DBMS_LDAP package
Hi,
Please, where can I find the DBMS_LDAP package. I've Oracle 8.1.7 with Win2000?
Am I oblige to install Oracle Internet Directory to use it?
Thanks.
Dear V Garcia
I would like to ask you, how we could load DBMS_LDAP package into our from application, we developed an application using Oracle Forms (6i) deployed into Oracle9i AS (1.0.2.2.2.A) connected to Oracle8i Database server (Release 8.1.7). The problem is how I can use Oracle forms to authenticate users login using LDAP instead of traditional user authentication using forms trigger and database tables. I tried to find any document(s) that help in using LDAP through Oracle Forms6i without any success. I appreciate any Help
Similar Messages
-
Query objectGUID using dbms_ldap package
Hi
I've managed to retrieve the objectGUID from Active Directory using the DBMS_LDAP package.
It is returned in this format: 8FDD7ACDA0749648B136E0AD6847BD64
How can I use this value in a filter for dbms_ldap.search_s?
objectGUID=8FDD7ACDA0749648B136E0AD6847BD64 does not work,
I've also tried escaping the value \8F\DD\... and \\8F\\DD\\...
Any one know what I need to do?
ThanksI already have the HEX value of the GUID - the problem is the function dbms_ldap.search_s appears to be trying to match the objectGUID which has been converted to ascii.
I can do partial matches like objectGUID=cf*
But that is matching an ascii representation of the GUID: eg. cf¿t¿H¿6¿@¿D
And nothing can match the upside down question marks.
There must be another way - or another unique identifier to compare/filter by. -
DBMS_LDAP package documentation and samples
Where can I find the DBMS_LDAP package documentation and samples to use it to connect to OID from pl/sql blocks.
TIA,
NishantI have been successful using the PL/SQL DBMS_LDAP utilities and enhancing the included examples to bulk create portal users as well as adding them to a default portal group as outlined in the DBMS_LDAP demo examples (search.sql, trigger.sql, empdata.sql).
Using this PL/SQL trigger on the EMP table, I can add, delete or modify various user entries. However, while I can add a user to a default portal group, I have been unsuccessful in deleting a user from a group as well as modifying a users default group by deleting their "uniquemember" entry from one group and adding it to another using the DBMS_LDAP procedures.
Has anyone deleted a user from an existing group and how is this done programatically using the DBMS_LDAP utilities? Also, but less important, is there a way to programmatically modify a user from one portal group to another?
I don't necessarily want the code - just the method of doing this. Do I have to read in all of the 'uniquemember' attributes from the group (via DBMS_LDAP.populate_mod_array, for example), then manipulate the list and write it back. Or, is there a function that will allow me to delete or modify an entry in the 'uniquemember' attribute.
Regards,
Edward Girard -
I'm trying to fix invalid objects before database upgrade. I ran dbupgdiag.sql tool which reports DBMS_LDAP package as invalid. According to Enterprise Manager, the package is wrapped and contains some errors (see below). How can I unwrap the package and fix the errors?
Line # = 50 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 50 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 73 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 73 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 105 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 105 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 135 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 135 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 175 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 175 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 211 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 211 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 218 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 218 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 276 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 276 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 283 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 283 Column # = 14 Error Text = PL/SQL: Statement ignored
Line # = 289 Column # = 14 Error Text = PLS-00201: identifier 'DBMS_SYS_ERROR.RAISE_SYSTEM_ERROR' must be declared
Line # = 289 Column # = 14 Error Text = PL/SQL: Statement ignoredI have been successful using the PL/SQL DBMS_LDAP utilities and enhancing the included examples to bulk create portal users as well as adding them to a default portal group as outlined in the DBMS_LDAP demo examples (search.sql, trigger.sql, empdata.sql).
Using this PL/SQL trigger on the EMP table, I can add, delete or modify various user entries. However, while I can add a user to a default portal group, I have been unsuccessful in deleting a user from a group as well as modifying a users default group by deleting their "uniquemember" entry from one group and adding it to another using the DBMS_LDAP procedures.
Has anyone deleted a user from an existing group and how is this done programatically using the DBMS_LDAP utilities? Also, but less important, is there a way to programmatically modify a user from one portal group to another?
I don't necessarily want the code - just the method of doing this. Do I have to read in all of the 'uniquemember' attributes from the group (via DBMS_LDAP.populate_mod_array, for example), then manipulate the list and write it back. Or, is there a function that will allow me to delete or modify an entry in the 'uniquemember' attribute.
Regards,
Edward Girard -
Extracting OBJECTGUID using DBMS_LDAP package
Hi,
My final goal of this exercise is to search a LDAP for an objectGUID and get the sAMAccountName of the user.
But to get the things started I'm trying the easier way and doing the reverse..
But when I extract objectGUID by searching for sAMAccountName in LDAP - I get the objectguid in the following two formats.
1. utl.cast_to_raw(substr(temp_vals(i),1,200)): 7E0C3F3F3F3F3F31333F783F
2. substr(temp_vals(i),1,200) : ~ ?????13?x?
But I would like to extract the GUID in the escaped format \7e\0c\3f\3f.................... format and which is 48 characters long. Can someone point me in the right direction as to how I can achieve my result both ways.??
Thanks in Advance
Any Pointers will be appreciated!!Thanks Justin and Billy for your replies..
Here is the code I'm using. As mentioned earlier I would like to obtain my results in escaped format e.g. (\a6\53\6d\40\03\e6\83\45\ae\9a\32\a5\95\6b\e8\f1)
This is because a third party application stores user id's in the above format and I would like to join my retrieved results from LDAP with it. Once I achieve this I would also like to do the reverse i.e. pass the escaped values and retrieve the user information from LDAP.
Currently when I pass sAMAccountName, I do get the following formats based on what function I use.
1. (SUBSTR(temp_vals(i), 1, 200) -> Results in ~ ?????13?x?
2. utl_raw.cast_to_raw(SUBSTR(temp_vals(i), 1, 200)) -> Results in 7E0C3F3F3F3F3F31333F78EF
I simply cannot escape the values given in step two because I believe both are in different format as binary, raw string etc..
Please let me know if this is achievable ??
CREATE OR REPLACE PROCEDURE "Schema"."LDAP_PROC" IS
ldap_host VARCHAR2(512); -- The LDAP Directory Host
ldap_port VARCHAR2(512); -- The LDAP Directory Port
ldap_user VARCHAR2(512); -- The LDAP Directory User
ldap_guid VARCHAR2(512); -- To store the GUID
ldap_passwd VARCHAR2(512); -- The LDAP Directory Password
ldap_baseDN VARCHAR2(512); -- The starting (base) DN
retval PLS_INTEGER; -- Used for all API return values.
my_session DBMS_LDAP.SESSION; -- Used to store our LDAP Session
res_attrs DBMS_LDAP.STRING_COLLECTION; -- A String Collection used
-- to specify which
-- attributes to return
-- from the search.
-- attribute.
search_filter VARCHAR2(512); -- A simple character string used to
-- store the filter (criteria) for
-- the search.
res_message DBMS_LDAP.MESSAGE; -- Used to store the message
-- (results) of the search.
temp_entry DBMS_LDAP.MESSAGE; -- Used to store entries retrieved
-- from the LDAP search to print
-- out at a later time.
entry_index PLS_INTEGER; -- Used as a counter while looping
-- through each entry. As we
-- retrieve an entry from the LDAP
-- directory, we increase the
-- counter by one.
temp_dn VARCHAR2(512); -- After each entry is retrieved
-- from the LDAP directory (from
-- the search), we want to use
-- this variable to extract, store
-- and print out the DN for each
-- entry.
temp_attr_name VARCHAR2(512); -- After retrieving an entry from
-- LDAP directory, we will want to
-- walk through all of the
-- returned attributes. This
-- variable will be used to store
-- each attribute name as we loop
-- through them.
temp_ber_elmt DBMS_LDAP.BER_ELEMENT;
attr_index PLS_INTEGER; -- Used as a counter variable for
-- each entry returned for each
-- entry.
temp_vals DBMS_LDAP.STRING_COLLECTION; -- Used to extract, store,
-- temp_vals DBMS_LDAP.BINVAL_COLLECTION; -- and print each of the
-- values from each
-- attribute.
BEGIN
DBMS_OUTPUT.ENABLE(1000000);
retval := -1;
ldap_host := 'LDAP_Server_name';
ldap_port := '389';
ldap_user := 'Username';
ldap_passwd := 'Password';
ldap_baseDN := 'DC=XXX,DC=XX,DC=XX';
-- Print out variables.
DBMS_OUTPUT.PUT_LINE('DBMS_LDAP Search Example');
DBMS_OUTPUT.PUT_LINE('-----------------------------------------------------------------------');
DBMS_OUTPUT.PUT_LINE(RPAD('LDAP Host ', 25, ' ') || ': ' || ldap_host);
DBMS_OUTPUT.PUT_LINE(RPAD('LDAP Port ', 25, ' ') || ': ' || ldap_port);
DBMS_OUTPUT.PUT_LINE(RPAD('LDAP User ', 25, ' ') || ': ' || ldap_user);
DBMS_OUTPUT.PUT_LINE(RPAD('LDAP Base ', 25, ' ') || ': ' || ldap_baseDN);
DBMS_LDAP.USE_EXCEPTION := TRUE;
-- Obtain an LDAP session. The init() function initializes a session with an
-- LDAP server. This actually establishes a connection with the LDAP server
-- and returns a handle to the session which can be used for further
-- calls into the API.
my_session := DBMS_LDAP.INIT(ldap_host, ldap_port);
DBMS_OUTPUT.PUT_LINE (
RPAD('LDAP Session ', 25, ' ') || ': ' ||
RAWTOHEX(SUBSTR(my_session, 1, 16)) ||
' - (returned from init)'
-- Bind to the directory. The function simple_bind_s can be used to perform
-- simple username/password based authentication to the directory server.
-- The username is a directory distinguished name. This function can be
-- called only after a valid LDAP session handle is obtained from a call to
-- DBMS_LDAP.init(). If the connection was successful, it will return:
-- DBMS_LDAP.SUCCESS. This function can raise the following exceptions:
-- invalid_session : Raised if the session handle ld is invalid.
-- general_error : For all other errors. The error string associated
-- with this exception will explain the error in
-- detail.
retval := DBMS_LDAP.SIMPLE_BIND_S(my_session, ldap_user, ldap_passwd);
DBMS_OUTPUT.PUT_LINE(
RPAD('simple_bind_s Returned ', 25, ' ') || ': '|| TO_CHAR(retval)
-- Before actually performing the sort, I want to setup the attributes I
-- would like returned. To do this, I declared a "String Collection" that
-- will be used to store all of the attributes I would like returned.
-- If I wanted to return all attributes, I would specify:
-- res_attrs(1) := '*';
-- If I wanted multiple (specified) attributes, I would specify:
-- res_attrs(1) := 'cn';
-- res_attrs(2) := 'loginShell';
--res_attrs(1) := 'uid';
-- res_attrs(2) := 'cn';
res_attrs(1) := 'objectGUID';
-- res_attrs(2) := 'sAMAccountName';
-- Finally, before performing the actual search, I want to specify the
-- criteria I want to search on. This will be passed as the "filter"
-- parameter to the actual search.
-- If you wanted all of the entries in the directory to be returned,
-- you could simply specify:
-- search_filter := 'objectclass=*';
-- You could also refine your search my specify a criteria like the
-- following:
-- search_filter := 'cn=*Hunter*';
search_filter := 'sAMAccountName=*282618726*';
-- Finally, let's issue the search. The function search_s performs a
-- synchronous search in the LDAP server. It returns control to the PL/SQL
-- environment only after all of the search results have been sent by the
-- server or if the search request is 'timed-out' by the server.
-- Let's first explain some of the incoming parameters:
-- ld : A valid LDAP session handle.
-- base : The dn of the entry at which to start the search.
-- scope : One of SCOPE_BASE (0x00)
-- SCOPE_ONELEVEL (0x01)
-- SCOPE_SUBTREE (0x02)
-- indicating the scope of the search.
-- filter : A character string representing the search filter. The
-- value NULL can be passed to indicate that the filter
-- "(objectclass=*)" which matches all entries is to be
-- used.
-- attrs : A collection of strings indicating which attributes to
-- return for each matching entry. Passing NULL for this
-- parameter causes all available user attributes to be
-- retrieved. The special constant string NO_ATTRS ("1.1")
-- MAY be used as the only string in the array to indicate
-- that no attribute types are to be returned by the server.
-- The special constant string ALL_USER_ATTRS ("*") can be
-- used in the attrs array along with the names of some
-- operational attributes to indicate that all user
-- attributes plus the listed operational attributes are to
-- be returned.
-- attronly : A boolean value that MUST be zero if both attribute types
-- and values are to be returned, and non-zero if only types
-- are wanted.
-- res : This is a result parameter which will contain the results
-- of the search upon completion of the call. If no results
-- are returned, res is set to NULL.
-- Now let's look at the two output parameters:
-- PLS_INTEGER
-- (function return) : DBMS_LDAP.SUCCESS if the search operation
-- succeeded. An exception is raised in all other
-- cases.
-- res (OUT parameter) : If the search succeeded and there are entries,
-- this parameter is set to a NON-NULL value
-- which can be used to iterate through the
-- result set.
retval := DBMS_LDAP.SEARCH_S(
ld => my_session
, base => ldap_baseDN
, scope => DBMS_LDAP.SCOPE_SUBTREE
, filter => search_filter
, attrs => res_attrs
, attronly => 0
, res => res_message
DBMS_OUTPUT.PUT_LINE(
RPAD('search_s Returned ', 25, ' ') || ': ' || TO_CHAR(retval)
DBMS_OUTPUT.PUT_LINE (
RPAD('LDAP Message ', 25, ' ') || ': ' ||
RAWTOHEX(SUBSTR(res_message, 1, 16)) ||
' - (returned from search_s)'
-- After the search is performed, the API stores the count of the number of
-- entries returned.
retval := DBMS_LDAP.COUNT_ENTRIES(my_session, res_message);
DBMS_OUTPUT.PUT_LINE(
RPAD('Number of Entries ', 25, ' ') || ': ' || TO_CHAR(retval)
DBMS_OUTPUT.PUT_LINE('-----------------------------------------------------------------------');
-- Retrieve the first entry.
temp_entry := DBMS_LDAP.FIRST_ENTRY(my_session, res_message);
entry_index := 1;
-- Loop through each of the entries one by one.
WHILE temp_entry IS NOT NULL LOOP
-- Print out the current entry.
temp_dn := DBMS_LDAP.GET_DN(my_session, temp_entry);
DBMS_OUTPUT.PUT_LINE (' dn: ' || temp_dn);
temp_attr_name := DBMS_LDAP.FIRST_ATTRIBUTE(
my_session
, temp_entry
, temp_ber_elmt
attr_index := 1;
WHILE temp_attr_name IS NOT NULL LOOP
temp_vals := DBMS_LDAP.GET_VALUES(my_session, temp_entry, temp_attr_name);
IF temp_vals.COUNT > 0 THEN
FOR i IN temp_vals.FIRST..temp_vals.LAST LOOP
DBMS_OUTPUT.PUT_LINE(
RPAD(' ' || temp_attr_name, 25, ' ') ||
': ' ||(SUBSTR(temp_vals(i), 1, 200)
-- (SUBSTR(temp_vals(i), 1, 200) -> Results in ~ ?????13?x?
--utl_raw.cast_to_raw(SUBSTR(temp_vals(i), 1, 200)) -> Results in 7E0C3F3F3F3F3F31333F78EF
--BUT i WOULD LIKE TO GET MY RESULTS BACK IN THE FOLLOWING FORMAT
--\a6\53\6d\40\03\e6\83\45\ae\9a\32\a5\95\6b\e8\f1
--The format given above is an example only...
END LOOP;
END IF;
temp_attr_name := DBMS_LDAP.NEXT_ATTRIBUTE( my_session
, temp_entry
, temp_ber_elmt);
attr_index := attr_index + 1;
END LOOP;
temp_entry := DBMS_LDAP.NEXT_ENTRY(my_session, temp_entry);
DBMS_OUTPUT.PUT_LINE('=======================================================================');
entry_index := entry_index + 1;
END LOOP;
-- Unbind from the directory
retval := DBMS_LDAP.UNBIND_S(my_session);
DBMS_OUTPUT.PUT_LINE(RPAD(
'unbind_res Returned ', 25, ' ') || ': ' ||
TO_CHAR(retval)
-- Handle Exceptions
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('');
DBMS_OUTPUT.PUT_LINE('-----------------------------------------------------------------------');
DBMS_OUTPUT.PUT_LINE('Exception Encountered');
DBMS_OUTPUT.PUT_LINE('-----------------------------------------------------------------------');
DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
DBMS_OUTPUT.PUT_LINE(' Exiting.');
END;
END LOOP;
END IF;
temp_attr_name := DBMS_LDAP.NEXT_ATTRIBUTE( my_session
, temp_entry
, temp_ber_elmt);
attr_index := attr_index + 1;
END LOOP;
temp_entry := DBMS_LDAP.NEXT_ENTRY(my_session, temp_entry);
DBMS_OUTPUT.PUT_LINE('=======================================================================');
entry_index := entry_index + 1;
END LOOP;
-- Unbind from the directory
retval := DBMS_LDAP.UNBIND_S(my_session);
DBMS_OUTPUT.PUT_LINE(RPAD(
'unbind_res Returned ', 25, ' ') || ': ' ||
TO_CHAR(retval)
-- Handle Exceptions
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('');
DBMS_OUTPUT.PUT_LINE('-----------------------------------------------------------------------');
DBMS_OUTPUT.PUT_LINE('Exception Encountered');
DBMS_OUTPUT.PUT_LINE('-----------------------------------------------------------------------');
DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
DBMS_OUTPUT.PUT_LINE(' Exiting.');
END; -
Will DBMS_LDAP package works when SSL is enabled?
I am trying to retrieve user name stored in MSAD using DBMS_LAP package. So i just want to know will the same will work if SSL is enabled?
I personally don't know, but Google seems to.
-
Please help with assigning user to a group in AD using dbms_ldap
Dear gurus of Apex and LDAP!
Please help me a bit.
I managed to create any user in AD from Apex using dbms_ldap package and set many of his attributes. But I cannot set that my user belongs to specific group, let's say MY_GROUP. I guess the name of attribute for group is 'member' or 'memberOf', so I tried them both in the same way as I've done for other attributes:
v_vals(1) := 'MY_GROUP';
DBMS_LDAP.populate_mod_array(v_array, DBMS_LDAP.MOD_ADD, 'member', v_vals);
I've got LDAP client/server error: CONSTRAINT violation. 000020B5: AtrErr: DSID-031516FC, #1: 0: 000020B5:
DSID-031516FC, problem 1005 (CONSTRAINT_ATT_TYPE), DATA 0, Att 1f (MEMBER)
v_vals(1) := 'MY_GROUP';
DBMS_LDAP.populate_mod_array(v_array, DBMS_LDAP.MOD_ADD, 'memberOf', v_vals);
I've got LDAP client/server error: DSA IS unwilling TO perform. 0000209A: SvcErr: DSID-031A0929, problem 5003 (WILL_NOT_PERFORM), DATA 0
After that I've tried to extend group name to string, which is shown in LDAP browser for attribute 'memberOf' (when I've added it manualy):
v_vals(1) := 'CN=MY_GROUP,OU=GROUPS,OU=Allianz,DC=allianz,DC=com';
DBMS_LDAP.populate_mod_array(v_array, DBMS_LDAP.MOD_ADD, 'member', v_vals);
I've got LDAP client/server error: OBJECT CLASS violation. 0000207D: UpdErr: DSID-03150913, problem 6002 (OBJ_CLASS_VIOLATION), DATA 0
v_vals(1) := 'CN=MY_GROUP,OU=GROUPS,OU=Allianz,DC=allianz,DC=com';
DBMS_LDAP.populate_mod_array(v_array, DBMS_LDAP.MOD_ADD, 'memberOf', v_vals);
LDAP client/server error: DSA IS unwilling TO perform. 0000209A: SvcErr: DSID-031A0929, problem 5003 (WILL_NOT_PERFORM), DATA 0
I've also tried some other variants (without 'CN=' and without 'OU=GROUPS,OU=Allianz'), but still no success.
Search of this forum and even google didn't help either :(
Please, help me to find the correct syntax for it or tell me if it's not possible.
Thanx in advance,
VladimirVladimir ,
firstly the attributes member and memberOf are special attributes in AD having a set of predefined values. Hence an error will be thrown if you try to assign them values like 'MY_GROUP'. There are two basic solutions to this problem : Either you define an OU in your AD which will act as your 'MY_GROUP'. This is a quick fix solution and is not robust at all. The other solution is to add your own property in the tree , something like 'roleCode', you can then assign it any value you want.
But the problem now is, AD does not allow addition of new attributes in the structure. You have to use ADAM in for this and you can specify a common linking mechanism between AD and ADAM now such as email address can act as the link between both the directories.
Hope this helps
Shantanu -
Dbms_ldap ORA-31203: DBMS_LDAP: PL/SQL - Init Failed ( 9i rel. 9.2.0.1.0)
Hi,
I have a strange behaviour with the package dbms_ldap. I work with Oracle 9i, rel. 9.2.0.1.0 .
I have the hostname xxxx.yy .
The ping gives me this IP number:
H:\sql>ping xxxx.yy
Ping xxxx.yy [10.159.29.41] mit 32 Bytes Daten:
Antwort von 10.159.29.41: Bytes=32 Zeit=5ms TTL=125
When I use the softerra ldap browser 2.6, I can specify as host: xxxx.yy and I receive the answer with no problem.
But when I use the dbms_ldap package, this hostname fails.
SQL> @search;
DBMS_LDAP Search Example to directory ..
LDAP Host : xxxx.yy
LDAP Port : 389
Error code : -31203
Error Message : ORA-31203: DBMS_LDAP: PL/SQL - Init Failed.
Exception encountered .. exiting
But when I use the IP adress instead of the hostname, all works fine.
SQL> @search;
DBMS_LDAP Search Example to directory ..
LDAP Host : 10.159.29.41
LDAP Port : 389
Ldap session : A88E6340(returned from init)
simple_bind_s Returns : 0
search_s Returns : 0
LDAP message : 08866340(returned from search_s)
Number of Entries : 1
dn: CN=aaaaaa,OU=9.4,OU=9,OU=Central Administration,OU=xxxx.yy,DC=xxxx,DC=yy
cn : aaaaaa
displayName : ....., .....
givenName : .....
sn : .....
===================================================
unbind_res Returns : 0
Directory operation Successful .. exiting
NB. when I use another hostname: zzzzz.xxxx.yy having the same IP address, also all works fine.
H:\sql>ping zzzzz.xxxx.yy
Ping zzzzz.xxxx.yy [10.159.29.41] mit 32 Bytes Daten:
Antwort von 10.159.29.41: Bytes=32 Zeit=5ms TTL=125
SQL> @search;
DBMS_LDAP Search Example to directory ..
LDAP Host : zzzzz.xxxx.yy
LDAP Port : 389
Ldap session : A88E6340(returned from init)
simple_bind_s Returns : 0
search_s Returns : 0
LDAP message : 08866340(returned from search_s)
Number of Entries : 1
dn: CN=aaaaaa,OU=9.4,OU=9,OU=Central Administration,OU=xxxx.yy,DC=xxxx,DC=yy
cn : aaaaaa
displayName : ....., .....
givenName : .....
sn : ......
===================================================
unbind_res Returns : 0
Directory operation Successful .. exiting
Is there a possibility to overcome this problem?
ThanksProblem solved - (Problem gelöst :)
using 9i rel.9.2.0.7 all works fine
Oracle9i Enterprise Edition Release 9.2.0.7.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.7.0 - Production
DBMS_LDAP Search Example to directory ..
LDAP Host : xxxx.yy
LDAP Port : 389
Ldap session : 00000001(returned from init)
simple_bind_s Returns : 0
search_s Returns : 0
LDAP message : 00000001(returned from search_s)
Number of Entries : 1
dn: CN=aaaaaa,OU=9.4,OU=9,OU=Central Administration,OU=xxxx.yy,DC=xxxx,DC=yy
...... -
Hi there
I have the following problem. I have a simple function which uses DBMS_LDAP package. For testing purposes, when I call the function from sql*plus or sqldeveloper, it works fine and I can authenticate the user in AD. However, when using the same function call in Apex, the screen 'freezes' for about a minute and returns 'IE cannot display page' message. It looks like getting time out. Is this a network/firewall issue? Is Apex using some kind of proxy and cannot establiss LDAP session? Your help is really appresiated much.
thanks, EdJoel
thank you for clarification. Really appreciate your help. I was able to get the list. Here is the procedure. The line that fails is highlighed. Basically it can't initialize the session on AD server...
declare
p_username varchar2(25):='test';
p_password varchar2(25):='test';
l_user varchar2(256);
l_ldap_server varchar2(256) := 'AD host';
l_domain varchar2(256) := 'domain';
l_ldap_port number := 389;
l_retval pls_integer;
l_session dbms_ldap.session;
l_cnt number;
begin
-- l_retval := dbms_ldap.unbind_s( l_session );
l_user := p_username||'@'||l_domain;
* l_session := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session*
l_retval := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user
l_retval := dbms_ldap.unbind_s( l_session ); -- unbind
dbms_output.put_line( 'yes');
exception when others then
dbms_output.put_line( 'no');
raise_application_error(-20101, 'invalid user');
end;
thanks, Ed -
Retrieve LDAP data in Chunks using DBMS_LDAP
Need help in getting the LDAP data in Chunks using the DBMS_LDAP. The reason being i have over 8000 records in the AD and it is configured that i cannot retrieve more than 1000 at a stretch.
The AD administrator had given me an option of fetching it based on the pagesize which they use on AD.
Dim DirSearcher As New DirectorySearcher()
DirSearcher.SearchRoot = New DirectoryEntry("LDAP://" & System.Environment.UserDomainName)
DirSearcher.Filter = "(&(objectclass=user)(objectcategory=person))"
DirSearcher.PageSize = 1000
Can we have something like this done in the DBMS_LDAP package to fetch the records in AD in chunks of 1000 records?
version details
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
PL/SQL Release 10.2.0.4.0 - Productionif there are more than 1000 entries which starts with a character, how will this solution work?You would have to incorporate one more loop (and so on, in case it still errors out):
for c in ascii ('a') .. ascii ('z')
loop
for d in ascii ('a') .. ascii ('z')
loop
l_retval :=
dbms_ldap.search_s (ld => ld
base => base,
scope => dbms_ldap.scope_subtree,
filter => '(&(objectCategory=person)(objectClass=user)(sAMAccountName=' || chr (c) || chr(d) || '*))',
attrs => attrs,
attronly => 0,
res => res
end loop;
end loop;
...Not nice I know, but it seems to be the only way to avoid »ORA-31202: DBMS_LDAP: LDAP client/server error: Sizelimit exceeded«. -
Hello everyone.
I am using the DBMS_LDAP package to connect to a Windows 2000 Server running Active Directory as the LDAP directory. I have set up the Oracle Wallet manager, and I can successfully connect to the LDAP directory...however, the code which opens the ssl connection executes extremely slowly. That is, when I step through my function (using TOAD debugger), the PL/SQL code
ldap_retval := dbms_ldap.open_ssl(<parameters here>)
takes about 2 minutes to run, then I am able to continue.
Does anyone have any suggestions as to what I can do to remedy this? The database is running on an HP-9000 system running HP-UX.
Thanks for any help,
TonyHello everyone.
I am using the DBMS_LDAP package to connect to a Windows 2000 Server running Active Directory as the LDAP directory. I have set up the Oracle Wallet manager, and I can successfully connect to the LDAP directory...however, the code which opens the ssl connection executes extremely slowly. That is, when I step through my function (using TOAD debugger), the PL/SQL code
ldap_retval := dbms_ldap.open_ssl(<parameters here>)
takes about 2 minutes to run, then I am able to continue.
Does anyone have any suggestions as to what I can do to remedy this? The database is running on an HP-9000 system running HP-UX.
Thanks for any help,
Tony -
Hi All
I am using DBMS_LDAP package to connect to an LDAP server and authenticate a user.
I am trying to find out if there is any way that i can find out if an user is already logged into the LDAP server.
say i have an user_id I want to find out if he is logged in to the server i mean already authenticated.
Is this possible using DBMS_LDAP?
Regards,
G.Is this possible using DBMS_LDAP?No.
LDAP serves as an authentication protocol - it is not designed and cannot keep track of active authenticated sessions. So it is not a question of whether DBMS_LDAP supports it, it is a fundamental "+impossible, not designed for it+" from an actual LDAP protocol specification.
Question - why would you want to now if there is an existing authenticated session for the user? What business requirement are you attempting to satisfy by determining that? -
DBMS_LDAP adding user to security group on Active Directory
Hi forum members,
I am accessing and manipulating Active Directory using the DBMS_LDAP package and its API's.
My initial code is to add a new entry in our MUsers group.After establishing the session and binding it , I supply the required credentials and the user , ex: 366944 is created successfully in the MUsers group which is a global users group.
My package then calls another function to now add the same user to the MGroups group and under that the Researcher security group.
When I do a search on the "Researcher" group this is the result : (I have deleted a few irrelevant entries)
ATTIBUTE_NAME: objectClass = top
ATTIBUTE_NAME: objectClass = group
ATTIBUTE_NAME: cn = Researcher
ATTIBUTE_NAME: member = CN=3,OU=MUsers,DC=xxx,DC=yyy
ATTIBUTE_NAME: member = CN=2,OU=MUsers,DC=xxx,DC=yyy
ATTIBUTE_NAME: member = CN=1,OU=MUsers,DC=xxx,DC=yyy
ATTIBUTE_NAME: distinguishedName =
CN=Researcher,OU=MGroups,DC=xxx,DC=yyy
ATTIBUTE_NAME: instanceType = 4
ATTIBUTE_NAME: whenCreated = 20100315150614.0Z
ATTIBUTE_NAME: whenChanged = 20100322172413.0Z
ATTIBUTE_NAME: uSNCreated = 97190
ATTIBUTE_NAME: uSNChanged = 102960
ATTIBUTE_NAME: name = Researcher
ATTIBUTE_NAME: objectGUID = ?P??|F?
?Q?'
ATTIBUTE_NAME: objectSid =
ATTIBUTE_NAME: sAMAccountName = $1B1000-EVVA2O0MRRBE
ATTIBUTE_NAME: sAMAccountType = 268435456
ATTIBUTE_NAME: groupType = -2147483646
ATTIBUTE_NAME: objectCategory =
CN=Group,CN=Schema,CN=Configuration,DC=xxx,DC=yyy
My add_in_group function is : (I am hardcoding certain values for simplicity)
FUNCTION add_in_group
(ldap_session dbms_ldap.SESSION
RETURN PLS_INTEGER
IS
lv_vals dbms_ldap.string_collection;
lv_array dbms_ldap.mod_array;
ln_retval PLS_INTEGER;
l_group VARCHAR2(256);
BEGIN
-- Initialize the varray for the modify command
lv_array := dbms_ldap.create_mod_array(10);
IF lv_array = NULL THEN
dbms_output.put_line('Error add_in_group: lv_array not initialized.');
NULL;
END IF;
dbms_output.put_line ('lv_array successfully initialized');
-- Populate the varray
lv_vals(1) := 'CN=366944,OU=MUsers,DC=xxx,DC=yyy';
dbms_ldap.populate_mod_array(lv_array,DBMS_LDAP.MOD_ADD,'member',lv_vals);
--Populate the object class variables
lv_vals(1) := 'group';
BEGIN
DBMS_LDAP.populate_mod_array(lv_array,DBMS_LDAP.MOD_ADD,'objectclass',lv_vals);
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('Populating object classes failed');
END;
--BEGIN
-- Group Modification
l_group := 'cn=Researcher,OU=Mgroups,DC=xxx,DC=yyy';
BEGIN
ln_retval := dbms_ldap.modify_s(ldap_session, l_group, lv_array);
--EXCEPTION
--WHEN OTHERS THEN
--dbms_output.put_line ('Error in modify_s ');
END;
-- Free the varray
dbms_ldap.free_mod_array(lv_array);
RETURN ln_retval;
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line('add_in_group : '|| SQLCODE||' '||SQLERRM);
RETURN -1 ;
END add_in_group;
My error is :
ORA-31202: DBMS_LDAP: LDAP client/server error: Already exists. 00000562:
UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0
The error descriptions reads like this :
Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists.
In this case , I am using the modify_s operation.I am supplying the credentials of the researcher group and trying to set the 'member' attribute as the user already existing in a diff group(MUsers).
The researcher group already has 3 uers , namely ,1,2 and 3 as members . These users are also part of MUsers group.
Hence I am not trying to rename any entry to the name of an entry that already exists.
Any help on this would be appreciated.Hi,
I tried the same code that you have mentioned and did some changes as follows and now able to add members to a group.
remove the section that contains the following commands, then it will work
h5. lv_vals(1) := 'group';
h5. DBMS_LDAP.populate_mod_array(lv_array,DBMS_LDAP.MOD_ADD,'objectclass',lv_vals);
Thanks & Best Regards,
Indika -
Hi there!
Would it be possible to implement the DBMS_LDAP-Package on a 8.1.6 Database? (it comes up with 8.1.7 officially)
thx!
sincerely
okAlthough the API was available with 8.1.6 it was not advertised as available until 8.1.7
I am unsure what conclusion to draw from this yet. -
I use DBMS_LDAP package to modify entries on LDAP server. However , the connections between Oracle server & LDAP server is stuck in CLOSE_WAIT status. I cannot close connections . I don't know it is the bug when install oracle 9i on Solaris/sparc plaform
Pls help us.
Thank alot
BestRegardsI use DBMS_LDAP package to modify entries on LDAP server. However , the connections between Oracle server & LDAP server is stuck in CLOSE_WAIT status. I cannot close connections . I don't know it is the bug when install oracle 9i on Solaris/sparc plaform
Pls help us.
Thank alot
BestRegards
Maybe you are looking for
-
Error while trying to install SAP 8.8 Pl 10 Server on Windows 7
Hellow All, I am facing the problem while trying to instal the Server and Server Tool os SAP 8.8 Patch Level 10 on the windows server.It is displaying the error failed to installed:1628 error evertime I try to run the Server Instal
-
'F4IF_INT_TABLE_VALUE_REQUEST' doest not show any list for selection
hi sapiens .... i hav an issue ... i used a parameter for which F4 help was assigned using 'F4IF_INT_TABLE_VALUE_REQUEST' .... to this an internal table any return fields was given .. if v press F4 window is opening for seletion but no values in it
-
hello guys, i badly need your help. last night i was trying to udate for a new software on ios but i failed to finish updating then after a few minutes i tried updating it again but it did'nt turned out well. what appears on my iphone is that I shoul
-
When i click on filter gallary a error saying no more virtual tiles can be allocated!
Hi, when I click ion filter gallery a error pops up saying No more virtual tiles can be allocated. I am running the latest version of Photoshop cc 2014 I have 5 gigs allocated ram to Photoshop and enough space on the scratch disks. I am running windo
-
Facing problems to register my system in solman
Dear Experts, please clarefy me how can i Register my GRC system in solution manager.. i checked and tried in smsy but iam facing some problems inthis so please let me the process or steps for to register my GRC in sap Regards