Wednesday, 25 September 2013

Using LDAP to authenticate your APEX users

It can be fairly simple to configure your APEX application to authenticate against your Active Directory server - this means your users can use the same username/password as the use to log onto their desktop machine - a big plus.

Declarative definition can be as simple as heading to Shared Components -> Authentication scheme and selecting 'LDAP Directory' from the scheme gallery.

Settings might be as simple as:
Host : myserver
Port : 389
DN String : MYDOMAIN\%LDAP_USER%

Further examples of the distinguished name string are shown in the item help.

LDAP Authentication definition
I've also seen an interesting use case in a popular APEX book. Here they also enabled authorisation definition (roles based on LDAP groups) - and they did it efficiently with some PL/SQL & materialized views.

There are a number of other examples in the #orclapex blogosphere on this:
http://ruepprich.wordpress.com/2012/11/02/ldap-authentication-with-apex/
http://doloracle.blogspot.com.au/2011/10/how-to-apex-ldap-authentication-for.html
and plenty of support in the OTN forum.

If you're keen to get your hands a little dirtier, there is also a supporting package APEX_LDAP.

Scott
Post a Comment