无法通过 cx_Oracle 使用具有外部 + 代理身份验证的 SessionPool 进行连接
Unable to connect via cx_Oracle using SessionPool with External + Proxy Authentication
背景:
我有一个 Kerberized Oracle DB,我可以使用
连接到它
pool = cx_Oracle.SessionPool(externalauth=True, dsn=dsn, threaded=True, homogeneous=False, encoding='UTF-8', nencoding='UTF-8')
conn = pool.acquire()
目前,我想按照 cx_Oracle docs 中的说明使用代理连接进行连接。我可以在独立连接中执行此操作,但不能在共用连接中执行此操作:
# Standalone connection
conn = cx_Oracle.connect(user='[session_user]', dsn=dsn, encoding='UTF-8')
# Executing testing query below:
# PROXY_USER: my_user
# SESSION_USER: session_user
# Pooled connection
pool = cx_Oracle.SessionPool(externalauth=True, homogeneous=False, dsn=dsn, encoding='UTF-8')
conn = pool.acquire(user='[session_user]') # shown as <cx_Oracle.Connection to user [session_user]@local> in debugger
# Executing testing query below:
# PROXY_USER: None
# SESSION_USER: my_user
# Testing query:
# SELECT SYS_CONTEXT('USERENV', 'PROXY_USER'),
# SYS_CONTEXT('USERENV', 'SESSION_USER')
# FROM DUAL;
我已经检查过 %ORACLE_HOME% 和 %TNS_ADMIN% 是否指向正确的路径。我想知道为什么获取的连接变成@local,这是否与代理连接失败的原因有关。
不确定我在这里遗漏了什么。
您看到了什么行为或错误?您使用的是什么版本的 Oracle 客户端库? Oracle Client 18.3 中有一个修复程序。
对我来说,代码:
import cx_Oracle
print(cx_Oracle.clientversion())
pool = cx_Oracle.SessionPool(externalauth=True, dsn="localhost/orclpdb1", homogeneous=False)
conn = pool.acquire()
with conn.cursor() as cursor:
sql = """SELECT SYS_CONTEXT('USERENV', 'PROXY_USER'),
SYS_CONTEXT('USERENV', 'SESSION_USER')
FROM DUAL"""
for r in cursor.execute(sql):
print(r)
pool = cx_Oracle.SessionPool(externalauth=True, dsn="localhost/orclpdb1", homogeneous=False)
conn = pool.acquire(user='[mysessionuser2]')
with conn.cursor() as cursor:
sql = """SELECT SYS_CONTEXT('USERENV', 'PROXY_USER'),
SYS_CONTEXT('USERENV', 'SESSION_USER')
FROM DUAL"""
for r in cursor.execute(sql):
print(r)
给出:
[oracle@localhost j]$ export LD_LIBRARY_PATH=/home/cjones/src/oracle/instantclient/instantclient12.2.0.1/instantclient_12_2-linux.x64
[oracle@localhost j]$ python prx.py
(12, 2, 0, 1, 0)
(None, 'OPS$ORACLE')
(None, 'OPS$ORACLE')
[oracle@localhost j]$ export LD_LIBRARY_PATH=/home/cjones/src/oracle/instantclient/instantclient19.6/instantclient_19_6-linux.x64/
[oracle@localhost j]$ python prx.py
(19, 6, 0, 0, 0)
(None, 'OPS$ORACLE')
('OPS$ORACLE', 'MYSESSIONUSER2')
背景: 我有一个 Kerberized Oracle DB,我可以使用
连接到它pool = cx_Oracle.SessionPool(externalauth=True, dsn=dsn, threaded=True, homogeneous=False, encoding='UTF-8', nencoding='UTF-8')
conn = pool.acquire()
目前,我想按照 cx_Oracle docs 中的说明使用代理连接进行连接。我可以在独立连接中执行此操作,但不能在共用连接中执行此操作:
# Standalone connection
conn = cx_Oracle.connect(user='[session_user]', dsn=dsn, encoding='UTF-8')
# Executing testing query below:
# PROXY_USER: my_user
# SESSION_USER: session_user
# Pooled connection
pool = cx_Oracle.SessionPool(externalauth=True, homogeneous=False, dsn=dsn, encoding='UTF-8')
conn = pool.acquire(user='[session_user]') # shown as <cx_Oracle.Connection to user [session_user]@local> in debugger
# Executing testing query below:
# PROXY_USER: None
# SESSION_USER: my_user
# Testing query:
# SELECT SYS_CONTEXT('USERENV', 'PROXY_USER'),
# SYS_CONTEXT('USERENV', 'SESSION_USER')
# FROM DUAL;
我已经检查过 %ORACLE_HOME% 和 %TNS_ADMIN% 是否指向正确的路径。我想知道为什么获取的连接变成@local,这是否与代理连接失败的原因有关。 不确定我在这里遗漏了什么。
您看到了什么行为或错误?您使用的是什么版本的 Oracle 客户端库? Oracle Client 18.3 中有一个修复程序。
对我来说,代码:
import cx_Oracle
print(cx_Oracle.clientversion())
pool = cx_Oracle.SessionPool(externalauth=True, dsn="localhost/orclpdb1", homogeneous=False)
conn = pool.acquire()
with conn.cursor() as cursor:
sql = """SELECT SYS_CONTEXT('USERENV', 'PROXY_USER'),
SYS_CONTEXT('USERENV', 'SESSION_USER')
FROM DUAL"""
for r in cursor.execute(sql):
print(r)
pool = cx_Oracle.SessionPool(externalauth=True, dsn="localhost/orclpdb1", homogeneous=False)
conn = pool.acquire(user='[mysessionuser2]')
with conn.cursor() as cursor:
sql = """SELECT SYS_CONTEXT('USERENV', 'PROXY_USER'),
SYS_CONTEXT('USERENV', 'SESSION_USER')
FROM DUAL"""
for r in cursor.execute(sql):
print(r)
给出:
[oracle@localhost j]$ export LD_LIBRARY_PATH=/home/cjones/src/oracle/instantclient/instantclient12.2.0.1/instantclient_12_2-linux.x64
[oracle@localhost j]$ python prx.py
(12, 2, 0, 1, 0)
(None, 'OPS$ORACLE')
(None, 'OPS$ORACLE')
[oracle@localhost j]$ export LD_LIBRARY_PATH=/home/cjones/src/oracle/instantclient/instantclient19.6/instantclient_19_6-linux.x64/
[oracle@localhost j]$ python prx.py
(19, 6, 0, 0, 0)
(None, 'OPS$ORACLE')
('OPS$ORACLE', 'MYSESSIONUSER2')