Connectors and Connections > Data Ingestion and Replication connection properties > Oracle Database Ingestion connection properties
  

Oracle Database Ingestion connection properties

When you define an Oracle Database Ingestion connection for a database ingestion and replication task, you must configure connection properties.
The following table describes the connection properties:
Property
Description
Connection Name
A name for the connection. This name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -
Spaces at the beginning or end of the name are trimmed and are not saved as part of the name. Maximum length is 100 characters. Connection names are not case sensitive.
Description
An optional description for the connection. Maximum length is 255 characters.
Type
The type of connection. For an Oracle Database Ingestion connection, the type must be Oracle Database Ingestion.
Runtime Environment
The name of the runtime environment where you want to run database ingestion and replication tasks. You define runtime environments in Administrator.
Authentication Mode
The authentication mode that the connector must use to log in to Oracle. Options are:
  • - Oracle Database Authentication. Uses your Oracle user name and password to connect to Oracle.
  • - Kerberos. Uses Kerberos authentication to connect to Oracle.
  • Note: If you select Kerberos, the Schema list that's displayed when you define an Oracle source or target in an application or database ingestion and replication task will include the schemas of other Kerberos users as well as your schemas.
Default is Oracle Database Authentication.
User Name
If you use Oracle Database Authentication, the user name for the Oracle database login. The user name cannot contain a semicolon.
Note: This property is not displayed if you use Kerberos authentication.
Password
If you use Oracle Database Authentication, the password for the Oracle database login. The password cannot contain a semicolon.
Note: This property is not displayed if you use Kerberos authentication.
Host
Host name of the database server.
Port
Network port number used to connect to the database server. Default is 1521.
Service Name
Service name or System ID (SID) that uniquely identifies the Oracle database. Specify the SID in the following format, including the leading semicolon (;), to connect to Oracle databases: ;SID=<ORACLE_SID>
Schema
Schema used for the Oracle connection.
Code Page
The code page of the database server. Database ingestion and replication tasks use the UTF-8 code page. Default is UTF-8.
Encryption Method
For initial load jobs, determines whether the data exchanged between the Secure Agent and the Oracle database server is encrypted:
Options are:
  • - SSL. Establishes a secure connection using SSL for data encryption. If the Oracle database server cannot configure SSL, the connection fails.
  • - No Encryption. Establishes a connection without using SSL. Data is not encrypted.
Default is No Encryption.
Crypto Protocol Version
If you selected SSL as the encryption method, you must specify a cryptographic protocol or a list of cryptographic protocols supported by your server to use with an encrypted connection. Options are:
  • - SSLv2
  • - SSLv3
  • - TLSv1.2
Default is TLSv1.2.
Validate Server Certificate
If you selected SSL as the encryption method, controls whether the Secure Agent validates the server certificate that is sent by the Oracle database server.
  • - True. Validate the server certificate.
  • - False. Do not validate the server certificate.
Default is False.
If you also specify the Host Name in Certificate property, the Secure Agent also validates the host name in the certificate.
Trust Store
If you selected SSL as the encryption method and enabled validation of the server certificate, specify the path and name of the truststore file, which contains the list of the Certificate Authorities (CAs) that the client trusts for SSL authentication.
Trust Store Password
If you selected SSL as the encryption method and enabled validation of the server certificate, specify a password for accessing the contents of the truststore file.
Host Name in Certificate
If you selected SSL as the encryption method and enabled validation of the server certificate, specify the host name of the machine that hosts the Oracle database to provide for additional security. The Secure Agent validates the host name included the connection with the host name in the SSL certificate.
Key Store
If you selected SSL as the encryption method and client authentication is enabled on the Oracle database server, specify the path and name of the keystore file. The keystore file contains the certificates that the client sends to the Oracle server in response to the server's certificate request.
Key Store Password
If you selected SSL as the encryption method and client authentication is enabled on the Oracle database server, specify the password for the keystore file.
Key Password
If you selected SSL as the encryption method and client authentication is enabled on the Oracle database server, specify the password for the keys in the keystore file. Use this property when the keys have a different password than the keystore file.
Database Connect String
A TNS name, an Oracle Net keyword-value pair, or a SQL connect string URL that OCI uses to connect to Oracle.
TDE Wallet Directory
The path to the directory that contains the Oracle wallet file used for Oracle Transparent Data Encryption (TDE). Specify this property value only if you capture change data from TDE-encrypted tablespaces and one of the following conditions are true:
  • - The Oracle wallet is not available to the database.
  • - The Oracle database is running on a server that is remote from Oracle redo logs.
  • - The wallet directory is not in the default location on the database host or the wallet name is not the default name of ewallet.p12.
  • - The wallet directory is not available to the Secure Agent host.
TDE Wallet Password
A clear text password that is required to access the Oracle TDE wallet and get the master key. This property value is required if you need to read and decrypt data from TDE-encrypted tablespaces in the Oracle source database.
Directory Substitution
A local path prefix to substitute for the server path prefix of the redo logs on the Oracle server. This substitute local path is required when the log reader runs on a system other than the Oracle server and uses a different mapping to access the redo log files. Use this property in the following situations:
  • - The redo logs reside on shared disk.
  • - The redo logs have been copied to a system other than the Oracle system.
  • - The archived redo logs are accessed by using a different NFS mount.
Do not use this statement if you use Oracle Automatic Storage Management (ASM) to manage the redo logs.
You can define one or more substitutions in the following format:
server_path_prefix,local_path_prefix;server_path_prefix,local_path_prefix;...
Note: This property does not apply to Oracle targets.
Reader Active Log Mask
A mask that the log reader uses for selecting active redo logs when the Oracle database uses multiplexing of redo logs. The log reader compares the mask against the member names in an active redo log group to determine which log to read. In the mask, you can use the asterisk (*) wildcard to represent zero or more characters.
The mask can be up to 128 characters in length. It is case-sensitive on Linux or UNIX systems but not on Windows systems.
Note: This property does not apply to Oracle targets.
Reader Archive Destination 1
The primary log destination from which the log reader reads archived logs, when Oracle is configured to write more than one copy of each archived redo log. Enter a number that corresponds to a n value in an Oracle LOG_ARCHIVE_DEST_n initialization parameter, where n is a value from 1 to 10.
If you set only one of the Reader Archive Destination 1 and Destination 2 properties, the log reader uses that property setting. If you specify neither property, the archive log queries are not filtered by the log destination.
Note: This property does not apply to Oracle targets.
Reader Archive Destination 2
The secondary log destination from which the log reader reads archived logs when the primary destination becomes unavailable or when the logs at the primary destination cannot be read. For example, logs might have been corrupted or deleted. Enter a number that corresponds to the n value in an Oracle LOG_ARCHIVE_DEST_n initialization parameter, where n is a value from 1 to 10. Usually, this value is a number greater than 1.
Note: This property does not apply to Oracle targets.
Reader ASM Connect String
In an Oracle ASM environment, the Oracle connection string, defined in TNS, that the log reader uses to connect to the ASM instance that manages storage of active and archived redo logs for the source database.
Note: This property does not apply to Oracle targets.
Reader ASM User Name
In an Oracle ASM environment, an Oracle user ID that the log reader uses to connect to the ASM instance that manages storage of active and archived redo logs for the source database. This user ID must have SYSDBA or SYSASM authority. To use SYSASM authority, set the Reader ASM Connect As SYSASM property to Y.
Note: This property does not apply to Oracle targets.
Reader ASM Password
In an Oracle ASM environment, a clear text password for the user that is specified in the Reader ASM User Name property. The log reader uses this password and the ASM user name to connect to the ASM instance that manages storage of active and archived redo logs for the source database.
Note: This property does not apply to Oracle targets.
Reader ASM Connect As SYSASM
If you use Oracle 11g ASM or later and want the log reader to use a user ID that has SYSASM authority to connect to the ASM instance, select this check box. Also specify a user ID that has SYSASM authority in the Reader ASM User Name property. To use a user ID that has SYSDBA authority, clear this check box. By default, this check box is cleared.
Note: This property does not apply to Oracle targets.
Reader Mode
Indicates the source of and types of Oracle redo logs that the log reader reads. Valid options are:
  • - ACTIVE. Read active and archived redo logs from the Oracle online system. Optionally, you can use the Reader Active Log Mask property to filter the active redo logs and use the Reader Archive Destination 1 and Reader Archive Destination 2 properties to limit the archived log destinations from which to read archived logs.
  • - ARCHIVEONLY. Read only archived redo logs. Optionally, you can use the Reader Archive Destination 1 and Reader Archive Destination 2 properties to limit the archived log destinations from which to read archived logs.
  • - ARCHIVECOPY. Read archived redo logs that have been copied to an alternate file system. For combined initial and incremental load jobs, you must also set the source custom property pwx.cdcreader.oracle.reader.additional with the dir and file parameters, at the direction of Informatica Global Customer Support.
  • You can use this option in the following situations:
    • - You do not have the authority to access the Oracle archived redo logs directly.
    • - The archived redo logs are written to ASM, but you do not have access to ASM.
    • - The archived log retention policy for the database server causes the archived logs to not be retained long enough.
    With this option, the Reader Archive Destination 1 and Reader Archive Destination 2 properties are ignored.
Default is ACTIVE.
Note: This property does not apply to Oracle targets.
Reader Standby Log Mask
A mask that the log reader uses for selecting redo logs for an Oracle physical standby database when the database uses multiplexing of redo logs. The log reader compares the mask against the member names in an redo log group to determine which log to read. In the mask, you can use the asterisk (*) wildcard to represent zero or more characters.
The mask can be up to 128 characters in length. It is case-sensitive on Linux or UNIX systems but not on Windows systems.
Note: This property does not apply to Oracle targets.
Standby Connect String
An Oracle connection string, defined in TNS, that the log reader uses to connect to the Oracle physical standby database for change capture when the database is not open with read only access.
Note: This property does not apply to Oracle targets.
Standby User Name
A user ID that the log reader uses to connect to the Oracle physical standby database for change capture. This user ID must have SYSDBA authority.
Note: This property does not apply to Oracle targets.
Standby Password
A password that the log reader uses to connect to the Oracle physical standby database for change capture.
Note: This property does not apply to Oracle targets.
RAC Members
The maximum number of active redo log threads, or members, in an Oracle Real Application Cluster (RAC) that can be tracked. For a Data Guard physical standby database that supports a primary database in a RAC environment, this value is the number of active threads for the primary database.
Valid values are 1 to 100. Default is 0, which causes an appropriate number of log threads to be determined automatically. If this value is not appropriate for your environment, set this property to a value greater than 0.
Note: This property does not apply to Oracle targets.
BFILE Access
Select this check box in the following circumstances:
  • - You use BFILE access to redo logs in physical directories on the local Oracle server file system. BFILE access uses Oracle directory objects to remotely access the redo logs in the file system. This method is an alternative to other log access methods such as ASM or NFS mounts.
  • - You have an Amazon Relational Database Service (RDS) for Oracle source. In this case, this option enables access to the redo logs of a cloud-based database instance deployed in RDS.
By default, this check box is cleared.
Note: This property does not apply to Oracle targets.

Prerequisites for Kerberos authentication

To use Kerberos authentication to connect to Oracle source or target databases, you must place some required configuration files on the Secure Agent machine and set some environment variables.
When you configure Kerberos authentication to connect to Oracle, consider the following guidelines:

Configuring Kerberos authentication

Before you use Kerberos authentication to connect to an Oracle database on Linux or Windows, your organization administrator needs to create a few configuration files and set some environment variables.
    1Configure the Java Authentication and Authorization Service configuration file (JAAS) that the JDBC driver will use for Java client authentication.
    1. aCreate a JAAS configuration file on the Secure Agent machine.
    2. b Add an entry to the JAAS configuration file that specifies the authentication technology to use for a particular driver. For example:
    3. JDBC_DRIVER_01 {
      com.sun.security.auth.module.Krb5LoginModule required
      useTicketCache=true
      principal="user@EXAMPLE.COM";
      };
      The Krb5LoginModule authenticates users by using Kerberos protocols. You can add LoginModule options such as useTicketCache and principal as needed. For more information, see the Oracle Java documentation at https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html.
    2Configure the Kerberos configuration file, krb5.conf, which defines Kerberos settings and realm details.
    1. aCreate a krb5.conf file on the Secure Agent machine.
    2. bAdd the details for the Key Distribution Center (KDC) and admin server to the krb5.conf file in the following format:
    3. [libdefaults]
      default_realm = <realm_name>

      [realms]
      <realm_name> = {
      kdc = <location where KDC is installed>
      admin_server = <location where KDC is installed>
      }
      Where [libdefaults] sets the default realm, and [realms] specifies the KDC and admin server for the realm.
      For example:
      [libdefaults]
      default_realm = EXAMPLE.COM

      [realms]
      EXAMPLE.COM = {
      kdc = rnd.EXAMPLE.COM
      admin_server = rnd.EXAMPLE.COM
      }
      For more information, see the Oracle documentation at https://docs.oracle.com/cd/E86824_01/html/E54775/krb5.conf-4.html.
    3Set the following environment variables on the machine where Data Ingestion and Replication and Secure Agent run:
    setenv JAASCONFIG <Absolute path of the JAAS config file>\<File name>.conf>
    setenv KRB5_CONFIG <Absolute path of the Kerberos configuration file>\krb5.conf>
    setenv KRB5CCNAME <Absolute path and file name of the credentials cache file>
    These variables are required to test Oracle Database Ingestion connections, deploy tasks, and run jobs when Kerberos authentication is in use.
    Alternatively, you can specify these environment variables in Administrator for the Secure Agent. If you set environment variables in Administrator and on the Secure Agent machine, the variables that you specify in Administrator take precedence.
    To define environment variables for the Seucre Agent in Administrator, go to Runtime Environments. Then open a Secure Agent and click Edit. Under System Configuration Details > Custom Configuration Details, enter the variables for the Database Ingestion service and DBMI_AGEN_ENV type. For example:
    4Restart the Secure Agent.
    5Generate the credential cache file by using the kinit or okinit tool.