Introduction
Application Overview
Software Requirements
Terminology
Configuring the Application
Deploying and Running the Application
Sample Application Files
Additional References

Introduction

• Prerequisite
  
  
• Technical Overview

Prerequisite

• Programming in PLSQL
  
  
• LDAP: Lightweight Directory Access Protocol

Technical Overview

LDAP is a standard, extensible directory access protocol. It is a common language that LDAP clients and servers use to communicate.

Identity management is the process by which the complete security life cycle for end-users and network entities is managed for an organization. A sound identity management strategy can reduce costs, speed up application deployments, and improve the user experience while enhancing application security.

Oracle Identity Management is an integrated, scalable and robust identity management infrastructure. A central component of Oracle Platform Security, Oracle Identity Management includes an LDAP V3 directory service, directory synchronization service, identity provisioning service, delegated administration service, authentication and authorization services, and an X.509 V3 certificate authority. Key benefits of Oracle Identity Management are its robustness and scalability, out-of-the-box deployment support for Oracle products, utility as a single point of integration for other enterprise identity management solutions, and open, standards-based implementation.

Oracle Identity Management includes the following components:

• Oracle Internet Directory: A scalable, robust LDAP V3-compliant directory service implemented on the Oracle Database.
• Oracle Directory Synchronization Service: Permits synchronization between Oracle Internet Directory and other directories and user repositories.
• Oracle Provisioning Integration Service: Provides automatic provisioning services for Oracle products, components and applications and, through standard interfaces, third-party applications.
• Oracle Delegated Administration Service: Provides trusted proxy-based administration of directory information by users and application administrators.
• Oracle Application Server Single Sign-On: Provides single sign-on to J2EE, Web and legacy applications. It also interoperates with 3rd party access management systems.
• Oracle Application Server Certificate Authority: This is a new component with Oracle Application Server 10g, which generates and publishes X.509 v3 PKI certificates to support strong authentication methods and digital signatures.

Application Overview

This sample scripts in this sample illustrates the usage of DBMS_LDAP package (an LDAP PLSQL API for performing various LDAP operations on a directory server). An LDAP search operation is performed to look up and retrieve data from an LDAP directory server. Primarily, three different functions are demonstrated within this sample

• PL/SQL code required to establish SSL connection to an LDAP server using DBMS_LDAP package
• Usage of functions in DBMS_LDAP package to add a LDAP entry in the LDAP server
• PL/SQL code required to perform a typical search against an LDAP server
  

Software Requirements

Following is the list of software's required for configuring and running this sample application.

• Oracle Database 8i (or above) to run all of the demo scripts except "blob.sql"
• Oracle Database 10g Release 1(Patch set 10.1.0.4 or above) to run the demo script "blob.sql"
• LDAP Based Directory Server. For example, Oracle Internet Directory

Terminology

Term	Definition
<ORACLE_HOME>	Directory where Oracle database is installed. For example. D:\oracle
<SAMPLE_HOME>	The directory where the sample application is extracted.

Configuring the Application

• Unzip the provided dbms_ldap_demo.zip. This creates dbms_ldap_demo directory with all the source files. We will refer to this directory as <SAMPLE_HOME>.
• To create the sample LDAP entries, execute the following command against the provided sample.ldif. This creates an appropriate LDIF file with default containers substituted.

  <ORACLE_HOME>/bin/ldifmigrator input_file=<SAMPLE_HOME>/sample.ldif output_file=<SAMPLE_HOME>/sample_out.ldif –lookup dn="cn=orcladmin" password=<password> port=<port> host=<host>

  where,
  

  <host>	=	hostname of the machine where OID is running
  <port>	=	port on the host machine on which the OID server is listening
  <password>	=	admin password to OID server

  
  
• Once the sample_out.ldif is created, you can upload the entries using the following command

  <ORACLE_HOME>/bin/ldapmodify –h <host> -p <port> -D "cn=orcladmin" –w <password> -f <SAMPLE_HOME>/sample_out.ldif
  

Deploying and Running the Application

This section describes the steps required in deploying this application to OID using a database client like SQL*Plus.

• Edit the four scripts namely search.sql, modify.sql, blob.sql, and sslbind.sql located under the directory <SAMPLE_HOME> in your favorite text editor. Customize the scripts by change the variables appropriately as mentioned in the scripts.
• Run the scripts by executing the following commands in SQL*Plus:
  • LDAP search demo script

    SQL> @<SAMPLE_HOME>\search.sql

  • LDAP modify demo script

    SQL> @<SAMPLE_HOME>\modify.sql

  • LDAP modify demo script to upload large binary attribute values

    SQL> @<SAMPLE_HOME>\blob.sql

  • Demo script to establish SSL connection to LDAP server

    SQL> @<SAMPLE_HOME>\sslbind.sql

Sample Application Files 

This section provides a tabular listing of the sample application files, along with their respective directory locations and a description of what they do in the overall scheme of the application.

Directory	File	Description
<SAMPLE_HOME>\doc	Readme.html	This file
<SAMPLE_HOME>	search.sql	This SQL demo script performs an LDAP search operation on a LDAP directory server
<SAMPLE_HOME>	modify.sql	This SQL demo script performs an LDAP modify operation on an LDAP directory server
<SAMPLE_HOME>	blob.sql	This SQL demo script performs an LDAP modify operation to upload a sample jpeg file as a binary attribute value to a user entry in a LDAP directory server
<SAMPLE_HOME>	sample.jpg	This is a sample jpeg file used by scripts in this demo to upload it to a user entry in LDAP directory server.
<SAMPLE_HOME>	sslbind.sql	This SQL demo script establishes an SSL connection to a LDAP directory server
<SAMPLE_HOME>	sample.ldif	This file contains sample data used by the demo scripts
<SAMPLE_HOME>	delete_sample.ldif	This file contains list of sample entries created by the sample.ldif and is used to clean all the sample data from the LDAP server

Additional References 

• Oracle Identity Management - Home Page
• Oracle Internet Directory Samples
  
  

Please enter your comments about this sample application here.