This content has been marked as final. Show 8 replies
I am not a LDAP expert by any means but I have used LDAP authentication in the past. Two things I noticed: it is authentication scheme not authorization scheme so make sure LDAP is your current authentication scheme. Also, why do you have a temporary password? You should be using the same password from your Active Directory (AD) or Oracle Identity Directory (OID) server. I hope this helps.
Try running this code. You can do this from the sql workshop, make sure you do this using the schema you use as parsing schema for your application with this authentication.
If you use 'Exact Distinguished Name = Yes', put the DN string in the l_user variable. If not, put the whole string there (just try it for your user, you're sure it exists and are sure of the settings).
You also didn't specify using ssl or not, it matters fe for the port, 389 is no ssl.
See if you get errors here such as network ACL errors. If not, what does it say? Try experiment a bit with what you put in l_user. If you can't find it, you'll have to be clearer on what you specified in "Distinguished Name (DN) String"
DECLARE ldap_host VARCHAR2(200); ldap_port VARCHAR2(200); l_user VARCHAR2(200); l_password VARCHAR2(200); l_retval BINARY_INTEGER; ldap_session DBMS_LDAP.session; BEGIN -- adapt these! ldap_host := '127.0.0.1'; ldap_port := '389'; l_user := 'johndoe'; l_password := 'xxx'; DBMS_LDAP.USE_EXCEPTION := TRUE; --create a session ldap_session := DBMS_LDAP.init(ldap_host, ldap_port); --authenticate user through simple bind l_retval := DBMS_LDAP.simple_bind_s(ldap_session, l_user, l_password); dbms_output.put_line('return value of bind: '||l_retval); END;
ok, i used different values for l_user and other variables run the plsql block as below e.g
ldap_host := 'TXREPL031';
ldap_port := '389';
l_user := 'cn=sales_grp,ou=apex,ou=apps,ou=inet,ou=r1,o=education'; ===> also tried username='devuser'
l_password := 'mypass0tjwYZ';
My "Distinguished Name (DN) String" = yes
In all cases iam getting the error => ORA-24247: network access denied by access control list (ACL)
Iam using default login page i didnt create a custom new login i hope thats not an issue.
Apex 4.1.0/Oracle 11g Ent.
Any further suggestion? thanks in advance.
In all cases iam getting the error => ORA-24247: network access denied by access control list (ACL)The error explains everything. Oracle db 11g uses network ACLs. Your error is nothing more than oracle telling you you don't have permission to access the host 'TXREPL031'. It's exactly the same as with mails.
Taken from apex_mail api docs:Take a look here (docs), Enabling Network Services in Oracle Database 11g
2.If you are running Oracle Application Express with Oracle Database 11g release 1 (11.1), you must enable outbound mail. In Oracle Database 11g release 1 (11.1), the ability to interact with >network services is disabled by default. See "Enabling Network Services in Oracle Database 11g" in Oracle Application Express Application Builder User's Guide.
If you do a google search ("oracle 11g network acl") or a search here on the forums, you'll find lots of information here.
BEGIN DBMS_NETWORK_ACL_ADMIN.create_acl ( acl => 'ad_ldap.xml', description => 'User authentication AD', principal => 'APX', -- > the user of your parsing schema is_grant => TRUE, privilege => 'connect', start_date => NULL, end_date => NULL); COMMIT; END; / BEGIN DBMS_NETWORK_ACL_ADMIN.assign_acl ( acl => 'ad_ldap.xml', host => '_your_host_here_', lower_port => 389, upper_port => 389); COMMIT; END; /