甲骨文公司Active Directory：爱恨交织的关系

发布于 2024-08-27 04:40:10 字数 1550 浏览 3 评论 0原文

我目前正在尝试通过 Pl/Sql (Oracle) 中的 dbms_ldap API 访问 Active Directory。问题是我无法使用自己的用户名和密码或任何方式连接。

但是，在 C# 中，我可以使用以下代码匿名连接：

DirectoryEntry ldap = new DirectoryEntry("LDAP://Hostname");
DirectorySearcher searcher = new DirectorySearcher(ldap);
searcher.Filter = "(SAMAccountName=username)";
SearchResult result = searcher.FindOne();

如果我尝试在 Oracle 中匿名连接，当我尝试搜索（以及绑定的结果代码）时，我只会收到错误（ORA-31202：LDAP 客户端/服务器错误）是成功）...

my_session := dbms_ldap.init('HOST','389');
retval := dbms_ldap.simple_bind_s(my_session, '', '');
retval := dbms_ldap.search_s(my_session, ldap_base,  dbms_ldap.scope_subtree, 'objectclass=*', my_attrs, 0, my_message);

为什么匿名连接在 C# 中有效，但在 Pl/Sql 中不起作用？您还有其他通过 Oracle 连接到 Active Directory 的想法吗？

帮我让他们重新团聚。
谢谢。

编辑 1
当我使用匿名凭据绑定时，我得到：

ORA-31202: DBMS_LDAP: LDAP 客户端/服务器错误
00000000：LdapErr：DSID-0C090627，注释：为了执行此操作，必须在 >connection
上完成成功的绑定

并且如果我尝试使用我的凭据进行连接，这些凭据应该是有效的，因为我已连接到域有了它......我得到：

ORA-31202: DBMS_LDAP: LDAP 客户端/服务器错误凭据无效
80090308：Ldap错误：DSID-0C090334，评论：AcceptSecurityContext 错误

Active Directory 是否可能不允许此类外部 LDAP 操作？

编辑2
在 C# 中查看“结果”变量，我得到“路径”属性的值：
LDAP://SERVER_OR_DOMAIN/CN=LAST_NAME\,FIRST_NAME,OU=OU1,OU=OU2,OU=OU3,OU=OU4,DC=SERVER_NAME,DC=EXT1,DC=EXT2

也许有了这些信息你可以帮助我解决问题，AD 可能不允许匿名连接。知道了“Path”属性，“ldap_base”、“ldap_user”和“ldap_passwd”是什么？

原文

I'm currently trying to access Active Directory via the dbms_ldap API in Pl/Sql (Oracle). The trouble is that I'm not able to connect with my own username and password or anynoymously.

However, in C# I can connect anonymously with this code :

DirectoryEntry ldap = new DirectoryEntry("LDAP://Hostname");
DirectorySearcher searcher = new DirectorySearcher(ldap);
searcher.Filter = "(SAMAccountName=username)";
SearchResult result = searcher.FindOne();

If I try to connect anonymously in Oracle, I only get the error(ORA-31202 : LDAP client/server error) when I try to search (and the result code for the bind is SUCCESS)...

my_session := dbms_ldap.init('HOST','389');
retval := dbms_ldap.simple_bind_s(my_session, '', '');
retval := dbms_ldap.search_s(my_session, ldap_base,  dbms_ldap.scope_subtree, 'objectclass=*', my_attrs, 0, my_message);

Why is the anonymous connection is C# works but doesn't work in Pl/Sql? Do you have any other idea to connect to Active Directory via Oracle?

Help me reunite them together.

Thanks.

Edit 1
When I bind with anonymous credentials I get :

ORA-31202: DBMS_LDAP: LDAP client/server error
00000000: LdapErr: DSID-0C090627,
comment: In order to perform this operation a successful bind must be completed on the >connection

And if I try to connect with my credentials, which are supposed to be valid since I'm connected to the domain with it... I get :

ORA-31202: DBMS_LDAP: LDAP client/server error
Invalid credentials
80090308: LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error

Could it be possible that the Active Directory doesn't allow external LDAP actions like these ones?

Edit 2
Taking a look at the 'result' variable, in C#, I get this value for the 'Path' property :
LDAP://SERVER_OR_DOMAIN/CN=LAST_NAME\,FIRST_NAME,OU=OU1,OU=OU2,OU=OU3,OU=OU4,DC=SERVER_NAME,DC=EXT1,DC=EXT2

Maybe with these info you can help me solve the issue, it might be possible that the AD doesn't allow anonymous connection. Knowing the 'Path' propery, what would be the 'ldap_base', 'ldap_user' and 'ldap_passwd'?

分享到QQ

分享到微博