Dynamic LDAP settings
APEX- 2.0.0.00.49
LDAP=OID
Database-9iRelease2
We are using LDAP as our authentication schema and it is all working fine.We have defined the LDAP settings like this :-
Page SentryFunction - null
Session Verify Function -null
Authentication Function - "-LDAP-"
LDAP Host - "myhostname"
LDAP PORT - 13060
LDAP DN STRING - cn=%LDAP_USER%,cn=HTMLDB_Users,dc=XX,dc=XX,dc=XX
The problem with this design is that the ldap settings need to be specified in the authentication page itself and if the client changes their LDAP details they won't be able to change these details as we provide the application "run only'.
To solve this problem we have created a table which would store the LDAP details like hostname,port,context string etc. I have created application items for all these settings and have computations for these items to trigger on login..but I guess I am stuck in a "catch 22" situation because I need to login for my computations to fire and on the other hand I need my computations to fire so that my ldap authentication can work.
Can someone suggest a solution here ?
tks in
Hmm, looks like those values don't allow substitution strings. Try this:
Create application items APP_LDAP_HOST, APP_LDAP_PORT
Use the pre-authentication process of the authentication scheme to set these values, e.g., begin
:APP_LDAP_HOST := 'myldaphost.somewhere.com';
:APP_LDAP_PORT := '389';
end;Compile your own authentication function:create or replace function myauth(
p_username in varchar2, p_password in varchar2)
return boolean
is
begin
return htmldb_custom_auth.ldap_authenticate(
p_username => p_username,
p_password => p_password,
p_ldap_host => v('APP_LDAP_HOST'),
p_ldap_port => v('APP_LDAP_PORT'),
p_ldap_string => 'cn=%LDAP_USER%,l=amer,dc=oracle,dc=com',
p_ldap_edit_function => 'return htmldb_custom_auth.ldap_dnprep;', -- call your own function if our ldap_dnprep isn't what you need
p_owner => 'VISHAL_SCHEMA');
end;
/Take all the LDAP attributes out of the authentication scheme.
In the authentication function field type: return myauth;Scott
Similar Messages
-
Hi All,
Weblogic Server 5.1 doesn't support dynamic LDAP groups.
Our experience shows that the same problem is present with WLCS 3.11
Is the problem solved in WS 6 and WLCS 3.5?
Kind Regards,
Panu HarkonenHello J.P.,
Note that LDAP realm v2 which is the default realm in WLS 6.1 can only show
group names in the WLS admin console, not the group members (LDAP realm v1,
the same realm in previous versions of WLS servers does show group members
in admin console).
From my understanding of dynamic groups they are still conceptually similar
to a regular group, albeit its members are stored differently. So with this
understanding I don't see why WLS 6.1 LDAP realm wouldn't be able to use
dyanmic groups. You can probably run a quick test yourself to see.
Regards,
BEA WebLogic Support
"Jose Perez" <[email protected]> wrote in message
news:3c838ce2$[email protected]..
>
Hi all,
Does anyone know if weblogic 6.1 supports dynamic LDAP groups?
Thacks in advance,
J.P. -
Viewing LDAP settings on remote clients via remote server
I would like to have a look at certain settings on client computers via a remote server. It is over a relatively slow connection, so I use ssh to get to the server then I ssh into an available client. For the most part I can find the config files, but I would like to view the settings in Directory Access (where the LDAP server is specified for authentication) and have as yet not been able to find where they're hiding. Any ideas?
Thanks,
MilesPerfect! This is exactly what I was looking for. I knew it was in there somewhere.
Thanks,
Miles -
I have dynamically created a drop shadow for an mc in my
project. That's no big deal. The settings are not difficult,
either. This is the frustrating part - I cannot get the settings to
change on the fly and react to input. In this instance, I am using
a couple of equations to determine the distance between the mouse
and the mc and the resultant angle. I am trying to get the drop
shadow filter to use this data and alter its distance and angle
settings to react. So far, no dice. Any ideas?Thanks a lot, mate. That worked perfectly.
-
Can static/dynamic LDAP (not posix) groups be nested?
Does anyone here know whether the LDAP static or dynamic groups (i.e. not simple POSIX groups) can be nested inside of one another? Basically I just want to add groups to groups, but I'm not able to find out if this works (thus far it's not working for me).
PatrickGroups can be nested. Use the attribute uniquemember in the objectclass groupofuniquenames. uniquemember's value is then the dn of another Group.
Regards,
Ingo -
Dynamic LDAP Groups with WLS5.1
If I am using the Dynamic Groups feature of Netscape Directory Server
V4.1, can I use this to define a group using using the LDAP Realm.
Thanks
Ken
[kyoung.vcf]Support for dynamic groups is not supported at this time.
Paul Patrick
"Ken Young" <[email protected]> wrote in message
news:[email protected]..
If I am using the Dynamic Groups feature of Netscape Directory Server
V4.1, can I use this to define a group using using the LDAP Realm.
Thanks
Ken -
I am using Forms 5.0. I want application for dynamic font and properties changing. I want to develop a form for English and Arabic
versions. The client information should store at windows registry not in database. Does any body help.Thanks Michael,
I will investigate this. A video on the topic could be great to do; if I manage to do something with it, I will create one.
About a solution I was wondering: is it possible to update the repository during the job execution? In such a case, I could update the datastore settings in a loop. I don't know if when the job executes, it acts like a program that you compile and therefore during the execution cannot change. Do you know that? If so, would you recommend that solution?
Cheers
Anthony -
Connecting Oracle using SQL Plus in command window through LDAP settings?
Hi
Just like to know if it is possible to connect Oracle using SQL Plus with connection type as LDAP.
Generally we connect to Oracle in cmd window as
username/password@DBServiceName
Similarly is it possible to connect Oracle using SQL plus cmd window using LDAP configuration settings.
Eg:-
If my LDAP server is oid:123:456
Context is: cn=OracleContext,dc=abcdefgh,dc=com
DBService is: xyz
Regards
jcSpecify the -L command line option to SQL*Plus, i.e.:
sqlplus -L username/password@db @blah.sql
(this will prevent the second prompt for username/password if the initial login is unsuccessful for any reason, like an invalid password). -
Dynamic actions settings to mail generation
Hi
The actions are set for mali generation ,when ever personnel action happen.while testing the mail generation some actions are fine which are set in dynamic actions with out action for reasons.but some of actions are not working which are mentioned action for reason.
one case i set dynamic actions for hiring action with mentioning action reason.that time it will entered in to programing and generating mail.
but in another case i have 3-4 reason for actions that time the program will considering only action type ,its not entering into program considering action for reason.
can any body give me brief advise how to set dynamic action while action having the action reasons.
Regards,
arjunSreehari,
You can configure feature M0001 (Add MASSN/MASSG as your decision operation) and you can call this feature in the dynamic action table T588Z
Reward Points if this is helpful.
Sanghamitra
Message was edited by:
Sanghamitra11 -
Hi,
As the datastore settings do not allow any variable, how could we provide a solution where a dataflow must extract data from a table located in a datastore whose settings are read from a table?
To be concrete, the customer has a table where each record contains fields with the name of the server, the user, passowrd etc. And this table is growing from day to day.
This table must be read in a loop to perform a dataflow that points to the settings extracted.
Therefore there must be a dataflow in a loop, with a sql transformation as source for example, but the datastore pointed in this sql transformation must come from the table that contains the settings. However, the datastore cannot be a variable in the sql transformation. Then, how could we do?
Could we update on the fly (when executing the dataflow, there would be a script to do that in the loop) the repository by changing the settings of the datastore object?
I am also aware of the XML creation toolkit but if I'm not wrong this is not really an automatic action, this requires manual action, and since there are new datastores everyday it is not really a right solution here, is it?
Kind regards,
AnthonyThanks Michael,
I will investigate this. A video on the topic could be great to do; if I manage to do something with it, I will create one.
About a solution I was wondering: is it possible to update the repository during the job execution? In such a case, I could update the datastore settings in a loop. I don't know if when the job executes, it acts like a program that you compile and therefore during the execution cannot change. Do you know that? If so, would you recommend that solution?
Cheers
Anthony -
How to Append Search & Contact in LDAP Settings with CLI
hi,
i'd like to be able to send a unix command vai ARD to add several OD servers to our workstations' Search Policy and have them appear in "Authentication" and "Contacts".
i've tried the following:
/usr/bin/dscl localhost -append /Search CSPSearchPath /LDAPv3/10.10.32.78
but, i get this in return:
<main> attribute status: eDSNodeNotFound
<dscl_cmd> DS Error: -14008 (eDSNodeNotFound)
what am i missing?
thanks.you want something like this, though i'd use a fqdn instead of the ip here:
dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath
dscl localhost -merge /Search CSPSearchPath /LDAPv3/10.10.32.78
dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath
dscl localhost -merge /Contact CSPSearchPath /LDAPv3/10.10.32.78 -
Hi, I would like to have OS X do hostname lookups not just from dns and /etc/hosts but also from my ldap server. I've already gotten the connection to the ldap server established via Directory Utility, but can't find something that is equivalent to /etc/nsswitch.conf on OS X Snow Leopard. How would I configure the os to also query ldap for host names?
This might help ...
Dynamic LDAP settings
Pre-authentication process looked something like :-
declare
l_ldap_port NUMBER;
l_ldap_server varchar2(200);
l_ldap_dn_string varchar2(200);
begin
--get the ldap port number
SELECT ldap_port
INTO l_ldap_port
FROM ldap_table;
--set the session state /for LDAP PORT
htmldb_util.set_session_state('FXXX_LDAP_PORT',l_ldap_port);
--repeat for host and dn dtring
END; -
Is there a way of using a substitution or parameter for the host name? We develop on one LDAP, but run live on another, and don't want to release then edit.
So is there a way of setting the LDAP host in an authentication scheme without hard-coding it?This might help ...
Dynamic LDAP settings
Pre-authentication process looked something like :-
declare
l_ldap_port NUMBER;
l_ldap_server varchar2(200);
l_ldap_dn_string varchar2(200);
begin
--get the ldap port number
SELECT ldap_port
INTO l_ldap_port
FROM ldap_table;
--set the session state /for LDAP PORT
htmldb_util.set_session_state('FXXX_LDAP_PORT',l_ldap_port);
--repeat for host and dn dtring
END; -
Hi,
I have been trying to do some coding around - fetching members of dynamic ldap groups. In both these code snippets.. I get the same exception:
java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtx
no matter whatever i tried. Can anyone please - let me know what could be causing this exception.
Regards.
String filter = LDAPRealm.DYNAMIC_GROUP_FILTER;
String[] targets = new String[] { target, "memberUrl" };
try {
SearchControls ctls = new SearchControls();
ctls.setReturningAttributes(targets);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setReturningObjFlag(true);
NamingEnumeration e = context.search(baseDN, filter, ctls);
while(e.hasMore()) {
SearchResult res = (SearchResult)e.next();
Object searchedObject = res.getObject();
//if(searchedObject instanceof com.sun.jndi.ldap.obj.GroupOfURLs){ // dynamic group
com.sun.jndi.ldap.obj.GroupOfURLs gurls = (com.sun.jndi.ldap.obj.GroupOfURLs) searchedObject;
Principal x500principal = new X500Principal(userDN);
if (gurls.isMember(x500principal)) {
and
java.security.acl.Group obj = (java.security.acl.Group)ctx.lookup(groupDN);
Enumeration members = obj.members();
Principal member = null;
while (members.hasMoreElements()) {
member = (Principal)members.nextElement();
memberDNs.add(member.getName());
}How is this different from [your previous question|http://forums.sun.com/thread.jspa?threadID=5434523&messageID=10965220#10965220]? If it is the same queston, then please stay in the same thread.
-
Using Dynamic Groups in Ldap for Accounts and Roles
Does anyone currently use dynamic groups in LDAP for accounts and roles? I have set up a dynamic group in ldap (we are using OID Oracle internet Directory 10.1.2.0) , ldapsearch returns the correct list of unique names, but the account does not appear on my profile page when I log in to UCM (10.1.3). I cannot find any documentation so I'm asking myself if it is supported .....
Thanks tim ... will check, but Oracle are saying :
Oracle Universal Content Management - Version: 7.5.1
Information in this document applies to any platform.
Product: Content Server
Version: 6.0
Goal
Can the Content Server's LDAP provider support, or can it be configured to support, dynamic LDAP groups?
Solution
The Content Server by itself is unable to process dynamic LDAP groups since the filter that is used cannot read dynamic groups. However, dynamic groups can still work in the Content Server if the permissions for the queried user are generated on the LDAP server side. For example: Novell and Active Directory both have this functionality.
to which I have replied you suport 3rd party ldaps, but not your own? Shurely shome mishtake ..... if ldap search works in a seamless way, surely provider should too ....
Billy, you may well be right, just got a cashflow problem over here !
Maybe you are looking for
-
i have recieved a message from Apple to confirm account on my computer and would like to know if this is a scam as it when into my spam box
-
How do I get my phone out of voice control and can not scroll or use it
How do I get my phone out of voice control and can not scroll or use it?
-
can anyone explain how Credit card settlement happens from a technical point of view, I know it happens during invoice save , and how tables are copied from sales order to invoice, what is the user exit (program?) where the FPLTC table vales is copie
-
PXI 6220 - problems with the counter
Hello all, I try to make a buffered counting with counter0 of my PXI card 6220, to count the speed of a motor through a photocell and a sticker over the pulley of the motor. I have wired my photocell at PFI8 (source) and I generate a pulse train that
-
University Firewall and Video Chat
Hello!!! I got my isight about a week ago and I haven't been able to use it for video chat yet. Every time that I try I get the (popular as I found out) message "Failed to start Video Chat because: (my name) did not respond". I tried everything that