ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling
complimentary technical Workshops on Database Security for the first 30
Oracle Database customers located anywhere in North America, EMEA, LATAM, or
APAC that send an email to
asra_us@oracle.com. Request a Workshop for
your organization today.
Purpose
This is the primary interface used by a variety of clients to make LDAP requests for Identity Management.
AUTHID
CURRENT_USER
Constants and Defaulted Variables
Name
Data Type
Value
General Constants
VERSION
VARCHAR2(256)
2
INTERFACE_VERSION
VARCHAR2(256)
2
Error Constants
SUCCESS
NUMBER
0
OPERATIONS_ERROR
NUMBER
1
PROTOCOL_ERROR
NUMBER
2
TIMELIMIT_EXCEEDED
NUMBER
3
SIZELIMIT_EXCEEDED
NUMBER
4
COMPARE_FALSE
NUMBER
5
COMPARE_TRUE
NUMBER
6
STRONG_AUTH_NOT_SUPPORTED
NUMBER
7
STRONG_AUTH_REQUIRED
NUMBER
8
PARTIAL_RESULTS
NUMBER
9
REFERRAL
NUMBER
10
ADMINLIMIT_EXCEEDED
NUMBER
11
UNAVAILABLE_CRITIC
NUMBER
12
NO_SUCH_ATTRIBUTE
NUMBER
16
UNDEFINED_TYPE
NUMBER
17
INAPPROPRIATE_MATCHING
NUMBER
18
CONSTRAINT_VIOLATION
NUMBER
19
TYPE_OR_VALUE_EXISTS
NUMBER
20
INVALID_SYNTAX
NUMBER
21
NO_SUCH_OBJECT
NUMBER
32
ALIAS_PROBLEM
NUMBER
33
INVALID_DN_SYNTAX
NUMBER
34
IS_LEAF
NUMBER
35
ALIAS_DEFER_PROBLEM
NUMBER
36
INAPPROPRIATE_AUTH
NUMBER
48
INVALID_CREDENTIALS
NUMBER
49
INSUFFICIENT_ACCESS
NUMBER
50
BUSY
NUMBER
51
UNAVAILABLE
NUMBER
52
UNWILLING_TO_PERFORM
NUMBER
53
LOOP_DETECT
NUMBER
54
NAMING_VIOLATION
NUMBER
64
OBJECT_CLASS_VIOLATION
NUMBER
65
NOT_ALLOWED_ON_NONLEAF
NUMBER
66
NOT_ALLOWED_ON_RDN
NUMBER
67
ALREADY_EXISTS
NUMBER
68
NO_OBJECT_CLASS_MODS
NUMBER
69
RESULTS_TOO_LARGE
NUMBER
70
OTHER
NUMBER
80
SERVER_DOWN
NUMBER
81
LOCAL_ERROR
NUMBER
82
ENCODING_ERROR
NUMBER
83
DECODING_ERROR
NUMBER
84
TIMEOUT
NUMBER
85
AUTH_UNKNOWN
NUMBER
86
FILTER_ERROR
NUMBER
87
USER_CANCELLED
NUMBER
88
PARAM_ERROR
NUMBER
89
NO_MEMORY
NUMBER
90
Port Constants
PORT
NUMBER
389
SSL_PORT
NUMBER
636
Options
OPT_DESC
NUMBER
1
OPT_DEREF
NUMBER
2
OPT_SIZELIMIT
NUMBER
3
OPT_TIMELIMIT
NUMBER
4
OPT_THREAD_FN_PTRS
NUMBER
5
OPT_REBIND_FN
NUMBER
6
OPT_REBIND_ARG
NUMBER
7
OPT_REFERRALS
NUMBER
8
OPT_RESTART
NUMBER
9
OPT_SSL
NUMBER
10
OPT_IO_FN_PTRS
NUMBER
11
OPT_CACHE_FN_PTRS
NUMBER
13
OPT_CACHE_STRATEGY
NUMBER
14
OPT_CACHE_ENABLE
NUMBER
15
OPT_REFERRAL_HOP_LIMIT
NUMBER
16
OPT_PROTOCOL_VERSION
NUMBER
17
OPT_SERVER_CONTROLS
NUMBER
18
OPT_CLIENT_CONTROLS
NUMBER
19
OPT_PREFERRED_LANGUAGE
NUMBER
20
OPT_ERROR_NUMBER
NUMBER
49
OPT_ERROR_STRING
NUMBER
50
On/Off Options
OPT_OFF
NUMBER
0
OPT_ON
NUMBER
1
SSL Authentication
Modes
GSLC_SSL_NO_AUTH
NUMBER
1
GSLC_SSL_ONEWAY_AUTH
NUMBER
32
GSLC_SSL_TWOWAY_AUTH
NUMBER
64
Search Scopes
SCOPE_BASE
NUMBER
0
SCOPE_ONELEVEL
NUMBER
1
SCOPE_SUBTREE
NUMBER
2
For Modifications
MOD_ADD
NUMBER
0
MOD_DELETE
NUMBER
1
MOD_REPLACE
NUMBER
2
MOD_BVALUES
NUMBER
128
Authentication Methods
AUTH_NONE
NUMBER
0
AUTH_SIMPLE -- context specific +
primitive
NUMBER
128
AUTH_SASL -- v3 SASL
NUMBER
163
LDAP Server Connection
Structures
CONNST_NEEDSOCKET
NUMBER
1
CONNST_CONNECTING
NUMBER
2
CONNST_CONNECTED
NUMBER
3
Outstanding Request
Tracking
REQST_INPROGRESS
NUMBER
1
REQST_CHASINGREFS
NUMBER
2
REQST_NOTCONNECTED
NUMBER
3
REQST_WRITING
NUMBER
4
LDAP Connection
Structures
DEREF_NEVER
NUMBER
0
DEREF_SEARCHING
NUMBER
1
DEREF_FINDING
NUMBER
2
DEREF_ALWAYS
NUMBER
3
LDAP URL Handling
URL_ERR_NOTLDAP -- URL doesn't begin with "ldap
NUMBER
1
URL_ERR_NODN -- URL has no DN (required)
NUMBER
2
URL_ERR_BADSCOPE -- URL scope string is
invalid
NUMBER
3
URL_ERR_MEM -- can't allocate memory space
NUMBER
4
Session Info Types
TYPE_ADD_INFO
NUMBER
1
LDAP Error Codes
SUCCESS
NUMBER
0
OPERATIONS_ERROR
NUMBER
1
PROTOCOL_ERROR
NUMBER
2
TIMELIMIT_EXCEEDED
NUMBER
3
SIZELIMIT_EXCEEDED
NUMBER
4
COMPARE_FALSE
NUMBER
5
COMPARE_TRUE
NUMBER
6
STRONG_AUTH_NOT_SUPPORTED
NUMBER
7
STRONG_AUTH_REQUIRED
NUMBER
8
PARTIAL_RESULTS
NUMBER
9
REFERRAL
NUMBER
10
ADMINLIMIT_EXCEEDED
NUMBER
11
UNAVAILABLE_CRITIC
NUMBER
12
NO_SUCH_ATTRIBUTE
NUMBER
16
UNDEFINED_TYPE
NUMBER
17
INAPPROPRIATE_MATCHING
NUMBER
18
CONSTRAINT_VIOLATION
NUMBER
19
TYPE_OR_VALUE_EXISTS
NUMBER
20
INVALID_SYNTAX
NUMBER
21
NO_SUCH_OBJECT
NUMBER
32
ALIAS_PROBLEM
NUMBER
33
INVALID_DN_SYNTAX
NUMBER
34
IS_LEAF
NUMBER
35
ALIAS_DEREF_PROBLEM
NUMBER
36
INAPPROPRIATE_AUTH
NUMBER
48
INVALID_CREDENTIALS
NUMBER
49
INSUFFICIENT_ACCESS
NUMBER
50
BUSY
NUMBER
51
UNAVAILABLE
NUMBER
52
UNWILLING_TO_PERFORM
NUMBER
53
LOOP_DETECT
NUMBER
54
NAMING_VIOLATION
NUMBER
64
OBJECT_CLASS_VIOLATION
NUMBER
65
NOT_ALLOWED_ON_NONLEAF
NUMBER
66
NOT_ALLOWED_ON_RDN
NUMBER
67
ALREADY_EXISTS
NUMBER
68
NO_OBJECT_CLASS_MODS
NUMBER
69
RESULTS_TOO_LARGE
NUMBER
70
OTHER
NUMBER
80
SERVER_DOWN
NUMBER
81
LOCAL_ERROR
NUMBER
82
ENCODING_ERROR
NUMBER
83
DECODING_ERROR
NUMBER
84
TIMEOUT
NUMBER
85
AUTH_UNKNOWN
NUMBER
86
FILTER_ERROR
NUMBER
87
USER_CANCELLED
NUMBER
88
PARAM_ERROR
NUMBER
89
NO_MEMORY
NUMBER
90
LDAP Return Error
Codes
INVALID_LDAP_SESSION
NUMBER
1024
INVALID_LDAP_AUTH_METHOD
NUMBER
1025
INVALID_LDAP_SEARCH_SCOPE
NUMBER
1026
INVALID_LDAP_TIME_VALUE
NUMBER
1027
INVALID_LDAP_MESSAGE
NUMBER
1027
INVALID_LDAP_ENTRY_DN
NUMBER
1028
INVALID_LDAPMOD
NUMBER
1029
INVALID_LDAP_DN
NUMBER
1030
INVALID_LDAP_NEWRDN
NUMBER
1031
INVALID_LDAP_NEWPARENT
NUMBER
1032
INVALID_LDAP_DELETEOLDRDN
NUMBER
1033
INVALID_SSLWRL
NUMBER
1034
INVALID_SSLWALLETPASSWD
NUMBER
1035
INVALID_SSLAUTH
NUMBER
1036
Variables (Not
Constants)
USE_EXCEPTION
BOOLEAN
TRUE
UTF8_CONVERSION
BOOLEAN
TRUE
Data Types
-- this data structure is used to hold a list of berval values
TYPE berval_collection IS TABLE OF RAW(32767)
INDEX BY BINARY_INTEGER;
-- Holds a pointer to the BER Element used for decoding an incoming message
SUBTYPE ber_element IS RAW(32);
-- Used to hold binary value
SUBTYPE berval IS RAW(32000);
-- this data structure is used to hold a list of binary values
TYPE binval_collection IS TABLE OF RAW(32767)
INDEX BY BINARY_INTEGER;
-- this data structure is used to hold a list of berval values
TYPE blob_collection IS TABLE OF BLOB
INDEX BY BINARY_INTEGER;
-- Used to pass LDAP control to the api
TYPE ldapcontrol IS RECORD (
ldctl_oid VARCHAR2(256),
ldctl_value BERVAL,
ldctl_iscritical VARCHAR2(1));
-- Holds a pointer to an LDAP message
SUBTYPE message IS RAW(32);
-- Holds a pointer to an LDAP mod array
SUBTYPE mod_array IS RAW(32);
-- Holds a pointer to an LDAP session
SUBTYPE session IS RAW(32)
-- Used to hold a list of values
TYPE string_collection IS TABLE of VARCHAR2(32767)
INDEX BY BINARY_INTEGER;
-- Used to pass time limit information to the LDAP api
TYPE timeval IS RECORD (
seconds PLS_INTEGER,
useconds PLS_INTEGER);
dbms_ldap.msgfree(lm IN message)
RETURN PLS_INTEGER;
SELECT dbms_ldap.msgfree(utl_raw.cast_to_raw('Library'))
FROM dual;
SELECT
dbms_ldap.msgfree(utl_raw.cast_to_raw('Library'))
*
ERROR at line 1:
ORA-31201: DBMS_LDAP: generic error: Invalid input pointer
ORA-06512: at "SYS.DBMS_LDAP_API_FFI", line 747
ORA-06512: at "SYS.DBMS_LDAP", line 1318
dbms_ldap.rename_s(
ld IN session,
dn IN VARCHAR2,
newrdn IN VARCHAR2,
newparent IN VARCHAR2,
deleteoldrdn IN PLS_INTEGER,
serverctrls IN ldapcontrol DEFAULT NULL,
clientctrls IN ldapcontrol DEFAULT NULL)
RETURN PLS_INTEGER;
dbms_ldap.search_s (
ld IN session,
base IN VARCHAR2,
scope IN PLS_INTEGER,
filter IN VARCHAR2,
attrs IN string_collection,
attronly IN PLS_INTEGER,
res OUT message)
RETURN PLS_INTEGER;
Searches for directory entries, respecting a local timeout
dbms_ldap.search_st (
ld IN session,
base IN VARCHAR2,
scope IN PLS_INTEGER,
filter IN VARCHAR2,
attrs IN string_collection,
attronly IN PLS_INTEGER,
tv IN TIMEVAL,
res OUT message)
RETURN PLS_INTEGER;
------------------------------------------------------------------------
-- $Header: $
--
-- Copyright (c) Oracle Corporation 2000, 2001. All Rights Reserved.
--
-- FILE
-- search.sql: A sample search program using DBMS_LDAP
--
-- DESCRIPTION
--
-- This SQL file contains the PL/SQL code required to perform
-- a typical search against an LDAP server.
--
-- This script assumes the following:
-- LDAP server hostname: NULL (local host)
-- LDAP server portnumber: 389
-- Directory container for employee records: o=acme, dc=com
-- Username/Password for Directory Updates: cn=orcladmin/welcome
--
-- NOTES
-- Run this file after you have run the 'trigger.sql' and 'empdata.sql'
-- scripts to see what entries were added by the database triggers.
--
--
-- MODIFIED (MM/DD/YY)
-- ****** 04/29/01 - Add calls to ber_free and msgfree
-- ****** 07/21/00 - created
------------------------------------------------------------------------
set serveroutput on
-- get the first entry
my_entry := dbms_ldap.first_entry(my_session, my_message);
entry_index := 1;
-- loop through each of the entries one by one
WHILE my_entry IS NOT NULL LOOP
-- print the current entry
my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
WHILE my_attr_name IS NOT NULL
LOOP
my_vals := DBMS_LDAP.get_values (my_session, my_entry, my_attr_name);
IF my_vals.COUNT > 0 THEN
FOR i in my_vals.FIRST..my_vals.LAST loop
dbms_output.put_line(' ' || my_attr_name || ' : ' ||
SUBSTR(my_vals(i),1,200));
END LOOP;
END IF;
my_attr_name := dbms_ldap.next_attribute(my_session,my_entry, my_ber_elmt);
attr_index := attr_index+1;
END LOOP;
Get the active directory value objectSID (Binary Array value)
CREATE OR REPLACE PROCEDURE UpdateSSOUserId AUTHID DEFINER IS
TYPE filter_tbl IS TABLE OF VARCHAR2(32767) INDEX BY BINARY_INTEGER;
-- required parameters
l_ldap_base VARCHAR2(256) := 'base';
l_ldap_host VARCHAR2(256) := 'host'; -- your LDAP server
l_ldap_passwd VARCHAR2(256) := 'oracle12_3' ;
l_ldap_port VARCHAR2(256) := '389'; -- your LDAP port
l_ldap_user VARCHAR2(256) := 'user' ;
MEMBER_OF VARCHAR2(500) := 'member';
l_entry := dbms_ldap.next_entry(ld => l_session,msg => l_entry);
END LOOP entry_loop;
END IF;
-- disconnect from the LDAP server
l_retval := dbms_ldap.unbind_s(ld => l_session);
dbms_output.put_line('l_retval: ' || l_retval);
END UpdateSSOUserId;
/