Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 535.7K On-Premises Infrastructure
- 138.1K Analytics Software
- 38.6K Application Development Software
- 5.6K Cloud Platform
- 109.3K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
Validate user id against AD
55366
Member Posts: 3
I need to write an application to validate a user id is in Active Directory. The only way I have figured out how to do this is using dbms_ldap.simple_bind_s and supplying the user id and a password (the password is not the actual password). I'm able to take the return value from the call and determine if the user exists in AD, but it also counts as an invalid login attempt to AD. During my testing I have managed to lock out several accounts.
Does dbms_ldap have a way to just validate if the user is valid without passing in a password?
Does dbms_ldap have a way to just validate if the user is valid without passing in a password?
Tagged:
Best Answer
-
Hi
You cannot write such LDAP query in Procedure.
If Anonymous binding is allowed then you can use dbms_ldap.search_s command to search a particular entry by created anonymous session with the directory.
If Anonymous binding is not allowed, then you will have to bind using one of the generic user who has access to search the entries in directory. then search using dbms_ldap.search_s command with the valid session that you used to bind to the directory.
Thanks
Kiran Thakkar
Answers
-
Hello,
dbms_ldap is NOT the only way to do it. This may be the "database" way to do it. You can verify whether a user exists using command line. "ldapsearch". Here is the explanation
ldapsearch -h <ad host> -p <ad port> -D "<AD service account" -w *** samAccountName=<AD userid>
If the above returns output, then that means your user exists in AD, otherwise not. So there is no need to enter any password. samAccountName is for verifying using the username. If you want to verify using email address, you can use "userPrincipalName=<AD email address>"
Hope that helps.
-Srinivas -
Thanks for the reply, but do you know if this is something I can call within an Oracle Procedure?
-
Hi
You cannot write such LDAP query in Procedure.
If Anonymous binding is allowed then you can use dbms_ldap.search_s command to search a particular entry by created anonymous session with the directory.
If Anonymous binding is not allowed, then you will have to bind using one of the generic user who has access to search the entries in directory. then search using dbms_ldap.search_s command with the valid session that you used to bind to the directory.
Thanks
Kiran Thakkar -
Thank you for your help, I will give it a try.
This discussion has been closed.