Skip to content

Spring Boot, using oracle-ldap url through ssh tunnel on local machine

There are 3 machines:
local -> some remote server -> oracle db server (via ldap)

I want to set up datasource connection (in my spring boot app) to the oracle db.
There is no direct connectivity between local machine and the one with oracle db. So, i’m using the ssh tunnel through remote server:

ssh -L 127.0.0.1:8081:some.ldap.host:389 [email protected]

In application.yml file i’m using further url:

spring:
  datasource:
    url: jdbc:oracle:thin:@ldap://127.0.0.1:8081//srvcnm,cn=OracleContext,dc=yy,dc=xx,dc=com 

And when my app trying to get db connection, im getting the following error:

Caused by: oracle.net.nt.TimeoutInterruptHandler$IOReadTimeoutException: Socket read timed out
    at oracle.net.nt.TimeoutSocketChannel.handleInterrupt(TimeoutSocketChannel.java:254)
    at oracle.net.nt.TimeoutSocketChannel.connect(TimeoutSocketChannel.java:103)
    at oracle.net.nt.TimeoutSocketChannel.<init>(TimeoutSocketChannel.java:77)
    at oracle.net.nt.TcpNTAdapter.connect(TcpNTAdapter.java:192)
    ... 126 common frames omitted

Whenever i’m deploying app on the remote server and enter “direct” url in application.yml the connection is being obtained without any timeouts, and the app works well.

jdbc:oracle:thin:@ldap://some.ldap.host:389//srvcnm,cn=OracleContext,dc=yy,dc=xx,dc=com

Does anyone know how to handle this? How to get connection from local machine?

Answer

The problem was in redirecting source connection request to another machine with oracle db itself (after ldap auth). So, the request’s path looked like:

1.local -> 2.remote server -> 3.ldap server -> 4.oracle db server

There wasn’t connectivity between 1st and 4th machine as the tunnel was only between 1th and 3rd one.

So, you if you faced this issue, you may add one more ssh tunnel (First tunnel is for ldap server, second one for oracle db) and enrich your “etc/hosts” with oracle server’s routing.

In my case the issue was in access restrictions. The oracle server is filtering sockets somehow and grants access to certain machines.