I have tried this for a long time but still haven't been able to authenticate an Apex application against our company's AD. I am using the built-in APEX 3.0 LDAP authentication scheme. Has anyone successfully authenticate against AD?
You'll find a bunch of messages here on MS Active Directory authentication, but just in short...
The LDAP Host will just be your servername or ip address for one of your domain controllers or delgated authentication servers.
The LDAP DN String needs to be: yourdomainname\%LDAP_USER%
Although we had good success with the build in process, we eventually went to a DBMS_LDAP based custom procedure because we had multiple domain controllers and needed fail-over and other features, so don't feel trapped into the built-in solution if you need more functionality down the road.
In my experience it's usually the LDAP DN string that is incorrect in most cases where it is not working, your LDAP administrator should be able to tell you what to use. It also helps to have a good relationship with your LDAP admin because they will let you look at the LDAP server logs and you should be able to see exactly what information your app is passing across (i.e. what DN's it is using and what attributes it is using etc).
Have you tried using the LDAP test tool built into Apex? Also, when it fails does it take a while to fail (indicating that it's probably a hostname/port issue) or does it fail quickly (indicating that it's probably more likely the LDAP DN string that is incorrect)?
I'm using the LDAP Test tool to test authentication to our AD server. I can get it to authenticate using the common name "CN=" value, but I need to authenticate against the sAMAccountName attribute (which is the login account name). Could you give me an example of the DN string you used (see below).
LDAP Host: myLDAPServer.anycorp.com
LDAP Port: 389/3268
LDAP DN String: cn=%LDAP_USER%,ou=users,ou=ANYCO,dc=anycorp,dc=com ** works with whole name "Joe User"
LDAP DN String: sAMAccountName =%LDAP_USER%,ou=users,ou=ANYCO,dc= anycorp,dc=com ** does not work with account name “joeu”
The Login Name of the Application is maintained by the LDAP in APEX right if not so then what is correct and I want to insert that Login Name of the Application into a cloumn fo a table ,is that possible if so how ?Can any one please...