Okay, first off let me say I've searched and read what seems like about 200 different thread about LDAP, and I'm still having problems. I am trying to figure out how to authenticate against a Domino (Lotus) LDAP directory. Using the supplied Lotus ldapsearch tool, I can get results if I supply a userid and password, but if I leave those out, I get the following message:
C:\Lotus\Notes>ldapsearch -h gscodenh02 -p 636 "uid=wbfergus"
ldap_bind_s( dn=, pw=, method=128 ) failed, error
: resultCode 48 (Inappropriate authentication)
ldap_bind_s( dn=, pw=, method=128 ) failed, error
: errorMessage: Failed, anonymous bind not allowed
I've created a couple procedures to test if I have LDAP connectivity (copied from other thread and Metalink), and changed the server port, etc. accordingly, but I still can't connect. Using just the simple_bind_s I usually wind up with an unable to connect message after about 5 minutes. If I add in the open_ssl function, I can at least get an error message back in under a second. I've also tried changing the l_dn variable (below) to be 'uid=wbfergus', since I do see that as a return value from the ldapsearch tool. The 'cn=' part in the ldapsearch results has 3 different variations of my name, with the middle initial, without, and using 'Bill' instead of 'William'.
Without using dbms_ldap.open_ssl, the below procedure returns with:
Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: Can't contact LDAP server
With dbms_ldap.open_ssl, I get:
end-of-file on communication channel
Here's one of the test procedures:
CREATE OR REPLACE PROCEDURE Ldap_Test AS
l_dn VARCHAR2(256) := 'cn=William B Ferguson'; -- adjust as required
l_password VARCHAR2(256) := my_password; -- adjust as required
l_ldap_host VARCHAR2(256) := 'my_server'; -- adjust as required
l_ldap_port NUMBER := my_port; -- adjust as required
l_retval PLS_INTEGER;
l_session Dbms_Ldap.SESSION;
BEGIN
l_retval := -1;
Dbms_Ldap.use_exception := TRUE;
BEGIN
l_session := Dbms_Ldap.init( l_ldap_host, l_ldap_port );
-- l_retval := Dbms_Ldap.open_ssl(l_session,NULL,NULL,1);
l_retval := Dbms_Ldap.simple_bind_s( l_session, l_dn, l_password );
l_retval := dbms_ldap.unbind_s( l_session );
DBMS_OUTPUT.ENABLE(1000000);
DBMS_OUTPUT.PUT_LINE('Authentication succeeded!');
EXCEPTION WHEN OTHERS THEN
l_retval := Dbms_Ldap.unbind_s( l_session );
DBMS_OUTPUT.PUT_LINE('Authentication failed!');
DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
END;
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('Authentication exception!');
DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
END;
/
So, I guess I have a couple questions.
1. Does this only work if the LDAP allows anonymous binds?
2. If not, any ideas on what I need to supply as well to get this to work? It seems like I'm already supplying the id and password, so it 'shouldn't' be using an anoymous is it?
3. Since the LDAP is a secure server, do I need to use the open_ssl? The option with '1' doesn't seem to work, and the options '2' and '3' don't work either, though they seem more geared towards Oracle Wallet and/or OID?
4. Do I need to obfusticate the supplied password somehow before attempting to send it to the LDAP server?
I've tried looking up the documentation for dbms_ldap and dbms_ldap_utl on both OTN and tahiti, but the links don't work for those packages.
I'm running out of choices for things to try and my brain is running on empty.
Thanks,
Bill Ferguson