Declarative definition can be as simple as heading to Shared Components -> Authentication scheme and selecting 'LDAP Directory' from the scheme gallery.
Settings might be as simple as:
Host : myserver
Port : 389
DN String : MYDOMAIN\%LDAP_USER%
Further examples of the distinguished name string are shown in the item help.
LDAP Authentication definition |
There are a number of other examples in the #orclapex blogosphere on this:
http://ruepprich.wordpress.com/2012/11/02/ldap-authentication-with-apex/
http://doloracle.blogspot.com.au/2011/10/how-to-apex-ldap-authentication-for.html
and plenty of support in the OTN forum.
If you're keen to get your hands a little dirtier, there is also a supporting package APEX_LDAP.
Scott
There is nothing straightforward about getting this working in my opinion. I have to wrestle with DBAs to set up ACLs, and if you are using a global catalogue to search which doesnt accept anonymous querying of active directory, you need a service account. I still havent got this working and have been trying to get this working on and off for a few years! It is also never clear when creating ACLs if they should be created for the APOEX_0500 schema, or the parsing schema of your application. I would love an end to end real life walk through of this which consolidates all the issues in one place.
ReplyDeleteThat's a very fair point regarding the ACLs, and there isn't much information on this and I'm always a little unsure myself. I've made a note to flesh this out further.
ReplyDeleteIt worked for me thank you very much.
ReplyDelete