6 Replies Latest reply on May 17, 2011 4:06 PM by 828941

    MS Active Directory authentication


      I have tried this for a long time but still haven't been able to authenticate an Apex application against our company's AD. I am using the built-in APEX 3.0 LDAP authentication scheme. Has anyone successfully authenticate against AD?

      LDAP Host: ??-????.??.?????.???
      LDAP Port: 389
      LDAP DN String: cn=%LDAP_USER%,ou=?????,dc=??,dc=?????,dc=???

        • 1. Re: MS Active Directory authentication

          You'll find a bunch of messages here on MS Active Directory authentication, but just in short...

          The LDAP Host will just be your servername or ip address for one of your domain controllers or delgated authentication servers.

          The LDAP DN String needs to be: yourdomainname\%LDAP_USER%

          Although we had good success with the build in process, we eventually went to a DBMS_LDAP based custom procedure because we had multiple domain controllers and needed fail-over and other features, so don't feel trapped into the built-in solution if you need more functionality down the road.

          Hope this helps.

          • 2. Re: MS Active Directory authentication
            John Edward Scott
            Hi Andy,

            Yes LDAP (and specifically AD) authentication definitely works.

            In my experience it's usually the LDAP DN string that is incorrect in most cases where it is not working, your LDAP administrator should be able to tell you what to use. It also helps to have a good relationship with your LDAP admin because they will let you look at the LDAP server logs and you should be able to see exactly what information your app is passing across (i.e. what DN's it is using and what attributes it is using etc).

            Have you tried using the LDAP test tool built into Apex? Also, when it fails does it take a while to fail (indicating that it's probably a hostname/port issue) or does it fail quickly (indicating that it's probably more likely the LDAP DN string that is incorrect)?

            Hope this helps,

            • 3. Re: MS Active Directory authentication
              I'm using the LDAP Test tool to test authentication to our AD server. I can get it to authenticate using the common name "CN=" value, but I need to authenticate against the sAMAccountName attribute (which is the login account name). Could you give me an example of the DN string you used (see below).

              LDAP Host: myLDAPServer.anycorp.com
              LDAP Port: 389/3268
              LDAP DN String: cn=%LDAP_USER%,ou=users,ou=ANYCO,dc=anycorp,dc=com ** works with whole name "Joe User"
              LDAP DN String: sAMAccountName =%LDAP_USER%,ou=users,ou=ANYCO,dc= anycorp,dc=com ** does not work with account name “joeu”

              Thanks for any help on this.
              • 4. Re: MS Active Directory authentication

                The Login Name of the Application is maintained by the LDAP in APEX right if not so then what is correct and I want to insert that Login Name of the Application into a cloumn fo a table ,is that possible if so how ?Can any one please...

                • 5. Re: MS Active Directory authentication
                  Did you find a solution ?

                  Im working on the same thing. Any help is greatly Appreciated!