

Administration

Need more information on Administration? Check out the Administrators guide for the Oracle Database