Access Azure Active Directory Data as a Remote Oracle Database

The Oracle Database Gateway for ODBC and Heterogeneous Services technology enable you to connect to ODBC data sources as remote Oracle databases. This article shows how to use the CData ODBC Driver for Azure Active Directory to create a database link from Azure Active Directory to Oracle and to query Azure Active Directory data through the SQL*Plus tool. You can also create the database link and execute queries from SQL Developer.

Connect to Azure Active Directory as an ODBC Data Source

Information for connecting to Azure Active Directory follows, along with different instructions for configuring a DSN in Windows and Linux environments.

Azure Active Directory uses the OAuth authentication standard. To authenticate using OAuth, create an app to obtain the OAuthClientId, OAuthClientSecret, and CallbackURL connection properties. See the OAuth section in the Help documentation for an authentication guide.

Windows

If you have not already, first specify connection properties in an ODBC DSN (data source name). This is the last step of the driver installation. You can use the Microsoft ODBC Data Source Administrator to create and configure ODBC DSNs.

Note: If you need to modify the DSN or create other Azure Active Directory DSNs, you must use a system DSN and the bitness of the DSN must match your Oracle system. You can access and create 32-bit DSNs on a 64-bit system by opening the 32-bit ODBC Data Source Administrator from C:\Windows\SysWOW64\odbcad32.exe.

Linux

If you are installing the CData ODBC Driver for Azure Active Directory in a Linux environment, the driver installation predefines a system DSN. You can modify the DSN by editing the system data sources file (/etc/odbc.ini) and defining the required connection properties.

/etc/odbc.ini

[CData AzureAD Source]
Driver = CData ODBC Driver for Azure Active Directory
Description = My Description
OAuthClientId = MyApplicationId
OAuthClientSecret = MySecretKey
CallbackURL = http://localhost:33333
InitiateOAuth = GETANDREFRESH

For specific information on using these configuration files, please refer to the help documentation (installed and found online).

Set Connection Properties for Compatibility with Oracle

The driver provides several connection properties that streamline accessing Azure Active Directory data just as you would an Oracle database. Set the following properties when working with Azure Active Directory data in SQL*Plus and SQL Developer. For compatibility with Oracle, you will need to set the following connection properties, in addition to authentication and other required connection properties.

• MapToWVarchar=False

  Set this property to map string data types to SQL_VARCHAR instead of SQL_WVARCHAR. By default, the driver uses SQL_WVARCHAR to accommodate various international character sets. You can use this property to avoid the ORA-28528 Heterogeneous Services data type conversion error when the Unicode type is returned.

• MaximumColumnSize=4000

  Set this property to restrict the maximum column size to 4000 characters.

• IncludeDualTable=True

  Set this property to mock the Oracle DUAL table. SQL Developer uses this table to test the connection.

Linux Configuration

In Linux environments, Oracle uses UTF-8 to communicate with the unixODBC Driver manager, whereas the default driver encoding is UTF-16. To resolve this, open the file /opt/cdata/cdata-driver-for-azuread/lib/cdata.odbc.azuread.ini in a text editor and set the encoding.

cdata.odbc.azuread.ini

[Driver]
DriverManagerEncoding = UTF-8

Configure the ODBC Gateway, Oracle Net, and Oracle Database

Follow the procedure below to set up an ODBC gateway to Azure Active Directory data that enables you to query live Azure Active Directory data as an Oracle database.

1. Create the file initmyazureactivedirectorydb.ora in the folder oracle-home-directory/hs/admin and add the following setting:

   initmyazureactivedirectorydb.ora

   HS_FDS_CONNECT_INFO = "CData AzureAD Sys"

2. Add an entry to the listener.ora file. This file is located in oracle-home-directory/NETWORK/admin.

   If you are using the Database Gateway for ODBC, your listener.ora needs to have a SID_LIST_LISTENER entry that resembles the following:

   listener.ora

   SID_LIST_LISTENER =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = myazureactivedirectorydb)
    (ORACLE_HOME = your-oracle-home)
    (PROGRAM = dg4odbc)
    )
    )
   

   If you are using Heterogeneous Services, your listener.ora needs to have a SID_LIST_LISTENER entry that resembles the following:

   listener.ora

   SID_LIST_LISTENER =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = myazureactivedirectorydb)
    (ORACLE_HOME = your-oracle-home)
    (PROGRAM = hsodbc)
    )
    )
   

3. Add the connect descriptor below in tnsnames.ora, located in oracle-home-directory/NETWORK/admin:

   tnsnames.ora

   myazureactivedirectorydb =
    (DESCRIPTION=
    (ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))
    (CONNECT_DATA=(SID=myazureactivedirectorydb))
    (HS=OK)
    ) 
   

4. Restart the listener.

5. Test the configuration with the following command:

   tnsping myazureactivedirectorydb

6. Open SQL*Plus and create the database link with the command below:

   CREATE DATABASE LINK myazureactivedirectorydb CONNECT TO "user" IDENTIFIED BY "password" USING 'myazureactivedirectorydb';

You can now execute queries in SQL*Plus like the one below (note the double quotation marks around the table name):

SELECT * from "Domains"@myazureactivedirectorydb WHERE isVerified = 'TRUE';