Hi,
my customer has a couple of Apex applications running with authentication scheme DATABASE and authorization scheme of type PL/SQL function returning boolean.
Now he wants to do achieve the authentication and the authorization via accessing his Microsoft Active Directory. The test script (an anonymous PL/SQL block) with which i can read the Active Directory you can see at the bottom of this thread.
My intention is, that the user starts an Apex application via an url in the webbrowser. After it he has
not to input a connect string <user>/<password> into a login page - rather has the Apex application to catch the Windows/Logon user and does a query against the Active Directory to achieve the authentication and the authorization.
Is this possible and if yes how?
Or what ideas do you have?
All feedback is greatly appreciated.
Best regards and many thanks in advance.
Martin
/* Get Infos from Microsoft Active Directory. */
DECLARE
-- Connection and Search Variables.
vLdapHost VARCHAR2(256) := 'myad.com'; -- Host Domain of Active Directory.
vLdapPort VARCHAR2(256) := '389'; -- Port of Active Directory.
vLdapConnUser VARCHAR2(256) := 'myaduser'; -- User for Connect at Active Directory.
vLdapConnPwd VARCHAR2(256) := 'mypw'; -- Pasword for Connect at Active Directory.
vLdapBase VARCHAR2(256) := 'ou=Groups,dc=myad,dc=com'; -- Root Base for Search (ou=Groups | Users).
vFilter VARCHAR2(256) := 'cn=GRP_Power_User'; -- Filter within LdapBase.
-- All Entries: '(objectclass=*)'.
-- CN Entries: 'cn=Scott Tiger'.
-- 'cn=GRP_Power_User'.
-- General Variables.
vAttrName VARCHAR2(256);
vBerElement DBMS_LDAP.ber_element;
vEntry DBMS_LDAP.message;
vGetAttr DBMS_LDAP.string_collection;
vMessage DBMS_LDAP.message;
vReturn PLS_INTEGER;
vSession DBMS_LDAP.session;
vValueCollection DBMS_LDAP.string_collection;
BEGIN
-- Choose to raise exceptions.
DBMS_LDAP.USE_EXCEPTION := TRUE;
-- Connect to the LDAP server.
vSession := DBMS_LDAP.init(hostname => vLdapHost, portnum => vLdapPort);
dbms_output.put_line('--> Init O.K.');
vReturn := DBMS_LDAP.simple_bind_s(ld => vSession, dn => vLdapConnUser, passwd => vLdapConnPwd);
dbms_output.put_line('--> SimpleBind O.K.');
-- Only ATTRIBUTE_NAME's: member.
vGetAttr(1) := 'member'; -- All ATTRIBUTE_NAME's: '*'.
-- Do the Search.
vReturn := DBMS_LDAP.search_s(ld => vSession, base => vLdapBase, scope => DBMS_LDAP.SCOPE_SUBTREE,
filter => vFilter, attrs => vGetAttr, attronly => 0, res => vMessage );
dbms_output.put_line('--> Search O.K.');
IF DBMS_LDAP.count_entries(ld => vSession, msg => vMessage) > 0 THEN
-- Get all the entries returned by the search.
vEntry := DBMS_LDAP.first_entry(ld => vSession, msg => vMessage);
WHILE vEntry IS NOT NULL LOOP
-- Get all the attributes for this entry.
dbms_output.put_line('------------------------------------------------------------------------------');
vAttrName := DBMS_LDAP.first_attribute(ld => vSession, ldapentry => vEntry,
ber_elem => vBerElement);
WHILE vAttrName IS NOT NULL LOOP
-- Get all the values for this attribute.
vValueCollection := DBMS_LDAP.get_values (ld => vSession, ldapentry => vEntry, attr => vAttrName);
FOR i IN vValueCollection.FIRST .. vValueCollection.LAST LOOP
dbms_output.put_line('ATTIBUTE_NAME: ' || vAttrName || ' = ' || SUBSTR(vValueCollection(i), 1, 200));
END LOOP;
vAttrName := DBMS_LDAP.next_attribute(ld => vSession, ldapentry => vEntry, ber_elem => vBerElement);
END LOOP;
vEntry := DBMS_LDAP.next_entry(ld => vSession, msg => vEntry);
dbms_output.put_line('------------------------------------------------------------------------------');
END LOOP;
END IF;
-- Disconnect from the LDAP server.
vReturn := DBMS_LDAP.unbind_s(ld => vSession);
dbms_output.put_line('Disconnect ReturnValue: ' || vReturn);
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line('Error Message: ' || SQLERRM);
END;
/