Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Implement LDAp authentication for particular active directory group user

Adrita DuttaMar 11 2015 — edited Mar 11 2015

Team,

I have implemented LDAP authentication for amy apex 4.2.3 (with listener 1.2.10 and weblogic 11g). Now we are trying to allow users who belongs to some particualr active directory list. The scenario is we have group A inside this we have group B,C,D. User is listed inside group B. Demand is to authenticate users who belongs to group A. So in turn all users in group B,C,D will be given access. The code I am using is taking the user id and password going through the users group and matching the string to check if group A exsits. But as the user does not directly belong to group A the validation is failing.I am using the below code

dbms_ldap.use_exception := true;   

-- Connect to the LDAP server 

l_session := dbms_ldap.init( hostname =>ldap_host, portnum  => ldap_port );

-- Authenicate the user

retval := dbms_ldap.SIMPLE_BIND_S( ld     => l_session , dn => l_dn_prefix || p_username , passwd => p_password ); 

-- Once you are here you are authenticated     

  l_attrs(1) := 'memberOf';   

-- Searching for the user info using his samaccount (windows login ) 

retval := dbms_ldap.search_s( ld=> l_session , base => ldap_base  , scope    => dbms_ldap.SCOPE_SUBTREE , filter   => '(&(objectClass=*)(sAMAccountName=' || p_username || '))', attrs    => l_attrs , attronly => 0 , res      => l_message );  

-- There is only one entry but still have to access that

l_entry := dbms_ldap.first_entry( ld  => l_session, msg => l_message ); 

-- Get the first Attribute for the entry 

l_attr_name := dbms_ldap.first_attribute( ld  => l_session , ldapentry => l_entry, ber_elem  => l_ber_element );

-- Loop through all "memberOf" attributes   

while l_attr_name is not null loop  

-- Get the values of the attribute   

l_vals := dbms_ldap.get_values( ld => l_session , ldapentry => l_entry, attr => l_attr_name );   

-- Check the contents of the value   

for i in l_vals.first..l_vals.last loop 

l_authed := instr(l_vals(i), 'GroupA)>0 ;    

exit when l_authed;   

end loop;   

exit when l_authed;       

l_attr_name := dbms_ldap.next_attribute( ld => l_session, ldapentry => l_entry , ber_elem  => l_ber_element );

end loop; 

retval := dbms_ldap.unbind_s( ld => l_session );

.

.

.

end;

Is there any other way to do it? Any help will be appreciated.

Regards

Adrita
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Apr 8 2015
Added on Mar 11 2015
#apex-discussions
3 comments
947 views