LDAP Group Authorization Tweet
This is a rewrite of the original plugin and now no longer uses the DBMS_LDAP and DBMS_LDAP_UTL packages for performing LDAP lookups. Instead, the plugin uses the APEX_LDAP API for interacting with the LDAP server. Hence, only a network ACL privilege is needed for the APEX_05000 schema to communicate with the LDAP server.
Documentation to follow, but it is pretty self-explanatory. However, please feel free to contact me on Twitter (fuzziebrain) if you do need help or have any questions regarding the plugin.
Last but not least, this is very much work in progress. If you would like to contribute or enhance the plugin, please feel free to fork the project on Github.
Tested to work with:
- Novell eDirectory
- Microsoft Active Directory
ldap, subtree, sub-tree, searching, authorization, groups
Do you have a question about this Plugin? Want to write a Review or Comment?
Reviews / Questions / Comments are e-mailed to the author of the Plug-in.
for the existing ACL, addressing the parsing schema user.
Somewhat confusing: for the LDAP authorization to work correctly, it is sufficient to have principal APEX_040100. Now I see, that for each application schema that implements network operations, this setting has do be done, too.
Thanks for your feedback.
Did you also include the parsing schema in the ACL? This plugin uses the DBMS_LDAP and DBMS_LDAP_UTL package and runs as the parsing schema.
this is a fine plug-in I believe. I have an issue though.
While I successfully run authentication to our OpenLDAP server, you
plugin will evoke an ORA-24247:
ora_sqlerrm: ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
ORA-06512: in "SYS.DBMS_LDAP_API_FFI", Zeile 25
ORA-06512: in "SYS.DBMS_LDAP", Zeile 48
ORA-06512: in Zeile 35
ORA-06512: in Zeile 68
ORA-06512: in "SYS.DBMS_SYS_SQL", Zeile 1926
ORA-06512: in "SYS.WWV_DBMS_SQL", Zeile 966
ORA-06512: in "SYS.WWV_DBMS_SQL", Zeile 992
ORA-06512: in "APEX_040100.WWV_FLOW_DYNAMIC_EXEC", Zeile 649
ORA-06512: in "APEX_040100.WWV_FLOW_PLUGIN_ENGINE", Zeile 983
This is quite a riddle, because I can successfully run the following
SQL> alter session set current_schema=APEX_040100;
SQL> set serveroutput on
2 l_session dbms_ldap.session;
3 l_dummy pls_integer;
5 dbms_ldap.use_exception := TRUE;
6 l_session := dbms_ldap.init('ldap1.domain.cntry', 389 );
7 l_dummy := dbms_ldap.simple_bind_s(l_session, 'uid=auser,ou=people,dc=domain,dc=ctry', '123456');
9 l_dummy := dbms_ldap.unbind_s(l_session);
10 exception when others then
11 l_dummy := dbms_ldap.unbind_s(l_session);
PL/SQL procedure successfully completed.
|Powered by Sigsiu.NET|