Tags
Active Direcrory 2008, AD 2008, APEX 4.2.3, Application Express, Oracle Application Express, Oracle Virtual Directory, OVD
APEX (4.2.3) integration with OVD 11gR2 – AD2008
1. Create Access Control Lists (ACLs) Apex.
2. In order to create the appropriate ACLs for the hostname and schemas, connect to the Apex Database as system user and execute the scripts below.
a. Provide connect and resolve privileges to APEX_TEST and assign ACL for the LDAP Host.
NOTE – APEX_TEST is the schema created during the workspace creation.
b. Provide connect and resolve privileges to APEX_040200 and assign ACL for the LDAP Host
begin
dbms_network_acl_admin.create_acl (
acl => ‘ovd_ad_ldap.xml’,
description => ‘Allow ldap queries’,
principal => ‘APEX_040200’,
is_grant => TRUE,
privilege => ‘connect’
);
end;
/
begin
dbms_network_acl_admin.add_privilege (
acl => ‘ovd_ad_ldap.xml’,
principal => ‘APEX_040200’,
is_grant => TRUE,
privilege => ‘resolve’
);
end;
/
begin
dbms_network_acl_admin.assign_acl(
acl => ‘ovd_ad_ldap.xml’,
host => ‘oam.example.com’
);
end;
/
Commit
c. Provide connect and resolve privileges to APEX_TEST and assign ACL for the LDAP Host
begin
dbms_network_acl_admin.add_privilege (
acl => ‘ovd_ad_ldap.xml’,
principal => ‘APEX_TEST’,
is_grant => TRUE,
privilege => ‘connect’
);
end;
/
begin
dbms_network_acl_admin.add_privilege (
acl => ‘ovd_ad_ldap.xml’,
principal => ‘APEX_TEST’,
is_grant => TRUE,
privilege => ‘resolve’
);
end;
/
begin
dbms_network_acl_admin.assign_acl(
acl => ‘ovd_ad_ldap.xml’,
host => ‘10.176.247.18’
);
end;
/
Commit
3. Verify the ACLs created for the LDAP Host
a. Run following queries-
select host, acl from dba_network_acls where acl like ‘%ad%’;
select acl, principal, privilege,is_grant from dba_network_acl_privileges;
4. Create the Authentication Scheme in APEX
5. Login to Apex admin console using
Where:
hostname is the name of the system where Oracle HTTP Server is installed.
port is the port number assigned to Oracle HTTP Server. In a default installation, this number is 7777.
apex is the database access descriptor (DAD) defined in the mod_plsql configuration file.
6. On the Login page:
– Workspace field – Enter the name of your workspace.
– In Username – Enter your user name.
– In Password – Enter your case-sensitive password.
– Click Login to Application Express
7. Click Login to Application Express.
8. Go to Application Builder
9. Click ‘Edit’ on your application which you want to authenticate using LDAP. (e.g. Opportunity Tracker in my case)
10. Select Shared Components.
11. Select Authentication Schemes.
12. Select Based on a pre-configured scheme from the gallery, click Next.
13. Enter a Name, select Scheme Type of LDAP Directory.
14. Provide LDAP Details.
Note- The substitution string %LDAP_USER% will contain the username that you will enter in the login screen.
15. Click on Create Authentication Scheme.
16. Test the LDAP connectivity from SQL Workshop.
a. Go to SQL Workshop > SQL Commands.
b. Use the following script in SQL command window and click on Run.
DECLARE
vSession DBMS_LDAP.session;
vResult PLS_INTEGER;
BEGIN
DBMS_LDAP.use_exception := TRUE;
vSession := DBMS_LDAP.init
( hostname => ‘ad2008.example.com’
, portnum => 389
);
vResult := DBMS_LDAP.simple_bind_s
( ld => vSession
, dn => ‘cn=Administrator,cn=Users,dc=example,dc=com’
, passwd => ‘Oracle123’
);
DBMS_Output.put_line(‘User authenticated!’);
vResult := DBMS_LDAP.unbind_s(vSession);
END;
Test the Application from the Login Form
1. Go to run and click on Run for the ‘Opportunity Tracker’ Application
2. Enter the user details from OVD
3. Click on Login. Home page will be displayed after successful authentication.
4. OVD-AD Users view from LDAP Browser.