5 Replies Latest reply: Feb 3, 2009 4:40 AM by 683034 RSS

    authentication of portal users with uid on oid/ldap

    430804
      All works fine with authenticating users created on DAS that have
      dn: cn=%LDAP_USER%,cn=users,dc=edmunds,dc=com

      When I migrated user to portal schema, the auth fails. The portal schema has user dn string
      uid=%LDAP_USER%, ou=people, dc=edmunds, dc=com

      I got this dn string from export to ldif file. The portal user can log in to DAS.

      We are using HTMLdb 1.6 and I used
      LDAP Host[LDAP Test Tool] at /htmldb/f?p=4000:802 to test the parameters.

      How to make this uid dn work with AppEx?
      Thanks.
        • 1. Re: authentication of portal users with uid on oid/ldap
          60437
          Kenny,

          The portal schema has user dn string
          uid=%LDAP_USER%, ou=people, dc=edmunds, dc=com

          I got this dn string from export to ldif file.


          I don't know what you are describiing. The %LDAP_USER% placeholder appears only in an attribute of the Application Express authentication scheme within your application. It has no meaning outside Application Express.

          To debug this, you should create an anonymous block with the necessary DBMS_LDAP calls that runs in SQL*Plus. This takes Application Express completely out of the picture. When you get it working, post it here and we'll see if the authentication scheme format can be used to do the same thing. If not you can always create a custom authentication function that uses the logic in your debugged anonymous block.

          Scott
          • 2. Re: authentication of portal users with uid on oid/ldap
            430804
            Hi, Scott,

            Let me simplify or clarify the question a bit by referencing to HTMLDB_LDAP.

            I got this function to work
            HTMLDB_LDAP.IS_MEMBER(p_username,p_password,v_auth_base,v_host,v_port,p_group,v_group_base)
            with
            user DN example: cn=p_username,cn=users,dc=edmunds,dc=com
            v_auth_base := 'cn=users,dc=edmunds,dc=com';

            However, the portal user has DN in the form
            uid=p_username, ou=people, dc=edmunds, dc=com
            v_auth_base := 'ou=people, dc=edmunds, dc=com';

            If I pass in p_username and v_auth_base, I got
            Error -31202: ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials

            With the full uid DN form, I can log in to other ldap application.

            How to make HTMLDB_LDAP work with uid-based userDN?
            • 3. Re: authentication of portal users with uid on oid/ldap
              60437
              Kenny,

              I would forget about using the is_member function for authentication until you achieve what you need directly with dbms_ldap. You can experiment with an anonymous block in SQL*Plus starting with this sample code until you can get the simple_bind_s to work with your parameters:
              set serveroutput on

              declare
                  l_retval      pls_integer;
                  l_retval2      pls_integer;
                  l_session     dbms_ldap.session;
                  l_ldap_host   varchar2(256);
                  l_ldap_port   varchar2(256);
                  l_ldap_user   varchar2(256) := 'FIRSTNAME_LASTNAME'; -- enter username in this format
                  l_ldap_passwd varchar2(256) := 'PASSWORD';           -- enter password
                  l_ldap_base   varchar2(256);
              begin

                  l_retval                := -1;
                  dbms_ldap.use_exception := TRUE;
                  l_ldap_host               := 'ldap-host.some-domain.com';
                  l_ldap_port               := '389';
                  l_ldap_user               := 'cn='||l_ldap_user||',l=amer,dc=oracle,dc=com';

                  l_session := dbms_ldap.init( l_ldap_host, l_ldap_port );
                  l_retval  := dbms_ldap.simple_bind_s( l_session, l_ldap_user, l_ldap_passwd );
                  dbms_output.put_line( 'Return value: ' || l_retval );
                  l_retval2  := dbms_ldap.unbind_s( l_session );
                 
                  exception when others                                                                                                  
                   then 
                        dbms_output.put_line (rpad('ldap session ',25,' ')  || ': ' ||
                             rawtohex(substr(l_session,1,8)) ||     '(returned from init)');
                        dbms_output.put_line( 'error: ' || sqlerrm||' '||sqlcode );
                        dbms_output.put_line( 'user: ' || l_ldap_user );                                                        
                        dbms_output.put_line( 'host: ' || l_ldap_host );
                        dbms_output.put_line( 'port: ' || l_ldap_port ); 
                        l_retval  := dbms_ldap.unbind_s( l_session );
              end;
              /
              Scott
              • 4. Re: authentication of portal users with uid on oid/ldap
                128736
                It works for us. We are trying to implement autorization with dbms_ldap.
                We have created four groups in LDAP and trying to authenticate the user if he belongs to any one of the groups. How do we implement this? Please help
                • 5. Re: authentication of portal users with uid on oid/ldap
                  683034
                  We also facing same issue, function htmldb_ldap.is_member is always returning false.