Oracle 10g | Get Windows User Details from Active Directory

Hello guys! 9th December 2014 : Minor update The following exercise will not materialize if you have a middleware sever, as the client information will not be available for your forms. Missed us? :) Recently we were challenged with a very interesting task, and that was to send emails to the requester of a particular activity once after the completion. Usually, we can look into the HR/Payroll enrollments and get the email address for the user without much troubles. Our case was different, our HR/Payroll records are not always up to date and we were forced to capture the Windows login name and get the email addresses straight away from the AD database! As usual, after hours of googling and trying out few scripts, We came up with a tailored script that fetches us the full Name and email address against value derived from

Select sys_context('userenv','os_user') from dual;

query Here, we are sharing the scripts with you Complete credits go to the following few & many others (Our script is a complete rip-off from article)

/* Formatted on 12/9/2014 2:56:10 PM (QP5 v5.163.1008.3004) */
   /*This block commented never worked for us
      -- Adjust as necessary.
      --   l_ldap_host    VARCHAR2(256) := '';
      --  l_ldap_port    VARCHAR2(256) := '389';
      --  l_ldap_user    VARCHAR2(256) := 'cn=orcladmin';
      --  l_ldap_passwd  VARCHAR2(256) := 'password';
      --  l_ldap_base    VARCHAR2(256) := 'cn=Users,dc=tshcomputing,dc=com';
   --Active Directory Component Windows 2008 R2
   l_ldap_host     VARCHAR2 (256)
                      := 'fully qualitifed name of your domain controller'; --eg (
   l_ldap_port     VARCHAR2 (256) := '389';
   l_ldap_user     VARCHAR2 (256) := 'fully qualified user name'; --eg: (make sure paul is a member of Administrators group)
   l_ldap_passwd   VARCHAR2 (256) := 'password'; -- clear text password for user
   l_ldap_base     VARCHAR2 (256) := 'DC=xyz,DC=com';
   -- l_ldap_base     VARCHAR2 (256) := 'OU=GEN Managers,DC=xyz,DC=com'; --Restrict the query to a particular OU within AD
   --AD 2008 R2
   l_retval        PLS_INTEGER;
   l_session       DBMS_LDAP.session;
   l_attrs         DBMS_LDAP.string_collection;
   l_message       DBMS_LDAP.MESSAGE;
   l_entry         DBMS_LDAP.MESSAGE;
   l_attr_name     VARCHAR2 (256);
   l_ber_element   DBMS_LDAP.ber_element;
   l_vals          DBMS_LDAP.string_collection;
   -- Choose to raise exceptions.
   -- Connect to the LDAP server.
   l_session := DBMS_LDAP.init (hostname => l_ldap_host, portnum => l_ldap_port);
   l_retval :=
      DBMS_LDAP.simple_bind_s (ld       => l_session,
                               dn       => l_ldap_user,
                               passwd   => l_ldap_passwd);
   -- l_attrs(1) := '*'; -- Get all attributes(Complete AD details will be read, use carefully)
   l_attrs (1) := 'mail';
   l_attrs (2) := 'displayName';
   --Common Attributes you can pass to the AD query
   --  l_attrs(1)  := 'sAMAccountName';
   --   l_attrs(2)  := 'employeeNumber';
   --    l_attrs(3)  := 'displayName';
   --    l_attrs(4)  := 'description';
   --    l_attrs(5)  := 'telephoneNumber';
   --    l_attrs(6)  := 'facsimileTelephoneNumber';
   --   l_attrs(7)  := 'department';
   --   l_attrs(8)  := 'company';
   --    l_attrs(9)  := 'employeeID';
   --   l_attrs(10) := 'streetAddress';
   --   l_attrs(11) := 'mail';
   --   l_attrs(12) := 'c';
   --  l_attrs(13) := 'l';
   --   l_attrs(14) := 'postalCode';
   -- retrieve all attributes
   l_retval :=
      DBMS_LDAP.search_s (ld         => l_session,
                          base       => l_ldap_base,
                          scope      => DBMS_LDAP.SCOPE_SUBTREE,
                          --          filter   => 'objectclass=*', --All the objects will be read
                          filter     => 'sAMAccountName=paul', --Record for User with windows login account as "Paul" will be fetched
                          attrs      => l_attrs,
                          attronly   => 0,
                          res        => l_message);
   IF DBMS_LDAP.count_entries (ld => l_session, msg => l_message) > 0
      -- Get all the entries returned by our search.
      l_entry := DBMS_LDAP.first_entry (ld => l_session, msg => l_message);
      WHILE l_entry IS NOT NULL
         -- Get all the attributes for this entry.
         DBMS_OUTPUT.PUT_LINE ('---------------------------------------');
         l_attr_name :=
            DBMS_LDAP.first_attribute (ld          => l_session,
                                       ldapentry   => l_entry,
                                       ber_elem    => l_ber_element);
         WHILE l_attr_name IS NOT NULL
            -- Get all the values for this attribute.
            l_vals :=
               DBMS_LDAP.get_values (ld          => l_session,
                                     ldapentry   => l_entry,
                                     attr        => l_attr_name);
            FOR i IN l_vals.FIRST .. l_vals.LAST
               DBMS_OUTPUT.PUT_LINE (
                     'ATTIBUTE_NAME: '
                  || l_attr_name
                  || ' = '
                  || SUBSTR (l_vals (i), 1, 200));
            END LOOP values_loop;
            l_attr_name :=
               DBMS_LDAP.next_attribute (ld          => l_session,
                                         ldapentry   => l_entry,
                                         ber_elem    => l_ber_element);
         END LOOP attibutes_loop;
         l_entry := DBMS_LDAP.next_entry (ld => l_session, msg => l_entry);
      END LOOP entry_loop;
   END IF;
   -- Disconnect from the LDAP server.
   l_retval := DBMS_LDAP.unbind_s (ld => l_session);
   DBMS_OUTPUT.PUT_LINE ('L_RETVAL: ' || l_retval);

Try it & let us know the experiences! regards,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.