APEXblog.nl - Tips and Tricks

About This Blog:
I (Richard Weug) started this blog primary for myself to save all kinds of Apex tips and tricks in one place. To use it as a place to write down how I used some coding in my own projects, but also to copy and paste all kinds of articles I find on the Internet. (So I never have to wonder on what website did I read about??? When I see something interesting I collect the content so I have my own archive/knowlegde base.

View my profile on LinkedIn




APEX_LDAP.AUTHENTICATE fails authentication

Written by Richard Weug. Posted in Apex

APEX_LDAP.AUTHENTICATE fails authentication for user names with high ASCII characters after upgrade to APEX 4.2.1

Environment: Application Express, Oracle Database, Microsoft Active Directory

Ok, this is a weird problem… We use a custom authentication function to validate and authenticate our application users against MS Active Directory. This custom function uses APEX_LDAP.AUTHENTICATE, which is actually some kind of wrapper around DBMS_LDAP.

After the upgrade from APEX 4.1.1 to 4.2.1, one of our users couldn’t log in any more. I double checked and his user name and password were correct. He could log in without any problems to the Windows domain. And he had used APEX before the upgrade, I saw that in the application logs.

It took some time to find out what the real problem was… Apparently, the user has a French character in his last name (e accent or “é”) and this caused the APEX_LDAP.AUTHENTICATE to fail and return false! When we replaced the French “é” by a low ASCII “e”, he could log in again…

I’m currently working with Oracle support on this. They must have changed something in APEX_LDAP.AUTHENTICATE that’s causing this behaviour… The strange thing is, DBMS_LDAP still works fine!! Based on feedback from Oracle support, I already tried to escape the user name using the function APEX_ESCAPE.LDAP_DN, but this didn’t help…

Below some examples.

This doesn’t work any more (it prints “not ok”):

p_username =>'TEST AIMÉ',
p_password => 'Abcd4567',
p_search_base => 'OU=Persons,OU=Users,OU=Belgium,OU=Domain Users,DC=be,DC=mydomain,DC=com',
p_host => 'dc.be.mydomain.com',
p_port => 389) then
dbms_output.put_line('not ok');
end if;

But this still works (it prints “User authenticated!”):

    vSession DBMS_LDAP.session;
    vResult  PLS_INTEGER;
    DBMS_LDAP.use_exception := TRUE;
    vSession := DBMS_LDAP.init
                  ( hostname => 'dc.be.mydomain.com'
                  , portnum  => 389
    vResult  := DBMS_LDAP.simple_bind_s
                  ( ld     => vSession
                  , dn     => 'CN=TEST AIMÉ,OU=Persons,OU=Users,OU=Belgium,OU=Domain Users,DC=be,DC=mydomain,DC=com'
                  , passwd => 'Abcd4567'
    DBMS_Output.put_line('User authenticated!');
    vResult  := DBMS_LDAP.unbind_s(vSession);

Weird, isn’t it??


Link to original article: http://matthiashoys.wordpress.com/2013/04/09/apex_ldap-authenticate-fails-authentication-for-user-names-with-high-ascii-characters-after-upgrade-to-apex-4-2-1