Skip to Main Content
  • Questions

  • dbms_ldap.simple_bind_s doesn't work with exclamation point

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Duane.

Asked: December 22, 2015 - 7:55 pm UTC

Last updated: December 29, 2015 - 12:01 am UTC

Version: Oracle 11gR2

Viewed 10K+ times! This question is

You Asked

Hey Guys. I need some help here.

I have a student who has a password that contains an exclamation point "!" and the procedure I have provide below will not authenticate the student. If the exclamation point "!" is swapped out for a pound sign “#” then the authentication works. We use Microsoft Active Directory.

I can't ask students to not create passwords without using an exclamation point "!" so is there any way around this?

Password = Thismustwork# = Works every time

Change that to Password = NoWork! = fails every time



procedure Authenticate (SSOID    in  varchar2 default null,
                        Password in  varchar2 default null) is

ReturnValue pls_integer  default -1;
LDAPPort    number       default 3268;
LDAPHost    varchar2(20) default 'ldap.xxxx.edu';
LDAPSession dbms_ldap.session;

dbms_ldap.use_exception := true;
LDAPSession := dbms_ldap.init(LDAPHost, LDAPPort);
ReturnValue := dbms_ldap.simple_bind_s(LDAPSession, SSOID, Password);

exception
  when others
    then
      null;
        
end;

and Connor said...

Hi Duane,

I couldnt reproduce the problem on my system here. I did this on 12c (I dont have any 11.2 instances that can readily talk to an LDAP server currently). Does the plsql block below work for you (once edited for your site) ?


declare
  p_username    varchar2(30) := 'xxxxx';
  p_password    varchar2(30) := 'xxxxx!';
  l_user        varchar2(256);
  l_ldap_server varchar2(256) := 'xxxxx.abc123.com.au';
  l_domain      varchar2(256) := 'abc123.com.au';
  l_ldap_port   number      := 999;
  l_retval      pls_integer;
  l_session     dbms_ldap.session;
  l_cnt         number;
begin
  l_user      := p_username||'@'||l_domain;
  l_session   := dbms_ldap.init( l_ldap_server, l_ldap_port ); 
  l_retval    := dbms_ldap.simple_bind_s( l_session, l_user, p_password );
  l_retval    := dbms_ldap.unbind_s( l_session );
  dbms_output.put_line('OK');
exception when others then
  l_retval := dbms_ldap.unbind_s( l_session );
  dbms_output.put_line('FAIL');
end;
/
OK

PL/SQL procedure successfully completed.


(Thanks to my buddy GCW for the ldap assistance)

Rating

  (2 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Duane Nettles, December 23, 2015 - 11:34 pm UTC

I used the code that you provided and created that procedure on a 12c box and it still didn't work. I swapped out your LDAP server, domain and port to what we are using.

Same situation as I mentioned. My password contains a pound "#' and it works for me. The student has a password that contains an exclamation point "!" and it fails.

It just doesn't like that exclamation point "!" for some reason.

I'll reach out to our security team to see what they have to say. Very odd.

Error:
ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials. 80090308: LdapErr: DSID-0C0903CF, comment: AcceptSecurityContext error, data 52e, v2580
Connor McDonald
December 24, 2015 - 2:06 am UTC

Perhaps worth a logging call to Support as well. I didnt find anything on note on MOS.

Duane Nettles, December 28, 2015 - 10:18 pm UTC

There was nothing wrong with my code. I found out that students can have two accounts. One for Office 365 (Outlook Mail) and one for PeopleSoft/Blackboard. The student was using their Office 365 account when trying to authenticate.

The student needed to be using their PeopleSoft/Blackboard account which is tied to the AD domain.
Connor McDonald
December 29, 2015 - 12:01 am UTC

Teach the students about the PEBKAC acronym :-)
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

PL/SQL demos

Check out more PL/SQL tutorials on our LiveSQL tool.

PL/SQL docs

PL/SQL reference manual from the Oracle documentation library