Search This Blog

Thursday, October 8, 2009

Validate Userid and password against LDAP directories Using PeopleCode


Following peoplecode is tested in 8.48.16 and assuming that you are using Oracle Wallet and LDAP libraries for connecting to ldap server. (Tested on HP*UX 11.11 server). It also assumes you have LDAP Port, Server name, Default Connect DN defined in PeopleTools -> Security -> Directory ->  Directory Configuration. LDAPS Port is optional but highly recommended. This can be used in following scenarios.

You are logged in PeopleSoft with generic id and you need to validate user's password against ldap directory. Or you want to see  programmatically if the user exist in LDAP with a valid password.


Create this as Class to Application Package: XX_UTILS

class LDAP
method ValidatePassword(&userid As string, &pwd As string, &directory_id As string) Returns boolean;
end-class;

method ValidatePassword
/+ &userid as String, +/
/+ &pwd as String, +/
/+ &directory_id as String +/
/+ Returns Boolean +/
Local string &defaultDN, &dn, &outDN, &server, &SSL;
Local integer &port, &nonsslport, &sslport, &EXECRSLT, &start, &num_chars, &ret;
Local Interlink &LDAP_BIND;
Local BIDocs &rootInDoc, &rootOutDoc;


SQLExec("select a.DSCNCTDN, b.DSSRVR, b.LDAPPORT, b.ldapsport from PSDSDIR a, PSDSSRVR b where a.DSDIRID = :1 and a.DSDIRID = b.DSDIRID", &directory_id, &defaultDN, &server, &nonsslport, &sslport);
If All(&sslport) Then
&SSL = "YES";
&port = &sslport;
Else
&SSL = "NO";
&port = &nonsslport;
End-If;


If All(&server, &port, &defaultDN) Then


&LDAP_BIND = GetInterlink(Interlink.LDAP_BIND);
&LDAP_BIND.UserID_Attribute_Name = "uid";
&LDAP_BIND.URL = "file://psio_dir.dll";
&LDAP_BIND.BIDocValidating = "Off";
&LDAP_BIND.SSL = &SSL;
REM &LDAP_BIND.SSL_DB = "e:\certs\cert7.db";
&start = 5;
&num_chars = Find(",", &defaultDN) - &start;
&dn = Replace(&defaultDN, &start, &num_chars, &userid);
&rootInDoc = &LDAP_BIND.GetInputDocs("");
&ret = &rootInDoc.AddValue("Server", &server);
&ret = &rootInDoc.AddValue("Port", &port);
&ret = &rootInDoc.AddValue("Distinguished_Name", &dn);
&ret = &rootInDoc.AddValue("User_Password", &pwd);
&ret = &rootInDoc.AddValue("Encrypted", "NO");


&EXECRSLT = &LDAP_BIND.Execute();
If (&EXECRSLT = 1) Then
&rootOutDoc = &LDAP_BIND.GetOutputDocs("");
&ret = &rootOutDoc.GetValue("Distinguished_Name", &outDN);
If &outDN = &dn Then
Return True;
End-If;
End-If;
End-If;


Return False;
end-method;

Sample code to call the function.

import XX_UTILS:LDAP;

Local XX_UTILS:LDAP &ldap = create XX_UTILS:LDAP();
Local boolean &return;

&userid = "userid"
&pwd = "xxxx";
&directory_id = "LDAP"; 
&return = &ldap.ValidatePassword(&userid, &pswd, &directory_id);
If &return Then
/* success */
else
/* failure */
end-if;


CTY: Ketan Kothari


3 comments:

  1. Hey everybody! I’m new here, but I’m lucky to have found such a cool forum. Thank you for sharing useful advice here.

    ReplyDelete
  2. Hey there! Nice forum! I’ve found so much useful information here.

    ReplyDelete
  3. AnonymousJuly 23, 2011

    I lately came across your website and have been reading a lot of posts of yours. I just thought I'd add a quick comment and let you know that you have got a seriously nice weblog. I'll watch out for updates from you!

    ReplyDelete