Test the Oracle database connection string used by DLP Enforce

book

Article ID: 160251

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Need steps to test the Oracle database connection string found in the the jdbc.properties file on the Symantec Data Loss Prevention (DLP) Enforce server to ensure the elements within the connection string are correct.

Resolution

Connecting to Oracle:

Various ways to use sqlplus:

  • sqlplus /nolog - provides access to utilize sqlplus.  The "/nolog" parameter means "start sqlplus, but do not log into a database"
  • sqlplus bleep/[email protected] -  means start sqlplus, log into database as defined in tnsnames.ora under alias "blorp", using database account "bleep" and password "blop"
  • sqlplus bleep/blop - means start sqlplus and log into database as defined either by default (the case of when the database is local) or using environment variables and defaults.  The environment variable ORACLE_SID provides the database name, the host is the local machine and the port is, by default, 1521.
  • sqlplus bleep - means start sqlplus and connect to default database using account "bleep".  Then prompt for password.  The advantage here is that the password is not displayed as typed.

Steps to test the connect to the DLP database using sqlplus and the connection elements found in the jdbc.properties file.

  1. Go to Vontu/Protect/config.
  2. Open Jdbc.properties in a text editor such as notepad and look for the parameter "jdbc.dbalias.oracle-thin".  This is what DLP uses to connect to the Oracle db.
  3. Copy the string from this parameter starting with "@", all the way to the end of the line. 
    • @(description=(address=(host=localhost)(protocol=tcp)(port=1521))(connect_data=(sid=protect)))
  4. Put either of the following into a SQLPlus login command as the database to be connected to:‚Äč
    • sqlplus conn [email protected](description=(address=(host=localhost)(protocol=tcp)(port=1521))(connect_data=(sid=protect)))
    • sqlplus conn protect/[email protected](description=(address=(host=localhost)(protocol=tcp)(port=1521))(connect_data=(sid=protect)))  -- This option includes the password.
  5. A successful connection indicates the SQLPlus string has all the elements necessary to connect to the Oracle database.

Note: However, that this test does not prove that JDBC is able to connect to the database.


A tnsname.ora entry can be modified to become a jdbc.properties entry, like so:

Take a tnsnames entry:

PROTECT2 =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 10.66.193.149)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = protect)
    )
  )

Remove the alias line:

  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 10.66.193.149)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = protect)
    )
  )

Remove all (ALL) spaces:

(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=10.66.193.149)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=protect)))

Put an "@" in front of it and it's ready for jdbc.properties.

Finally, tnsping does not mean that you can connect to the database. It merely means that you can connect to the listener.