Author: C. Peter Chen

Founder of Lava Development, LLC.
Posted on

Creating database links

The following example assumes you have two databases, db1 and db2. You are currently logged into db1 and need a link to db2. We also assume the entry for db2 has already been established in the server’s TNSNAMES.ORA file.

-- Fixed user method
create database link db2
connect to scott
identified by tiger 
using 'db2';

-- Connected user method
create database link db2
using 'db2';

-- Current user method
create database link db2
connect to current_user 
using 'db2';

The difference between the three methods above is user authentication. In the fixed user example, regardless of who you are in db1, you will always access db2 as the user “scott”. With the connected user method, the link will always connect to db2 as whoever created the link; naturally, with this method, you will need to make sure you have a valid account in db2 as well. With the current user method, the link will always connect to db2 as whoever is using the link; this is arguably the most secure method.

If you need the link to be seen by every user, you may consider a public link:

create public database link db2
using 'db2';

With the database link established, you are now able to perform DML queries in db2 from db1. Here’s an example:

select a.name, b.telephone
from myschema.user_list a, scott.address_book@db2 b
where a.name=b.name;

Note the usage of “@db2” in the above example which signifies the usage of the database link.

One thing to keep in mind when establishing database links is security, thus, make sure you understand the potential risks of your design before implementing it. Fixed user method is the most commonly used one, and the fixed user typically ends up having more privileges in the remote database than necessary, therefore allowing users in db1 to do more things in db2 than necessary. Another concern is with how Oracle stores fixed user passwords — they are stored in the SYS.LINK$ table in clear text!

Posted on

Oracle database health checks

Checking for any down data files:

select file_name, tablespace_name, status, bytes/1000000 as mb, maxbytes/1000000 as mb_max 
from dba_data_files 
where status<>'AVAILABLE';

Checking for any down control files:

select name, status
from v$controlfile 
where status is not null;

Checking for any down tablespaces:

select tablespace_name, status, contents, extent_management
from dba_tablespaces
where status<>'ONLINE';

Checking to see if a tablespace is getting close to max size (less than 10% free):

select total.name as tblspace,
  nvl(free_space, 0) as free,
  nvl(total_space-free_space, 0) as used,
  total_space,
  round(nvl(free_space,0)/total_space,2)*100 as pct_free
from 
  (
    select tablespace_name, sum(bytes/1024/1024) as free_Space 
    from sys.dba_free_space 
    group by tablespace_name
  ) free, 
  (
    select b.name, sum(bytes/1024/1024) as total_space
    from sys.v_$datafile a, sys.v_$tablespace b 
    where a.ts# = b.ts#
    group by b.name
  ) total 
where free.tablespace_name(+) = total.name 
and total.name='TABLESPACE_NAME_HERE' 
and round(nvl(free_space, 0)/total_space,2)<=0.10;

Suspicious of someone stealing your system passwords and logging in remotely? Use this to check for system logins from machines you do not expect.

select username, osuser, program, machine 
from sys.v_$session 
where upper(machine) in('LIST_VALID_MACHINES_HERE','DBA_PC','BOSS_PC') 
and upper(username) in('SYS','SYSTEM');
Posted on

Identify database locks

This select statement can be run by someone with DBA privileges (as it makes use of v$ views) to list who is locking what.

select a.session_id,
  c.serial#,
  a.oracle_username,
  a.os_user_name,
  c.machine,
  a.locked_mode,
  b.object_name,
  b.object_type
from v$locked_object a,dba_objects b, v$session c
where a.object_id = b.object_id
  and a.session_id = c.sid;

The query below is more specific. With it, you will be able to identify exactly which session is block another session, if any such conditions exist.

select s1.username || '@' || s1.machine || ' ( SID=' || s1.sid || ' ) is blocking ' || s2.username || '@' || s2.machine || ' ( SID=' || s2.sid || ' ) ' as blocking
from v$lock l1, v$session s1, v$lock l2, v$session s2
where s1.sid=l1.sid and s2.sid=l2.sid
and l1.block=1 and l2.request > 0
and l1.id1 = l2.id1 and l2.id2 = l2.id2;

If necessary, we can use the following example to kill a particular session. It may be useful if the locking session is actually from a hanging process, for example, though typically we should have the user release his/her lock gracefully.

alter system kill session '123,5555' immediate;

Note that the “123” above should be replaced by the session ID, and the “5555” should be replaced by the serial #. Those two values are shown in the first two fields in the select SQL statement above.

Posted on

Oracle user management

Create a new user:

create user bob
identified by str0nggpAsswd
default tablespace tblspace1
temporary tablespace temp;

Change user password:

alter user bob
identified by n3wPaswrd0;

Unlock a locked user account:

alter user bob
account unlock;

Assign privileges to user:

-- Allow user to connect to the database
grant create session to bob;

-- Allow user to create various objects;
-- usually reserved to DBAs and developers.
grant create table to bob;
grant create view to bob;
grant create sequence to bob;

-- Grant/revoke various table/view rights to objects to a user.
grant select on address_table to bob;
grant insert, update, delete on address_table to bob;
grant all on address_table to bob;

revoke delete on address_table from bob;
revoke all on address_table from bob;

-- Grant/revoke execute rights on functions/procedures for a user.
grant execute on sp_validate_address to bob;
revoke execute on sp_validate_address from bob;

Lock/unlock a user:

alter user bob account lock;
alter user bob account unlock;

Remove/delete a user:

drop user bob cascade;

List Oracle users:

-- List all users
select username, user_id, account_status, default_tablespace, temporary_tablespace, profile 
from dba_users;

-- List active users only
select username, user_id, account_status, default_tablespace, temporary_tablespace, profile 
from dba_users
where account_status='OPEN';
Posted on

Set up a log off script to do backup

One possibility for the Windows log off script is to copy some data from the machine being logged off (perhaps being shut down?) to another for backup purposes. For example, I grab my Firefox settings and make a copy of it at “D:\systemBackup\windows\mozilla\”. You may wish to expand this to include others; maybe your FTP program’s configuration file that is found in “C:\Program Files”? Or progress of your favorite games? Below is what I have in my log off script, which is written as a batch file.

@echo off
set backupcmd=xcopy /c /d /e /h /r /y

echo Backing up Firefox settings...
%backupcmd% "C:\Documents and Settings\me\Application Data\Mozilla\*.*" "D:\systemBackup\windows\mozilla\"

echo Backing up my docs...
%backupcmd% "C:\docs\*.*" "D:\docs\*.*"

echo Backing up a file...
%backupcmd% "C:\john\doe.txt" "D:\john\doe.txt"

Note that in this example, I made use of the xcopy command found in all versions of Windows. The switches I used with the command allow us to copy only those files that had been changed, so the amount of time required to copy files may not be so much.

To set up this log off script, type in “c:\windows\system32\gpedit.msc” in your Run dialogue and click OK. Go to the User Configuration-Scripts (Logon/Logoff) section and add your script. This script will now fire the next time you log off.

Posted on

Simple HTML tips for better search engine placement

We should make good use of the H1 and H2 tags. H1 carries greater weight, but it should only be used once on each page. We suggest using the H1 tag for either a list of meaningful keywords for that particular page, or use it for the website’s title. The H2 tag can be used several times on a page, though there probably should not be too many occurrences. We should use H2 tags for our page titles and important headers and sub-headers on the page.

Although Google does not look at META KEYWORDS and META DESCRIPTION tags, fill them in. Google may be the big player at the time of this writing, they are not the only player in town, so make sure you use these two fields. We should not overload these two meta fields; use a short list of quality keywords. Another obvious one is the TITLE tag. We should make sure it is used, and each page should have a title that is meaning for that particular page; also, should we regularly have long titles, make sure the first 10 words or so contain words and phrases that will grab visitors’ attention. Below is an example of the META tags we just discussed, taken from the World War II Database website.

<head>
<title>World War II Database: Your WW2 History Reference Destination</title>
<meta name="description" content="World War II Database: Your WW2 History Reference Destination">
<meta name="keywords" content="ww2db, history, military, world war, ww2, photo, photograph, panzer, yamato, pearl harbor, stalingrad, okinawa, iwo jima, normandy, d-day">

...
</head>

Finally, we need to make sure most, if not all, of our IMG tags should have descriptive ALT parameters. Here is a quick example:

<img src="images/picture.jpg" alt="US Marines and US Navy Corpsman raising the American flag on Mount Suribachi at Iwo Jima">
Posted on

Use Java to generate Word document from XML template

To accomplish this, we first need a template. I already created a template for the purpose of this sample, which resembles a very simple invoice; please download word_template.xml file should you wish to follow along. In this file, you will see that there are many fields enclosed by “##” markers. For example:

...
<w:r>
<w:t>Invoice Number: ##INVOICENUMBER##</w:t>
</w:r>
...

The “##” markers signify places where the program will substitute in values we will provide when we call the Java program. The Java program code is below, with the main() method being an example we can run. The example shown by main() sets values for each required key in a hashtable, as well as setting up the location and file name of the template and output XML files. When we wish to run this example, place the template file in C: and let it go! The output file should look like the content of word_output.xml.

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.util.Hashtable;

/**
 * This code takes in a hashtable containing key fields required to populate
 * values into a Word template (XML) and output a Word document (also XML).
 * Template should contain ##KEY## fields for each hashtable key with same
 * name (without the ##s); the ##KEY## will be replaced by the value.
 * The main() method is written as an example.
 * Modified from code found at http://dinoch.dyndns.org:7070/WordML/AboutWordML.jsp
 * @author C. Peter Chen of http://dev-notes.com
 * @date 20080327
 */

public class msWordUtils {
	
	/**
	 * This main() method is used for demonstration purposes only.
	 * @param args
	 * @author C. Peter Chen of http://dev-notes.com
	 * @date 20080327
	 */
	public static void main(String[] args) {
		String templatePathFilename = "c:\word_template.xml";
		String outputPathFilename = "c:\word_output.xml";

		Hashtable ht = new Hashtable();
		ht.put("INVOICENUMBER","384123");
		ht.put("CUSTOMERNAME","Some Company, LLC.");
		ht.put("ITEMNAME1","Coffee");
		ht.put("UNITPRICE1","1.50");
		ht.put("QTY1","1");
		ht.put("LINETOTAL1","1.50");
		ht.put("ITEMNAME2","Donut");
		ht.put("UNITPRICE2","1.00");
		ht.put("QTY2","2");
		ht.put("LINETOTAL2","2.00");
		ht.put("INVOICETOTAL","3.50");
		ht.put("DUEDATE","4/1/2008");
		
		generateWordDoc(ht, templatePathFilename, outputPathFilename);
	}
	
	/**
	 * 
	 * @param ht
	 * @param templatePathFileName
	 * @param outputPathFileName
	 * @author C. Peter Chen of http://dev-notes.com
	 * @date 20080327
	 */
	public static void generateWordDoc(Hashtable ht, String templatePathFilename, String outputPathFilename) {	
		try {
			BufferedReader reader = new BufferedReader(new FileReader(templatePathFilename));
			
			File destination = new File(outputPathFilename);
			BufferedWriter writer = new BufferedWriter(new FileWriter(destination));
			
			String thisLine;
			int i = 0;
			
			while ((thisLine = reader.readLine()) != null) {
				System.out.println(i);
				
				for (java.util.Enumeration e = ht.keys(); e.hasMoreElements();) {
					String name = (String) e.nextElement();
					String value = ht.get(name).toString();
					// Use this if we need to XML-encode the string in hashtable value...
					thisLine = thisLine.replaceAll("##" + name.toUpperCase() + "##", XmlEncode(value));
					// ... or this if we do not need to do XML-encode.
					//thisLine= thisLine.replaceAll("##" + name.toUpperCase() + "##", value);
			    }
				writer.write(thisLine);
				writer.newLine();
				i++;
			}
			writer.close();
			System.out.println("done");
		}
		catch (Exception e) {
			System.out.println("exception!=" + e);
		}
	}

	/**
	 * Encodes regular text to XML.
	 * @param text
	 * @return string
	 * @author http://dinoch.dyndns.org:7070/WordML/AboutWordML.jsp
	 * @date 20050328
	 */
	private static String XmlEncode(String text) {
		int[] charsRequiringEncoding = {38, 60, 62, 34, 61, 39};
		for(int i = 0; i < charsRequiringEncoding.length - 1; i++) {
			text = text.replaceAll(String.valueOf((char)charsRequiringEncoding[i]),"&#"+charsRequiringEncoding[i]+";");
		}
		return text; 
	}
	
}

As noted in the JavaDoc, much of the basis for this code came from http://dinoch.dyndns.org:7070/WordML/AboutWordML.jsp. Much thanks to the unnamed author!

Posted on

Create an auto-increment field in Oracle

If we do not already have a table to work with, we will create a sample table for this purpose.

create table schema.test_table (
	row_id		number(5),
	name		varchar2(50),
	status		varchar2(1),
	entry_date	date
);

Let us say we want to make the “row_id” field an “auto-increment” field. To do so, we need a sequence object first. The code below gives us an sequence that starts off at 1 and capped at 99999.

create sequence schema.seq_test_table_row_id
minvalue 1
maxvalue 99999
start with 1
increment by 1
nocache;

All we have left is the actual “auto-increment” part. To do this, we build a very simple trigger on the table.

create trigger schema.trg_test_table_row_id
before insert on schema.test_table
for each row
begin
	if (:NEW.row_id) is null then
		select schema.seq_test_table_row_id.nextval into :NEW.row_id from dual;
	end if;
end;

Now, when you insert into the table schema.test_table, if you wish to use the sequence object as an auto-incrementer, just do not enter the row_id field. Two examples of using this auto-incrementer below:

insert into schema.test_table (name, status, entry_date) values('John Doe','1',sysdate);
insert into schema.test_table values(null,'John Doe','1',sysdate);

What if we want to override this trigger and use a number of our choice for the row_id field? No problem, just insert the value as you would normally. Note the trigger has an if-clause in it; the trigger will only have an effect (ie. auto-increment from the sequence) if the incoming row_id field is not populated.

Posted on

Generating a report of user password expiration status

To start off, check out the setup section somewhat near the top. They should be fairly explanatory, with the only potentially tricky one being the “ouList” variable, which holds a list of Organization Units whose users you which to see in your report; it should be a tilde (“~”) delimited string. Some examples:

ou=contractors
ou=engineers,ou=contractors
ou=contractors~ou=engineers,ou=contractors

Compare example 1 and example 2; because the code is not meant to go into deeper levels, “ou=contractors” will only check for user objects at that particular level only. To include the nested OU “engineers”, it must be explicitly listed, such as in example 2.

The full sample is below:

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Description: Makes a CSV listing of password expiration status
' Author: C. Peter Chen, http://dev-notes.com
' Revision History:
'	1.0	20080318	Original concept written
'	1.0.1	20080319	Added column headings in the output
'				Added "excludeNoOu" switch to exclude objects 
'				  not in an Organizational Unit as a possible 
'				  way to exclude system objects like IWAM and 
'				  IUSR from output.
'	1.0.2	20080325	Added the "ouList" delimited string the 
'				  restriction of specific OUs to show up in 
'				  the report.
'				Added "debugMode" switch
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

option explicit
dim maxPwdAge, warningThreshold, ad, outputPath, outputFileName, keepDailyOutput, excludeNoOu, ouList, debugMode

''''''''''''''
' Some Setup '
''''''''''''''
maxPwdAge = 45			' What is the maximum age (in days) of passwords in your domain?
warningThreshold = 10		' The report will show warning (almost expired) status if expiration is within this many days.
ad = "dc=domain,dc=com"		' What is your domain? Example format: "dc=domainname,dc=com"
outputPath = "\\share\folder\"	' The path for the output CSV report with slash at the end; examples: "c:\", "c:\reports\", "\\fileshare\folder\"
outputFileName = "reportName"	' The file name of the output CSV report; no need for ".csv" at the end
keepDailyOutput = "N"		' Valid values include Y or N.  If Y, a new report will be created each time with file name format "filenameYYYY-MM-DD-HH24-MI.csv"; if N, each day's report will overwrite the previous day's as "filename.csv".
excludeNoOu = "Y"		' Valid values include Y or N.  If Y, objects not in an Organizational Unit will not appear in the report; it maybe a way to exclude system objects like IWAM and IUSR.

' ouList is a list of OUs, delimited by tilde ("~"), whose users will appear in the report
' Sample: "ou=sales,ou=fulltimers~ou=engineers,ou=contractors"
ouList = "ou=sales,ou=fulltimers~ou=engineers,ou=contractors"

debugMode = "N"			' If Y, any encountered errors will pop up on screen and a pop up will appear when the script completes

'''''''''''''
' End Setup '
'''''''''''''


''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''


'''''''''''''
' Constants '
'''''''''''''
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

'''''''''''''
' Functions '
'''''''''''''
dim i, foundUser

function getAdObject (strUserFullName, ad, ouListArray)
	On Error Resume Next
	err.clear

	Set objUser = GetObject("LDAP://cn=" & strUserFullName & "," & ouListArray(0) & "," & ad)

	if err.number <> 0 then
		foundUser = "N"
		i = 1 ' Yes, start at the second one...
		do while i <= UBound(ouListArray)
			if err.number = -2147016656 then
				foundUser = "N"
				Set objUser = GetObject("LDAP://cn=" & strUserFullName & "," & ouListArray(i) & "," & ad)
			else
				foundUser = "Y"
				exit do
			end if
			i = i + 1
		loop
	else
		foundUser = "Y"
	end if
	
	if err.number <> 0 and foundUser = "Y" then
		exit function
	else
		getAdObject = objUser
		err.clear
		exit function
	end if
end function

'''''''''''''''''''''''''''''''
' The Main Part of the Script '
'''''''''''''''''''''''''''''''
dim fso, f, objConnection, objCommand, objRecordSet, intUAC, objUser, dtmValue, intTimeInterval

set fso = CreateObject("Scripting.FileSystemObject")

if keepDailyOutput="Y" then
	filedate=year(now) & "-" & month(now) & "-" & day(now) & "-" & hour(now) & "-" & minute(now)
	set f = fso.createtextfile(outputPath & outputFileName & filedate & ".csv")
else
	set f = fso.createtextfile(outputPath & outputFileName & ".csv")
end if

f.writeline("""User Name"",""Password Status"",""Password Age (Days)"",""LDAP Distinguished Name""")

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = ";(objectCategory=User);userAccountControl,distinguishedName,name;subtree"
Set objRecordSet = objCommand.Execute

dim ouListArray
ouListArray = split(ouList,"~",-1,1)

Do Until objRecordset.EOF
	if (excludeNoOu = "Y" and instr(objRecordset.Fields("distinguishedName"),"OU=") = 0) then ' Do not show user not in an OU; this may exclude system users like IWAM and IUSR
		' Do nothing and skip this user
	else
		intUAC=objRecordset.Fields("userAccountControl")

		If intUAC AND ADS_UF_DONT_EXPIRE_PASSWD Then ' Password never expires for this user
			on error resume next
			
			set objUser = nothing
			getAdObject objRecordset.Fields("name"), ad, ouListArray

			dtmValue = objUser.PasswordLastChanged ' Just to test if error occurs
			
			if err.number = 0 then
				f.writeline("""" & objRecordset.Fields("name") & """,""never expire"","""",""" & objRecordset.Fields("distinguishedName") & """")
			else ' Error encountered...
				if debugMode = "Y" then
					msgbox(objRecordset.Fields("name") & "error. err.number='" & err.number & "', err.description='" & err.description & "'")
				else
					' Not in debug mode, so we suppress the error and do nothing
				end if
			end if
		else ' Password will expire for this user
			set objUser = nothing
			getAdObject objRecordset.Fields("name"), ad, ouListArray

			if not (objUser is nothing) then
				if objUser.AccountDisabled = false then ' show ENABLED users only
					on error resume next

					dtmValue = objUser.PasswordLastChanged 

					if err.number = 0 then
						intTimeInterval = int(now - dtmValue)
						if intTimeInterval >= maxPwdAge then
							f.writeline("""" & objRecordset.Fields("name") & """,""expired"","""& intTimeInterval & """,""" & objRecordset.Fields("distinguishedName") & """")
						elseif intTimeInterval >= (maxPwdAge - warningThreshold) then
							f.writeline("""" & objRecordset.Fields("name") & """,""expiring soon"","""& intTimeInterval & """,""" & objRecordset.Fields("distinguishedName") & """")				
						else
							f.writeline("""" & objRecordset.Fields("name") & """,""ok"","""& intTimeInterval & """,""" & objRecordset.Fields("distinguishedName") & """")
						end if
					else ' This user's password is set to force-change at next logon
						'if objUser.name <> "" then ' We still need to make sure this user is in the list of OUs we want to check
							f.writeline("""" & objRecordset.Fields("name") & """,""forced to change at next logon"","" "",""" & objRecordset.Fields("distinguishedName") & """")
						'end if
						err.clear
					end if
				else
					' Do nothing for DISABLED users
				end if
			else
				' Do nothing for users not found; probably in a different OU then specified.
			end if
		end if
	end if
	
	objRecordset.MoveNext
Loop
 
objConnection.Close

if debugMode = "Y" then
	msgbox("AD user password expiration script completed.  Report = " & outputPath & outputFileName & ".csv")
end if
Posted on

Cleaning up the listener log

Since we noticed the listener log has grown out of control, we should already know the location of it. Just in case you need it, by default that log file is located at “NETWORK/log/listener.log” in your Oracle home.

The listener log cannot be modified while the listener is active, and more than likely, we need to minimize listener down time so we interrupt users the least. To do so, we are going to create a batch file so that the three commands we are going to run will run successively in a short amount of time. Alternatively, you can also perform them during business off-hours, if that is available to you. Either running in a batch file or running them manually, the commands are the same.

lsnrctl set log_status off
rename listener.log listener.old
lsnrctl set log_status on

The first commands is used to disable the listener, which will release the file lock on the listener.log file so we can work with it. The second command renames the file. Finally, the third command restarts the listener to resume normal operations. Immediately after the third command runs, a new listener.log file will be created with 0 size.

What to do with the old listener log “listener.old” is up to each of us. Personally, I tend to zip up the file and store it at a safe place, just in case I ever need to review it.

Proudly powered by WordPress