I knew APEX had an LDAP authentication scheme (and don't know the full history of the project so I can't (won't) comment on why it wasn't used). So I fired up my local sandbox just to see how easy or hard it was. Admittedly, I have always avoided anything to do with LDAP...not sure why (plate is full?). I used this as a guide.
Anyway, it was remarkably easy.
Setup
APEX: 3.2.1
Web Server: Apache (OHS)
Database:
BANNERFirst I fired up the web server:
----------------------------------------------------------------
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Prod
PL/SQL Release 10.2.0.3.0 - Production
CORE 10.2.0.3.0 Production
TNS for 32-bit Windows: Version 10.2.0.3.0 - Production
NLSRTL Version 10.2.0.3.0 - Production
C:\oracle\http\opmn\bin>opmnctl startOpened up APEX, and created a new application. For authentication schemes I chose "No Authentication."
opmnctl: opmn started
C:\oracle\http\opmn\bin>opmnctl startproc process-type=HTTP_Server
opmnctl: starting opmn managed processes...
After I had created the application, I went into Shared Components --> Authentication Schemes --> Create
Select the default and click Next
![step 1](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiidP5OaG3ypQkrwqsaLk_8vFrbQranJglmFuGWI9QPTVYJnxVMfJp7v9haSp9aM1uKvr5g4oSXsxENlEa8ICUXDzEzrZVXWW9FbDpeYfrFldDOuhC314wYCa-CtxSh7TlxeskfBgZh4wPS/s800/01_apex.jpg)
Select "Show Login Page and Use LDAP Directory Credentials" and click Next
![step 2](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmkXBnmXbtpB1kWV7ZWANR_Sj56z1znPdjP-_4kiQCkHU4MVz-T_Y-E8RwWUBSCHUHpYX3G1zk9Yj6V6fYwjf_jx-CGZEFb-bvwVpHaJgM2ONUoVAywDkEy340uMOYwr_qx5ExI5SxarhV/s800/02_apex.jpg)
I've already done this so I'm selecting my current Login page, 11, click Next
![step 3](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFRo8e_mtpcrWs1mlqjWtg9O5ZPALcjs2XCVNSXb2ml2HPZlm5J1TzgAg-RHx6r5-9FOgssabds3pJkFzuxh_2IdL4GGfS_hxOqINOv9MwSMfg5ur-LemjVvIZ8iBIgnoe5SMRLm-66Jx/s800/03_apex.jpg)
Enter your LDAP Host and your DN:
![step 4](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4KyMeeIXFCxTBZRRvidlTZ6I1AOPQMCNyv_9jNv9yY2ny27c3027yvqSuNevZe6MuGBWC_biwz5hbkBMMqJy-vhUVQnkl1SsM0cNrfsxqEqn4JXPgIlKjJTA1O6d3NiB7DnSQGpR-U3lc/s800/04_apex.jpg)
Your DN String should look something like this (from article above):
cn=%LDAP_USER%,l=amer,dc=oracle,dc=comMake sure you use the %LDAP_USER% after the cn= portion of the string.
Name it ldap_test, click Create Scheme:
![step 5](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL0-lrhCfD8ldaL1XzW5xKl2P1vdlOEYO8q_zrRVdcFf4PsmUK3tUBo4k_i-4AkcFi6EO2du3Wab8re7Ot5VhihiPZD4qvxlgLjr7J_U-yZ-_viJeO8x6WlJX7aU5LoZzCFPMq00Wt0aX_/s800/05_apex.jpg)
You will then be redirected back to the list of Authentication Schemes, ldap_test should now be current
![Fini!](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzKvhrlQaozC2RIWnoiOvSk-LfPkksFtCMDZmNwqIFCkT2pAg3tFkD-zuWZbLVQ5LNc2m-3R2Fc57Zln7uvABBQy84Cv7I-Ds2xJYknSIhROZXTPD7f8jJkgdyTQpl1yRahQRKNXBmfJY5/s800/06_apex.jpg)
To test it just run your application and login using your LDAP (AD) credentials
![login](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCHqHlxSEwzryCOfZ3ELTI55v6qgyFMm5im7U2tpLgjXLaYvIEs1-d4g9ECcYQ2WBPmcYyqK-QbSUjwGDgXyfhUG4K2PsJxzVqsyVXuuJ7fOnxMbXytxPMX4e00NsaLTnB20WoNOCVqxlo/s800/08_apex_login.jpg)
Success!
![success!!](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEid40o1XuM4sT3zjSHggmbJjY1jrQ7_gtB3SswPiiOv9BaBOuT_pgbeHMdc_JE_skwErrbCqrmj8vowvXvAOgOfGr2ADCXc_16x_YpdiH23ym9JBCmefxonJGitk9Jw00MaVhO7KRyUz_KO/s800/09_success.jpg)
1 comment:
Its very good and helpful.
Just have one question:
We have two LDAPs (Active Directory) installed in organization?
Is it possible if we can authenticate from multiple LDAPs. Like some user from LDAP A and some from LDAP B..?
Thanks in Advance!..
Regards,
...
Post a Comment