Thus far, the following has been done and somewhat tested - this is V0.1 (and not even that call is implemented):
create or replace package frank_ldap
as
-- Adjust as necessary.
c_host CONSTANT VARCHAR2 (80) := 'ora01v.home.local';
c_port CONSTANT BINARY_INTEGER := 389;
c_domain_base CONSTANT VARCHAR2 (20) := 'dc=home,dc=nl';
c_user_base CONSTANT VARCHAR2 (35) := 'cn=Users,' || c_domain_base;
c_group_base CONSTANT VARCHAR2 (35) := 'cn=Groups,' || c_domain_base;
-- after this line, no more adjustments should be neccesary
/*
possible exceptions
general_error 31202 Raised anytime an error is encountered that does not have a specific PL/SQL exception
associated with it.
The error string contains the description of the problem in the user's language.
init_failed 31203 Raised by DBMS_LDAP.init() if there are problems.
invalid_session 31204 Raised by all functions and procedures in the DBMS_LDAP package if they are passed
an invalid session handle.
invalid_auth_method 31205 Raised by DBMS_LDAP.bind_s()if the authentication method requested is not supported.
invalid_search_scope 31206 Raised by all search functions if the scope of the search is invalid.
invalid_search_time_val 31207 Raised by DBMS_LDAP.search_st()if it is given an invalid value for a time limit.
invalid_message 31208 Raised by all functions that iterate through a result-set for getting entries
from a search operation if the message handle given to them is invalid.
count_entry_error 31209 Raised by DBMS_LDAP.count_entries if it cannot count the entries in a given result set.
get_dn_error 31210 Raised by DBMS_LDAP.get_dn if the DN of the entry it is retrieving is NULL.
invalid_entry_dn 31211 Raised by all functions that modify, add, or rename an entry if they are presented
with an invalid entry DN.
invalid_mod_array 31212 Raised by all functions that take a modification array as an argument if they are
given an invalid modification array.
invalid_mod_option 31213 Raised by DBMS_LDAP.populate_mod_array if the modification option given is anything
other than MOD_ADD, MOD_DELETE or MOD_REPLACE.
invalid_mod_type 31214 Raised by DBMS_LDAP.populate_mod_array if the attribute type that is being modified
is NULL.
invalid_mod_value 31215 Raised by DBMS_LDAP.populate_mod_array if the modification value parameter for a
given attribute is NULL.
invalid_rdn 31216 Raised by all functions and procedures that expect a valid RDN and are provided with
an invalid one.
invalid_newparent 31217 Raised by DBMS_LDAP.rename_s if the new parent of an entry being renamed is NULL.
invalid_deleteoldrdn 31218 Raised by DBMS_LDAP.rename_s if the deleteoldrdn parameter is invalid.
invalid_notypes 31219 Raised by DBMS_LDAP.explode_dn if the notypes parameter is invalid.
invalid_ssl_wallet_loc 31220 Raised by DBMS_LDAP.open_ssl if the wallet location is NULL but the SSL authentication
mode requires a valid wallet.
invalid_ssl_wallet_password 31221 Raised by DBMS_LDAP.open_ssl if the wallet password given is NULL.
invalid_ssl_auth_mode 31222 Raised by DBMS_LDAP.open_ssl if the SSL authentication mode is not 1, 2 or 3.
*/
/*
authenticate: basically, tests if a simple bind succeeds, given the credentials supplied.
Should be able to verify network connections by providing a NULL password (anonymous bind)
p_username is expected to be a DN (i.e. 'cn=name,dc=domain_component'), returns true if authenticated,
raises the appropiate exception in all other cases.
*/
FUNCTION authenticate (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN BOOLEAN;
/*
IsMemberOf: tests if a user is member of a given group. User and group are searched for with
scope = sub, so no DN, but is used as ldap search filter. Groups may be nested (i.e, if
user is a member of group A and group A is member of group B, and this function is called with
user and B as parameters, it will return TRUE)
Call like if (ismemberof('scott','dba_group')) then ...
*/
FUNCTION ismemberof (p_username IN VARCHAR2, p_groupname IN VARCHAR2)
RETURN BOOLEAN;
/*
memberof: returns array of groups the provided user is member of. p_depth may have one of two possible
values: DBMS_LDAP_UTL.NESTED_MEMBERSHIP or DBMS_LDAP_UTL.DIRECT_MEMBERSHIP.
p_username needs not to be DN, as is used as ldap search filter
*/
FUNCTION memberof (p_username IN VARCHAR2, p_depth IN NUMBER default DBMS_LDAP_UTL.NESTED_MEMBERSHIP)
RETURN wwv_flow_global.vc_arr2;
END frank_ldap;
/
Body is:
create or replace package body frank_ldap wrapped
a000000
b2
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
b
1150 625
AxouXR/CtwRsIiSb7Q/DbtjEKtIwg81Ur0iG3y/NjZIYKfplygQZADyl4cKiMVmR8somGiK9
bX66NkwwbekS2cachAmOPtncwsEqwEsHalh40ILQCYM0U3L+jp8uQqwknaoitVWqc5s6LIUB
8XftGgnCQLfAv4kQTIvNl5PfI1KWg7xdXagflagfLOsoHoHTzazlBzQ5+Kh5YhLUlFVeN22+
CeZRAOcmNob4vBH87G+XRICdQcGAI4i1TajKkf2qX4aKfea+00mputHaxSOj64yf8HHh2kUp
8hRHouxE8DBDupDaJoKkwIc89fXN2lxk2LMJaPXN9txZHCnMahuY6CbeSCm2rMjGxge85RPG
Pw94mDSHAI4RteMeOxqXj1iieenrCWvcc0sijy7lShNkDqTOUATILxCDkI+4s6jIfFiKfUEI
Nme1OsmsmmE3eIZZYwdgxV3LYU8O062dxPbp0JmT4Xgkee+Ou0q4LYgf9WqmV+McrxtrNF/8
5x79fX7FWrrH8jmrhnz14Dk7AFgpFSXr7kpmyqio8x1Sn2VZttFiQf8FldkMyIZDAffeDMOQ
efBM0TIojz+CVCkHY/SlzfjrsZ35EvnCfGtVZ2A0DBh1ElgbRl+FwnU161F1ZoRkcMdr7v7C
BT413osIy3FMJH9bgroXP19/ZbPGolSU3dXsStWC1F+XId3B/mLuttg1pBauS6baCMz0lLYl
1FfXgLR1kIfei5+GZgUyGNTzWWnk001EQIL78JGiLTMjdaAN6wa4bEpb7oxHduxYUOZQcbNp
ACVaDML0nXspjIO/2Nsh52JMlprsFIlPISuMMSFjPpefmx6ty6BTv3/N2/od9gs/UUUbpgYR
bvLp2crI2lU47H+q/K9++2TTrGXd5fAsT1wmcglPKuKV7tVVfdF/28/9Ar7NpBXfuVMLP1ba
vAs0dwuTnE0XQXQTlZkxaY1cwswt5qQSbRiNoFxbISf76fHyo0NMO48qSIBVncDGRgaqhP4h
lCQNHrCf7bqYcBaH1sB5TvWHflEDmDcd9uyerlRMdJfwod8hZ6XSGq/brTLvzqCd3OuX4hb1
QDBbf3l8KQ0pINNEQdRD1+kqnPuLJXVE/rTlJip6QZ2Qtd2z74TacdEwMXad10uPocIdN2Is
EteoZhonNnyJGnys3hFUO2YLkAwyvp1I7DPykMSDryTOgxfOIVo2PrrJSmNjAdSOEXQ1UlO4
AgEd3YmfFwwDEtbC2DjiFJ1z8gG72CBuQ1Pd+x0av1RiQTTVbwrtBaPtZjzmR/1AGUD6zxNX
/i0AaCg2vDcxhFK8yKLiNvFwLqoCCOJATVvUmf169C2yLenov0yKG9uYlieqrvbxipQAvzXB
pGXlVGsqCDxsVYsJIt9RXxkhcJLlN3jRIgTSBG/Uv694VRXquZOffvaDBebvgSi52aYOC8/d
fEIGngajpHFIP0ZM6jL8TlZiaqgT7AEPvwRcJUH5hxF/vyEWs7Pw/voFYdTNIy0XNCcrtAHG
6IpLKm+GtWBviFZBcnK10XGLCC0Lt+SbJMaMXF4=
/
The body used dbms_application_info to identify itself by name for debugging and tracing purposes. Feedback is appreciated, and may lead to V1.0 :)