Change User Password in OID
Here is a simple example of how to change the user password using DBMS_LDAP.
The function receives the username (you can get it from SSO using portal.wwctx_api.get_user) and the password, then it creates a connection to OID as orcladmin user (Oracle almighty), then it searches the directory to get the full DN of the user, after that it changes the password and returns "true".
FUNCTION DO_RESET_OID_PWD (p_username IN VARCHAR2, p_passwd IN VARCHAR2) RETURN BOOLEAN
IS
gv_ldap_host VARCHAR2(256) := '127.0.0.1';
gv_ldap_port pls_integer := '389';
gv_ldap_user VARCHAR2(256) := 'cn=orcladmin';
gv_ldap_passwd VARCHAR2(256) := 'welcome1';
gv_group_base VARCHAR2(256) := 'cn=Groups,dc=ca,dc=acme,dc=com';
gv_user_base VARCHAR2(256) := 'cn=Users,dc=ca,dc=acme,dc=com';
retval PLS_INTEGER;
my_session DBMS_LDAP.session;
emp_array DBMS_LDAP.MOD_ARRAY;
emp_dn VARCHAR2(256);
emp_vals DBMS_LDAP.STRING_COLLECTION ;
user_type pls_integer := dbms_ldap_utl.type_nickname;
BEGIN
/**Connect to OID*/
retval := -1;
dbms_ldap.use_exception := TRUE;
my_session := dbms_ldap.init(gv_ldap_host, gv_ldap_port);
retval := dbms_ldap.simple_bind_s(my_session, gv_ldap_user, gv_ldap_passwd);
/**Search User''s DN**/
my_attrs(1) := 'cn';
retval := dbms_ldap.search_s(my_session, gv_user_base, dbms_ldap.scope_subtree, 'uid=' || p_username, my_attrs, 0, my_message);
my_entry := dbms_ldap.first_entry(my_session, my_message);
lv_dn := dbms_ldap.get_dn(my_session, my_entry);
/*Modify Password**/
emp_array := DBMS_LDAP.create_mod_array(1);
emp_vals(1) := p_passwd;
DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_REPLACE,'userpassword',emp_vals);
retval := DBMS_LDAP.modify_s(my_session,lv_dn,emp_array);
/**Disconect From OID*/
retval := DBMS_LDAP.unbind_s(my_session);
return true;
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(sqlerrm);
return false;
END RESET_OID_PWD;
5 comments:
what is my_message in search_s function
Hi Satya,
The my_message is a result parameter which will contain the results of the search, you don't need to pass anything but, if you notice, the following call to get the first record, uses the session and the my_message as a parameter, if not results are found it will be set to NULL
I found this didn't compile as listed. Some declarations are missing. Here is a version that I got working
declare
gv_ldap_host VARCHAR2(256) := 'xxxxxxxxxxxxxx';
gv_ldap_port pls_integer := '389';
gv_ldap_user VARCHAR2(256) := 'administrator@xxxxx.com';
gv_ldap_passwd VARCHAR2(256) := 'xxxxxxxx';
gv_group_base VARCHAR2(256) := 'xxxxxxxxx';
gv_user_base VARCHAR2(256) := 'xxxxxxxxxx';
retval PLS_INTEGER;
my_session DBMS_LDAP.session;
emp_array DBMS_LDAP.MOD_ARRAY;
emp_dn VARCHAR2(256);
emp_vals DBMS_LDAP.STRING_COLLECTION ;
user_type pls_integer := dbms_ldap_utl.type_nickname;
my_attrs DBMS_LDAP.STRING_COLLECTION;
my_message DBMS_LDAP.message;
lv_dn varchar2(500);
my_entry DBMS_LDAP.message;
BEGIN
/**Connect to OID*/
retval := -1;
dbms_ldap.use_exception := TRUE;
my_session := dbms_ldap.init(gv_ldap_host, gv_ldap_port);
retval := dbms_ldap.simple_bind_s(my_session, gv_ldap_user, gv_ldap_passwd);
dbms_output.put_line('*** Connected to OID');
/**Search User''s DN**/
my_attrs(1) := 'cn';
retval := dbms_ldap.search_s
(my_session,
gv_user_base,
dbms_ldap.scope_subtree,
'sAMAccountName=OUser',
my_attrs,
0,
my_message);
my_entry := dbms_ldap.first_entry(my_session, my_message);
lv_dn := dbms_ldap.get_dn(my_session, my_entry);
dbms_output.put_line('*** Search has run -'||retval);
emp_array := DBMS_LDAP.create_mod_array(1);
-- *** Modify telephone number
emp_vals(1) := '444-555-6668';
DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_REPLACE,'telephoneNumber',emp_vals);
dbms_output.put_line('*** Telephone number set -'||retval);
retval := DBMS_LDAP.modify_s(my_session,lv_dn,emp_array);
dbms_output.put_line('*** modify_s has run -'||retval);
/**Disconect From OID*/
retval := DBMS_LDAP.unbind_s(my_session);
dbms_output.put_line('*** modify_s has run -'||retval);
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line('*** WHEN OTHERS EXCEPTION ***');
DBMS_OUTPUT.PUT_LINE(sqlerrm);
END;
Thanks Craig, I did this one a long time ago and missed a few things..
Post a Comment