How to setup authentication for different user groups using APEX and LDAP

  • From: De DBA <dedba@xxxxxxxxxx>
  • To: "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
  • Date: Thu, 14 Jul 2011 21:33:03 +1000


The environment is APEX in Oracle 10g (Express initially), and Centos Directory 
Server 8.1.

One of our Apex developers is trying to use LDAP to authenticate users to his 
application. The complication here is that there are two distinct user groups. One group 
is the company staff, whereas the other group can contain students, customers, staff and 
selected members of the public. All users will have records in the same directory server, 
although not in the same branch of the directory tree. Group 1 (staff) has 
"administrator" privileges, that is access to all parts of the application. 
Group 2 can only log in to fill out specially customised forms.

The method proposed to get about this is to attempt to authenticate the user as 
a staff member first, then to attempt authentication as a member of group 2 and 
fail if not succeed. For this, it is proposed to use two RDNs, say ou=ourPeople 
and ou=otherPeople, and do a search/bind with either of them as the base DN in 

I am thinking that this is not particularly flexible and perhaps there are better 
solutions out there. If, for instance, in the future management decides that we need a 
third group, say ou=theOtherMob, then the authentication code will have to be changed. I 
have tried to find examples or "best practices" online, but found nothing. If 
you have thoughts or have come across examples on how to set this up, can you please 
share them?



Other related posts: