Skip to Main Content
Forums

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Can I create an Active Directory account using DBMS_LDAP?

ToolTimeTabor5 days ago

I am trying to create an Active Directory user account from Oracle.

The P_LDAP_NAME and P_LDAP_PASSWORD are the service account credentials that have permissions in AD to create new users. They are used to connect and create the session.

The “init” and “simple_bind” have been shown to work correctly, and I can do a variety of “read” activities from Active Directory using the “search_s” method.

When I try to createa and account using the “add_s” method I am not getting past the point where I input the various properties (e.g. user type, sAMAccountName, etc.) due to the errors populating using the populate_mod_array call.

I don't know if this is even the correct approach.

I have included the code here, in case someone has suggested edits:

FUNCTION create_ad_user (
 P_LDAP_NAME     VARCHAR2,  -- service account name (CN only, e.g. svcaccount)
 P_LDAP_PASSWORD VARCHAR2,  -- service account password
 P_USER_NAME     VARCHAR2   -- new AD username to create
) RETURN VARCHAR2 IS
 l_session RAW(32);
 l_result  PLS_INTEGER;
 l_dn      VARCHAR2(512);
 l_mods    RAW(32);
BEGIN
--Initialize session
 l_session := DBMS_LDAP.init('xanadu.local', 389);
--Bind as service account
 l_result := DBMS_LDAP.simple_bind_s(l_session,'CN=' || P_LDAP_NAME || ',OU=ServiceAccounts,DC=xanadu,DC=local', P_LDAP_PASSWORD);
--Distinguished Name for the new user
 l_dn := 'CN=' || P_USER_NAME || ',OU=people,DC=xanadu,DC=local';
--Create modification array for 2 attributes
 l_mods := DBMS_LDAP.create_mod_array(2);
--Add objectClass=user
 DBMS_LDAP.populate_mod_array(
   l_mods,
   DBMS_LDAP.mod_add,
   'objectClass',
   DBMS_LDAP.string_collection('user')
 );
--Add sAMAccountName=<username>
 DBMS_LDAP.populate_mod_array(
   l_mods,
   DBMS_LDAP.mod_add,
   'sAMAccountName',
   DBMS_LDAP.string_collection(P_USER_NAME)
 );
--Add entry to AD
 l_result := DBMS_LDAP.add_s(l_session, l_dn, l_mods);
--Cleanup
 l_result := DBMS_LDAP.unbind_s(l_session);
 RETURN 'SUCCESS: user ' || P_USER_NAME || ' created.';
 
EXCEPTION
 WHEN OTHERS THEN
   BEGIN
     l_result := DBMS_LDAP.unbind_s(l_session);
   EXCEPTION WHEN OTHERS THEN NULL; END;
   RETURN 'ERROR: ' || SQLERRM;
END create_ad_user;
Comments
Post Details
Added 5 days ago
#activedirectory
0 comments
31 views