【发布时间】:2017-08-01 10:03:46
【问题描述】:
我需要访问 LDAP 服务器以获取用户详细信息,为此我有以下代码,但它会引发以下无效凭据错误。虽然凭据绝对正确,但我也通过应用其他用户的凭据进行了验证,如果我缺少连接到 LDAP 服务器的内容,请指导我?
ORA-31202:DBMS_LDAP:LDAP 客户端/服务器错误:凭据无效。 80090308:LdapErr:DSID-0C0903A8,注释:AcceptSecurityContext 错误,数据 52e,v1db1
这是我访问 LDAP 服务器的代码:
create or replace PROCEDURE Refresh_ActiveDirectory
IS
l_ldap_host VARCHAR2(256) := '10.133.10.22';
l_ldap_port VARCHAR2(256) := '389'; --Default
l_ldap_user VARCHAR2(256) := 'abl.com.pk\username';
l_ldap_passwd VARCHAR2(256) := 'password';
l_ldap_base VARCHAR2(256) := 'OU=Central-I,dc=abl,dc=com, dc=pk';
display_name VARCHAR2(255);
initials VARCHAR2(255);
samaccountname VARCHAR2(255);
email VARCHAR2(255);
department VARCHAR2(255);
grade VARCHAR2(255);
l_retval PLS_INTEGER;
l_session DBMS_LDAP.session;
l_attrs DBMS_LDAP.string_collection;
l_message DBMS_LDAP.MESSAGE;
l_entry DBMS_LDAP.MESSAGE;
l_attr_name VARCHAR2(256);
l_ber_element DBMS_LDAP.ber_element;
l_vals DBMS_LDAP.string_collection;
BEGIN
EXECUTE IMMEDIATE 'TRUNCATE TABLE ACTIVEDIRECTORY_12_MAR_17';
-- Choose to raise exceptions.
DBMS_LDAP.USE_EXCEPTION := TRUE;
-- Connect to the LDAP server.
l_session := DBMS_LDAP.init(hostname => l_ldap_host, portnum => l_ldap_port);
l_retval := DBMS_LDAP.simple_bind_s(ld => l_session, dn => l_ldap_user, passwd => l_ldap_passwd);
-- Get all attributes
--l_attrs(1) := 'displayName';
-- l_attrs(2) := 'initials';
--l_attrs(3) := 'mailNickName';
l_attrs(1) := 'displayName';
l_attrs(2) := 'initials';
l_attrs(3) := 'samaccountname';
l_attrs(3) := ' e-mail';
l_attrs(3) := 'department';
l_attrs(3) := 'department';
l_retval := DBMS_LDAP.search_s(ld => l_session, base => l_ldap_base, scope => DBMS_LDAP.SCOPE_SUBTREE, filter => '(&(&(objectclass=user) (!(physicaldeliveryofficename=no phone)))(!(useraccountcontrol=514)))', attrs => l_attrs, attronly => 0, res => l_message);
IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
-- Get all the entries returned by our search.
l_entry := DBMS_LDAP.first_entry(ld => l_session, msg => l_message);
<< entry_loop >>
WHILE l_entry IS NOT NULL
LOOP
-- Get all the attributes for this entry.
l_attr_name := DBMS_LDAP.first_attribute(ld => l_session, ldapentry => l_entry, ber_elem => l_ber_element);
--Clear variables
/*dispname := NULL;
initials := NULL;
mailnickname := NULL;*/
display_name := NULL;
initials := NULL;
samaccountname := NULL;
email := NULL;
department := NULL;
grade := NULL;
WHILE l_attr_name IS NOT NULL
LOOP
-- Get all the values for this attribute.
l_vals := DBMS_LDAP.get_values (ld => l_session, ldapentry => l_entry, attr => l_attr_name);
FOR i IN l_vals.FIRST .. l_vals.LAST
LOOP
IF l_attr_name = 'displayName' THEN
display_name := SUBSTR(l_vals(i),1,200);
ELSIF l_attr_name = 'initials' THEN
initials := SUBSTR(l_vals(i),1,200);
ELSIF l_attr_name = 'samaccountname' THEN
samaccountname := SUBSTR(l_vals(i),1,200);
ELSIF l_attr_name = 'e-mail' THEN
email := SUBSTR(l_vals(i),1,200);
ELSIF l_attr_name = 'department' THEN
department := SUBSTR(l_vals(i),1,200);
ELSIF l_attr_name = 'department' THEN
grade := SUBSTR(l_vals(i),1,200);
END IF ;
END LOOP values_loop;
l_attr_name := DBMS_LDAP.next_attribute(ld => l_session, ldapentry => l_entry, ber_elem => l_ber_element);
END LOOP attibutes_loop;
INSERT
INTO ACTIVEDIRECTORY_12_MAR_17
(
STAFF_ID,
FULL_NAME,
USER_ID,
EMAIL_ID,
DEPARTMENT,
GRADE
)
VALUES
(
initials,
display_name,
samaccountname,
email,
department,
grade
);
l_entry := DBMS_LDAP.next_entry(ld => l_session, msg => l_entry);
END LOOP entry_loop;
END IF;
-- Disconnect from the LDAP server.
l_retval := DBMS_LDAP.unbind_s(ld => l_session);
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
WHEN OTHERS THEN
ROLLBACK;
ERROR_LOGGER ('Refresh_ActiveDirectory', 'Refresh_ActiveDirectory', '', SQLCODE, substr(SQLERRM, 1, 500));
--Delete non-person users
END;
【问题讨论】:
-
请向我们展示您引发错误的代码。声明变量不会引发此类错误。
-
请看修改后的代码