Search in LDAP

Similar Messages

• Jabber for Windows - wildcard search against LDAP directory

  Hi all,
  I have set up an on premise environment with CUCM, CUPS and a 3rd party LDAP Directory. For CUPC everything is working fine. For Jabber for Windows it took me some time to find the correct jabber-config.xml settings to make it working.
  At the moment I am able to search the LDAP Directory, but I have to write the complete Name, i.e. "Miller, John", in the search field. If I try it with "Miller" only, I get no results for my search.
  I played arround with the  <UseWildcards>0</UseWildcards>  tag without any changes in the behaviour.
  Is there anybody who can help?
  Best regards
  Manfred

  Hi Manfred,
  Jabber for Windows has been tested with following directory services:
  Supported Directories
  Microsoft Active Directory  2003
  Microsoft Active Directory  2008
  Cisco Unified Communications Manager User Data Service UDS  is supported on Cisco Unified Communications Manager version 8.6.2 or later.
  OpenLDAP
  The behavior you are seeing could be related to interop issues. I suggest to open a TAC case for further assistance.
  Thanks,
  Maqsood

• Error when performing search:  getExtendedProperties [LDAP: error code 50

  Hi there,
  We are currently running OAS 10.1.2. We have an application which is running Oracle Forms. To get access to these forms, the authenication is a combination of the user logging on to their windows domain, (AD SSO) and having the correct username and groups within Oracle OID and DAS.
  We have a major problem at the moment in Production where every so often a user will get rejected for having insufficient access rights, and the UserID in the logs being Null. Yet if they try again it works.
  Does anyone know why this might be happening for?
  Here is the Forms log :
  09/07/31 06:59:32 Forms session <967> runtime process id = 10,780
  09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
  ror code 50 - Insufficient Access Rights]
  09/07/31 07:02:27 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
  09/07/31 07:02:27 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
  09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
  09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
  09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
  09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
  09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
  09/07/31 07:02:27 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
  09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
  09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
  09/07/31 07:02:27 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
  09/07/31 07:02:27 at java.lang.Thread.run(Thread.java:534)
  09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
  ror code 50 - Insufficient Access Rights]
  09/07/31 07:02:27 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
  tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
  09/07/31 07:02:27 In doRequest method in ue.isNamingException
  09/07/31 07:02:27 Redirecting to DAS to update the resviewer list
  09/07/31 07:02:27 UserID is NULL redirecting to DAS
  09/07/31 07:02:27 Forms Group DNcn=Logical Application Group, orclApplicationCommonName=formsApp_dras03.workcover.qld.gov.au_63A
  36930655911DBBF37F32F8ED7FD07, cn=forms, cn=Products, cn=OracleContext                                                                                                                                                                                         
  09/07/31 07:02:27 The DAS URL generated: http://prinfds.workcover.qld.gov.au:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateReso
  urceInfo?resKey=prcar_sso&resType=oracleDB&resViewer=cn%3DLogical+Application+Group%2C+orclApplicationCommonName%3DformsApp_dras
  03.workcover.qld.gov.au_63A36930655911DBBF37F32F8ED7FD07%2C+cn%3Dforms%2C+cn%3DProducts%2C+cn%3DOracleContext&doneURL=http%3A%2F
  %2Fdras03.workcover.qld.gov.au%3A7778%2Fforms%2Ffrmservlet%3Fconfig%3Dprcar_sso%26form%3DSY0001.fmx&cancelURL=
  09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
  ror code 50 - Insufficient Access Rights]
  09/07/31 07:05:26 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
  09/07/31 07:05:26 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
  09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
  09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
  09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
  09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
  09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
  09/07/31 07:05:26 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
  09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
  09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
  09/07/31 07:05:26 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
  09/07/31 07:05:26 at java.lang.Thread.run(Thread.java:534)
  09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
  ror code 50 - Insufficient Access Rights]
  09/07/31 07:05:26 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
  tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
  09/07/31 07:05:26 In doRequest method in ue.isNamingException

  I fixed it in my environment.
  formweb.cfg has oid_formsid and formsid_group_dn. Verify if these values are correct.
  Also ensure that formsid_group_dn has no blank spaces after ',' (commas)
  formsid_group_dn=cn=Logical Application Group,orclApplicationCommonName=formsApp_xyzhost_1224C3F0A73B11DBBFC783346A955D8F,cn=forms,cn=Products,cn=OracleContext

• Can TREX search extern LDAP?

  Hi guys,
  I am planning to search an external LDAP with TREX (running on Java Web AS 6.40) and view the result in SAP EP 6.0 SP 14.
  But so far I did not find a Repository Manager (=> System Administration => System Configuration => Knowledge Management => Content Management => Repository Managers) which seems to fit.
  That comes fairly surprising, considering that TREX can search UME which may be based on a LDAP server. There should be a way to search external LDAP servers as well.
  <b>Does anyone know how to search an external LDAP with TREX. Please let me know.</b>
  Kind Regards,
  Martin

  Hi Rob,
  The Who's Who iView uses a TREX index within KM - working on the UME repository within KM.
  ==> The answer is no.
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/21/ac21410bc3ef23e10000000a155106/frameset.htm
  Hope it helps
  Detlev

• How to use the UME api in order to search the LDAP?

  Hello,
  I have an application which connects to the LDAP the portal is connecting to and search users according to a certain search criteria.
  Here is the relevant piece of code:
  Hashtable env = new Hashtable();
  DirContext ctx = new InitialDirContext(env);
  SearchControls controls = new SearchControls();
  String filter = "firstName=..."
  NamingEnumeration results = ctx.search("OU=OUs", filter, controls);
  I would like to do this same search using the UME API.
  Can someone please show me the equivalent code to it using the UME API?

  Hi Roy,
  you find the Configuration File you are using in your portal via System Administration -> System Configuration -> UM Configuration -> Data Sources
  or in sapume.properties where you can find
  ##xml file that configures the persistence except roles
  ume.persistence.data_source_configuration=YOUR_DATASOURCE_CONFIG_FILE.xml
  In this xml file, there is the entry
  <principal type="user">:
  <principal type="user">
       <nameSpaces>
       <nameSpace name="com.sap.security.core.usermanagement">     
  <attributes>                               
  <attribute name="firstname" populateInitially="true"/><attribute name="displayname" populateInitially="true"/>               <attribute name="lastname" populateInitially="true"/>                    <attribute name="fax"/>                         <attribute name="email"/>                    <attribute name="title"/>               <attribute name="department"/>                    <attribute name="extensionAttribute2"/>               <attribute name="mobile"/>          <attribute name="telephone"/>                    <attribute name="streetaddress"/>               <attribute name="pobox"/>                    <attribute name="location"/>               <attribute name="telephoneShort"/>               </attributes>
       </nameSpace>
       <nameSpace name="com.sap.security.core.usermanagement.relation">
       <attributes>
       <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
       </attributes>
       </nameSpace>
      </nameSpaces>
  </principal>
  According to your company LDAP attributes, you will have to extend the above attributes, telephoneShort for example is an attribute within our company.
  The UME API does the rest.
  All you have to do, is request the right attribute (in my above example it was the last name).
  (Sorry for the format, but it is quite cumbersome to format it properly with the available editor   )
  Kind regards,
  Rebecca

• Logged in windows username cant be searched in LDAP tree on Windows 2000 AD

  That is my active directory of my TEST Windows 2000 server:
  http://img248.imageshack.us/img248/918/adwn6.gif
  On the image yu will find 4 schools with shortcut names called:
  OU=ASR
  OU=EDS
  OU=EKS (EK school for example)
  OU=THS (TH school for example)
  Under every OU="shortcut of schoolname" you will find also the
  OU=Klassen (Klassen = classes in english)
  OU=Lehrer (Lehrer = teacher in english)
  again under every OU="class" and OU="teacher" you will find also the
  pupils and teachers.
  the teacher "verena bit" is located in:
  "CN=verena bit,OU=Lehrer,OU=ASR,DC=Bodensee,DC=DE"
  On the REAL Windows 2000 server used in production i have about 17 schools like OU=ASR or OU=EDS and so on...
  My part aim for the first...:
  With Java code: String Lehrer = System.getProperty("user.name");
  I can retrieve the name of the teacher (Lehrer = teacher) who has logged into the Windows client. The problem is i get for example a String like
  "verenabit" but in the ldap hierarchy all common names are for example like this: cn="verena bit" they have always a " " gap between the forename and the lastname so I can not use the String "verenabit" to search for it in the ldap tree as she would not exist right?
  What i finally want is to find out the OU="shortcut of schoolname" (see above) by searching for the logged in teacher. So when i have OU="shortcut of schoolname" of the teacher i am able to read ONLY the usernames(teachers+pupils) of that specific school and not all teacher+pupils of all 17 schools what would be about 8000 users :-D
  Can someone help me please how can i use the username of the logged in windows user and search him effectively in the ldap tree on my test windows 2000 server.
  Steven you want all my points? ROFL ;-)

  Here's a hint.
  Use a generic ldap tool (for example ldp.exe which is
  included in Windows Server, or whatever your
  favourite ldap browser is, and find the object in the
  Active Directory that corresponds to the user named
  Verna Bit.
  Believe it or not, you will find an attribute which
  has matching value to that returned from
  System.getProperty("user.name");Then you just need to construct the relevant LDAP
  Query Filter.
  It ain't rocket science !
  Good luck.Yes i already use ldp.exe i installed it from the win2k server CD its a great tool :)
  hm your hint is odd or how can i say dont know wether you really understood me, because what you suggested to me is actually what i doubted that it could work. Seems you have more faith??
  The problem is (not sure wether you really understood me...) that when i search the whole Directory having 8000 user, I could search for teachers only which are in OU=Lehrer (Lehrer = teacher) and just go one childnode down but "verena bit" IS NOT "verenabit". I cannot search for the username verenatbit as i wont get any result as it does not exist.

• WCAP - Calendar search using LDAP ?

  Hi,
  Calendar 6.3 (WCAP) allows to search/subscribe other users calendars.
  There is this configuration setting in the ics.conf
  ! Calendar searches are done using LDAP or UserPreferene plugin
  service.calendarsearch.ldap = "yes"
  When i set this to yes, i have the following behaviour :
  - lightning : the service sometimes returns entries 3 times
  - Convergence : i can't search for secondary calendars.
  I made a simple test page to run "search_calprops.wcap" tests, and the server is really returning entries 3 times (it's not a lightning bug).
  For Convergence, there is an exception in the Error console, due to Convergence trying to create an object this an id that already exists (this can easily be fixed).
  When i comment the configuration setting, everything works fine.
  The question is :
  Is it harmful not to rely on the LDAP for calendar subscription ? Will it decrease the server's performance ?
  Thank you.
  For the Convergence "this can easily be fixed", here is an example of customization :
  Class:
  iwc.widget.calendar.Subscribe
  Method : showCals
  Body :
  Replace
  this.currentCalIds.push(calid);
  this._makeRow({id:calid, n:cal[c.NAME], p:perm}, cnt);
  With
  // BEGIN PATCH
  //this.currentCalIds.push(calid);
  //this._makeRow({id:calid, n:cal[c.NAME], p:perm}, cnt);
  // No, the calendar may (and DOES) return duplicates, so check if the calid has
  // already been added
  var exists = false;
  dojo.forEach(this.currentCalIds, function(nm){
  if(calid == nm){ exists = true; }
  if(!exists){
  this.currentCalIds.push(calid);
  this._makeRow({id:calid, n:cal[c.NAME], p:perm}, cnt);
  // END PATCH
  Edited by: diesmo on 29 mars 2012 08:47

  Well, Either :
  - i enable this, and my front-end server runs searches on the LDAP server, meaning that my back-end server is less loaded
  - i disable this, and my front-end server relies on the back-end server (using DWP) for calendar searches, which may (or may not) result in slower responses and/or heavier load on both my front-end and back-end server
  Anyway, we'll try to disable it, and monitor the service during some time to see what happen.

• Word macro search via LDAP for User info into Doc

  I'm looking for a macro that will help me create Userinfo in a doc when i start a new doc.
  Exampel surename lastname and Deparment. Adress City and phone and some more.
  Where can i find som info about this. The info need to be connected to the logged in Usename.
  I hope the macro will be able to connect to fieldcodes/bookmarks so it will be possible to ad them in to a doc with autonewmacro.
  Best regards
  Christer

  Hi,
  Since you are looking for a macro which we don't support in this forum, I suggest you post the question in this forum below:
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Regards,
  Melon Chen
  TechNet Community Support

• LDAP Search returns only 1200 records

  Hi!
  I'm having trouble searching an LDAP registry containing about 20 000 records. If I configure a search that should return about 15000 records I only get 1200 with the following error message when iterating through the NamingEnumeration:
  Unexpected exception occured at record 1200: javax.naming.SizeLimitExceededExcep
  tion: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'o=ericsson'
  Code:
  package erildap;
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.Hashtable;
  * Title:
  * Description:
  * Copyright: Copyright (c) 2001
  * Company: Numenor Communication AB
  * @author Andreas Gl�ckner
  * @version 1.0
  public class EgdLdap {
  Hashtable props = null;
  DirContext context = null;
  String server = null;
  int port;
  int version;
  public EgdLdap(String ldapServer, int port, int LdapVersion) {
  this.server = ldapServer;
  this.port = port;
  this.version = LdapVersion;
  static public void main(String[] args){
  SearchResult result = null;
  Attribute a = null;
  EgdLdap ldapObj = new EgdLdap("ldap.server.se",389, 3);
  try{
  ldapObj.connect();
  }catch(NamingException ex){
  System.out.println(ex.toString());
  String filter="(&(uid=qandglo)(ou=esg))";
  String[] returnAttrib = {"uid", "ou", "givenName", "departmentNumber", "L", "mail"};
  int scope = SearchControls.SUBTREE_SCOPE;
  NamingEnumeration enum = ldapObj.search("o=ericsson,ou=esg", filter, returnAttrib , scope);
  int i = 1;
  try{
  if (enum != null){
  while (enum.hasMoreElements()){
  result = (SearchResult)enum.nextElement();
  NamingEnumeration attributes = result.getAttributes().getAll();
  while(attributes.hasMore()){
  a = (Attribute)attributes.next();
  System.out.println(i+". "+a.toString());
  i++;
  }catch(Exception e){
  System.out.println(e.toString());
  e.printStackTrace();
  public void connect() throws NamingException{
  try{
  props = new Hashtable();
  props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  props.put(Context.PROVIDER_URL, "ldap://" + this.server + ":" + this.port);
  props.put("java.naming.ldap.version",String.valueOf(this.version));
  context = new InitialDirContext(props);
  }catch (NamingException e){
  System.out.println("Failed to connect to: " + this.server);
  props=null;
  throw e;
  System.out.println("Succesfully connected to: " + this.server);
  public void traverse(){
  try{
  Attributes at = context.getAttributes("cn=q*,o=ericsson");
  NamingEnumeration enum = at.getAll();
  while(enum.hasMore()){
  System.out.println(((Object)enum.next()).toString());
  }catch(NamingException e){
  System.out.println(e.toString());
  public NamingEnumeration search(String name, String filter, String[] returnAttribs, int type){
  NamingEnumeration result = null;
  SearchControls ctrl = new SearchControls();
  ctrl.setSearchScope(type);
  ctrl.setReturningAttributes(returnAttribs);
  if(context != null){
  try{
  result = context.search(name, filter, ctrl);
  }catch(NamingException e){
  System.out.println(e.toString());
  return result;
  }

  Hi,
  Two possible reasons:
  1. The size of the search results returned would have been controlled by the directory services administrator (Cross- check with the dir. services administrative options.
  2. Have you set the size limit programatically... using SearchControls.setSizeLimit(...) you should be using
  SearchControls.setSizeLimit(0) which returns all the results.
  Hope this hleps,
  Sathya Sayee.S

• LDAP search cannot find entry by user "defined attribute"  or  "sounds like

  Hi, I have an JSP program that searches an LDAP Sun One Directory Server.
  All of my search filters ( by givenname,sn,mail and phone #) work fine with the search base set at the very top (root ) of my DIT tree.
  However with the same search base, searching by an "User Defined Attribute" fails to return anything (and note that my search filter includes the objectclass that goes with this user defined attribute)?
  Yet, if I change the search base so it points all the way down the DIT tree (maybe near RDN?), the "User Defined Attribute" search works fine ?
  Additionally, "sounds like" search filter (givenname~=) fails to find anything at
  the upper root search base of DIT. If I change the search base to point down in the DIT tree as I did above, the "sounds like" filter will work?
  I've tried everything I know?

  Hi Dora9,
  Thanks for your reply.
  I am glad that you have solved the problem and thanks for your share us the solution
  here, so it would be helpful for other members who get the same issue
  and we will close this case.
  In addition, I suggest you could try to get
  the issue confirmed and diagnose by product team. Would you please create connect report for it? You will get email notification for update from the product team experts:
  http://connect.microsoft.com/VisualStudio/feedback/CreateFeedback.aspx,
  if you submit it, you could share us the link here, so we could know the latest information from the Product team expert. And I will help you to vote it.
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Error in people search when connecting through ldaps port

  Hello,
  I am getting following error when doing windows people search through ldaps port(636).
  The specified directory service could not be reached.
  The service may be temporarily unavailable or the server name may be incorrect.
  It is working fine when i am connecting thro ldap port.
  Could any one help me in this regard
  -mala

  Just setting the port in the console does not enable SSL. Do you have a certificate installed on that instance? If so, does your ldap client have that certificate (or its CA certificate) as a trusted cert? If not, you may need to run certutil to create/update the client certificate database.

• How can I perform LDAP searches in BPEL?

  Hello,
  I'm trying to search an LDAP directory from a BPEL process.
  There is a "ldap:search" XPath extension which appears to do this, but how do I specify which server to use. Just calling this function in an Assign produces an error message referring to a file called "directories.xml". Can anyone tell me what format this file should have (or how I automatically generate it)? I can't see it mentioned anywhere in the documentation.
  Thanks for your help.

  Did you ever get to know the location of this file?-directories.xml?

• LDAP Search/Bind function

  I'm trying to create an authentication function that can perform a search/bind.
  The algorithm for this is as follows:
  1) Bind to the LDAP server as the application (ie: admin username and password)
  2) Search the LDAP directory for the sign-in username %userid%
  3) Get the DN of that entry
  4) Unbind as the application
  5) Bind as the sign-in username %userid% with the DN from above
  I'm pretty sure that this is possible with the DBMS_LDAP and DBMS_LDAP_UTL packages, but I'm not sure how to put it all together. Does anyone out there know if a function such as this already exists?
  Thanks,
  Logan

  Well, I figured it out.
  create or replace FUNCTION F_Authenticate (p_username in varchar2, p_password in varchar2)
        RETURN BOOLEAN
     IS
        CURSOR ldap_param_cur
        IS
           SELECT *
             FROM ldap_parameters;
        ldap_param_rec   ldap_param_cur%ROWTYPE;
        l_session        DBMS_LDAP.SESSION;
        l_srch_attr      DBMS_LDAP.STRING_COLLECTION;
        l_attr_values    DBMS_LDAP.STRING_COLLECTION;
        l_result         DBMS_LDAP.MESSAGE;
        l_entry          DBMS_LDAP.MESSAGE;
        l_dn             VARCHAR2 (200);
        l_retval         PLS_INTEGER;
        multiple_uid     EXCEPTION;
        no_ldap_entry    EXCEPTION;
     BEGIN
        -- get parameters from uvic_ldap_parameters table
        OPEN ldap_param_cur;
        FETCH ldap_param_cur
         INTO ldap_param_rec;
        -- if the cursor returns no records display error message and exit
        IF ldap_param_cur%NOTFOUND
        THEN
           DBMS_OUTPUT.PUT_LINE
               ( 'LDAP Parameters not configured in UVIC_LDAP_PARAMETERS table'
           CLOSE ldap_param_cur;
           RETURN FALSE;
        END IF;
        CLOSE ldap_param_cur;
        DBMS_LDAP.use_exception := TRUE;
        BEGIN
           -- open session to ldap server
           l_session :=
              DBMS_LDAP.init (ldap_param_rec.ldap_host,
                              ldap_param_rec.ldap_port
           -- bind with credentials from cursor
           l_retval :=
              DBMS_LDAP.simple_bind_s (l_session,
                                       ldap_param_rec.search_credential,
                                       ldap_param_rec.search_passwd
           -- run ldap search
           l_retval :=
              DBMS_LDAP.search_s (l_session,
                                  ldap_param_rec.search_base,
                                  DBMS_LDAP.SCOPE_SUBTREE,
                                  ldap_param_rec.search_filter || p_username,
                                  l_srch_attr,
                                  0,
                                  l_result
           -- count the search result records
           l_retval := DBMS_LDAP.count_entries (l_session, l_result);
           -- if multiple search result records raise exception
           -- the userid should be unique and only return 1 search record
           IF l_retval > 1
           THEN
              RAISE multiple_uid;
           ELSIF NVL (l_retval, 0) = 0
           THEN
              RAISE no_ldap_entry;
           END IF;
           -- select first entry from ldap search record
           l_entry := DBMS_LDAP.first_entry (l_session, l_result);
           -- get the distinguished name from the ldap record
           l_dn := DBMS_LDAP.get_dn (l_session, l_entry);
           -- close ldap session used to retrieve search results
           l_retval := DBMS_LDAP.unbind_s (l_session);
           -- open session to ldap server
           l_session :=
              DBMS_LDAP.init (ldap_param_rec.ldap_host,
                              ldap_param_rec.ldap_port);
           -- bind using ldap search results distinguished name and password
           -- if the bind is successful the user can login
           l_retval := DBMS_LDAP.simple_bind_s (l_session, l_dn, p_password);
           -- close ldap session
           l_retval := DBMS_LDAP.unbind_s (l_session);
           RETURN TRUE;
        EXCEPTION
           WHEN multiple_uid
           THEN
              l_retval := DBMS_LDAP.unbind_s (l_session);
              DBMS_OUTPUT.PUT_LINE('Multiple LDAP entries found.'
              RETURN FALSE;
           WHEN no_ldap_entry
           THEN
              l_retval := DBMS_LDAP.unbind_s (l_session);
              DBMS_OUTPUT.PUT_LINE ('No LDAP records found.'
              RETURN FALSE;
           WHEN OTHERS
           THEN
              l_retval := DBMS_LDAP.unbind_s (l_session);
              DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
              RETURN FALSE;
        END;
     EXCEPTION
        WHEN OTHERS
        THEN
           l_retval := DBMS_LDAP.unbind_s (l_session);
           DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
           RETURN FALSE;
     END F_Authenticate;

• Multiple Filters in a Generic ldap Search.

  Hi all,
  'am involved in developing a generic ldap search utility. I would like to know if there is a provision to give multiple filters while searching the LDAP.
  The scenario is like this,
  like if i give the search criteria as java ldapSearch "empid=111*" I will get a series of results.
  WHAT I WANT:
  Will i be able to specify something like empid=11* and lastname=xxx*.
  Any pointers on this would be of tremendous help.
  Anticipating a reply.
  Regards,
  Sathya Sayee.S

  You can use | as 'or condition'. For example the condition
  sn=foo and (email=[email protected] or email=[email protected])
  (&(sn=foo) (|(email=[email protected]) (email=[email protected]))
  the operator are :
  AND : &
  OR : |
  NOT : !
  the notation works as HP calculator notation
  Simon Pierre NOLIN

• LDAP Search using an input User Name returning context

  I'm trying to find a way to search the LDAP tree, using only an input UserID and return the context. For example (ou=ISD,ou=CAMP,o=DIV).
  This is what I have thus far:
  ....an anymous bind has already been established with the server...
  String sFilter = ("cn=" + sUserid);
  int searchScope = LDAPConnection.SCOPE_BASE;
  String searchFilter = "Objectclass=user";
  LDAPSearchResults searchResults =
  conn.search( sFilter,
  searchScope,
  searchFilter,
  null, // return all attributes
  false); // return attrs and values
  any help would be greatly appreciated.

  From looking at the API
  http://docs.sun.com/source/816-5618-10/netscape/ldap/LDAPSearchResults.html
  http://docs.sun.com/source/816-5618-10/netscape/ldap/LDAPEntry.html
  while(searchResults.hasMoreElements()) {
    LDAPEntry next = searchResults.next();
    String contextDN = next.getDN();
  }