Not sure I agree with the strategy of having credentials spread across all of these sources, but you could probably write your own authentication scheme to handle this. Another option is to use Oracle Virtual Directory to combine them all into one LDAP view.
Thanks for the feedback. Writing a custom authentication scheme sounds like the way to go. For those customers not using LDAP how would I code my authentication scheme to check the database credentials?
Any pointers appreciated. Authentication schemes are totally confusing me at present!
Thanks for this, however this was as far as I got. Any ideas on how you would actually check the database credentials? I know you can use apex_util.is_login_password_valid which validates the APEX user password, is there something similar to validate database user credentials?
Alternatively, is there a way to change the authentication scheme used in the application before the user logs in? I've had a look through APEX_UTIL, APEX_INSTANCE_ADMIN and APEX_CUSTOM_AUTH but couldn't see anything. Perhaps I've missed or it isn't obvious.
I see you're dilemma now. Scott's suggestion would be the best as you wouldn't have to reinvent the wheel in terms of creating a function that validates against the server. However, I did find a way to do it...
You would basically create a function that creates a db link with the supplied credentials and then attempts to use the db link to do something like 'SELECT 1 FROM DUAL'. If it succeeds then the password is valid and if not you just use a nested subprocedure to catch the errors in the right spot and return false.