Thursday, January 15, 2009

Validate Userid and password against LDAP directories Using PeopleCode

Following peoplecode is tested in 8.48.16 and assuming that you are using Oracle Wallet and LDAP libraries for connecting to ldap server. (Tested on HP*UX 11.11 server). It also assumes you have LDAP Port, Server name, Default Connect DN defined in PeopleTools -> Security -> Directory ->  Directory Configuration. LDAPS Port is optional but highly recommended. This can be used in following scenarios.

You are logged in PeopleSoft with generic id and you need to validate user's password against ldap directory. Or you want to see  programmatically if the user exist in LDAP with a valid password.

 

Create this as Class to Application Package: XX_UTILS

class LDAP
method ValidatePassword(&userid As string, &pwd As string, &directory_id As string) Returns boolean;
end-class;

method ValidatePassword
/+ &userid as String, +/
/+ &pwd as String, +/
/+ &directory_id as String +/
/+ Returns Boolean +/
Local string &defaultDN, &dn, &outDN, &server, &SSL;
Local integer &port, &nonsslport, &sslport, &EXECRSLT, &start, &num_chars, &ret;
Local Interlink &LDAP_BIND;
Local BIDocs &rootInDoc, &rootOutDoc;

SQLExec("select a.DSCNCTDN, b.DSSRVR, b.LDAPPORT, b.ldapsport from PSDSDIR a, PSDSSRVR b where a.DSDIRID = :1 and a.DSDIRID = b.DSDIRID", &directory_id, &defaultDN, &server, &nonsslport, &sslport);
If All(&sslport) Then
&SSL = "YES";
&port = &sslport;
Else
&SSL = "NO";
&port = &nonsslport;
End-If;

If All(&server, &port, &defaultDN) Then

&LDAP_BIND = GetInterlink(Interlink.LDAP_BIND);
&LDAP_BIND.UserID_Attribute_Name = "uid";
&LDAP_BIND.URL = "file://psio_dir.dll";
&LDAP_BIND.BIDocValidating = "Off";
&LDAP_BIND.SSL = &SSL;
REM &LDAP_BIND.SSL_DB = "e:\certs\cert7.db";
&start = 5;
&num_chars = Find(",", &defaultDN) - &start;
&dn = Replace(&defaultDN, &start, &num_chars, &userid);
&rootInDoc = &LDAP_BIND.GetInputDocs("");
&ret = &rootInDoc.AddValue("Server", &server);
&ret = &rootInDoc.AddValue("Port", &port);
&ret = &rootInDoc.AddValue("Distinguished_Name", &dn);
&ret = &rootInDoc.AddValue("User_Password", &pwd);
&ret = &rootInDoc.AddValue("Encrypted", "NO");

&EXECRSLT = &LDAP_BIND.Execute();
If (&EXECRSLT = 1) Then
&rootOutDoc = &LDAP_BIND.GetOutputDocs("");
&ret = &rootOutDoc.GetValue("Distinguished_Name", &outDN);
If &outDN = &dn Then
Return True;
End-If;
End-If;
End-If;

Return False;
end-method;

Sample
code to call the function.

import XX_UTILS:LDAP;

Local XX_UTILS:LDAP &ldap = create XX_UTILS:LDAP();
Local boolean &return;

&userid
= "userid"
&pwd = "xxxx";
&directory_id
= "LDAP";
&return = &ldap.ValidatePassword(&userid, &pswd, &directory_id);
If &return Then
/* success */
else
/* failure */
end-if;