This discussion is archived
5 Replies Latest reply: Feb 3, 2009 2:40 AM by 683034 RSS

authentication of portal users with uid on oid/ldap

430804 Newbie
Currently Being Moderated
All works fine with authenticating users created on DAS that have
dn: cn=%LDAP_USER%,cn=users,dc=edmunds,dc=com

When I migrated user to portal schema, the auth fails. The portal schema has user dn string
uid=%LDAP_USER%, ou=people, dc=edmunds, dc=com

I got this dn string from export to ldif file. The portal user can log in to DAS.

We are using HTMLdb 1.6 and I used
LDAP Host[LDAP Test Tool] at /htmldb/f?p=4000:802 to test the parameters.

How to make this uid dn work with AppEx?
Thanks.
  • 1. Re: authentication of portal users with uid on oid/ldap
    60437 Employee ACE
    Currently Being Moderated
    Kenny,

    The portal schema has user dn string
    uid=%LDAP_USER%, ou=people, dc=edmunds, dc=com

    I got this dn string from export to ldif file.


    I don't know what you are describiing. The %LDAP_USER% placeholder appears only in an attribute of the Application Express authentication scheme within your application. It has no meaning outside Application Express.

    To debug this, you should create an anonymous block with the necessary DBMS_LDAP calls that runs in SQL*Plus. This takes Application Express completely out of the picture. When you get it working, post it here and we'll see if the authentication scheme format can be used to do the same thing. If not you can always create a custom authentication function that uses the logic in your debugged anonymous block.

    Scott
  • 2. Re: authentication of portal users with uid on oid/ldap
    430804 Newbie
    Currently Being Moderated
    Hi, Scott,

    Let me simplify or clarify the question a bit by referencing to HTMLDB_LDAP.

    I got this function to work
    HTMLDB_LDAP.IS_MEMBER(p_username,p_password,v_auth_base,v_host,v_port,p_group,v_group_base)
    with
    user DN example: cn=p_username,cn=users,dc=edmunds,dc=com
    v_auth_base := 'cn=users,dc=edmunds,dc=com';

    However, the portal user has DN in the form
    uid=p_username, ou=people, dc=edmunds, dc=com
    v_auth_base := 'ou=people, dc=edmunds, dc=com';

    If I pass in p_username and v_auth_base, I got
    Error -31202: ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials

    With the full uid DN form, I can log in to other ldap application.

    How to make HTMLDB_LDAP work with uid-based userDN?
  • 3. Re: authentication of portal users with uid on oid/ldap
    60437 Employee ACE
    Currently Being Moderated
    Kenny,

    I would forget about using the is_member function for authentication until you achieve what you need directly with dbms_ldap. You can experiment with an anonymous block in SQL*Plus starting with this sample code until you can get the simple_bind_s to work with your parameters:
    set serveroutput on

    declare
        l_retval      pls_integer;
        l_retval2      pls_integer;
        l_session     dbms_ldap.session;
        l_ldap_host   varchar2(256);
        l_ldap_port   varchar2(256);
        l_ldap_user   varchar2(256) := 'FIRSTNAME_LASTNAME'; -- enter username in this format
        l_ldap_passwd varchar2(256) := 'PASSWORD';           -- enter password
        l_ldap_base   varchar2(256);
    begin

        l_retval                := -1;
        dbms_ldap.use_exception := TRUE;
        l_ldap_host               := 'ldap-host.some-domain.com';
        l_ldap_port               := '389';
        l_ldap_user               := 'cn='||l_ldap_user||',l=amer,dc=oracle,dc=com';

        l_session := dbms_ldap.init( l_ldap_host, l_ldap_port );
        l_retval  := dbms_ldap.simple_bind_s( l_session, l_ldap_user, l_ldap_passwd );
        dbms_output.put_line( 'Return value: ' || l_retval );
        l_retval2  := dbms_ldap.unbind_s( l_session );
       
        exception when others                                                                                                  
         then 
              dbms_output.put_line (rpad('ldap session ',25,' ')  || ': ' ||
                   rawtohex(substr(l_session,1,8)) ||     '(returned from init)');
              dbms_output.put_line( 'error: ' || sqlerrm||' '||sqlcode );
              dbms_output.put_line( 'user: ' || l_ldap_user );                                                        
              dbms_output.put_line( 'host: ' || l_ldap_host );
              dbms_output.put_line( 'port: ' || l_ldap_port ); 
              l_retval  := dbms_ldap.unbind_s( l_session );
    end;
    /
    Scott
  • 4. Re: authentication of portal users with uid on oid/ldap
    128736 Newbie
    Currently Being Moderated
    It works for us. We are trying to implement autorization with dbms_ldap.
    We have created four groups in LDAP and trying to authenticate the user if he belongs to any one of the groups. How do we implement this? Please help
  • 5. Re: authentication of portal users with uid on oid/ldap
    683034 Newbie
    Currently Being Moderated
    We also facing same issue, function htmldb_ldap.is_member is always returning false.