You can use APEX_LDAP to perform various operations related to Lightweight Directory Access Protocol (LDAP) authentication.
Topics in this section include:
The AUTHENTICATE function returns a boolean true if the user name and password can be used to perform a SIMPLE_BIND_S, call using the provided search base, host, and port.
APEX_LDAP.AUTHENTICATE(
p_username IN VARCHAR2 DEFAULT NULL,
p_password IN VARCHAR2 DEFAULT NULL,
p_search_base IN VARCHAR2,
p_host IN VARCHAR2,
p_port IN VARCHAR2 DEFAULT 389)
RETURN BOOLEAN;
Table 6-1 describes the parameters available in the AUTHENTICATE function.
Table 6-1 AUTHENTICATE Parameters
| Parameter | Description |
|---|---|
|
|
Login name of the user. |
|
|
Password for |
|
|
LDAP search base, for example, |
|
|
LDAP server host name. |
|
|
LDAP server port number. |
The following example demostrates how to use the APEX_LDAP.AUTHENTICATE function to verify user credentials against an LDAP Server.
IF APEX_LDAP.AUTHENTICATE(
p_username =>'firstname.lastname',
p_password =>'abcdef',
p_search_base => 'cn=user,l=amer,dc=my_company,dc=com',
p_host => 'our_ldap_sever.my_company.com',
p_port => 389) THEN
dbms_output.put_line('authenticated');
ELSE
dbms_output.put_line('authentication failed');
END IF;
The GET_ALL_USER_ATTRIBUTES procedure returns two OUT arrays of user_attribute names and values for the user name designated by p_username (with password if required) using the provided auth base, host, and port.
APEX_LDAP.GET_ALL_USER_ATTRIBUTES(
p_username IN VARCHAR2 DEFAULT NULL,
p_pass IN VARCHAR2 DEFAULT NULL,
p_auth_base IN VARCHAR2 DEFAULT NULL,
p_host IN VARCHAR2,
p_port IN VARCHAR2 DEFAULT 389,
p_attributes OUT wwv_flow_global.vc_arr2,
p_attribute_values OUT wwv_flow_global.vc_arr2);
Table 6-2 describes the parameters for the GET_ALL_USER_ATTRIBUTES procedure.
Table 6-2 GET_ALL_USER_ATTRIBUTES Parameters
| Parameter | Description |
|---|---|
|
|
Login name of the user. |
|
|
Password for |
|
|
LDAP search base, for example, |
|
|
LDAP server host name. |
|
|
LDAP server port number. |
|
|
An array of attribute names returned. |
|
|
An array of values returned for each corresponding attribute name returned in p_attributes. |
The following example demonstrates how to use the APEX_LDAP.GET_ALL_USER_ATTRIBUTES procedure to retrieve all attribute value's associated to a user.
DECLARE
L_ATTRIBUTES wwv_flow_global.vc_arr2;
L_ATTRIBUTE_VALUES wwv_flow_global.vc_arr2;
BEGIN
APEX_LDAP.GET_ALL_USER_ATTRIBUTES(
p_username => 'firstname.lastname',
p_pass => 'abcdef',
p_auth_base => 'cn=user,l=amer,dc=my_company,dc=com',
p_host => 'our_ldap_sever.my_company.com',
p_port => '389',
p_attributes => L_ATTRIBUTES,
p_attribute_values => L_ATTRIBUTE_VALUES);
FOR i IN L_ATTRIBUTES.FIRST..L_ATTRIBUTES.LAST LOOP
htp.p('attribute name: '||L_ATTRIBUTES(i));
htp.p('attribute value: '||L_ATTRIBUTE_VALUES(i));
END LOOP;
END;
The GET_USER_ATTRIBUTES procedure returns an OUT array of user_attribute values for the user name designated by p_username (with password if required) corresponding to the attribute names passed in p_attributes using the provided auth base, host, and port.
APEX_LDAP.GET_USER_ATTRIBUTES(
p_username IN VARCHAR2 DEFAULT NULL,
p_pass IN VARCHAR2 DEFAULT NULL,
p_auth_base IN VARCHAR2,
p_host IN VARCHAR2,
p_port IN VARCHAR2 DEFAULT 389,
p_attributes IN wwv_flow_global.vc_arr2,
p_attribute_values OUT wwv_flow_global.vc_arr2);
Table 6-3 describes the parameters available in the GET_USER_ATTRIBUTES procedure.
Table 6-3 GET_USER_ATTRIBUTES Parameters
| Parameter | Description |
|---|---|
|
|
Login name of the user. |
|
|
Password for |
|
|
LDAP search base, for example, |
|
|
LDAP server host name. |
|
|
LDAP server port number. |
|
|
An array of attribute names for which values are to be returned. |
|
|
An array of values returned for each corresponding attribute name in |
The following example demonstrates how to use the APEX_LDAP.GET_USER_ATTRIBUTES procedure to retrieve a specific attribute value associated to a user.
DECLARE
L_ATTRIBUTES wwv_flow_global.vc_arr2;
L_ATTRIBUTE_VALUES wwv_flow_global.vc_arr2;
BEGIN
L_ATTRIBUTES(1) := 'xxxxxxxxxx'; /* name of the employee number attribute */
APEX_LDAP.GET_USER_ATTRIBUTES(
p_username => 'firstname.lastname',
p_pass => NULL,
p_auth_base => 'cn=user,l=amer,dc=my_company,dc=com',
p_host => 'our_ldap_sever.my_company.com',
p_port => '389',
p_attributes => L_ATTRIBUTES,
p_attribute_values => L_ATTRIBUTE_VALUES);
END;
The IS_MEMBER function returns a boolean true if the user named by p_username (with password if required) is a member of the group specified by the p_group and p_group_base parameters using the provided auth base, host, and port.
APEX_LDAP.IS_MEMBER(
p_username IN VARCHAR2,
p_pass IN VARCHAR2 DEFAULT NULL,
p_auth_base IN VARCHAR2,
p_host IN VARCHAR2,
p_port IN VARCHAR2 DEFAULT 389,
p_group IN VARCHAR2,
p_group_base IN VARCHAR2)
RETURN BOOLEAN;
Table 6-4 describes the parameters available in the IS_MEMBER function.
Table 6-4 IS_MEMBER Parameters
| Parameter | Description |
|---|---|
|
|
Login name of the user. |
|
|
Password for |
|
|
LDAP search base, for example, |
|
|
LDAP server host name. |
|
|
LDAP server port number. |
|
|
Name of the group to be search for membership. |
|
|
The base from which the search should be started. |
The following example demonstrates how to use the APEX_LDAP.IS_MEMBER function to verify whether a user is a member of a group against an LDAP server.
DECLARE
L_VAL boolean;
BEGIN
L_VAL := APEX_LDAP.IS_MEMBER(
p_username =>'firstname.lastname',
p_pass =>'abcdef',
p_auth_base => 'cn=user,l=amer,dc=my_company,dc=com',
p_host => 'our_ldap_sever.my_company.com',
p_port => 389,
p_group => 'group_name',
p_group_base => 'group_base');
IF L_VAL THEN
htp.p('Is a member.');
ELSE
htp.p('Not a member.');
END IF;
END;
The MEMBER_OF function returns an array of groups the user name designated by p_username (with password if required) belongs to, using the provided auth base, host, and port.
APEX_LDAP.MEMBER_OF(
p_username IN VARCHAR2 DEFAULT NULL,
p_pass IN VARCHAR2 DEFAULT NULL,
p_auth_base IN VARCHAR2,
p_host IN VARCHAR2,
p_port IN VARCHAR2 DEFAULT 389)
RETURN wwv_flow_global.vc_arr2;
Table 6-5 describes the parameters available in the MEMBER_OF function.
Table 6-5 MEMBER_OF Parameters
| Parameter | Description |
|---|---|
|
|
Login name of the user. |
|
|
Password for |
|
|
LDAP search base, for example, |
|
|
LDAP server host name. |
|
|
LDAP server port number. |
The following example demonstrates how to use the APEX_LDAP.MEMBER_OF function to retrieve all the groups designated by the specified username.
DECLARE
L_MEMBERSHIP wwv_flow_global.vc_arr2;
BEGIN
L_MEMBERSHIP := APEX_LDAP.MEMBER_OF(
p_username => 'firstname.lastname',
p_pass => 'abcdef',
p_auth_base => 'cn=user,l=amer,dc=my_company,dc=com',
p_host => 'our_ldap_sever.my_company.com',
p_port => '389');
FOR i IN L_MEMBERSHIP.FIRST..L_MEMBERSHIP.LAST LOOP
htp.p('Member of: '||L_MEMBERSHIP(i));
END LOOP;
END;
The MEMBER_OF2 function returns a VARCHAR2 colon delimited list of groups the user name designated by p_username (with password if required) belongs to, using the provided auth base, host, and port.
APEX_LDAP.MEMBER_OF2(
p_username IN VARCHAR2 DEFAULT NULL,
p_pass IN VARCHAR2 DEFAULT NULL,
p_auth_base IN VARCHAR2,
p_host IN VARCHAR2,
p_port IN VARCHAR2 DEFAULT 389)
RETURN VARCHAR2;
Table 6-6 describes the parameters available in the MEMBER_OF2 function.
Table 6-6 MEMBER_OF2 Parameters
| Parameter | Description |
|---|---|
|
|
Login name of the user. |
|
|
Password for |
|
|
LDAP search base, for example, |
|
|
LDAP server host name. |
|
|
LDAP server port number. |
The following example demonstrates how to use the APEX_LDAP.MEMBER_OF2 function to retreive all the groups designated by the specified username.
DECLARE
L_VAL varchar2(4000);
BEGIN
L_VAL := APEX_LDAP.MEMBER_OF2(
p_username => 'firstname.lastname',
p_pass => 'abcdef',
p_auth_base => 'cn=user,l=amer,dc=my_company,dc=com',
p_host => 'our_ldap_sever.my_company.com',
p_port => 389);
htp.p('Is Member of:'||L_VAL);
END;