APEX-PLUGIN.COM

..the apex plugin directory

an initiative of

Add your APEX4.0 Plugin info

Describe your Plugin’s features. You can upload the Plugin’s code and documentation, or, alternatively, submit the URLs to your Website, GitHup Repository or Blog.

You are here:
Follow us on Twitter
Authorization Plugin LDAP Group Authorization

LDAP Group Authorization

10
Categories: Authorization Plugin
Author: Adrian Png

This is a rewrite of the original plugin and now no longer uses the DBMS_LDAP and DBMS_LDAP_UTL packages for performing LDAP lookups. Instead, the plugin uses the APEX_LDAP API for interacting with the LDAP server. Hence, only a network ACL privilege is needed for the APEX_05000 schema to communicate with the LDAP server.
 
Documentation to follow, but it is pretty self-explanatory. However, please feel free to contact me on Twitter (fuzziebrain) if you do need help or have any questions regarding the plugin. 
 
Last but not least, this is very much work in progress. If you would like to contribute or enhance the plugin, please feel free to fork the project on Github.
 
Tested to work with:
- Novell eDirectory
- Microsoft Active Directory 

Keywords
ldap, subtree, sub-tree, searching, authorization, groups

Oracle APEX Plugin
Company:
Date added: 15.1.2013
Views: 8717
Votes: 2
Reviews: 7
Min. APEX Version:
5.0
Share on Facebook
Digg! Share on Digg
Save This Page
Link to:
Download
download apex plugin
If something is not correct please report it here: Report Listing
Do you have a question about this Plugin? Want to write a Review or Comment?
Login first.
Reviews / Questions / Comments are e-mailed to the author of the Plug-in.
10 
LDAP Error
by Raphael
on September 12, 2016
Hi, I've updated for this new version 2.0.0-beta-1. However we are receiving the following error. We are absolutely certain that bind username and password are correct. Could you help us?


Error in PLSQL code raised during plug-in processing.

ORA-31202: DBMS_LDAP: Erro de cliente/servidor LDAP: Invalid credentials. 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580
10 
LDAP Error
by Raphael
on September 12, 2016
Hi, I've updated for this new version 2.0.0-beta-1. However we are receiving the following error. We are absolutely certain that bind username and password are correct. Could you help us?


Error in PLSQL code raised during plug-in processing.

ORA-31202: DBMS_LDAP: Erro de cliente/servidor LDAP: Invalid credentials. 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580


Technical Info (only visible for developers):

is_internal_error: true
apex_error_code: WWV_FLOW_PLUGIN.RUN_PLSQL_ERR
ora_sqlcode: -31202
ora_sqlerrm: ORA-31202: DBMS_LDAP: Erro de cliente/servidor LDAP: Invalid credentials. 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580
component.type: APEX_APPLICATION_AUTHORIZATION
component.id: 7820410207377135
component.name: [TESTE] GTS
error_backtrace:
ORA-06512: em "APEX_050000.WWV_FLOW_LDAP", line 953
ORA-06512: em line 1
ORA-06512: em line 36
ORA-06512: em line 68
ORA-06512: em "SYS.DBMS_SYS_SQL", line 1926
ORA-06512: em "SYS.WWV_DBMS_SQL", line 1033
ORA-06512: em "SYS.WWV_DBMS_SQL", line 1047
ORA-06512: em "APEX_050000.WWV_FLOW_DYNAMIC_EXEC", line 895
ORA-06512: em "APEX_050000.WWV_FLOW_PLUGIN", line 1269
error_statement:
begin declare
FUNCTION is_user_in_group_fun (
p_authorization IN apex_plugin.t_authorization,
p_plugin IN apex_plugin.t_plugin)
RETURN apex_plugin.t_authorization_exec_result
IS
-- Internal use variables
l_username VARCHAR2 (30) := p_authorization.username; -- Current user
l_user_search_filter VARCHAR2 (32767) ;
l_group_dn VARCHAR2 (32767) ; -- Group DN to check
l_retval pls_integer := 0; -- Return value 1=success,0=fail
l_result apex_plugin.t_authorization_exec_result; -- Result object to return
--
-- Variables mapped to plugin
l_host VARCHAR2 (200) := p_authorization.attribute_01;
l_port NUMBER (5) := p_authorization.attribute_02;
l_use_ssl VARCHAR2 (1) := p_authorization.attribute_03;
l_search_base VARCHAR2 (200) := p_authorization.attribute_04;
l_user_template VARCHAR2 (200) := p_authorization.attribute_05;
l_group_dn_template VARCHAR2 (200) := p_authorization.attribute_06;
l_group_attribute_name VARCHAR2 (100) := p_authorization.attribute_07;
l_group_name VARCHAR2 (100) := p_authorization.attribute_08;
l_anonymous_bind VARCHAR2 (1) := p_authorization.attribute_09;
l_bind_username VARCHAR2 (100) := p_authorization.attribute_10;
l_bind_pass VARCHAR2 (100) := p_authorization.attribute_11;
l_auth_base VARCHAR2 (200) := p_authorization.attribute_12;
BEGIN
--
--
l_user_search_filter := apex_escape.ldap_search_filter (REPLACE (
l_user_template, '%LDAP_USER%', l_username)) ;
l_group_dn := REPLACE (l_group_dn_template, '%LDAP_GROUP%', l_group_name) ;
--
--
BEGIN
SELECT
1
INTO
l_retval
FROM
TABLE (apex_ldap.search (
p_username => l_bind_username,
p_pass => l_bind_pass,
p_auth_base => l_auth_base,
p_host => l_host,
p_port => l_port,
p_use_ssl => l_use_ssl,
p_search_base => l_search_base,
p_search_filter => l_user_search_filter,
p_attribute_names => l_group_attribute_name))
WHERE
upper (val) = upper (l_group_dn) ;
EXCEPTION
WHEN no_data_found THEN
l_retval := 0;
END;
--
-- Set and return results
IF l_retval = 1 THEN
l_result.is_authorized := true;
ELSE
l_result.is_authorized := false;
END IF;

RETURN l_result;
END is_user_in_group_fun;
begin
wwv_flow_plugin_api.g_authorization_exec_result := is_user_in_group_fun (p_authorization => wwv_flow_plugin_api.g_authorization,p_plugin => wwv_flow_plugin_api.g_plugin );end;
end;
0 
LDAP Error
by Raphael
on September 12, 2016
Hi, I've updated for this new version 2.0.0-beta-1. However we are receiving the following error. We are absolutely certain that bind username and password are correct. Could you help us?


Error in PLSQL code raised during plug-in processing.

ORA-31202: DBMS_LDAP: Erro de cliente/servidor LDAP: Invalid credentials. 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580


Technical Info (only visible for developers):

is_internal_error: true
apex_error_code: WWV_FLOW_PLUGIN.RUN_PLSQL_ERR
ora_sqlcode: -31202
ora_sqlerrm: ORA-31202: DBMS_LDAP: Erro de cliente/servidor LDAP: Invalid credentials. 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580
component.type: APEX_APPLICATION_AUTHORIZATION
component.id: 7820410207377135
component.name: [TESTE] GTS
error_backtrace:
ORA-06512: em "APEX_050000.WWV_FLOW_LDAP", line 953
ORA-06512: em line 1
ORA-06512: em line 36
ORA-06512: em line 68
ORA-06512: em "SYS.DBMS_SYS_SQL", line 1926
ORA-06512: em "SYS.WWV_DBMS_SQL", line 1033
ORA-06512: em "SYS.WWV_DBMS_SQL", line 1047
ORA-06512: em "APEX_050000.WWV_FLOW_DYNAMIC_EXEC", line 895
ORA-06512: em "APEX_050000.WWV_FLOW_PLUGIN", line 1269
error_statement:
begin declare
FUNCTION is_user_in_group_fun (
p_authorization IN apex_plugin.t_authorization,
p_plugin IN apex_plugin.t_plugin)
RETURN apex_plugin.t_authorization_exec_result
IS
-- Internal use variables
l_username VARCHAR2 (30) := p_authorization.username; -- Current user
l_user_search_filter VARCHAR2 (32767) ;
l_group_dn VARCHAR2 (32767) ; -- Group DN to check
l_retval pls_integer := 0; -- Return value 1=success,0=fail
l_result apex_plugin.t_authorization_exec_result; -- Result object to return
--
-- Variables mapped to plugin
l_host VARCHAR2 (200) := p_authorization.attribute_01;
l_port NUMBER (5) := p_authorization.attribute_02;
l_use_ssl VARCHAR2 (1) := p_authorization.attribute_03;
l_search_base VARCHAR2 (200) := p_authorization.attribute_04;
l_user_template VARCHAR2 (200) := p_authorization.attribute_05;
l_group_dn_template VARCHAR2 (200) := p_authorization.attribute_06;
l_group_attribute_name VARCHAR2 (100) := p_authorization.attribute_07;
l_group_name VARCHAR2 (100) := p_authorization.attribute_08;
l_anonymous_bind VARCHAR2 (1) := p_authorization.attribute_09;
l_bind_username VARCHAR2 (100) := p_authorization.attribute_10;
l_bind_pass VARCHAR2 (100) := p_authorization.attribute_11;
l_auth_base VARCHAR2 (200) := p_authorization.attribute_12;
BEGIN
--
--
l_user_search_filter := apex_escape.ldap_search_filter (REPLACE (
l_user_template, '%LDAP_USER%', l_username)) ;
l_group_dn := REPLACE (l_group_dn_template, '%LDAP_GROUP%', l_group_name) ;
--
--
BEGIN
SELECT
1
INTO
l_retval
FROM
TABLE (apex_ldap.search (
p_username => l_bind_username,
p_pass => l_bind_pass,
p_auth_base => l_auth_base,
p_host => l_host,
p_port => l_port,
p_use_ssl => l_use_ssl,
p_search_base => l_search_base,
p_search_filter => l_user_search_filter,
p_attribute_names => l_group_attribute_name))
WHERE
upper (val) = upper (l_group_dn) ;
EXCEPTION
WHEN no_data_found THEN
l_retval := 0;
END;
--
-- Set and return results
IF l_retval = 1 THEN
l_result.is_authorized := true;
ELSE
l_result.is_authorized := false;
END IF;

RETURN l_result;
END is_user_in_group_fun;
begin
wwv_flow_plugin_api.g_authorization_exec_result := is_user_in_group_fun (p_authorization => wwv_flow_plugin_api.g_authorization,p_plugin => wwv_flow_plugin_api.g_plugin );end;
end;
0 
LDAP Error
by Raphael
on September 12, 2016
Hi, I've updated for this new version 2.0.0-beta-1. However we are receiving the following error. We are absolutely certain that bind username and password are correct. Could you help us?


Error in PLSQL code raised during plug-in processing.

ORA-31202: DBMS_LDAP: Erro de cliente/servidor LDAP: Invalid credentials. 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580


Technical Info (only visible for developers):

is_internal_error: true
apex_error_code: WWV_FLOW_PLUGIN.RUN_PLSQL_ERR
ora_sqlcode: -31202
ora_sqlerrm: ORA-31202: DBMS_LDAP: Erro de cliente/servidor LDAP: Invalid credentials. 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580
component.type: APEX_APPLICATION_AUTHORIZATION
component.id: 7820410207377135
component.name: [TESTE] GTS
error_backtrace:
ORA-06512: em "APEX_050000.WWV_FLOW_LDAP", line 953
ORA-06512: em line 1
ORA-06512: em line 36
ORA-06512: em line 68
ORA-06512: em "SYS.DBMS_SYS_SQL", line 1926
ORA-06512: em "SYS.WWV_DBMS_SQL", line 1033
ORA-06512: em "SYS.WWV_DBMS_SQL", line 1047
ORA-06512: em "APEX_050000.WWV_FLOW_DYNAMIC_EXEC", line 895
ORA-06512: em "APEX_050000.WWV_FLOW_PLUGIN", line 1269
error_statement:
begin declare
FUNCTION is_user_in_group_fun (
p_authorization IN apex_plugin.t_authorization,
p_plugin IN apex_plugin.t_plugin)
RETURN apex_plugin.t_authorization_exec_result
IS
-- Internal use variables
l_username VARCHAR2 (30) := p_authorization.username; -- Current user
l_user_search_filter VARCHAR2 (32767) ;
l_group_dn VARCHAR2 (32767) ; -- Group DN to check
l_retval pls_integer := 0; -- Return value 1=success,0=fail
l_result apex_plugin.t_authorization_exec_result; -- Result object to return
--
-- Variables mapped to plugin
l_host VARCHAR2 (200) := p_authorization.attribute_01;
l_port NUMBER (5) := p_authorization.attribute_02;
l_use_ssl VARCHAR2 (1) := p_authorization.attribute_03;
l_search_base VARCHAR2 (200) := p_authorization.attribute_04;
l_user_template VARCHAR2 (200) := p_authorization.attribute_05;
l_group_dn_template VARCHAR2 (200) := p_authorization.attribute_06;
l_group_attribute_name VARCHAR2 (100) := p_authorization.attribute_07;
l_group_name VARCHAR2 (100) := p_authorization.attribute_08;
l_anonymous_bind VARCHAR2 (1) := p_authorization.attribute_09;
l_bind_username VARCHAR2 (100) := p_authorization.attribute_10;
l_bind_pass VARCHAR2 (100) := p_authorization.attribute_11;
l_auth_base VARCHAR2 (200) := p_authorization.attribute_12;
BEGIN
--
--
l_user_search_filter := apex_escape.ldap_search_filter (REPLACE (
l_user_template, '%LDAP_USER%', l_username)) ;
l_group_dn := REPLACE (l_group_dn_template, '%LDAP_GROUP%', l_group_name) ;
--
--
BEGIN
SELECT
1
INTO
l_retval
FROM
TABLE (apex_ldap.search (
p_username => l_bind_username,
p_pass => l_bind_pass,
p_auth_base => l_auth_base,
p_host => l_host,
p_port => l_port,
p_use_ssl => l_use_ssl,
p_search_base => l_search_base,
p_search_filter => l_user_search_filter,
p_attribute_names => l_group_attribute_name))
WHERE
upper (val) = upper (l_group_dn) ;
EXCEPTION
WHEN no_data_found THEN
l_retval := 0;
END;
--
-- Set and return results
IF l_retval = 1 THEN
l_result.is_authorized := true;
ELSE
l_result.is_authorized := false;
END IF;

RETURN l_result;
END is_user_in_group_fun;
begin
wwv_flow_plugin_api.g_authorization_exec_result := is_user_in_group_fun (p_authorization => wwv_flow_plugin_api.g_authorization,p_plugin => wwv_flow_plugin_api.g_plugin );end;
end;
July 3, 2015
The Entry has been updated in the meantime!
0 
Re: getting ORA-24247 - though ACL is de
by Thomas Meyer
on February 12, 2013
Correct. I needed to do a

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE

for the existing ACL, addressing the parsing schema user.

Somewhat confusing: for the LDAP authorization to work correctly, it is sufficient to have principal APEX_040100. Now I see, that for each application schema that implements network operations, this setting has do be done, too.

Regards, Tom
Powered by Sigsiu.NET RSS Feeds

Disclaimer: The APEX Plugins on this site are not supported by Oracle Support Services.

If you have a question about a Plugin or need support: Login and select the plugin detail page. At the bottom you can enter your Question / Review / Remark.
Your message will be sent to the author of the plugin.