orawin.info

Niall's Oracle Pages – Oracle Opinion since 2004

Using Active Directory in Oracle Express

with 4 comments

A recent post on the Oracle XE forum about replacing mod_ntlm as an authentication mechanism for applications on Windows prompted me to write up a mechanism you can use to authenticate users of your application against a Microsoft Active Directory. It works as follows. You create a custom authentication function for HTMLDB this must take two parameters of specific names, and only those two parameters, and return a boolean indicating success or failure. My function merely takes the username and password supplied by the end-user and attempts a simple LDAP bind against AD. By default this will work for all AD users in your organisation and the user will be authenticated. If it fails the user won’t be authenticated. The function itself can be downloaded here. A step by step guide is below:

  • Create a new database user U1 – I used the HTMLDB
    interface for user administration.

  • Login as u1 and create demo application


  • Navigate to the sql workshop

  • Load the authenticate_aduser script and edit for the
    domain controller hostname and your domain (in the post windows2000
    format)

  • Run the script

  • You should check that the script was successful

  • Return to your application in application builder and
    choose shared components>authentication schemes and create a new
    authentication scheme from scratch.


  • You only need enter a name for the scheme – I used ad_auth

  • Click the new scheme to edit it, ensure that you enter the
    authentication function as shown below.

  • Now change the authentication scheme to ad_auth and test

    • Possibly Related Posts:

    • No Related Posts found

    Written by Niall Litchfield

    November 28th, 2005 at 4:05 pm

    Posted in Uncategorized

    «
    »

    4 Responses to 'Using Active Directory in Oracle Express'

    Subscribe to comments with RSS or TrackBack to 'Using Active Directory in Oracle Express'.

    1. Erm, Niall… you appear to have posted the same thing twice.

      And in both versions Firefox 1.5 is quoting lines such as

      “Create a new database user U1 – I used the HTMLDB”

      Just because FF1.5 is in beta, I checked in IE6… same problem.

      Regards
      HJR

      Howard Rogers

      29 Nov 05 at 6:38 am

    2. Niall,
      Slightly o/t but it appears that Don Burleson has confused you with Dave Litchfield:
      http://dba-oracle.com/oracle_news/2005_11_29_resignation_chief_security.htm

      You may want to drop Don a line so he can correct it.

      Anonymous

      29 Nov 05 at 4:16 pm

    3. I thought Webb was dead!

      Anonymous

      29 Nov 05 at 6:29 pm

    4. Hi Niall. Any recommendations on how to deal with 2 seperate ou containers?
      We have an external and an internal user container.
      Wildcards in the dn don't seem to work.

      Graham M

      19 Feb 10 at 8:29 am

    Leave a Reply