This discussion is archived
2 Replies Latest reply: Aug 25, 2012 5:25 PM by 848613 RSS

How to remove a user from a Group using DBMS_LDAP

848613 Newbie
Currently Being Moderated
I am using DBMS_LDAP to communicate with Open LDAP. I am able to search for users, add users, remove users and add users to specific Groups. But, I do not see any API to remove a user from a Group. Is there a way to do this using DBMS_LDAP ? Any suggestions are appreciated.

Thank you,

  • 1. Re: How to remove a user from a Group using DBMS_LDAP
    929328 Newbie
    Currently Being Moderated
    Hello, Naresh,

    There are different solutions for your problem:

    1) If you have access to metalink, you can use docid 334939.1
    Subject: Example of Using DBMS_LDAP to Delete A User and UniqueMember from a Group

    2) If you don't have access to metalink use the code:

    v_user_base := opf_portal.pkg_opf_utils.get_global_variable('OID_USER_BASE');
    v_user_attr := opf_portal.pkg_opf_utils.get_global_variable('OID_USER_ATTR');

    --delete user from oid
    s_session := DBMS_LDAP.init(portal.wwsec_oid.GET_OID_HOST, portal.wwsec_oid.GET_OID_PORT);

    n_retval := DBMS_LDAP.simple_bind_s(s_session, '<dn of user with delete user provilege>', '*******');

    n_retval := DBMS_LDAP.delete_s(s_session, v_user_attr || '=' || p_email || ',' || v_user_base);

    n_retval := DBMS_LDAP.unbind_s(s_session);

    While using this code, some people get an error: LDAP: error code 50 - Insufficient Access Rights

    But there is a solution:

    The odi agent orclODIPAgentName=IPlanetImport,cn=subscriber profile,cn= changelog subscriber,cn=oracle internet directory does not have full read/write access to the synchronized entries in Oracle Internet Directory. Because the cn=oracleDASCreateUser,cn=groups,cn=oraclecontext,identity_management_realm group will already have the required ACLs defined, this entry should be a member of this group. In this case, <subscriber DN> is set to identity_management_realm. You must add the orclODIPAgentName=IPlanetImport,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory user entry to the cn=oracleDASCreateUser,cn=groups,cn=oraclecontext,identity_management_realm group, so that it will have the required ACL access to perform the updates: In Oracle Directory Manager, navigate through: Entry Management ->dc=com,identity_management_realm,cn=oraclecontext-> cn=groups-> cn=oracleDASCreateUser. From here, against the attribute 'uniquemember' add: orclODIPAgentName=IPlanetImport,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory.

    If you have any questions, ask.
    Kirill Babeyev
  • 2. Re: How to remove a user from a Group using DBMS_LDAP
    848613 Newbie
    Currently Being Moderated
    Thank you for your response. I found another solution. I am using the following code:

    CREATE OR REPLACE FUNCTION delete_from_group (p_session dbms_ldap.SESSION,
    p_group VARCHAR2,
    p_user VARCHAR2)
    l_vals dbms_ldap.string_collection;
    v_array dbms_ldap.mod_array;
    retval PLS_INTEGER;

    -- Initialize the pl/sql table for the new entry
    l_vals(1) := p_user;

    -- Initialize the varray for the modify command
    v_array := dbms_ldap.create_mod_array(num => 1);

    IF v_array = NULL THEN
    dbms_output.put_line('Error add_in_group: v_array not initialized.');
    END IF;
    dbms_output.put_line ('v_array initialisee avec succes.');

    -- Populate the varray

    -- Group Modification
    retval := dbms_ldap.modify_s(p_session, p_group, v_array);

    -- Free the varray

    RETURN retval;

    dbms_output.put_line('delete_from_group : '|| SQLCODE||' '||SQLERRM);
    RETURN -1 ;
    END delete_from_group;

    Using this function, I am able to remove a User from a given group.




  • Correct Answers - 10 points
  • Helpful Answers - 5 points