LDAP Group Authorization Tweet
A plugin that uses DBMS_LDAP and DBMS_LDAP_UTL packages for looking up LDAP directories for authorization.
I wrote this plugin as a convenience method for creating authorization schemes for the projects that I have been working on. The corporate directory tree structure required sub-tree searching that was not possible using the APEX_LDAP package.
This is very much work in progress. If you would like to contribute or enhance the plugin, please feel free to fork the project on Github.
Documentation to follow, but it is pretty self-explanatory. However, please feel free to contact me on Twitter (fuzziebrain) if you do need help or have any questions regarding the plugin.
Last but not least, I have only tested the plugin to work with Novell eDirectory. If this works for you using other LDAP directories, e.g. Microsoft Active Directory, OpenLDAP or Apache DS, please do give me a shout. Thanks! :)
In Oracle 11g, the parsing schema needs to be granted the necessary connection privileges to the LDAP server.
ldap, subtree, sub-tree, searching, dbms_ldap
Do you have a question about this Plugin? Want to write a Review or Comment?
Reviews / Questions / Comments are e-mailed to the author of the Plug-in.
for the existing ACL, addressing the parsing schema user.
Somewhat confusing: for the LDAP authorization to work correctly, it is sufficient to have principal APEX_040100. Now I see, that for each application schema that implements network operations, this setting has do be done, too.
Thanks for your feedback.
Did you also include the parsing schema in the ACL? This plugin uses the DBMS_LDAP and DBMS_LDAP_UTL package and runs as the parsing schema.
this is a fine plug-in I believe. I have an issue though.
While I successfully run authentication to our OpenLDAP server, you
plugin will evoke an ORA-24247:
ora_sqlerrm: ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
ORA-06512: in "SYS.DBMS_LDAP_API_FFI", Zeile 25
ORA-06512: in "SYS.DBMS_LDAP", Zeile 48
ORA-06512: in Zeile 35
ORA-06512: in Zeile 68
ORA-06512: in "SYS.DBMS_SYS_SQL", Zeile 1926
ORA-06512: in "SYS.WWV_DBMS_SQL", Zeile 966
ORA-06512: in "SYS.WWV_DBMS_SQL", Zeile 992
ORA-06512: in "APEX_040100.WWV_FLOW_DYNAMIC_EXEC", Zeile 649
ORA-06512: in "APEX_040100.WWV_FLOW_PLUGIN_ENGINE", Zeile 983
This is quite a riddle, because I can successfully run the following
SQL> alter session set current_schema=APEX_040100;
SQL> set serveroutput on
2 l_session dbms_ldap.session;
3 l_dummy pls_integer;
5 dbms_ldap.use_exception := TRUE;
6 l_session := dbms_ldap.init('ldap1.domain.cntry', 389 );
7 l_dummy := dbms_ldap.simple_bind_s(l_session, 'uid=auser,ou=people,dc=domain,dc=ctry', '123456');
9 l_dummy := dbms_ldap.unbind_s(l_session);
10 exception when others then
11 l_dummy := dbms_ldap.unbind_s(l_session);
PL/SQL procedure successfully completed.
|Powered by Sigsiu.NET|