Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose
This is the primary interface used by a variety of clients to make LDAP requests for Identity Management.
AUTHID
CURRENT_USER
Constants and Defaulted Variables
Name
Data Type
Value
General Constants
VERSION
VARCHAR2(256)
2
INTERFACE_VERSION
VARCHAR2(256)
2
Error Constants
SUCCESS
NUMBER
0
OPERATIONS_ERROR
NUMBER
1
PROTOCOL_ERROR
NUMBER
2
TIMELIMIT_EXCEEDED
NUMBER
3
SIZELIMIT_EXCEEDED
NUMBER
4
COMPARE_FALSE
NUMBER
5
COMPARE_TRUE
NUMBER
6
STRONG_AUTH_NOT_SUPPORTED
NUMBER
7
STRONG_AUTH_REQUIRED
NUMBER
8
PARTIAL_RESULTS
NUMBER
9
REFERRAL
NUMBER
10
ADMINLIMIT_EXCEEDED
NUMBER
11
UNAVAILABLE_CRITIC
NUMBER
12
NO_SUCH_ATTRIBUTE
NUMBER
16
UNDEFINED_TYPE
NUMBER
17
INAPPROPRIATE_MATCHING
NUMBER
18
CONSTRAINT_VIOLATION
NUMBER
19
TYPE_OR_VALUE_EXISTS
NUMBER
20
INVALID_SYNTAX
NUMBER
21
NO_SUCH_OBJECT
NUMBER
32
ALIAS_PROBLEM
NUMBER
33
INVALID_DN_SYNTAX
NUMBER
34
IS_LEAF
NUMBER
35
ALIAS_DEFER_PROBLEM
NUMBER
36
INAPPROPRIATE_AUTH
NUMBER
48
INVALID_CREDENTIALS
NUMBER
49
INSUFFICIENT_ACCESS
NUMBER
50
BUSY
NUMBER
51
UNAVAILABLE
NUMBER
52
UNWILLING_TO_PERFORM
NUMBER
53
LOOP_DETECT
NUMBER
54
NAMING_VIOLATION
NUMBER
64
OBJECT_CLASS_VIOLATION
NUMBER
65
NOT_ALLOWED_ON_NONLEAF
NUMBER
66
NOT_ALLOWED_ON_RDN
NUMBER
67
ALREADY_EXISTS
NUMBER
68
NO_OBJECT_CLASS_MODS
NUMBER
69
RESULTS_TOO_LARGE
NUMBER
70
OTHER
NUMBER
80
SERVER_DOWN
NUMBER
81
LOCAL_ERROR
NUMBER
82
ENCODING_ERROR
NUMBER
83
DECODING_ERROR
NUMBER
84
TIMEOUT
NUMBER
85
AUTH_UNKNOWN
NUMBER
86
FILTER_ERROR
NUMBER
87
USER_CANCELLED
NUMBER
88
PARAM_ERROR
NUMBER
89
NO_MEMORY
NUMBER
90
Port Constants
PORT
NUMBER
389
SSL_PORT
NUMBER
636
Options
OPT_DESC
NUMBER
1
OPT_DEREF
NUMBER
2
OPT_SIZELIMIT
NUMBER
3
OPT_TIMELIMIT
NUMBER
4
OPT_THREAD_FN_PTRS
NUMBER
5
OPT_REBIND_FN
NUMBER
6
OPT_REBIND_ARG
NUMBER
7
OPT_REFERRALS
NUMBER
8
OPT_RESTART
NUMBER
9
OPT_SSL
NUMBER
10
OPT_IO_FN_PTRS
NUMBER
11
OPT_CACHE_FN_PTRS
NUMBER
13
OPT_CACHE_STRATEGY
NUMBER
14
OPT_CACHE_ENABLE
NUMBER
15
OPT_REFERRAL_HOP_LIMIT
NUMBER
16
OPT_PROTOCOL_VERSION
NUMBER
17
OPT_SERVER_CONTROLS
NUMBER
18
OPT_CLIENT_CONTROLS
NUMBER
19
OPT_PREFERRED_LANGUAGE
NUMBER
20
OPT_ERROR_NUMBER
NUMBER
49
OPT_ERROR_STRING
NUMBER
50
On/Off Options
OPT_OFF
NUMBER
0
OPT_ON
NUMBER
1
SSL Authentication
Modes
GSLC_SSL_NO_AUTH
NUMBER
1
GSLC_SSL_ONEWAY_AUTH
NUMBER
32
GSLC_SSL_TWOWAY_AUTH
NUMBER
64
Search Scopes
SCOPE_BASE
NUMBER
0
SCOPE_ONELEVEL
NUMBER
1
SCOPE_SUBTREE
NUMBER
2
For Modifications
MOD_ADD
NUMBER
0
MOD_DELETE
NUMBER
1
MOD_REPLACE
NUMBER
2
MOD_BVALUES
NUMBER
128
Authentication Methods
AUTH_NONE
NUMBER
0
AUTH_SIMPLE -- context specific +
primitive
NUMBER
128
AUTH_SASL -- v3 SASL
NUMBER
163
LDAP Server Connection
Structures
CONNST_NEEDSOCKET
NUMBER
1
CONNST_CONNECTING
NUMBER
2
CONNST_CONNECTED
NUMBER
3
Outstanding Request
Tracking
REQST_INPROGRESS
NUMBER
1
REQST_CHASINGREFS
NUMBER
2
REQST_NOTCONNECTED
NUMBER
3
REQST_WRITING
NUMBER
4
LDAP Connection
Structures
DEREF_NEVER
NUMBER
0
DEREF_SEARCHING
NUMBER
1
DEREF_FINDING
NUMBER
2
DEREF_ALWAYS
NUMBER
3
LDAP URL Handling
URL_ERR_NOTLDAP -- URL doesn't begin with "ldap
NUMBER
1
URL_ERR_NODN -- URL has no DN (required)
NUMBER
2
URL_ERR_BADSCOPE -- URL scope string is
invalid
NUMBER
3
URL_ERR_MEM -- can't allocate memory space
NUMBER
4
Session Info Types
TYPE_ADD_INFO
NUMBER
1
LDAP Error Codes
SUCCESS
NUMBER
0
OPERATIONS_ERROR
NUMBER
1
PROTOCOL_ERROR
NUMBER
2
TIMELIMIT_EXCEEDED
NUMBER
3
SIZELIMIT_EXCEEDED
NUMBER
4
COMPARE_FALSE
NUMBER
5
COMPARE_TRUE
NUMBER
6
STRONG_AUTH_NOT_SUPPORTED
NUMBER
7
STRONG_AUTH_REQUIRED
NUMBER
8
PARTIAL_RESULTS
NUMBER
9
REFERRAL
NUMBER
10
ADMINLIMIT_EXCEEDED
NUMBER
11
UNAVAILABLE_CRITIC
NUMBER
12
NO_SUCH_ATTRIBUTE
NUMBER
16
UNDEFINED_TYPE
NUMBER
17
INAPPROPRIATE_MATCHING
NUMBER
18
CONSTRAINT_VIOLATION
NUMBER
19
TYPE_OR_VALUE_EXISTS
NUMBER
20
INVALID_SYNTAX
NUMBER
21
NO_SUCH_OBJECT
NUMBER
32
ALIAS_PROBLEM
NUMBER
33
INVALID_DN_SYNTAX
NUMBER
34
IS_LEAF
NUMBER
35
ALIAS_DEREF_PROBLEM
NUMBER
36
INAPPROPRIATE_AUTH
NUMBER
48
INVALID_CREDENTIALS
NUMBER
49
INSUFFICIENT_ACCESS
NUMBER
50
BUSY
NUMBER
51
UNAVAILABLE
NUMBER
52
UNWILLING_TO_PERFORM
NUMBER
53
LOOP_DETECT
NUMBER
54
NAMING_VIOLATION
NUMBER
64
OBJECT_CLASS_VIOLATION
NUMBER
65
NOT_ALLOWED_ON_NONLEAF
NUMBER
66
NOT_ALLOWED_ON_RDN
NUMBER
67
ALREADY_EXISTS
NUMBER
68
NO_OBJECT_CLASS_MODS
NUMBER
69
RESULTS_TOO_LARGE
NUMBER
70
OTHER
NUMBER
80
SERVER_DOWN
NUMBER
81
LOCAL_ERROR
NUMBER
82
ENCODING_ERROR
NUMBER
83
DECODING_ERROR
NUMBER
84
TIMEOUT
NUMBER
85
AUTH_UNKNOWN
NUMBER
86
FILTER_ERROR
NUMBER
87
USER_CANCELLED
NUMBER
88
PARAM_ERROR
NUMBER
89
NO_MEMORY
NUMBER
90
LDAP Return Error
Codes
INVALID_LDAP_SESSION
NUMBER
1024
INVALID_LDAP_AUTH_METHOD
NUMBER
1025
INVALID_LDAP_SEARCH_SCOPE
NUMBER
1026
INVALID_LDAP_TIME_VALUE
NUMBER
1027
INVALID_LDAP_MESSAGE
NUMBER
1027
INVALID_LDAP_ENTRY_DN
NUMBER
1028
INVALID_LDAPMOD
NUMBER
1029
INVALID_LDAP_DN
NUMBER
1030
INVALID_LDAP_NEWRDN
NUMBER
1031
INVALID_LDAP_NEWPARENT
NUMBER
1032
INVALID_LDAP_DELETEOLDRDN
NUMBER
1033
INVALID_SSLWRL
NUMBER
1034
INVALID_SSLWALLETPASSWD
NUMBER
1035
INVALID_SSLAUTH
NUMBER
1036
Variables (Not
Constants)
USE_EXCEPTION
BOOLEAN
TRUE
UTF8_CONVERSION
BOOLEAN
TRUE
Data Types
-- this data structure is used to hold a list of berval values
TYPE berval_collection IS TABLE OF RAW(32767)
INDEX BY BINARY_INTEGER;
-- Holds a pointer to the BER Element used for decoding an incoming message
SUBTYPE ber_element IS RAW(32);
-- Used to hold binary value
SUBTYPE berval IS RAW(32000);
-- this data structure is used to hold a list of binary values
TYPE binval_collection IS TABLE OF RAW(32767)
INDEX BY BINARY_INTEGER;
-- this data structure is used to hold a list of berval values
TYPE blob_collection IS TABLE OF BLOB
INDEX BY BINARY_INTEGER;
-- Used to pass LDAP control to the api
TYPE ldapcontrol IS RECORD (
ldctl_oid VARCHAR2(256),
ldctl_value BERVAL,
ldctl_iscritical VARCHAR2(1));
-- Holds a pointer to an LDAP message
SUBTYPE message IS RAW(32);
-- Holds a pointer to an LDAP mod array
SUBTYPE mod_array IS RAW(32);
-- Holds a pointer to an LDAP session
SUBTYPE session IS RAW(32)
-- Used to hold a list of values
TYPE string_collection IS TABLE of VARCHAR2(32767)
INDEX BY BINARY_INTEGER;
-- Used to pass time limit information to the LDAP api
TYPE timeval IS RECORD (
seconds PLS_INTEGER,
useconds PLS_INTEGER);
dbms_ldap.msgfree(lm IN message)
RETURN PLS_INTEGER;
SELECT dbms_ldap.msgfree(utl_raw.cast_to_raw('Library'))
FROM dual;
SELECT
dbms_ldap.msgfree(utl_raw.cast_to_raw('Library'))
*
ERROR at line 1:
ORA-31201: DBMS_LDAP: generic error: Invalid input pointer
ORA-06512: at "SYS.DBMS_LDAP_API_FFI", line 747
ORA-06512: at "SYS.DBMS_LDAP", line 1318
dbms_ldap.rename_s(
ld IN session,
dn IN VARCHAR2,
newrdn IN VARCHAR2,
newparent IN VARCHAR2,
deleteoldrdn IN PLS_INTEGER,
serverctrls IN ldapcontrol DEFAULT NULL,
clientctrls IN ldapcontrol DEFAULT NULL)
RETURN PLS_INTEGER;
dbms_ldap.search_s (
ld IN session,
base IN VARCHAR2,
scope IN PLS_INTEGER,
filter IN VARCHAR2,
attrs IN string_collection,
attronly IN PLS_INTEGER,
res OUT message)
RETURN PLS_INTEGER;
Searches for directory entries, respecting a local timeout
dbms_ldap.search_st (
ld IN session,
base IN VARCHAR2,
scope IN PLS_INTEGER,
filter IN VARCHAR2,
attrs IN string_collection,
attronly IN PLS_INTEGER,
tv IN TIMEVAL,
res OUT message)
RETURN PLS_INTEGER;
------------------------------------------------------------------------
-- $Header: $
--
-- Copyright (c) Oracle Corporation 2000, 2001. All Rights Reserved.
--
-- FILE
-- search.sql: A sample search program using DBMS_LDAP
--
-- DESCRIPTION
--
-- This SQL file contains the PL/SQL code required to perform
-- a typical search against an LDAP server.
--
-- This script assumes the following:
-- LDAP server hostname: NULL (local host)
-- LDAP server portnumber: 389
-- Directory container for employee records: o=acme, dc=com
-- Username/Password for Directory Updates: cn=orcladmin/welcome
--
-- NOTES
-- Run this file after you have run the 'trigger.sql' and 'empdata.sql'
-- scripts to see what entries were added by the database triggers.
--
--
-- MODIFIED (MM/DD/YY)
-- ****** 04/29/01 - Add calls to ber_free and msgfree
-- ****** 07/21/00 - created
------------------------------------------------------------------------
set serveroutput on
-- get the first entry
my_entry := dbms_ldap.first_entry(my_session, my_message);
entry_index := 1;
-- loop through each of the entries one by one
WHILE my_entry IS NOT NULL LOOP
-- print the current entry
my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
WHILE my_attr_name IS NOT NULL
LOOP
my_vals := DBMS_LDAP.get_values (my_session, my_entry, my_attr_name);
IF my_vals.COUNT > 0 THEN
FOR i in my_vals.FIRST..my_vals.LAST loop
dbms_output.put_line(' ' || my_attr_name || ' : ' ||
SUBSTR(my_vals(i),1,200));
END LOOP;
END IF;
my_attr_name := dbms_ldap.next_attribute(my_session,my_entry, my_ber_elmt);
attr_index := attr_index+1;
END LOOP;
Get the active directory value objectSID (Binary Array value)
CREATE OR REPLACE PROCEDURE UpdateSSOUserId AUTHID DEFINER IS
TYPE filter_tbl IS TABLE OF VARCHAR2(32767) INDEX BY BINARY_INTEGER;
-- required parameters
l_ldap_base VARCHAR2(256) := 'base';
l_ldap_host VARCHAR2(256) := 'host'; -- your LDAP server
l_ldap_passwd VARCHAR2(256) := 'oracle12_3' ;
l_ldap_port VARCHAR2(256) := '389'; -- your LDAP port
l_ldap_user VARCHAR2(256) := 'user' ;
MEMBER_OF VARCHAR2(500) := 'member';
l_entry := dbms_ldap.next_entry(ld => l_session,msg => l_entry);
END LOOP entry_loop;
END IF;
-- disconnect from the LDAP server
l_retval := dbms_ldap.unbind_s(ld => l_session);
dbms_output.put_line('l_retval: ' || l_retval);
END UpdateSSOUserId;
/