A while back I wrote about issues with the wallet_root parameter and doing clones. What I didn’t do back then because I was in a hurry is test this feature/parameter in conjunction with OUD ( Oracle Unified Directory).
As said in this post https://pfierens.blogspot.com/2020/07/converting-tde-encrypted-non-cdb-to-pdb.html the wallet_root parameter replaces the
encryption_wallet_location =
(source =
(method = file)
(method_data =
(directory = /zfs/encwallet/<DB_UNIQUE_NAME> )
)
)
In the sqlnet.ora however what I didn’t know and what is not documented to my knowledge is that it also ignores the
wallet_location =
(source =
(method = file)
(method_data =
(directory = /some_directory/<DB_UNIQUE_NAME>/wallet )
)
)
This wallet contains in our case the certificate for OUD.
When we tried to login via OUD we received an ORA-01017 tracing that this was due the fact that the certificate for OUD was not found
When we copied the wallet to
/zfs/encwallet/<DB_UNIQUE_NAME>/eus
It worked again
So it seems that the wallet_location in sqlnet.ora is ignored for OUD
I didn’t test the TDE wallet_root feature together with OUD, what a mistake to make !!!
