Monday, November 28, 2005
Using Active Directory in Oracle Express
A recent post on the Oracle XE forum about replacing mod_ntlm as an authentication mechanism for applications on Windows prompted me to write up a mechanism you can use to authenticate users of your application against a Microsoft Active Directory. It works as follows. You create a custom authentication function for HTMLDB this must take two parameters of specific names, and only those two parameters, and return a boolean indicating success or failure. My function merely takes the username and password supplied by the end-user and attempts a simple LDAP bind against AD. By default this will work for all AD users in your organisation and the user will be authenticated. If it fails the user won't be authenticated. The function itself can be downloaded here. A step by step guide is below:
Create a new database user U1 – I used the HTMLDB
interface for user administration.
Login as u1 and create demo application
Navigate to the sql workshop
Load the authenticate_aduser script and edit for the
domain controller hostname and your domain (in the post windows2000
format)
Run the script
You should check that the script was successful
Return to your application in application builder and
choose shared components>authentication schemes and create a new
authentication scheme from scratch.
You only need enter a name for the scheme – I used ad_auth
Click the new scheme to edit it, ensure that you enter the
authentication function as shown below.
Now change the authentication scheme to ad_auth and test
8 Comments
interface for user administration.
domain controller hostname and your domain (in the post windows2000
format)
choose shared components>authentication schemes and create a new
authentication scheme from scratch.
authentication function as shown below.
8 Comments:
Niall,
Slightly o/t but it appears that Don Burleson has confused you with Dave Litchfield:
http://dba-oracle.com/oracle_news/2005_11_29_resignation_chief_security.htm
You may want to drop Don a line so he can correct it.
Slightly o/t but it appears that Don Burleson has confused you with Dave Litchfield:
http://dba-oracle.com/oracle_news/2005_11_29_resignation_chief_security.htm
You may want to drop Don a line so he can correct it.
# posted by 
: 4:16 PM, November 29, 2005
: 4:16 PM, November 29, 2005
Hi Niall. Any recommendations on how to deal with 2 seperate ou containers?
We have an external and an internal user container.
Wildcards in the dn don't seem to work.
We have an external and an internal user container.
Wildcards in the dn don't seem to work.
Hi, how would this work under Apex 3.2.1 ? I'm having this same problem that I have to log on with:
Doe\, John
mypassword
Instead of
doej
mypassword
If I implement your solution, it's only asking for a username.
Doe\, John
mypassword
Instead of
doej
mypassword
If I implement your solution, it's only asking for a username.
Hi,
I have just used the function and method described here with APEX 3.2.1 and it works for all users in my AD domain at least. I mean, it works independently from ou.
Thanks,
Gabriele
I have just used the function and method described here with APEX 3.2.1 and it works for all users in my AD domain at least. I mean, it works independently from ou.
Thanks,
Gabriele
# posted by : 4:58 PM, December 01, 2010
: 4:58 PM, December 01, 2010
Hi,
Does this technique work with the EPG in 11g (APEX 3.2.1)? I've been trying for a week now, and can't seem to get it to work in that environment.
Thanks - Jack
Does this technique work with the EPG in 11g (APEX 3.2.1)? I've been trying for a week now, and can't seem to get it to work in that environment.
Thanks - Jack
# posted by : 3:42 PM, April 05, 2011
: 3:42 PM, April 05, 2011
I have hard time to understand when the username and the passwords are passed to the function, because you call is only
return authenticate_aduser but no value passed to,
Thanks
Daniel J.
return authenticate_aduser but no value passed to,
Thanks
Daniel J.
# posted by : 5:25 PM, August 25, 2011
: 5:25 PM, August 25, 2011
@Daniel,
There is the APEX explanation on using home made function for authentication process:
Enter a function name like this: return fn , where fn is the name of the function, qualified by schema name, package name, if required. The Application Express engine expects this function to have the signature (p_username in varchar2, p_password in varchar2) return boolean. The value of the username and password fields passed to the login API, which is called by the login page, will be passed to your function. In the login API call, which you can find on the login page's after-submit process, you can optionally specify a p_preserve_case boolean argument. Set this to true if you don't want the username converted to upper case during credentials verification and session registration.
George
Post a Comment
There is the APEX explanation on using home made function for authentication process:
Enter a function name like this: return fn , where fn is the name of the function, qualified by schema name, package name, if required. The Application Express engine expects this function to have the signature (p_username in varchar2, p_password in varchar2) return boolean. The value of the username and password fields passed to the login API, which is called by the login page, will be passed to your function. In the login API call, which you can find on the login page's after-submit process, you can optionally specify a p_preserve_case boolean argument. Set this to true if you don't want the username converted to upper case during credentials verification and session registration.
George
# posted by : 5:50 PM, August 25, 2011
: 5:50 PM, August 25, 2011
