..the apex plugin directory

an initiative of

Add your APEX4.0 Plugin info

Describe your Plugin’s features. You can upload the Plugin’s code and documentation, or, alternatively, submit the URLs to your Website, GitHup Repository or Blog.

You are here:
Follow us on Twitter
Authorization Plugin LDAP Group Authorization

LDAP Group Authorization

Categories: Authorization Plugin
Author: Adrian Png

This is a rewrite of the original plugin and now no longer uses the DBMS_LDAP and DBMS_LDAP_UTL packages for performing LDAP lookups. Instead, the plugin uses the APEX_LDAP API for interacting with the LDAP server. Hence, only a network ACL privilege is needed for the APEX_05000 schema to communicate with the LDAP server.
Documentation to follow, but it is pretty self-explanatory. However, please feel free to contact me on Twitter (fuzziebrain) if you do need help or have any questions regarding the plugin. 
Last but not least, this is very much work in progress. If you would like to contribute or enhance the plugin, please feel free to fork the project on Github.
Tested to work with:
- Novell eDirectory
- Microsoft Active Directory 

ldap, subtree, sub-tree, searching, authorization, groups

Oracle APEX Plugin
Date added: 15.1.2013
Views: 8406
Votes: 0
Reviews: 3
Min. APEX Version:
Share on Facebook
Digg! Share on Digg
Save This Page
Link to:
download apex plugin
If something is not correct please report it here: Report Listing
Do you have a question about this Plugin? Want to write a Review or Comment?
Login first.
Reviews / Questions / Comments are e-mailed to the author of the Plug-in.
Re: getting ORA-24247 - though ACL is de
by Thomas Meyer
on February 12, 2013
Correct. I needed to do a


for the existing ACL, addressing the parsing schema user.

Somewhat confusing: for the LDAP authorization to work correctly, it is sufficient to have principal APEX_040100. Now I see, that for each application schema that implements network operations, this setting has do be done, too.

Regards, Tom
Re: getting ORA-24247 - though ACL is de
by Adrian Png
on February 11, 2013
Hi Tom,

Thanks for your feedback.

Did you also include the parsing schema in the ACL? This plugin uses the DBMS_LDAP and DBMS_LDAP_UTL package and runs as the parsing schema.

Best regards,
getting ORA-24247 - though ACL is define
by Thomas Meyer
on February 11, 2013

this is a fine plug-in I believe. I have an issue though.

While I successfully run authentication to our OpenLDAP server, you
plugin will evoke an ORA-24247:

is_internal_error: true
ora_sqlcode: -24247
ora_sqlerrm: ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
component.id: 107858606744715259
component.name: memberof_edv

ORA-06512: in "SYS.DBMS_LDAP_API_FFI", Zeile 25
ORA-06512: in "SYS.DBMS_LDAP", Zeile 48
ORA-06512: in Zeile 35
ORA-06512: in Zeile 68
ORA-06512: in "SYS.DBMS_SYS_SQL", Zeile 1926
ORA-06512: in "SYS.WWV_DBMS_SQL", Zeile 966
ORA-06512: in "SYS.WWV_DBMS_SQL", Zeile 992
ORA-06512: in "APEX_040100.WWV_FLOW_DYNAMIC_EXEC", Zeile 649
ORA-06512: in "APEX_040100.WWV_FLOW_PLUGIN_ENGINE", Zeile 983

This is quite a riddle, because I can successfully run the following
as APEX_040100:

SQL> alter session set current_schema=APEX_040100;

Session altered.

SQL> set serveroutput on
SQL> l
1 declare
2 l_session dbms_ldap.session;
3 l_dummy pls_integer;
4 begin
5 dbms_ldap.use_exception := TRUE;
6 l_session := dbms_ldap.init('ldap1.domain.cntry', 389 );
7 l_dummy := dbms_ldap.simple_bind_s(l_session, 'uid=auser,ou=people,dc=domain,dc=ctry', '123456');
8 dbms_output.put_line('authenticated');
9 l_dummy := dbms_ldap.unbind_s(l_session);
10 exception when others then
11 l_dummy := dbms_ldap.unbind_s(l_session);
12 raise;
13* end;
SQL> /

PL/SQL procedure successfully completed.


Regards, Tom
Powered by Sigsiu.NET RSS Feeds

Disclaimer: The APEX Plugins on this site are not supported by Oracle Support Services.

If you have a question about a Plugin or need support: Login and select the plugin detail page. At the bottom you can enter your Question / Review / Remark.
Your message will be sent to the author of the plugin.