Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get LDAP user list using PLSQL

Tags:

oracle

active-directory

ldap

plsql

One of the new requirements for our database application is to synchronize the contents of the user table with the users in Active Directory. So basically I need to connect to the Active Directory server and retrieve a list of user names, from within a plsql procedure.

What I have achieved so far is connect to the active directory server, using my own credentials, and query some attributes.

Example:

ldap_password := '****';
ldap_user     := 'cn=me,OU=Users,OU=mygroup,DC=mytown,DC=mycompany,DC=com';
ldap_base     := 'OU=Users,OU=mygroup,DC=mytown,DC=mycompany,DC=com';
search_filter := '(&(objectClass=Person)!((sn=him)(cn=me)))';
res_attrs(1)  := 'displayName';
res_attrs(2)  := 'cn';
res_attrs(3)  := 'telephoneNumber';

It seems I can only query my own attributes or somebody else's if I already know who that someone else is.

  • How do I get a list of usernames?
  • Is this possible using any account or does this require an account with the proper privileges?
like image 596
Rene Avatar asked Nov 08 '10 12:11

Rene

People also ask

What is Dbms_ldap?

The DBMS_LDAP package is a PL/SQL API to enable programatic searches and modifications of data within LDAP directories.

How can I see all users in Oracle 11g?

You can find all users created in Oracle by running a query from a command prompt. The user information is stored in various system tables - ALL_USERS and DBA_USERS, depending on what user information you wish to retrieve.

2 Answers

I got my script working. The scope setting prevented me from seeing all data. DBMS_LDAP.SCOPE_SUBTREE

like image 114
Rene Avatar answered Sep 28 '22 11:09

Rene

Rene, You can do all searched in Active directory via Oracle's LDAP components that it seems you have already touched upon. While I am no expert on LDAP/AD, I believe that you may need rights to perform these actions or better yet get an ID/Password created that has the rights (this way you can keep your id/psw out of the system and allow either an unexpiring pswrd or pswrd that is supported by the AD administrators. I know that I have always had full query access to AD, not sure if that is how I am set up or out-of-the-box functionality.

But look @ this site http://www.oracle-base.com/articles/9i/LDAPFromPLSQL9i.php

as the article demonstrates, I would recommend paring back your searchFilter (get more then whittle it down until it suits your needs)

l_attrs(1) := '*'; -- retrieve all attributes
l_retval :=
    DBMS_LDAP.search_s(ld       => l_session,
                       base     => l_ldap_base,
                       scope    => DBMS_LDAP.SCOPE_SUBTREE,
                       filter   => 'objectclass=*',
                       attrs    => l_attrs,
                       attronly => 0,
                       res      => l_message);
like image 25
Harrison Avatar answered Sep 28 '22 12:09

Harrison
Sign in to Comment

Related questions

How to create a check constraint between two columns in SQL?
Adding redudant join conditions in Oracle results in a different plan
Disable Hibernate auto update on flush on read only synonyms
How can I connect to an Oracle database from Ant using the tnsname?
Oracle NUMBER Comparisons
READ COMMITTED database isolation level in oracle
DevArt's dotConnect for Oracle vs DataDirect's ADO.NET data provider
Oracle.Dataaccess error ORA-06502: PL/SQL: numeric or value error: character string buffer too small
ORA-30483: window functions are not allowed here
Oracle Timestamp: extract full hour
How to use TKPROF utility along with syntax and parameters?
Oracle Blobs - store size or calculate?
Using CASE Statements in LEFT OUTER JOIN in SQL
How do I get every nth row in a table, or how do I break up a subset of a table into sets or rows of equal size?
Can compilation of several Oracle Pl/SQL package be an atomic operation?
view with parameters?
are there any ways to reverse engineer Oracle trigger or sort of decompile it?
How can I debug an oracle stored procedure from a .net web app?
GetOracleDecimal Memory Leak
Join a cursor or record set in oracle

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!