APEX - Authorization Scheme

Similar Messages

• Authorization Scheme using the APEX Authentication Scheme

  How would you build an authentication scheme that is using the APEX Authorization scheme. All users are belonging to a group which could be Oracle, External or Developer and I'd like to hide certain pages from the External users.
  I am not sure if I can grab the group name from some V('..') function and make something work?
  Cheers,
  Andy

  I'll give it a try again, sorry for not being able to describe the problem better!
  I am using the APEX built in authorization and authentication to make my life simple with regards to user mgmt. So all the users are managed using the Home>Administration>Manage Application Express Users. Every user belongs to an APEX group (Home>Administration>Manage Application Express Users>User Groups). For example:
  User A belongs to Group External
  User B belongs to Group Oracle
  User C belongs to Group Admin
  Now, there are certaing pages in my application that I want to restrict from the Group External (but the Group Admin and Group Oracle can see them).
  So my question is really how would I build such an Authorization Scheme to accomplish this? Not suer about which APEX API functions I should use to get this data and how to build the function.
  I hope this makes more sense?
  Andy

• Best Approach to create Security / Authorization Schema for an APEX Apps

  Hi,
  I am planning to create a Security / Authorization Schema for an APEX Application.
  Just want to know what is the best approach to create the security feature in APEX, so that it should be re-used in other APEXApplications too..
  I am looking for following features...
  1. users LOGIN and then user's name is stored in APEX_USER...
  2. Based on the user, I want to restrict the Application on following levels.
  - TABS
  - TABS - Page1 (Report
  - Page2 (Form)
  - Page2 (Region1)
  - Page2 (Region1, Button1)
  - Page2 (Region1, Items,....)
  AND so on.....basically depending on user....he will have access to certain TABS, Pages, Regions, Buttons, Items...
  I know, we have to create the Authorization Schema for this and then attach these Authorization Schema to the different Level we want.
  My Question is, what should be the TABLE structure to capture these info for each user...where we will say...this USER will have following access...AND then we create Authorization Schema from this table...
  Also what should be the FRONT end, we should have to enter these detail...
  SO, wondering, lot of people may already have implemented this feature....so if guys can provide the BEST Approach (re-usable for other APEX Application)....that will be really nice..
  Thanks,
  Deepak

  Hi Raghu,
  thanks for the detial info.
  so that means..I should have 2 table...
  master table (2 columns - username, password)
          username    password
     user1       xxxx
     user2       xxxx2nd table (2 columns - username, chq_disp_option)
  - In this table, we don't have Y/N Flag you mentioned..
  - If we have to enter all the regions/tabs/pages in the Applications here or just those regions/tabs/pages for which are conditionally diaplayed.
  - so that means in all the Pages/Regions/tabs/items in the entire Application, we have to call the Conditionally display..
  - suppose we have 3 tabs, 5 pages, 6 regions, 15 items..that means in this table we have to enter (3+5+6+15) = 29 records for each individual users..
            username    chq_disp_option
     user1       re_region1
     user1       re_region2
     user1       tb_main
     user1       Page1
     user1       Page5
     ----        ----     - how you are defining unique name for Regions..i mean in static ID or the Title
  - is the unique name for tab & item is same as the TAB_NAME (T_HOME) & Item Name (P1_ITEM1) or you are defining somewhere else.
  Thanks,
  Deepak

• Error in executing authorization scheme code

  I run my application on APEX.ORACLE.COm and I immediatly get the following error:
  ORA-06550: line 13, column 28: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line 12, column 14: PL/SQL: SQL Statement ignored ORA-06550: line 16, column 19: PLS-00364: loop index variable 'C1' use is invalid ORA-06550: line 16, column 5: PL/SQL: Statement ignored ORA-06550: line 17, column 15: PLS-00364: loop index variable 'C1' use is invalid ORA-06550: line 17, column 5: PL/SQL: Statement ignored ORA-06550: line 25, column 28: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line
  Error ERR-1082 Error in executing authorization scheme code.
  Here are the login credentials:
  Workspace: RGWORK
  Application: Online Certification Application Prototype - 21405
  User: TESTER
  Password: test123
  The application s/b public . I am not able to identify the invalid authorization scheme. I checked all the authorization schemes in the Shared Components > Security > Authorization Schemes and can't find the culprit.
  Can someone assist please?
  Thank you,
  Robert
  My Blog: http://apexjscss.blogspot.com

  Your Authorization Scheme "Access control - administrator" has this line of code that uses a table that isn't there (or RGTEST has no access to):
  select id, application_mode
  from apex_adm.apex_access_setup
  This Authorization Scheme is used in the Admin tab.
  If you run the page in debug mode you'll see (amongst a lot of other stuff):
  0.19: Authorization Check: "11204012643155257465" User: "nobody" Component: "tab"
  0.20: Show ERROR page...
  That pointed me to the Tab section...and there it was!

• Using Page Text Item in an Authorization Scheme

  Hello,
  I will be having a text item is every page say, Px_RESP_ID (hidden and its value set in an earlier page), and want to use its value in an authorization scheme to verify if the user has an access to the page.
  I'm using the following SQL in the authorization scheme -
  Apex Version: Apex 3.2
  Scheme Type: Exists SQL Query
  SQL:
  SELECT 1
  FROM zs_users zu
  , zs_responsibilities zr
  , zs_user_resp_groups zur
  WHERE
  zu.user_name = :APP_USER
  AND zr.resp_id = '&P'||:APP_PAGE_ID||'_RESP_ID.'
  AND zu.user_id = zur.user_id
  AND zr.resp_id = zur.resp_id
  For some reason this approach is not working. Any ideas to help me move forward will be greatly appreciated.
  Regards,
  Seshu

  AFAIK an application item, or maybe a page 0 item, is the only way to do this (as those items effectively exist across all pages of an application). Unfortunately since authorization schemes are application-level, you can't really effectively reference page items at runtime since you aren't necessarily on that page.
  The other option is an ugly one. Instead of creating one auth scheme (e.g.: "user_has_whatever_authority"), create one for every page (e.g.: "user_has_whatever_authority_1", "user_has_whatever_authority_2", etc.) and attach each auth scheme to each page by matching up the number in the name with the page. But this is a maintenance nightmare and terrible style IMHO, but it'll work. Your colleagues will hate you for it when you're gone though.

• Authorization scheme for users stored in a database table?

  Hello!
  I'm trying to find out how to make an authorization scheme for database users.
  I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
  A word of explanation:_
  I have a table in my database, named "USERS". Inside this table, I have the following columns:
  - USERID (NUMBER)
  - USERNAME (VARCHAR2(50))
  - PASSWORD (VARCHAR2(50))
  - EMAIL (VARCHAR2(200))
  For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
  What I want:_
  When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
  So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
  I also want the UserID to be stored somewhere in the application (if possible, in an application item).
  How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
  Any help is greatly appreciated.

  I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
  From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
  function validate_login (
     p_username   in   varchar2
  , p_password   in   varchar2) return boolean
  is
  v_result varchar2(1);
  begin
  select null into v_result
  from USERS
  where userid = p_username
  and password = p_password;
  return true;
  when no_data_found then return false;
  end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
  And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
  Rod West

• Generic Authorization Scheme for items?

  I have created a generic authorization scheme for our application pages, and I would like to extend that to items if possible.
  The page one was easy enough as I could identify the calling page through :APP_PAGE_ID in the authorization scheme. Unfortunately, I do not know of any built in variables that would identify a calling item on a page.
  Is there such a variable or some other way of identifying the item?
  thanks!
  John

  John,
  No, currently you cannot pass any parameters to an Authorization Scheme. I have requested that this be a new feature in a future release of APEX, as it makes all the sense in the world. It would be a lot easier to have 1 scheme that can take a parameter for 100 items vs. 100 schemes, one for each of 100 items.
  In the mean time, you'll have to default to using a condition to determine if an item should be rendered or not. The trick here is that conditions are often used for business rules (such as not showing the SAVE button when you're inserting). Thus, you'll have to account for that when creating your conditions, and thus check both.
  Hope this helps.
  Thanks,
  - Scott -
  http://spendolini.blogspot.com/
  http://sumnertechnologies.com/

• Export Authorization schemes either in 4.0 or 4.1

  Hi all,
  I would like to export authorization schemes of an app. and import it in another env. I don't expect to create authorization schemes in env. like production. So, the required schemes are created in say for e.g. in dev and get exported just the schemes without being exported the whole app.
  Is there anyway in either apex 4.0 or 4.1? If not, Is there any work around?
  Thanks in advance
  movva

  Hi,
  You can export , but I have not managed import those to different app.
  I get
  These components were exported from a different application or from an application in a different workspace. The components cannot be installed in this application.Workaround is export whole app and import it to workspace where is app where you like copy authorization schemes.
  Then in target app go create new authorization schema and select As a Copy of an Existing Authorization Scheme. Then select from witch app you copy schema.
  When you have copy all needed drop source app.
  Regards,
  Jari
  http://dbswh.webhop.net/dbswh/f?p=BLOG:HOME:0

• Problem calling a packaged function from an authorization scheme

  I wrote a package and body called pkg_auth with a function returning a boolean called is_authorized with 2 parameters (username and functional area).
  i.e.
  CREATE OR REPLACE PACKAGE pkg_auth
  AS
  FUNCTION is_authorized(p_username VARCHAR2, p_functional_area VARCHAR2) RETURN BOOLEAN;
  END;
  additionally i created a public synonym for it and granted execute access on it to apex_public_user and htmldb_public_user;
  i then created an authorization scheme called 'access_control_db' defined as Scheme Type 'PLSQL Function Returning Boolean' and placed the following:
  pkg_auth.is_authorized(v('APP_USER'),'DATABASE')
  in the Expression 1 field.
  and the following:
  Not permitted to edit database information.
  in the error field.
  However when I apply this authorization scheme to a buton I receive the following error when I go to the page containing that button:
  ORA-06550: line 1, column 44: PLS-00221: 'IS_AUTHORIZED' is not a procedure or is undefined ORA-06550: line 1, column 44: PL/SQL: Statement ignored
       Error      ERR-1082 Error in executing authorization scheme code.
  Any help would be most appreciated.

  Hello,
  Does putting 'return' infront -
  return pkg_auth.is_authorized(v('APP_USER'),'DATABASE')fix your problem?
  John.
  Blog: http://jes.blogs.shellprompt.net
  Work: http://www.apex-evangelists.com
  Author of Pro Application Express: http://tinyurl.com/3gu7cd
  REWARDS: Please remember to mark helpful or correct posts on the forum, not just for my answers but for everyone!

• ERR-1082 Error in executing authorization scheme code.

  Hi All,
  i have a different problem in apex....
  I am using below function to authenticate the apex users after SSO login. I have created authentication schemes for admin and users separately depending on that users will have access to the specific tabs.
  Now users are facing below error
  ORA-01403: no data found Error ERR-1082 Error in executing authorization scheme code.
  while they log in or submit the page. And the weired thing is randomly they are getting this error. 2 or 3 times in a week. and when i compile the authentication function that error will be resolved.
  this is function structure. Inside the function validation code is written.
  function F_auth_user( muser_name in varchar2, mauth_level in number, mgroup_name in varchar2) return boolean
  Some of the details: application users : 200 application size : 30MB
  May i know that how can i prevent this occurrence of error.

  Yes that is authorization schemes .
  Evidence is user can be able to login properly after compiling the function. otherwise the same error happening while navigating through out the applications.
  Function code:
  create or replace function F_auth_user(
  muser_name in varchar2,
  mauth_level in number,
  mgroup_name in varchar2) return boolean is
  ct number;
  muser_id number;
  begin
  select id into muser_id from t_employees where upper(email)=upper(muser_name);
  if muser_id is null or mauth_level is null or mgroup_name is null then
  return false;
  end if;
  if upper(mgroup_name) = 'ANY' then
  select count(*) into ct from t_employees emp, t_positions pos,
  t_employee_groups eg
  where emp.position = pos.id and
  pos.MgtLevel >= mauth_level and
  emp.position = pos.id and
  emp.id = muser_id;
  elsif upper(mgroup_name) = 'USER' then
  select count(*) into ct from t_employees emp, t_positions pos,
  t_employee_groups eg
  where emp.position = pos.id and
  pos.MgtLevel >= mauth_level and pos.MgtLevel!=6 and pos.MgtLevel!=4 and
  emp.position = pos.id and
  emp.id = muser_id ;
  elsif upper(mgroup_name) = 'ADMIN' then
  select count(*) into ct from t_employees emp, t_positions pos,
  t_employee_groups eg
  where emp.position = pos.id and
  pos.MgtLevel >= mauth_level and pos.MgtLevel!=6 and
  emp.position = pos.id and
  emp.id = muser_id ;
  else
  select count(*) into ct from T_employees emp, T_positions pos,
  t_emp_group_mapping egm, t_employee_groups eg
  where emp.position = pos.id and
  emp.id = egm.employee_id and
  pos.MgtLevel >= mauth_level and
  emp.position = pos.id and
  emp.id = muser_id and
  egm.group_id = eg.id and
  trim(eg.group_name) = mgroup_name;
  end if;
  if ct > 0 then
  return true;
  end if;
  return false;

• Error ERR-1082 Error in executing authorization scheme code.

  Hi,
  i imported my application from test to prod environment
  when run application i received the error (on login page)
  ORA-06550: line 13, column 19: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line 12, column 13: PL/SQL: SQL Statement ignored ORA-06550: line 16, column 18: PLS-00364: loop index variable 'C1' use is invalid ORA-06550: line 16, column 4: PL/SQL: Statement ignored ORA-06550: line 17, column 14: PLS-00364: loop index variable 'C1' use is invalid ORA-06550: line 17, column 4: PL/SQL: Statement ignored ORA-06550: line 25, column 19: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line
  Error      ERR-1082 Error in executing authorization scheme code.
  Any help?
  Thanks in advance
  Costantino

  Hi Scott,
  Thank you for the quick reply.
  What I did was to install APEX 3.1 to 11g db, and installed packaged application which called Software Management. It is working fine to log into the application and other operations, but I got the same error which reported on this thread once I applied the existing authorization schemes. So I thought if I missed to import the apex_access_setup and apex_access_control tables. I am looking for the solution to enable the default authorizations...
  I would appreciate if you could give me any suggestions.
  Thanks,
  Rui

• Authorization schemes

  I am trying to not reinvent the wheel but Oracle DB secuirty as it exists today in APEX. I have successfully setup the authentication using Database account and that works fine, but now I want to have my application only allow special oracle accounts that are signified by Banner, authorized to process the application. I do not want to have to setup any additional security, but use my current DB security that is already setup in the Banner accounts for what can be accessed. I know I have to do something in the Authorization schemes in APEX, but I am not sure what? Any help would be appreciated. Thanks. Joe

  It's quite simple really.
  Create the scheme and the bottom line is that the scheme has to return TRUE or FALSE. TRUE means that they pass the test and can do whatever it is, FALSE means they fail the test and should get an error.
  99.9% of the time I create a boolean-returning function in the database and I call it in the scheme like this (assume myfunction() takes the value of the signed-on user and does something with it to check if this user passes the test or not):
  RETURN myfunction(:APP_USER);If TRUE comes back, they pass security validation, else it will fail them.
  If you are just testing the user name itself, try this:
  RETURN (:APP_USER like '%BANNER');...or whatever else returns TRUE/FALSE to evaluate your test.
  Then, after you define the scheme, attach it to whatever needs protection.
  There is an application-level to place the authorization scheme to restrict all access to all pages but I've never gotten it to effectivelly work because if you do the above example, it will even protect the login page because the APP_USER isn't yet set to the person who is going to log in. So I've always had to put the authorization at each page.
  However you might be able to manage it at the application level if you do it this way (I never tried but I guess this would work...assume 101 is the login page):
  RETURN :APP_PAGE_ID='101' OR (:APP_PAGE_ID != '101' AND :APP_USER like '%BANNER');So anytime page 101 (login) is accessed, the user passes security test to render the page. Else if it's not page 101, their username has to end in BANNER in order to pass the test.

• Customise Authorization Scheme web page

  Hi
  APEX - 4.1
  Oracle - 11gr2
  I have added an Authorization Scheme to my application whereby a check is performed to determine whether or not a user is allowed to access a webpage. If a user tries to access a restricted webpage a new webpage is displayed with
  'Access denied by Application security check' and a red exclamation
  My question is how can I customise this webpage as it differs from my application template (The log out disappears at the top and the topbar moves about between the restriction error webpage and the page it returns back to)?
  Is this possible?
  Thanks
  Rob

  Hi
  Thanks for the help. I located the 'Error Page Template Control' section.
  I am not looking to customise that section, but what I have noticed in firebug is that when I switch to this error page the BODY of the HTML document changes.
  So on a ordinary page you would normally have
    <div id="navbar">
      <div class="app-user">#WELCOME_USER#</div>
      <div class="app-user">Client: Internal</div> -- This is customised be me
      #NAVIGATION_BAR#
      #REGION_POSITION_08#
    </div>whereas on this error page you will have
    <div id="navbar">
      <div class="app-user">#WELCOME_USER#</div>
      <div class="app-user">Client: Internal</div> -- This is customised be me
    </div>Also the topbar seems to change from
     <div id="topbar">#REGION_POSITION_01##REGION_POSITION_04#</div>to
     <div id="topbar"></div>Is this normally? It is these adjustments I want to fix as navbar has the logout link which disappears and the topbar has my menu which messes with the page format on the error page
  Cheers
  Rob

• Authorization Schemes, User Groups

  Hi Folks,
  I wish to create an authorization scheme and to do so with one of the user groups I defined in
  Home>Administration>Manage Application Express Users
  How can I set the authorization scheme to achieve this?
  Thanks for any and all help

  Are you looking for apex_util.current_user_in_group
  Create a new authorization scheme... PL/SQL function reuturning boolean
  begin
  if apex_util.current_user_in_group('MyGroup')
  then
  return TRUE;
  else
  return FALSE;
  end if;
  end;Reference:http://apex.oracle.com/i/doc/AEAPI/apex_util014.htm
  Regards,
  Shijesh

• Create Authorization Scheme for LDAP Groups

  I have installed APEX 4.0 in my staging environment and got the LDAPS to finally work. I can now login to the application with my LAN user name and password. The only problem is so can everyone else on the LAN. So I wanted to create an authorization scheme that would only allow a certain group or groups of LDAP users into the application rather than everyone.
  I am at the Create Authorization Scheme page and am kind of stuck. Has anyone done this before and can share some SQL or knowledge?

  hi larosejh
  If you want to do that you must write your own procedures using the dbms_ldap package. I found some code a while back that searches the LDAP. Maybe you can use this to create a function for your authentication.
  DECLARE
  retval PLS_INTEGER;
  my_session DBMS_LDAP.session;
  my_attrs DBMS_LDAP.string_collection;
  my_message DBMS_LDAP.message;
  my_entry DBMS_LDAP.message;
  entry_index PLS_INTEGER;
  my_dn VARCHAR2(256);
  my_attr_name VARCHAR2(256);
  my_ber_elmt DBMS_LDAP.ber_element;
  attr_index PLS_INTEGER;
  i PLS_INTEGER;
  my_vals      DBMS_LDAP.STRING_COLLECTION ;
  ldap_host VARCHAR2(256);
  ldap_port VARCHAR2(256);
  ldap_user VARCHAR2(256);
  ldap_passwd VARCHAR2(256);
  ldap_base VARCHAR2(256);
  BEGIN
  retval := -1;
  -- Please customize the following variables as needed
  ldap_host := 'host';
  ldap_port := '389';
  -- In case of update/insert/delete need change ldap_user to other.
       -- ldap_user := 'cn=orcladmin';
       -- ldap_passwd:= 'welcome';
  -- set User and password to NULL for anonymous user.
  ldap_user := 'user';
  ldap_passwd:= 'password';
  ldap_base := 'CN=Users,DC=ee,DC=intern';
  -- end of customizable settings
  -- Start output Header--
  DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
  DBMS_OUTPUT.PUT('> DBMS_LDAP Search Example ');
  DBMS_OUTPUT.PUT_LINE('');
  DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Host ',25,' ') || ': ' || ldap_host);
  DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Port ',25,' ') || ': ' || ldap_port);
  -- Choosing exceptions to be raised by DBMS_LDAP library.
  DBMS_LDAP.USE_EXCEPTION := TRUE;
  my_session := DBMS_LDAP.init(ldap_host,ldap_port);
  DBMS_OUTPUT.PUT_LINE (RPAD('> Ldap session ',25,' ') || ': ' ||
  RAWTOHEX(SUBSTR(my_session,1,8)) ||
  '(returned from init)');
  -- bind to the directory
  retval := DBMS_LDAP.simple_bind_s(my_session,
  ldap_user, ldap_passwd);
  DBMS_OUTPUT.PUT_LINE(RPAD('> simple_bind_s Returns ',25,' ') || ': '
  || TO_CHAR(retval));
  -- issue the search
  my_attrs(1) := 'dn'; -- retrieve all attributes
  retval := DBMS_LDAP.search_s(my_session, ldap_base,
  DBMS_LDAP.SCOPE_SUBTREE,
  'objectclass=*',
  my_attrs,
  0,
  my_message);
  DBMS_OUTPUT.PUT_LINE(RPAD('> search_s Returns ',25,' ') || ': '
  || TO_CHAR(retval));
  DBMS_OUTPUT.PUT_LINE (RPAD('> LDAP message ',25,' ') || ': ' ||
  RAWTOHEX(SUBSTR(my_message,1,8)) ||
  '(returned from search_s)');
  -- count the number of entries returned
  retval := DBMS_LDAP.count_entries(my_session, my_message);
  DBMS_OUTPUT.PUT_LINE(RPAD('> Number of Entries ',25,' ') || ': '
  || TO_CHAR(retval));
  DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
  -- End output Heading --
  -- get the first entry
  my_entry := DBMS_LDAP.first_entry(my_session, my_message);
  entry_index := 1;
  -- Loop through each of the entries one by one
  while my_entry IS NOT NULL loop
  -- print the current entry
  my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
  -- DBMS_OUTPUT.PUT_LINE (' entry #' || TO_CHAR(entry_index) ||
  -- ' entry ptr: ' || RAWTOHEX(SUBSTR(my_entry,1,8)));
  DBMS_OUTPUT.PUT_LINE (' dn: ' || my_dn);
  my_attr_name := DBMS_LDAP.first_attribute(my_session,my_entry,
  my_ber_elmt);
  attr_index := 1;
  while my_attr_name IS NOT NULL loop
  my_vals := DBMS_LDAP.get_values (my_session, my_entry,
  my_attr_name);
  if my_vals.COUNT > 0 then
  FOR i in my_vals.FIRST..my_vals.LAST loop
  DBMS_OUTPUT.PUT_LINE(' ' || my_attr_name || ' : ' ||
  SUBSTR(my_vals(i),1,200));
  end loop;
  end if;
  my_attr_name := DBMS_LDAP.next_attribute(my_session,my_entry,
  my_ber_elmt);
  attr_index := attr_index+1;
  end loop;
  my_entry := DBMS_LDAP.next_entry(my_session, my_entry);
  DBMS_OUTPUT.PUT_LINE(' --------------------------------------------------- ');
  entry_index := entry_index+1;
  end loop;
  -- unbind from the directory
  retval := DBMS_LDAP.unbind_s(my_session);
  DBMS_OUTPUT.PUT_LINE(RPAD('unbind_res Returns ',25,' ') || ': ' ||
  TO_CHAR(retval));
  -- Start Output Footer --
  DBMS_OUTPUT.PUT_LINE('Directory operation Successful .. exiting');
  -- Start Output Footer --
  -- Handle Exceptions
  EXCEPTION
  WHEN OTHERS THEN
  DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
  DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
  DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
  END;
  /