[gdal-dev] OCI vector driver - could support be added for Oracle Wallet? (simple change?)

Steve Pritchard steve.pritchard at bto.org
Mon Jun 14 08:18:50 PDT 2021

Oracle Wallet provides secure storage for usernames and passwords on client
devices. We use this to avoid having usernames and passwords in scripts,
etc. For details see "Using The Secure External Password Store (Doc ID
340559.1)" on the Oracle Support website.

I have tried using Oracle Wallet with ogrinfo and the OCI driver, e.g.:

ogrinfo OCI:/@db_name:table_name

however I always get:

ERROR 1: ORA-01017: invalid username/password; logon denied
 in <unnamed>
ERROR 1: ORA-01017: invalid username/password; logon denied
 in <unnamed>
Unable to open datasource `OCI:..' with the following drivers.

I have tried this both with the bundled Oracle Instant Client and with the
latest Instant Client from the Oracle website. I've also tested Oracle
Wallet with other open source software (e.g. Perl DBI), and that works fine.

Having looked at the source code for ogrocisession.cpp, it looks as though
a simple change might be sufficient to make this work...

I think that the reason it doesn't work is because the "eCred" parameter
needs to be OCI_CRED_EXT for Oracle Wallet. But eCred is set
to OCI_CRED_RDBMS, except where OS authentication is being used.

So if pszUseridIn = "" and pszPasswordIn = "", can eCred be set to

(Notes on using Oracle Wallet with Oracle OCI can be found in the answer to
this stackoverflow question

Steve Pritchard
Database Developer

British Trust for Ornithology, The Nunnery, Thetford, Norfolk IP24 2PU, UK
Tel: +44 (0)1842 750050, fax: +44 (0)1842 750030
Registered Charity No 216652 (England & Wales) No SC039193 (Scotland)
Company Limited by Guarantee No 357284 (England & Wales)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20210614/1383d8d3/attachment-0001.html>

More information about the gdal-dev mailing list