Calling the built in ldap authentication function?

Similar Messages

• What's required to use the built-in LDAP authentication scheme

  In order to use the built-in LDAP authentication scheme in my ApEx application, do I have to have anything more installed in my oracle environment or available to us than accessible LDAP addressing? Our environment is a 10.2 database instance (Enterprise Edition) with ApEx and Microsoft Active Directory that has LDAP setup. It looks like all the DBMS.LDAP packages are in place in my database.
  I'm using something similar to the below for built-in prompts but all LDAP tests fail:
  host=ourdc1.ourdc2.ourdc3.edu
  Port=389
  cn=%LDAP_USER%,OU=Users, OU=Department,DC=ourdc1,DC=ourdc2,DC=ourdc3,DC=edu

  Hello,
  What is your name?
  I know this sounds funny but when I was starting with AD LDAP authentication I seem to remember the user name being the key. Instead of "username" I had to use "[email protected]".
  Ultimately, I created a custom package built on DBMS_LDAP as the ApEx package is really targeted for OID.
  Regards,
  Dan

• Built-in LDAP Authentication Problem

  Hi All,
  I have used Built-in LDAP Authentication Method for my application authentication which works fine,but i need to have an database authentication as well in combination to LDAP one.
  I tried putting a database authentication function (Returning Boolean) in the post authentication process but without success.
  Please suggest how to go about this.
  cheers
  Dhrubo

  You really didn't explain much more than in your first post.
  For Example ,LDAP verifies all users now,but i would like to enable persons with their role as managers to have access priviledge for my application.Right now, managers do have access privilege so that requirement does not make sense.
  For this Manager problem i need a database level authentication.What does that mean? You can't just make up terms like that.
  I think you are mixing up authentication and authorization. Please search this forum and read the User's Guide for more info about how these are differrent.
  We can show you how to do both authentication and authorization, you just need to work harder stating your exact requirements.
  Scott

• How to call the built in functions from flex?

  I want to use some of the Built in functions like the twelvesprints.getActivityOwnerId() in flex. From the java example i could make out that we needed to import some classes to do this but was unable to find them for flex.

  You can download the SWC file for Flex Method app here:
  https://sandbox.12sprints.com/FlashMethodLib.swc
  Java samples are located at
  https://streamwork.com/api/Java.zip
  Method exaples are available at:
  https://streamwork.com/api/methods/com.streamwork.hello_world.zip
  https://streamwork.com/api/methods/com.streamwork.constants.zip
  https://streamwork.com/api/methods/com.streamwork.using_arrays.zip
  com.streamwork.testFlash

• VBA code that calls the Send Active Work Sheet function

  Hi There,
  I would like to know if it is possible to have a button that calls some VBA code that does the same as the u201CSend Active Work Sheetu201D function from the BPC action pane. I am developing a custom workbook, but would like to have a button that calls the send active worksheet and returns the status window .  "MNU_ESUBMIT_REFSCHEDULE_SHEET_REFRESH" sends the active worksheet but does not return a status window.
  Kind Regards
  Daniel

  I am unaware of any other "undocumented" features that might perform the exact scenario you are needing.  Perhaps this is an enhancement request.
  If you only need to display a generic informational dialog that data has been sent and not include the specifics of the data that was sent (ie: number records sent, accepted, rejected...).  Perhaps you could use one of the MNU_eSUBMIT_SHEET options that doesn't provide the results feedback and then in an AFTER_SEND() function pop-up a msgbox informing the user that data has been sent?
  Or, investigate the use of MNU_eSUBMIT_VALIDATE prior to the MNU_eSUBMIT_SHEET.....I personally have never used that option.

• Should I use the built in log rolling function on iWS 6 or roll my own using a cron job using stop and start scripts in the web server instance root?

   

  Hi,
  You can use either OS cron job based log rotation
  OR
  Internal daemon log rotation.
  It is recommeded to use OS cron job log rotation.
  OS=Operating System
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• How to use two different LDAP authentication for my Apex application login

  Hi,
  I have 2 user groups defined in the LDAP directory and I provided the DN string for apex authentication something like the below
  cn=%LDAP_USER%,ou=usergrp1,dc=oracle,dc=com
  cn=%LDAP_USER%,ou=usergrp2,dc=oracle,dc=com
  The problem is I couln't pointout both the groups in DN string, I am trying to allow both usergroups to access the application.
  Does anyone know how to define both the group in LDAP DN String ?.
  Thanx in advance
  Vijay.

  Vijay,
  I don't think you'll be able to use the built-in LDAP authentication scheme. Just create a new authentication scheme that has its own authentication function. In that function code your calls to dbms_ldap however you need. Search the forum for dbms_ldap.simple_bind_s to find examples.
  Scott

• LDAP Authentication - Multiple Domains

  I want to be able to use the built in LDAP Authentication scheme to allow authentication against multiple AD Domains... each with it's own separate Host IP/Server, and LDAP DN String. The User ID is formated the same among all Domains, so that is not a concern. I am currently authenticating against one Domain and it scans the tree successfully.
  Host: xx.xx.xx.xx
  DN String: %LDAP_USER%@amer.globalco.net
  (amer.globalco.net is the domain)
  How can this be accomplished? Is it possible all you guru's out there?
  I saw one forum thread discussing how to add a drop down list to the login page, then use the value of the page item in the DN String to specify Domain... That makes sense - HOWEVER - I also have to use a different Host Server / IP address for each domain as well.... Now that is 2 fields that need updating based on one select list.
  I can build the select list using "IP/Domain" - but how do I separate the two data bits in the ITEM Value into their own field values?
  Can I use the ldap_dnprep function to do text editing to create two field values from one ITEM value that I can use in the standard LDAP authentication form fields?
  As you can tell - I am not a SQL/PLSQL person... and I want to avoid creating my own LDAP scheme.
  Please include example/suggested SQL -
  Thanks in advance...
  Rich
  Apex v3.2.1
  Oracle 10G Express

  Based on prior post I had similar question and the result was to write custom auth scheme to read the values from the login page, perform auth against appropriate ldap, then return a valid session to proceed with login in apex app. In our case, the issue was having users is different branch nodes on the same ldap server but not being able to search from a common higher-level branch for some reason...
  Another option you could try, not recommended as it would mean multiple pages to maintain, would be a separate login page per ldap/domain, maybe would even have to multiple apps with just a login page and then redirect to the main app... been a really long time since i've tried anything like it, just giving some options to try.

• How to call the java method in java script function in a portal application

  Hi Friends,
  I am developing one application where i need to fetch the data from KM content and displaying it on the screen in regular interval. I wrote one method in JSPdynpage for fetching data from KM content now I need to call that java method in java script function.
  java method(IComponentRequest request)
  //Coode for fetching the KM content
  function()
  <b>//Need to call the java method</b>
  setTimeout(function, 5000);//setting the time interval for this function
  <<htmlb display code>>
  If anybody can help me in calling the java method in java script function that will be very helpful for me.
  Thanks in advance,
  Sandeep Bonam

  Hi,
  Pls see if the following links could help.
  http://www.rgagnon.com/javadetails/java-0170.html
  http://www-128.ibm.com/developerworks/library/wa-resc/?dwzone=web
  Regards

• Weblogic  patch has broken the LDAP authentication

  Hi,
  We have installed  XIR2 SP4 on  Linux and also installed a patch for the weblogic ,after installing weblogic patch we are unable to login to the infoview using LDAP authentication getting  error  ""An Error has Occurred: java.lang.InstantiationException:Could not instantiate bean CE_Session, neither class nor beanName were specified."
  Curently we have  uninstalled the weblogic  patch , now everyting is working fine.
  We want to know the reason for this , why the instalation of patch has  broken the LDAP authentication?
  Environment -
  BOXIR2 SP4,
  LINUX,
  Web logic 9.2,
  Oracle 10g.
  Thank you  in Advance.
  Thanks & Regards,
  Bill.

  You'll have to open an incident with support, that error doesn't seem like an actual LDAP error so go with deployment if you do. See if you can get an engineer to reproduce or trace your environment. This is the 1st time I've heard of a weblogic patch breaking LDAP.
  Regards,
  Tim

• Weblogic or LDAP authentication

  Hello All,
  We are already using the OBIEE for 2 of the applications and currently we are using repository authentication(Creating users and groups in the rpd).
  Here are what we are planning to do
  1.Deploy OBIEE using weblogic application server (This would be our first preference.But could not find any oracle official documentation about the possibility of deploying obiee on weblogic.). Please let me know if any one succefully deployed obiee on weblogic.If so, please provide the documentation.
  2.If the first option is not possible, we are planning to use LDAP authentication.I have been reading the OBIEE administrator guide about LDAP authentication.
  I do have the following questions about both the procedures
  1.How the group premissions would work.
  EX: For some of the users, we gave just read only access to dashboard 1, noaccess to dashboard2 and full access to dashboard3.Now i can do it by creating security groups and apply the settings to these users.
  How can i achieve the same using ldap authentication?
  Please advise.
  Thanks in advance.

  I expected that could be a way to only redefine the User class, implementing a
  custom realm is much more work. I will consider directly accessing the database/LDAP.
  Thank you anyway.
  "Tom Moreau" <[email protected]> wrote:
  >
  David,
  The only way I know how to do this is:
  1) write your own security realm that creates
  users containing all the info you desire.
  That is, a realm derives its own user class
  so you're free to derive a class and add all
  the fancy stuff you require.
  The current RDBMS and LDAP realms don't
  put the info you desire into the user objects
  they create.
  2) in your servlet, get the authenticated user,
  then get the user's name from it, then use
  Realm.getRealm().getUser() passing in that name.
  This will get you the user out of your realm.
  3) cast this user to the user class that your realm
  created and use the info that your realm put in it.
  This is probably a lot of work - might be simpler for
  you to lookup the user in LDAP/your database directly.
  -Tom
  "David Ruana" <[email protected]> wrote:
  I use the Security.getCurrentUser() function from my servlets and EJBs
  in order
  to get the username of the authenticated user in the Weblogic realm.
  I wonder whether it is possible to add new attributes to the User object
  which
  I get from the Security.getCurrentUser() call.
  Suppose the User info is stored in an ODBC or LDAP realm. Besides the
  username
  and password, other attributes may be stored in the ODBC table or LDAP
  record.
  During authentication, Weblogic accesses the ODBC table or LDAP record
  in order
  to check that username exists and the password is correct. Could itbe
  possible
  at that time to get that extra attributes and assign them to the User
  class (or
  some subclass of the User class)?
  What java classes must be redefined in Weblogic in order to accomplish
  that?
  Any suggestions would be appreciated.

• LDAP authenticator setting in Weblogic 10

  Hi there,
  I am a newbie to weblogic. I am migrating an application from OAS to Weblogic 10. The application is using LDAP for login. I am havng a trouble to set up those users in weblogic console.
  Here is what I did:
  in web.xml:
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
  <url-pattern>*</url-pattern>
  <http-method>*</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>UserRole</role-name>
  </auth-constraint>
  </security-constraint>
  <security-role>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>RegularUser</realm-name>
  <form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/loginerror.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <role-name>UserRole</role-name>
  </security-role>
  In Weblogic.xml
  <?xml version="1.0" encoding="windows-1252"?>
  <weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app">
  <security-role-assignment>
  <role-name>UserRole</role-name>
  <externally-defined/>
  </security-role-assignment>
  </weblogic-web-app>
  In Weblogic console, I created a new realm called RegularUser and setup LDAP authenticator. User Base DN is ou=axxx,dc=bxxx,dc=cxx. I can see those users already in the user list.
  Did I miss any step?
  Thanks

  Thanks, Faisal.
  Here is my config.xml. Do I need to select Custom Roles at the time of deployment? I manually deployed the application in console.
  <?xml version='1.0' encoding='UTF-8'?>
  <domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
  <name>myTestDomain</name>
  <domain-version>10.3.3.0</domain-version>
  <security-configuration>
  <name>myTestDomain</name>
  <realm>
  <sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
  <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
  <sec:active-type>AuthenticatedUser</sec:active-type>
  </sec:authentication-provider>
  <sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
  <sec:name>RegularUsers</sec:name>
  <sec:control-flag>OPTIONAL</sec:control-flag>
  <wls:host>holdap1.abc.org</wls:host>
  <wls:user-object-class>user</wls:user-object-class>
  <wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>
  <wls:principal>ldapviewsd</wls:principal>
  <wls:user-base-dn>ou=a,dc=b,dc=c</wls:user-base-dn>
  <wls:credential-encrypted>{AES}5dVfr76v1nSUvb8iMBO5e1WxZG5BA/M3MWZvNxDVMO4=</wls:credential-encrypted>
  <wls:user-from-name-filter>(&amp;(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
  <wls:group-base-dn>ou=a,dc=b,dc=c</wls:group-base-dn>
  <wls:group-from-name-filter>(&amp;(cn=%g)(objectclass=group))</wls:group-from-name-filter>
  <wls:static-group-object-class>group</wls:static-group-object-class>
  <wls:static-member-dn-attribute>member</wls:static-member-dn-attribute>
  <wls:static-group-dns-from-member-dn-filter>(&amp;(member=%M)(objectclass=group))</wls:static-group-dns-from-member-dn-filter>
  </sec:authentication-provider>
  <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
  <sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
  <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
  <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
  <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
  <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
  <sec:name>myrealm</sec:name>
  <sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
  <sec:name>SystemPasswordValidator</sec:name>
  <pas:min-password-length>8</pas:min-password-length>
  <pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
  </sec:password-validator>
  </realm>
  <realm>
  <sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
  <sec:name>RewardsUser</sec:name>
  <sec:control-flag>SUFFICIENT</sec:control-flag>
  <wls:host>holdap1.abc.org</wls:host>
  <wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>
  <wls:principal>ldapviewsd</wls:principal>
  <wls:user-base-dn>ou=a,dc=b,dc=c</wls:user-base-dn>
  <wls:credential-encrypted>{AES}6mfAIvAqFASMkZ4yHygBe3AODqNyzYyLLePzCI2HTE0=</wls:credential-encrypted>
  <wls:user-from-name-filter>(&amp;(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
  <wls:group-base-dn>ou=a,dc=bdc=c</wls:group-base-dn>
  <wls:max-sid-to-group-lookups-in-cache>1500</wls:max-sid-to-group-lookups-in-cache>
  </sec:authentication-provider>
  <sec:deploy-role-ignored>false</sec:deploy-role-ignored>
  <sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
  <sec:deploy-credential-mapping-ignored>false</sec:deploy-credential-mapping-ignored>
  <sec:security-dd-model>CustomRoles</sec:security-dd-model>
  <sec:combined-role-mapping-enabled>true</sec:combined-role-mapping-enabled>
  <sec:name>RewardsUser</sec:name>
  <sec:delegate-m-bean-authorization>false</sec:delegate-m-bean-authorization>
  </realm>
  <default-realm>myrealm</default-realm>
  <credential-encrypted>{AES}AOnncmyo+t9U78VAJHcbv8uiDUVggDlU55WY5xh6NukBIg3m2MK0In76UwCRuKdlVzHp9uWx/4uYZpkVQmq9Hqk3fTRZRx4dIuyU07siwupmYdq1UHttcgTIwqqKoaWn</credential-encrypted>
  <node-manager-username>weblogic</node-manager-username>
  <node-manager-password-encrypted>{AES}Yx0pabvYpXxQr7K7YRVB5B0f3Kyy8Lpn0cu1WQCXve8=</node-manager-password-encrypted>
  </security-configuration>
  <server>
  <name>AdminServer</name>
  <server-debug>
  <debug-scope>
  <name>weblogic.security.atn</name>
  <enabled>true</enabled>
  </debug-scope>
  <debug-scope>
  <name>weblogic.security.atz</name>
  <enabled>true</enabled>
  </debug-scope>
  <debug-security-atn>true</debug-security-atn>
  <debug-security-atz>true</debug-security-atz>
  <debug-security-saml-atn>true</debug-security-saml-atn>
  <debug-security-saml2-atn>true</debug-security-saml2-atn>
  </server-debug>
  <listen-address></listen-address>
  </server>
  <embedded-ldap>
  <name>myTestDomain</name>
  <credential-encrypted>{AES}Iidvc9S3UqScbvwktaeOZMYr4V9BQ4aU/T5z+npeFwiYEzUZi6iLF59pfpCNI0DQ</credential-encrypted>
  </embedded-ldap>
  <configuration-version>10.3.3.0</configuration-version>
  <app-deployment>
  <name>rewards</name>
  <target>AdminServer</target>
  <module-type>ear</module-type>
  <source-path>servers\AdminServer\upload\rewards.ear</source-path>
  <security-dd-model>DDOnly</security-dd-model>
  </app-deployment>
  <admin-server-name>AdminServer</admin-server-name>
  </domain>

• Improve built in SQL MAX function

  Hi
  I am trying to improve the performance of the built in SQL max function. right now searching through over 500,000 rows takes lot of time which can be reduced. Can anyone suggest me something which would be helpful in this or may be give me a link if it has been discussed before?
  Anything is appreciated.
  Thanks

  Tolls wrote:
  Um...considering you were planning on improving on the MAX function, I sort of thought you might actually know how to use it. Otherwise how would you know it was running slowly?thanks Tolls i'd figured it out right after i posted it. i guess i was too excited after reading (you got it in milliseconds) that posted right away without doing anything myself..but yeah it did make it super fast..thanks a lot for your help and time..
  cotton.m wrote:
  d_khakh wrote:
  hi tolls thanks for getting back
  could u explain how did u do that? i found out how to create index..i have the following statement:
  create index col on table2 (col2);
  cud u tell me how to go from here and find the max in col2..thanks again for ur help?
  sigh
  Where to go from here? Just execute your damn query. If you really did create the index on the right column and your database isn't stupid and there isn't a lot more to this problem then you told us about like some where clauses then that's it. She's as fast as she's going to get.
  And remember, it's impolite to converse in a public forum while chewing your cud. Unless of course you actually meant "could" but were just too lazy to type it. Don't be lazy, use full words. Thanks.like i said above..i figured it out after some time.
  i wasn't being lazy ..thats msn talk..i thought people understood that..anyways your point noted too.

• Calling a Selection Screen from a Function Module/Method

  Hi,
    I would like to call a selection screen from a function module or method. I understand it is not possible by the definition. Are there any alternative options as I am looking for the Variants Save option on the screen. Any thoughts?
  Thanks
  Raghav

  Since i don't know your exact requirements (standard SAP selection screen? your own selection screen?) the onl;y thing i can come up with is:
  1. in your function pool create your own screen with a subscreen area
  2. create your own selection screen as a subscreen.
  3. include the selection subscreen in the first screen
  4. call the first screen in your function.

• Designer takes several minutes for login using LDAP authentication

  We have a issue, when we tried to login to the designer using LDAP authentication it takes several minutes and using enterprise account we are able to login to the designer with in seconds.
  CMC and infoview all are working fine using LDAP authentication.
  We are using BOXIR2,
  FP 1.6.
  Thank You in Advance.
  Thanks & Regards,
  Collin.

  There have been several changes in LDAP since FP 1.6 but if infoview is ok then hopefully you aren't running into any of them. When logging into client tools the LDAP requests are sent to the LDAP server directly from the client. An issue like this would suggest there is a problem reaching the LDAP server from the client.
  Is LDAP SSL being used? If yes try disabling it, if no then you can packet scan the logon attempt on the client and filter the LDAP traffic to see how long it's taking for that communication.
  Regards,
  Tim