Thursday, January 15, 2009

Validate Userid and password against LDAP directories Using PeopleCode

Following peoplecode is tested in 8.48.16 and assuming that you are using Oracle Wallet and LDAP libraries for connecting to ldap server. (Tested on HP*UX 11.11 server). It also assumes you have LDAP Port, Server name, Default Connect DN defined in PeopleTools -> Security -> Directory ->  Directory Configuration. LDAPS Port is optional but highly recommended. This can be used in following scenarios.

You are logged in PeopleSoft with generic id and you need to validate user's password against ldap directory. Or you want to see  programmatically if the user exist in LDAP with a valid password.

 

Create this as Class to Application Package: XX_UTILS

class LDAP
method ValidatePassword(&userid As string, &pwd As string, &directory_id As string) Returns boolean;
end-class;

method ValidatePassword
/+ &userid as String, +/
/+ &pwd as String, +/
/+ &directory_id as String +/
/+ Returns Boolean +/
Local string &defaultDN, &dn, &outDN, &server, &SSL;
Local integer &port, &nonsslport, &sslport, &EXECRSLT, &start, &num_chars, &ret;
Local Interlink &LDAP_BIND;
Local BIDocs &rootInDoc, &rootOutDoc;

SQLExec("select a.DSCNCTDN, b.DSSRVR, b.LDAPPORT, b.ldapsport from PSDSDIR a, PSDSSRVR b where a.DSDIRID = :1 and a.DSDIRID = b.DSDIRID", &directory_id, &defaultDN, &server, &nonsslport, &sslport);
If All(&sslport) Then
&SSL = "YES";
&port = &sslport;
Else
&SSL = "NO";
&port = &nonsslport;
End-If;

If All(&server, &port, &defaultDN) Then

&LDAP_BIND = GetInterlink(Interlink.LDAP_BIND);
&LDAP_BIND.UserID_Attribute_Name = "uid";
&LDAP_BIND.URL = "file://psio_dir.dll";
&LDAP_BIND.BIDocValidating = "Off";
&LDAP_BIND.SSL = &SSL;
REM &LDAP_BIND.SSL_DB = "e:\certs\cert7.db";
&start = 5;
&num_chars = Find(",", &defaultDN) - &start;
&dn = Replace(&defaultDN, &start, &num_chars, &userid);
&rootInDoc = &LDAP_BIND.GetInputDocs("");
&ret = &rootInDoc.AddValue("Server", &server);
&ret = &rootInDoc.AddValue("Port", &port);
&ret = &rootInDoc.AddValue("Distinguished_Name", &dn);
&ret = &rootInDoc.AddValue("User_Password", &pwd);
&ret = &rootInDoc.AddValue("Encrypted", "NO");

&EXECRSLT = &LDAP_BIND.Execute();
If (&EXECRSLT = 1) Then
&rootOutDoc = &LDAP_BIND.GetOutputDocs("");
&ret = &rootOutDoc.GetValue("Distinguished_Name", &outDN);
If &outDN = &dn Then
Return True;
End-If;
End-If;
End-If;

Return False;
end-method;

Sample
code to call the function.

import XX_UTILS:LDAP;

Local XX_UTILS:LDAP &ldap = create XX_UTILS:LDAP();
Local boolean &return;

&userid
= "userid"
&pwd = "xxxx";
&directory_id
= "LDAP";
&return = &ldap.ValidatePassword(&userid, &pswd, &directory_id);
If &return Then
/* success */
else
/* failure */
end-if;

3 comments:

Unknown said...

Hi,

Really a great news. Oracle announced Tools release on their blog.

I was going thru some of the sites and found new Web 2.0 interfaces. Actually if you see the new Tools look (www.itwisesolutions.com/PsftTools85.html), its obvious that Java and Web technologies will be cool.

Lets hope when Fusion comes in market fullfledgly....

-Larry

Anand said...

Hi Ketan,
Please provide your email address so that I can contact you.

Need your help urgentaly.

Regards,
PeopleSoftNet.com team

PE said...

Thanks for sharing.

I had a question.
Is it possible to direct a person to a different component based on that persons role.

What kind of changes are require on the sign on people code ?