Since I linked our Microsoft Active Directory with my Apex application using LDAP, I am trying to retrieve the groups for the user currently logged in from the Active Directory.
Here's the documentation: https://docs.oracle.com/cd/E59726_01/doc.50/e39149/apex_ldap.htm#AEAPI242
Here's my code of my dynamic action on page load, I am trying to retrieve a VARCHAR2 of all the groups the current user is part of, and to put it in a display-only field :
BEGIN
:P1_NEW := APEX_LDAP.MEMBER_OF2(
p_username => v('APP_USER'),
p_pass => 'mypassword',
p_auth_base => 'DOMAIN\',
p_host => 'XX.X.XXX.XX',
p_port => 389);
END;
But when I load my page, this error occurs
Ajax call returned server error ORA-31202: DBMS_LDAP : Erreur client/serveur LDAP : Invalid credentials. 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563 for Execute PL/SQL Code.
What's wrong in my code ? Thank you in advance for your help.
Thomas
I think you are using wrong the API Package APEX_LDAP. I am doing this on my own enviornment in a different way, but I am using Enterprise Edition:
Oracle Database version 19c
Oracle Apex version 20.1
Oracle Oracle Rest Data Services version 20.4
I have an authentication schema to make the login against the LDAP server of my own company. That authentication schema replaces the default one of Apex Locally managed users.
Application --> Shared Components --> Authentication Schemas --> Custom
function fn_val_user_pwd_ldap (
p_username in varchar2,
p_password in varchar2
)
return boolean
is
l_ldap_host varchar2(100) := 'myldaphost.com';
l_ldap_port number := 389 ;
begin
if APEX_LDAP.AUTHENTICATE(
p_username =>p_username,
p_password =>p_password,
p_search_base => 'OU=Users,OU=Mycompany,DC=de,DC=com,DC=corp',
p_host => l_ldap_host,
p_port => l_ldap_port)
then
dbms_application_info.set_action(null);
return true;
else
apex_util.set_authentication_result(p_code => 110);
apex_util.set_custom_auth_status(p_status => 'Username or password incorrect.');
dbms_application_info.set_action(null);
return false;
end if;
end;
Then, I have a post auth procedure in the same authentication method to retrieve the groups in LDAP. I prefer this way because it executes after the authentication, but you can do it also with a dynamic action.
declare
l_groups varchar2(4000);
BEGIN
l_groups := APEX_LDAP.MEMBER_OF2(
p_username => ':APP_USER',
p_pass => 'mypassword',
p_auth_base => 'OU=Users,OU=Mycompany,DC=de,DC=com,DC=corp',
p_host => 'myldaphost.com',
p_port => 389);
htp.p('Is Member of:'||l_groups);
END;
We don't use SSL to communicate internally with the LDAP Server, as this application is intranet. So the parameter p_use_ssl is by default to N.
As I was telling you in the comment section of your own question, I think the parameter p_auth_base refers to the LDIF format of your own LDAP server, not the domain name that refers to the AD.
UPDATE
Let me show you how it works. ( Of course, I hide sensitive information of my own company ). Sometimes it might happen that you can't get the group information as null. I am not sure here whether is a LDAP authorization issue rather than a problem with the APEX package itself
SQL> SET SERVEROUTPUT ON SIZE UNLIMITED ECHO ON
DECLARE
is_ok boolean;
l_mes varchar2(2000);
l_val varchar2(4000);
l_ldap_host varchar2(100) := 'myldapserver.com';
l_ldap_port number := 389 ;
BEGIN
if APEX_LDAP.AUTHENTICATE(
p_username =>'X329097',
p_password =>'********',
p_search_base => 'OU=Users,OU=Mycompany,DC=****,DC=*****,DC=****,DC=corp',
p_host => l_ldap_host,
p_port => l_ldap_port )
then
is_ok := true;
l_mes := 'Username and Password Correct' ;
dbms_output.put_line(l_mes);
else
l_mes := 'Username and Password Invalid' ;
dbms_output.put_line(l_mes);
end if;
if is_ok
then
l_val := APEX_LDAP.MEMBER_OF2(
p_username => 'X329097',
p_pass => '*********',
p_auth_base => 'OU=Users,OU=Mycompany,DC=****,DC=*****,DC=****,DC=corp',
p_host => l_ldap_host,
p_port => l_ldap_port);
dbms_output.put_line(l_val);
end if;
END;
/
Username and Password Correct
SC_APEX_ADMIN:SC_ORACLE_ADMIN
PL/SQL procedure successfully completed.
I tried to add your function and I cannot access to my application from my Login Page anymore. I've tried on the SQL Commands, here's what I got
DECLARE
VAL BOOLEAN;
BEGIN
IF APEX_LDAP.AUTHENTICATE(
p_username => 'thomas.tirole',
p_password => 'mypassword',
p_search_base => 'OU=Users,OU=Domain,DC=domain,DC=ch',
p_host => 'xx.x.xxx.xx',
p_port => 389
) THEN
dbms_output.put_line('AUTENTHICATED');
ELSE
DBMS_OUTPUT.PUT_LINE('NOT AUTHENTICATED');
END IF;
END;
---------------------------------------
NOT AUTHENTICATED
Statement processed.
0.00 seconds
If i try to do the MEMBER_OF2 function on the SQL Command, here's what I got :
declare
l_groups varchar2(4000);
BEGIN
l_groups := APEX_LDAP.MEMBER_OF2(
p_username => 'thomas.tirole',
p_pass => 'mypassword',
p_auth_base => 'OU=Users,OU=Domain,DC=domain,DC=ch', -- SAME WITH DOMAIN\
p_host => 'xx.x.xxx.xx',
p_port => 389);
htp.p('Is Member of:'||l_groups);
END;
---------------------------------------
ORA-31202: DBMS_LDAP : Erreur client/serveur LDAP : Invalid credentials. 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563
ORA-06512: à "APEX_210100.WWV_FLOW_LDAP", ligne 508
ORA-06512: à "SYS.DBMS_SYS_ERROR", ligne 86
ORA-06512: à "SYS.DBMS_LDAP", ligne 1487
ORA-06512: à "SYS.DBMS_LDAP", ligne 79
ORA-06512: à "APEX_210100.WWV_FLOW_LDAP", ligne 85
ORA-06512: à "APEX_210100.WWV_FLOW_LDAP", ligne 172
ORA-06512: à "APEX_210100.WWV_FLOW_LDAP", ligne 214
ORA-06512: à "APEX_210100.WWV_FLOW_LDAP", ligne 235
ORA-06512: à "APEX_210100.WWV_FLOW_LDAP", ligne 464
ORA-06512: à "APEX_210100.WWV_FLOW_LDAP", ligne 523
ORA-06512: à ligne 4
ORA-06512: à "SYS.DBMS_SQL", ligne 1721
Can anyone help with this problem? I'm trying to use datapump to load a dump file created but whenever I try, I get the following code:
DECLARE
hdnl NUMBER;
status VARCHAR2(20);
BEGIN
hdnl := dbms_datapump.open (operation => 'IMPORT', job_mode => 'TABLE', version => 'COMPATIBLE');
DBMS_DATAPUMP.ADD_FILE( handle => hdnl, filename => 'import.log', directory => 'DP_DIR', filetype => dbms_datapump.ku$_file_type_log_file);
DBMS_DATAPUMP.ADD_FILE(handle => hdnl, filename => 'latest.dmp', directory => 'DP_DIR', filetype => dbms_datapump.ku$_file_type_dump_file);
DBMS_DATAPUMP.START_JOB(handle => hdnl);
DBMS_DATAPUMP.WAIT_FOR_JOB(hdnl,status);
end;
/
I'm getting this error:
Error report -
ORA-31626: job does not exist
ORA-06512: at "SYS.DBMS_SYS_ERROR", line 79
ORA-06512: at "SYS.DBMS_DATAPUMP", line 1852
ORA-06512: at "SYS.DBMS_DATAPUMP", line 6793
ORA-06512: at line 5
31626. 00000 - "job does not exist"
*Cause: An invalid reference to a job which is no longer executing,
is not executing on the instance where the operation was
attempted, or that does not have a valid Master Table.
Refer to any following error messages for clarification.
*Action: Start a new job, or attach to an existing job that has a
valid Master Table.
Any idea?
Regards
While attempting to manually execute the command below with user APPS (owner of WF_BPEL_QTAB queue) the error informed is occurring.
We did all the necessary research and the queue has no indexes (as some solutions suggest).
Command:
declare
l_purge_options dbms_aqadm.aq$_purge_options_t;
begin
l_purge_options.Block := False;
DBMS_AQADM.PURGE_QUEUE_TABLE(queue_table => 'APPS.WF_BPEL_QTAB'
,purge_condition => 'ENQ_TIME < trunc(sysdate) - 3
,purge_options => l_purge_options);
end;
Error:
ORA-00604: error occurred at recursive SQL level 1
ORA-01001: invalid cursor
ORA-06512: at "SYS.DBMS_AQ_INV", line 208
ORA-00918: column ambiguously defined
ORA-06512: at "SYS.DBMS_AQADM", line 1668
ORA-06512: at line 5
When using criteria from the queue table, you need to use the alias 'qtview'. Hence
declare
l_purge_options dbms_aqadm.aq$_purge_options_t;
begin
l_purge_options.Block := False;
DBMS_AQADM.PURGE_QUEUE_TABLE(queue_table => 'APPS.WF_BPEL_QTAB'
,purge_condition => 'qtview.ENQ_TIME < trunc(sysdate) - 3
,purge_options => l_purge_options);
end;
my goal is to run a select to a table and based on the certain rows dynamically create an audit trail or policy on them.
so..
create a set_policy function that gets called/Looped:
create or replace
function set_policy
( sch VARCHAR2 ,
tab VARCHAR2,
colm VARCHAR2,
pred VARCHAR2,
emailer VARCHAR2
)
return VARCHAR2 is
policy_sql_stmt varchar2(1000);
BEGIN
policy_sql_stmt :=
'BEGIN
SYS.DBMS_FGA.ADD_POLICY (
object_schema => :s,
object_name => :t,
policy_name => ''CHK_:s_:t'',
audit_column => :c,
audit_condition => :p,
handler_schema => ''SYSADMIN_FGA'',
handler_module => '''||emailer||'(:s,:t,''''CHK_:s_:t'''')'',
enable => TRUE,
statement_types => ''SELECT, UPDATE'',
audit_trail => SYS.DBMS_FGA.DB + SYS.DBMS_FGA.EXTENDED);
END;';
--DBMS_OUTPUT.PUT_LINE('policy_sql_stmt = :' || policy_sql_stmt);
BEGIN
EXECUTE IMMEDIATE policy_sql_stmt USING sch,tab,colm,pred;
--EXECUTE IMMEDIATE policy_sql_stmt USING pred;
EXCEPTION
WHEN OTHERS THEN
BEGIN
--dbms_output.put_line('set_policy error code: '||SQLCODE);
--dbms_output.put_line(DBMS_UTILITY.FORMAT_CALL_STACK);
RETURN ('set_policy error code: '||SQLCODE);
END;
END;
RETURN 'success';
END;
Then a procedure that calls the function...
CREATE OR REPLACE PROCEDURE audit_slac_tables
AS
--DECLARE
emailer VARCHAR2(40):='audit_email_alert';
isSuccess VARCHAR2(40);
CURSOR myCursor
IS
SELECT SCHEMA AS sch,
TABLE_NAME AS tab,
FILTER_COLUMN AS colm,
WHERE_COND AS pred
FROM SLAC_REDACTION_TABLE slac;
--WHERE slac.table_name IN ('RECIPIENT','CARD');
BEGIN
FOR curRec IN myCursor
LOOP
BEGIN
--emailer := getEmailer(curRec.sch ,curRec.tab);
isSuccess := set_policy(curRec.sch ,curRec.tab, curRec.colm, curRec.pred, emailer);
DBMS_OUTPUT.PUT_LINE('Proc isSuccess = :' || isSuccess);
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line('Proc error code: '||SQLCODE);
dbms_output.put_line('Proc error msg: '||SQLERRM);
--dbms_output.put_line(DBMS_UTILITY.FORMAT_CALL_STACK);
--dbms_output.put_line('================================================');
CONTINUE;
END;
--dbms_output.put_line('================================================');
END LOOP;
COMMIT;
END audit_slac_tables;
if I call it...
exec AUDIT_SLAC_TABLES;
I get the following bewildering error
Error starting at line : 6 in command -
exec AUDIT_SLAC_TABLES
Error report -
ORA-06550: line 12, column 18:
PLS-00201: identifier 'SYS.DBMS_FGA' must be declared
ORA-06550: line 2, column 3:
PL/SQL: Statement ignored
ORA-06512: at "GAPLITE.SET_POLICY", line 51
ORA-06512: at "GAPLITE.AUDIT_SLAC_TABLES", line 27
ORA-06512: at line 1
06550. 00000 - "line %s, column %s:\n%s"
*Cause: Usually a PL/SQL compilation error.
*Action:
Why a reference problem where the script DBMS_FGA.ADD_POLICY never had a problem?
I can run this script ( listed 1st above ) but not dynamically... it loses trhe contextual reference to the SYS packages somehow ??
I'm using Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production and I've created a comparison using this code :
BEGIN
DBMS_COMPARISON.CREATE_COMPARISON(
comparison_name => 'test2',
schema_name => 'someSchema',
object_name => 'someTable',
dblink_name => 'MYORACLEDB',
scan_mode => 'RANDOM',
scan_percent => 50);
END;
WHen i execute the comparison using
DECLARE
consistent BOOLEAN;
scan_info DBMS_COMPARISON.COMPARISON_TYPE;
BEGIN
consistent := DBMS_COMPARISON.COMPARE(
comparison_name => 'test2',
scan_info => scan_info,
perform_row_dif => FALSE);
END;
I get the following error message :
ORA-31600: invalid input value 1 for parameter data type in function a_plus_b_mul_c_minus_d
ORA-06512: at "SYS.DBMS_COMPARISON", line 547
ORA-06512: at line 7
31600. 00000 - "invalid input value %s for parameter %s in function %s"
*Cause: A NULL or invalid value was supplied for the parameter.
*Action: Correct the input value and try the call again.
When i run a comparison with the full scan mode i've got no error.
Anybody encountered such issue ?