LDAP Connections and OID DAS Redirect
Well.
I somehow slapped together enough Java and html code to register a new user for our Oracle Forms application in Oracle Internet Directory (OID) and create a Resource Access Descriptor (RAD) for them containing her back-end database connect string information. This is the "proof-of-concept" version though, I still have some work to do before its ready for release. Two questions remain:
- Where/how do I create and store the LDAP-server (OID) connection information the servlet needs to create a new user and their RAD? Right now it's all hard-coded and of course that won't fly since this application needs to be portable.
- After a new user's RAD is created in OID, they are re-directed to the following URL when passed-off to the Forms application:
http://hostname:oid port/oiddas/ui/oracle/ldap/das/mypage/AppCreateResourceInfo
Because we're configured for SSL, this gives a 404 Page Not Found error. I need to know where and how to change the http:// to https://. I have posted the question on the OTN forums, but it's always 50-50 if you'll get a response. Anybody here know?
These are minor problems compared to building the registration module. It's only two Java servlets and an html page, but it works. As soon as this release goes out the door I'll start working on converting this into a JSP page(s). But for right now I'm just relieved its done and thankful for everything I've learned in the process about JDev 10.1.3 and OAS 10.1.2
These are minor problems compared to building the registration module. It's only two Java servlets and an html page, but it works. As soon as this release goes out the door I'll start working on converting this into a JSP page(s). But for right now I'm just relieved its done and thankful for everything I've learned in the process about JDev 10.1.3 and OAS 10.1.2
Labels: OID LDAP RAD
posted by jac1962 @ 12:24 PM
6 Comments
6 Comments:
When you say "LDAP-server connection information", are you referring to the host and port numbers?
If so, and you're using OAS, you can get the info from the $ORACLE_HOME/config/ias.properties file. The following code is what I use to connect:
String propsfile = System.getProperty("oracle.home") + "/config/ias.properties";
Properties iasprops = new Properties();
iasprops.load(new FileInputStream(propsfile));
String oidHost = iasprops.getProperty("OIDhost");
String oidPort = iasprops.getProperty("OIDport");
Yes, that's most of what I need - what do you do for the username and password?
Thanks!
I create an entry in OID for the application, and use that to connect. To get the RAD, I then proxy the user I am interested in.
Below is the ldif for creating the entry in OID:
dn: orclApplicationCommonName=MyApplication
changetype: add
orclapplicationcommonname: MyApplication
objectclass: top
objectclass: orclApplicationEntity
userpassword: xxx
dn: cn=UserProxyPrivilege,cn=Groups,cn=OracleContext
changetype: modify
add: uniquemember
uniquemember: orclApplicationCommonName=MyApplication
The code snippet below shows how I connect with the app username, and then proxy to the relevant user:
String appDN = "orclapplicationcommonname=MyApplication";
String appPW = "xxx";
String username = "someldapuser";
InitialLdapContext ctx = ConnectionUtil.getDefaultDirCtx(oidHost, oidPort, appDN, appPW);
RootOracleContext roc = new RootOracleContext(ctx);
Subscriber subs = roc.getSubscriber(ctx, Util.IDTYPE_DEFAULT, null, new String[]{"*"});
User user = subs.getUser(ctx, Util.IDTYPE_SIMPLE, username, new String[]{"*"});
// proxy user
String proxyDN = user.getDN();
ctx.addToEnvironment("java.naming.security.principal", proxyDN);
ctx.addToEnvironment("java.naming.security.credentials", "");
Control ctls[] = { new ProxyControl() };
((LdapContext)ctx).reconnect(ctls);
user = subs.getUser(ctx, Util.IDTYPE_SIMPLE, username, new String[]{"*"});
The ProxyControl class:
import javax.naming.ldap.Control;
public class ProxyControl implements Control {
public ProxyControl() {
}
public String getID() {
return "2.16.840.1.113894.1.8.1";
}
public boolean isCritical() {
return false;
}
public byte[] getEncodedValue() {
return null;
}
}
Garteth, that's great - thanks for sharing.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home