This discussion is archived
1 2 Previous Next 22 Replies Latest reply: Nov 26, 2013 1:46 PM by Richard Harrison . Go to original post RSS
  • 15. Re: LDAP Authentication Via Groups
    snmdla Explorer
    Currently Being Moderated
    Tom,

    yes, clearly the p_authentication.attribute_01 is way out of scope in
    the context of authorization, but one could have hoped that it is
    available in the APEX LDAP authentication (actually also a plugin I
    suppose) scope, when running the post authentication procedure. But it
    isn't, and I still feel that host, port etc. configuration should not
    be in the procedure code, which we copy from application to
    application.

    Perhaps it would be best to have an own LDAP authentication plugin
    (has anybody done already?).

    Regards, Tom
  • 16. Re: LDAP Authentication Via Groups
    Aaron.Gott Newbie
    Currently Being Moderated
    Apex Version 4.2.1
    LDAP = Active Directory

    I'm attempting to use the code provided by Tom to authenticate and authorize users in particular AD groups. I can authenticate users but authorization is failing. If I disable the authorization scheme every user in my domain can access the application.

    I'm using the ad_post_auth procedure code in my authentication scheme and have set my post-authentication procedure name to ad_post_auth.

    To authorize users I'm trying to use the 2nd code block provided by Tom in my authorization scheme and replacing the GROUPNAME with the group I'm searching for. So far this isn't working. How do I figure out where the problem is, debugging the login screen isn't helping?

    I've tried implementing the authorization plugin but I can't get that to work either.

    Has anyone successfully setup authentication and authorization agianst AD/Groups?

    Any assistance is greatly appreciated.

    Thanks,
    Aaron
  • 17. Re: LDAP Authentication Via Groups
    Tom Petrus Expert
    Currently Being Moderated
    Hi Aaron,

    If you implemented all the code as I've described, then the application item should hold the groups associated with the user when authenticated. Authenticate and then hit "Session" from the developer bar, then look at the session state of the application item. Does it hold a value?
  • 18. Re: LDAP Authentication Via Groups
    Aaron.Gott Newbie
    Currently Being Moderated
    Hi Tom,
    Thank You!!!! for the follow up and for this AD Group authentication solution.

    Initially I overlooked the Application Item setup so that was part of my problem.

    When I first set out to use your code I enlisted the help of a developer and to verify the code you provided worked he had me comment out the following line

    "APEX_UTIL.set_session_state('AI_USER_AD_GROUPS', v_groups);", ; we used "Dbms_Output.Put_Line(v_Groups);" to verify the code worked, and it did.

    I mistakenly used the test code in the Source pl/sql field instead of your original code. Once I corrected that it started working.

    Thank You Again!!!
    Aaron
  • 19. Re: LDAP Authentication Via Groups
    797563 Newbie
    Currently Being Moderated
    Orc555,

    So after reading this thread I found it interesting that no one responded to Patrick Wolfs posting.

    So Im assuming his #2 item listed does NOT solve group authorization for Active Directory ?

    Or did I miss something ?

    Are there any changes in the base for 4.2.2 that resolves the main issue ?

    Thanks for your time,
    Greg

    Apex 4.2.2
    DB 10G
  • 20. Re: LDAP Authentication Via Groups
    patfmnd Newbie
    Currently Being Moderated

    Tom,

    Can you re-establish the link for your plugin and authorization scheme.  They seem to be unavailable -- probably result of the upgrade of forum?

    I'm trying to do same thing.

     

    Pat M.

  • 21. Re: LDAP Authentication Via Groups
    patfmnd Newbie
    Currently Being Moderated

    One of the other issues that is not mentioned in this thread is that if your AD or other LDAP requires SSL, then you also have to make sure the SSL cert of your directory server is in the Oracle server wallet directory.   It is covered in other threads.

     

    Pat M.

  • 22. Re: LDAP Authentication Via Groups
    Richard Harrison . Expert
    Currently Being Moderated

    Hi,

    a few months too late but i found this forum entry when trying to solve the same issue - i managed to get it working in the end and i posted a blog entry about it. I'm putting it here as it may be useful for someone else hitting the same requirement and doesn't want to hit the same dead end i did.

     

    http://dbaharrison.blogspot.de/2013/11/using-active-directory-to-control.html

     

    Cheers,

    Harry

1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points