Aimstar

AIMSTAR Blog

Configuring LDAP Authentication for Oracle APEX Workspaces

Posted by Theodore Williams on Sep 13, 2017 2:20:00 PM

Configuring LDAP Authentication for Oracle APEX Workspaces

Configuring_APEX_LDAP_Authentication.png

Before APEX 5, APEX workspace administrators and developers had to remember local passwords for each APEX workspace.  This could result in several passwords to remember and become a real problem.  APEX 5 made it possible to use LDAP authentication for APEX workspaces thereby reducing the number of passwords needed.  The administrator or developer only needs to remember his or her LDAP password.  This article details configuring APEX for LDAP workspace authentication.


Relevant Topics: Oracle DBAOracle APEX Development, Oracle Rest Data Services (ORDS), Oracle Support, Oracle Database Development

Note1:  Changing the authentication method to LDAP could make APEX inaccessible if there is a problem.  If there is an issue with changing to LDAP authentication, do the following to change the authentication back to the default:

 Log in to SQLPLUS or another SQL client as the sys.

 Change to the APEX schema by executing:

 ALTER SESSION SET CURRENT_SCHEMA = APEX_050000;

 Run the procedure 

 begin

     apex_instance_admin.set_parameter('APEX_BUILDER_AUTHENTICATION','APEX');

end;

/

commit;

 You should now be able to log in as the APEX Instance Administrator as before changing the authentication scheme.

 

Note2: You must also select an LDAP user who will have APEX administrative privileges for the instance.  For example, you may have admin as the APEX administrative user.  But there may not be an admin user in your LDAP installation – at least not one that you want to use as an APEX administrator.  Therefore, you must select and configure one or more LDAP users to serve as the APEX administrator(s).

 

  1. Log into the APEX administration page.

This can be done from either.

https://<server>:<port>/ords/

with “internal” as the workspace.

 

APEX_internal_login.png 

 

or

 

https://<server>:<port>/ords/apex_admin/

 

 APEX_admin_login.png

 

 

  1. The Instance Administration page displays.

 

admin_home_page.png

 

  1. Select Manage Instance --> Security

 

manage_instance_security.png

 

  1. The Security page displays.

 

authentication_control.png

 

Select the Authentication Control tab. 

Go to the “Development Environment Authentication Schemes” section.

Select the edit icon next to the LDAP Directory option.

 

  1. The Edit Authentication Scheme screen displays.

 

edit_scheme.png

 

Enter the LDAP parameters for your installation.  For example:

 

Host: forge.database.local

Port: The default port for Non-SSL is 389.  Enter the correct port here if you are using SSL or another port.

Distinguished Name (DN) String: ou=people,dc=database,dc=local

Use Exact Distinguished Name (DN): No

Search Filter cd=%LDAP_USER%

 

Click Apply Changes.

 

Select the edit icon next to the LDAP Directory option.

 

Select Make Current Scheme.

 

  1. A confirmation screen displays informing the user to use the script:

 apex_instance_admin.set_parameter('APEX_BUILDER_AUTHENTICATION','APEX');

if there is an issue with changing the authentication scheme.  This was discussed above.

 

change_scheme_confirmation.png

 

Select OK.

 

  1. The screen indicates that the LDAP scheme is now the current authentication scheme.

 

 ldap_schemme_current.png

 

  1. Create a user to serve as the instance administrator. This user must correspond to an LDAP user.  Select Manage Workspaces --> Manage Developers and Users.

 

select_manage_developers_and_users.png 

 

  1. The Manage Application Developers and Users screen displays.

 

apex_users.png

 

Select Create User.

 

  1. The Create/Edit User screen displays

  create_apexldap_user.png

 

The following assumes that there is an LDAP user called “apexldap”.

 

Enter:

 

Username: apexldap

Email Address: <email address>

Workspace: INTERNAL (110)

Default Schema: APEX_050000

 

Passwords are not needed since the LDAP password will be used to log in.

 

Click Create User.

 

  1. The screen indicates that the new APEX Instance Administrator has been created.

 

APEX_LDAP_user_created.png

 

  1. Create any other needed APEX users. The new and any existing users should correspond to LDAP users.

 

  1. APEX is now configured to use the LDAP directory. The users can log in with their password.  The APEX Instance Administrator created above now administer the instance.

 

apexldap_login.png

 

  1. This screen shows that the new APEX Instance Administrator has successfully logged in using LDAP.

 

 apexldap_admin_user_logged_in.png

 


WebLogic-APEX-Oracle Checklist

 

Topics: Oracle DBA, Oracle APEX, Oracle database development, Oracle Database Administration, Oracle Support

Oracle APEX Configuration White Paper

Get detailed information on integrating WebLogic, APEX, and Oracle Rest Data Services

Oracle APEX allows rapid development of database applications utilizing the Oracle database.  Oracle WebLogic may be used as the web server for Oracle APEX applications by utilizing Oracle REST Data Services (ORDS), formerly named the APEX Listener.  This white paper details the steps needed to set up an Oracle APEX environment using Oracle Rest Data Services (ORDS) on Oracle WebLogic.

Please click the button below to get detailed information on:

  • Installing APEX
  • Configuring WebLogic
  • Securing WebLogic
  • Installing ORDS
  • Configuring APEX for LDAP Authentication

 Download This Free White Paper

Subscribe to Email Updates

Recent Posts