6 Replies Latest reply on Mar 26, 2013 12:23 PM by Denes Kubicek

    LDAP authentication

    808625
      Hi all

      The one part of code for the authentication scheme through AD:


      l_session := dbms_ldap.init('xxx.xxx.xxx.xxx', 389 );
      l_dummy := dbms_ldap.simple_bind_s(l_session, 'DOMEN\'||p_username||'', p_password);

      if l_dummy=dbms_ldap.SUCCESS then
      return(true);
      else
      return(false);
      end if;



      The user enters their User logon name and password and it works fine, but if the AD put a limit on the login only from certain stations (under the Account - Log on to -), then the authentication is not possible. What's the Trouble?
        • 1. Re: LDAP authentication
          808625
          I'm try add to list of "The following computer" name of the our domain controller and authentication is successful. But this way is not correct.


          Other solutions? Help
          • 2. Re: LDAP authentication
            Denes Kubicek
            If your users can log in from particular workstations only then your authentication will not work since it is run from your database server where the function resides. Their login has nothing to do with a particular workstation. Maybe this could be possible to solve if you can use the DBMS_LDAP to parse that attribute - Workstation ID. However, you would also need to get the Workstation ID first.

            Denes Kubicek
            -------------------------------------------------------------------
            http://deneskubicek.blogspot.com/
            http://www.apress.com/9781430235125
            http://apex.oracle.com/pls/apex/f?p=31517:1
            http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
            -------------------------------------------------------------------
            • 3. Re: LDAP authentication
              808625
              In result, DBMS_LDAP package is not enough functional. The user logs on to the domain with a strictly defined workstations and authenticated at the domain correctly. Why APEX does not allow this....

              P.S Denes,Which of the functions of the package I can use Workstation ID?

              Edited by: user9105653 on 20.03.2013 19:55
              • 4. Re: LDAP authentication
                808625
                up
                • 5. Re: LDAP authentication
                  EricLR
                  Depending on you environment (HTTP gateway), you can get few client attributes using the owa_util get_cgi_env function (e.g client IP address), see page below

                  http://technologydribble.info/2011/02/11/getting-session-environment-parameters-in-oracle/comment-page-1/

                  Maybe the thoth gateway (https://code.google.com/p/thoth-gateway/) will provide you more client attributes.

                  It may help you to build your custom (and weird) authentication scheme based on the workstation ID

                  Eric.
                  • 6. Re: LDAP authentication
                    Denes Kubicek
                    Why should APEX take care of this weird logic? APEX is a browser based tool running on any OS. Image it should take care of all OS specific setting and all authentication tools out there. LDAP is only one of them.

                    Denes Kubicek
                    -------------------------------------------------------------------
                    http://deneskubicek.blogspot.com/
                    http://www.apress.com/9781430235125
                    http://apex.oracle.com/pls/apex/f?p=31517:1
                    http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
                    -------------------------------------------------------------------