This discussion is archived
6 Replies Latest reply: May 17, 2011 9:06 AM by 828941 RSS

MS Active Directory authentication

sky123 Newbie
Currently Being Moderated
Hi,

I have tried this for a long time but still haven't been able to authenticate an Apex application against our company's AD. I am using the built-in APEX 3.0 LDAP authentication scheme. Has anyone successfully authenticate against AD?

LDAP Host: ??-????.??.?????.???
LDAP Port: 389
LDAP DN String: cn=%LDAP_USER%,ou=?????,dc=??,dc=?????,dc=???

Thanks.
Andy
  • 1. Re: MS Active Directory authentication
    482848 Newbie
    Currently Being Moderated
    Andy,

    You'll find a bunch of messages here on MS Active Directory authentication, but just in short...

    The LDAP Host will just be your servername or ip address for one of your domain controllers or delgated authentication servers.

    The LDAP DN String needs to be: yourdomainname\%LDAP_USER%

    Although we had good success with the build in process, we eventually went to a DBMS_LDAP based custom procedure because we had multiple domain controllers and needed fail-over and other features, so don't feel trapped into the built-in solution if you need more functionality down the road.

    Hope this helps.

    Barney
  • 2. Re: MS Active Directory authentication
    Jes Oracle ACE
    Currently Being Moderated
    Hi Andy,

    Yes LDAP (and specifically AD) authentication definitely works.

    In my experience it's usually the LDAP DN string that is incorrect in most cases where it is not working, your LDAP administrator should be able to tell you what to use. It also helps to have a good relationship with your LDAP admin because they will let you look at the LDAP server logs and you should be able to see exactly what information your app is passing across (i.e. what DN's it is using and what attributes it is using etc).

    Have you tried using the LDAP test tool built into Apex? Also, when it fails does it take a while to fail (indicating that it's probably a hostname/port issue) or does it fail quickly (indicating that it's probably more likely the LDAP DN string that is incorrect)?

    Hope this helps,

    John.
    --------------------------------------------
    http://jes.blogs.shellprompt.net
    http://apex-evangelists.com
  • 3. Re: MS Active Directory authentication
    771198 Newbie
    Currently Being Moderated
    I'm using the LDAP Test tool to test authentication to our AD server. I can get it to authenticate using the common name "CN=" value, but I need to authenticate against the sAMAccountName attribute (which is the login account name). Could you give me an example of the DN string you used (see below).

    Example:
    LDAP Host: myLDAPServer.anycorp.com
    LDAP Port: 389/3268
    LDAP DN String: cn=%LDAP_USER%,ou=users,ou=ANYCO,dc=anycorp,dc=com ** works with whole name "Joe User"
    LDAP DN String: sAMAccountName =%LDAP_USER%,ou=users,ou=ANYCO,dc= anycorp,dc=com ** does not work with account name “joeu”

    Thanks for any help on this.
    Mike
  • 4. Re: MS Active Directory authentication
    773683 Newbie
    Currently Being Moderated
    Hi

    The Login Name of the Application is maintained by the LDAP in APEX right if not so then what is correct and I want to insert that Login Name of the Application into a cloumn fo a table ,is that possible if so how ?Can any one please...


    Thanks
    nav.
  • 5. Re: MS Active Directory authentication
    730736 Newbie
    Currently Being Moderated
    Did you find a solution ?

    Im working on the same thing. Any help is greatly Appreciated!