APEX-PLUGIN.COM

..the apex plugin directory

an initiative of

Add your APEX4.0 Plugin info

Describe your Plugin’s features. You can upload the Plugin’s code and documentation, or, alternatively, submit the URLs to your website or blog.

You are here:
Follow us on Twitter
Authorization Plugin LDAP Group Authorization

LDAP Group Authorization

0
Categories: Authorization Plugin
Author: Adrian Png

A plugin that uses DBMS_LDAP and DBMS_LDAP_UTL packages for looking up LDAP directories for authorization.
 
I wrote this plugin as a convenience method for creating authorization schemes for the projects that I have been working on. The corporate directory tree structure required sub-tree searching that was not possible using the APEX_LDAP package.
 
This is very much work in progress. If you would like to contribute or enhance the plugin, please feel free to fork the project on Github. At this time, downloads are available only through the code repository.
 
Documentation to follow, but it is pretty self-explanatory. However, please feel free to contact me on Twitter (fuzziebrain) if you do need help or have any questions regarding the plugin. 
 
Last but not least, I have only tested the plugin to work with Novell eDirectory. If this works for you using other LDAP directories, e.g. Microsoft Active Directory, OpenLDAP or Apache DS, please do give me a shout. Thanks! :)
Special Requirements
In Oracle 11g, the parsing schema needs to be granted the necessary connection privileges to the LDAP server.

Keywords
ldap, subtree, sub-tree, searching, dbms_ldap

Oracle APEX Plugin
Company:
Date added: 15.1.2013
Views: 6203
Votes: 0
Reviews: 3
Min. APEX Version:
4.1
Share on Facebook
Digg! Share on Digg
Save This Page
Link to:
Download
download apex plugin
If something is not correct please report it here: Report Listing
Do you have a question about this Plugin? Want to write a Review or Comment?
Login first.
Reviews / Questions / Comments are e-mailed to the author of the Plug-in.
0 
Re: getting ORA-24247 - though ACL is de
by Thomas Meyer
on February 12, 2013
Correct. I needed to do a

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE

for the existing ACL, addressing the parsing schema user.

Somewhat confusing: for the LDAP authorization to work correctly, it is sufficient to have principal APEX_040100. Now I see, that for each application schema that implements network operations, this setting has do be done, too.

Regards, Tom
0 
Re: getting ORA-24247 - though ACL is de
by Adrian Png
on February 11, 2013
Hi Tom,

Thanks for your feedback.

Did you also include the parsing schema in the ACL? This plugin uses the DBMS_LDAP and DBMS_LDAP_UTL package and runs as the parsing schema.

Best regards,
Adrian
0 
getting ORA-24247 - though ACL is define
by Thomas Meyer
on February 11, 2013
Adrian,

this is a fine plug-in I believe. I have an issue though.

While I successfully run authentication to our OpenLDAP server, you
plugin will evoke an ORA-24247:

is_internal_error: true
apex_error_code: WWV_FLOW_PLUGIN_ENGINE.RUN_PLSQL_ERR
ora_sqlcode: -24247
ora_sqlerrm: ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
component.type: APEX_APPLICATION_AUTHORIZATION
component.id: 107858606744715259
component.name: memberof_edv
error_backtrace:

ORA-06512: in "SYS.DBMS_LDAP_API_FFI", Zeile 25
ORA-06512: in "SYS.DBMS_LDAP", Zeile 48
ORA-06512: in Zeile 35
ORA-06512: in Zeile 68
ORA-06512: in "SYS.DBMS_SYS_SQL", Zeile 1926
ORA-06512: in "SYS.WWV_DBMS_SQL", Zeile 966
ORA-06512: in "SYS.WWV_DBMS_SQL", Zeile 992
ORA-06512: in "APEX_040100.WWV_FLOW_DYNAMIC_EXEC", Zeile 649
ORA-06512: in "APEX_040100.WWV_FLOW_PLUGIN_ENGINE", Zeile 983

This is quite a riddle, because I can successfully run the following
as APEX_040100:

SQL> alter session set current_schema=APEX_040100;

Session altered.

SQL> set serveroutput on
SQL> l
1 declare
2 l_session dbms_ldap.session;
3 l_dummy pls_integer;
4 begin
5 dbms_ldap.use_exception := TRUE;
6 l_session := dbms_ldap.init('ldap1.domain.cntry', 389 );
7 l_dummy := dbms_ldap.simple_bind_s(l_session, 'uid=auser,ou=people,dc=domain,dc=ctry', '123456');
8 dbms_output.put_line('authenticated');
9 l_dummy := dbms_ldap.unbind_s(l_session);
10 exception when others then
11 l_dummy := dbms_ldap.unbind_s(l_session);
12 raise;
13* end;
SQL> /
authenticated

PL/SQL procedure successfully completed.

SQL>

Regards, Tom
January 16, 2013
The Entry has been updated in the meantime!
Powered by Sigsiu.NET RSS Feeds

Disclaimer: The APEX Plugins on this site are not supported by Oracle Support Services.

If you have a question about a Plugin or need support: Login and select the plugin detail page. At the bottom you can enter your Question / Review / Remark.
Your message will be sent to the author of the plugin.