I've been able to connect to Active Directory through Oracle using dbms_ldap procedures and even change some attribute values, however we have yet to access the user password and modify that through my Oracle application, which was the entire point of this project. We are able to connect to our ldap server on sundown and modify those passwords, but that is only the authentication for email and network. To be able to log into the domain, authentication goes through Active Directory.
The syncing can only go from Active Directory to ldap on sundown, not the other way, so we really need to find a way to modify the password through Active Directory so all the passwords will be the same (much less for the users to remember and few sticky notes = better security). Plus, the criteria for those passwords are much stronger. Right now, if a user knows their password, they can hit ctl-alt-dlt and change password, but my application should let users reset their password without knowing what it was. This will also help with migration, as we will make people change their password before they can log into the domain and then it will be even more secure and the same everywhere.
It's looking like the problem may be we need SSL cert to be able to access that particular attribute. This is extremely frustrating. Why can't Windows play nice like everyone else?
Hello,
I am setting up an Oracle Forms app to create user accounts/homedir on Active directory. Is the dbms_ldap the one to use and how efficient was it ?
Have the same thing implemented on Lotus Notes and I am trying to do the same with forms.
Hafed
--------------------------------------------------------------
The only way we were able to finally update AD passwords was to run a perl script in cron and take the username/passwords out of a table. Not the greatest, but dbms_ldap wouldn't access the password field in AD. --Summer