Tuesday, March 9, 2010

APEX: LDAP Authentication

I got called into a discussion about an existing APEX application. The custom LDAP functionality wasn't working as they expected.

I knew APEX had an LDAP authentication scheme (and don't know the full history of the project so I can't (won't) comment on why it wasn't used). So I fired up my local sandbox just to see how easy or hard it was. Admittedly, I have always avoided anything to do with LDAP...not sure why (plate is full?). I used this as a guide.

Anyway, it was remarkably easy.

Setup
APEX: 3.2.1
Web Server: Apache (OHS)
Database:
BANNER
----------------------------------------------------------------
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Prod
PL/SQL Release 10.2.0.3.0 - Production
CORE 10.2.0.3.0 Production
TNS for 32-bit Windows: Version 10.2.0.3.0 - Production
NLSRTL Version 10.2.0.3.0 - Production
First I fired up the web server:
C:\oracle\http\opmn\bin>opmnctl start
opmnctl: opmn started

C:\oracle\http\opmn\bin>opmnctl startproc process-type=HTTP_Server
opmnctl: starting opmn managed processes...
Opened up APEX, and created a new application. For authentication schemes I chose "No Authentication."

After I had created the application, I went into Shared Components --> Authentication Schemes --> Create

Select the default and click Next

step 1

Select "Show Login Page and Use LDAP Directory Credentials" and click Next

step 2

I've already done this so I'm selecting my current Login page, 11, click Next

step 3

Enter your LDAP Host and your DN:

step 4

Your DN String should look something like this (from article above):
cn=%LDAP_USER%,l=amer,dc=oracle,dc=com
Make sure you use the %LDAP_USER% after the cn= portion of the string.

Name it ldap_test, click Create Scheme:

step 5

You will then be redirected back to the list of Authentication Schemes, ldap_test should now be current

Fini!

To test it just run your application and login using your LDAP (AD) credentials

login

Success!

success!!

1 comment:

Anonymous said...

Its very good and helpful.
Just have one question:
We have two LDAPs (Active Directory) installed in organization?
Is it possible if we can authenticate from multiple LDAPs. Like some user from LDAP A and some from LDAP B..?

Thanks in Advance!..

Regards,

...