我编写了以下函数来使用LDAP检索数据。
FUNCTION get_user_data (p_string_dig VARCHAR2)
RETURN attr_tab_type
PIPELINED
AS
l_ber_element DBMS_LDAP.BER_ELEMENT;
l_retval PLS_INTEGER; --dbms_ldap.success on successful authentication..error otherwise
l_message DBMS_LDAP.MESSAGE; --contains result of the search on completion of search
l_session DBMS_LDAP.session; --handle to ldap session successfully returned by dbms_ldap.init
l_entry DBMS_LDAP.MESSAGE;
l_attrs DBMS_LDAP.string_collection;
l_entry_id INTEGER;
l_vals DBMS_LDAP.string_collection; --ldap string collection for attribute values
counter INTEGER := 0;
l_attr_name VARCHAR2 (1000 CHAR);
BEGIN
l_attrs (37) := 'cn';
l_attrs (2) := 'sn';
l_attrs (3) := 'title';
l_attrs (4) := 'description';
l_attrs (5) := 'telephoneNumber';
l_attrs (6) := 'givenName';
l_attrs (7) := 'initials';
l_attrs (8) := 'distinguishedName';
l_attrs (12) := 'displayName';
l_attrs (13) := 'uSNCreated';
l_attrs (14) := 'memberOf';
l_attrs (15) := 'uSNChanged';
l_attrs (16) := 'department';
l_attrs (17) := 'company';
l_attrs (20) := 'name';
l_attrs (25) := 'employeeID';
l_attrs (36) := 'logonCount';
l_attrs (1) := 'sAMAccountName';
l_attrs (38) := 'sAMAccountType';
l_attrs (39) := 'showInAddressBook';
l_attrs (40) := 'managedObjects';
l_attrs (42) := 'userPrincipalName';
l_attrs (44) := 'ipPhone';
l_attrs (45) := 'objectCategory';
l_attrs (47) := 'lastLogonTimestamp';
l_attrs (55) := 'mail';
l_attrs (56) := 'manager';
l_attrs (57) := 'mobile';
l_attrs (83) := 'objectClass'; --give me all the attributes
l_entry_id := 0;
DBMS_LDAP.use_exception := TRUE; --use ldap exceptions
DBMS_LDAP.utf8_conversion := FALSE; --expect the input data to be UTF8 character set data
attr_tab := attr_tab_type ();
l_session := DBMS_LDAP.init (hostname => 'something.com', portnum => 389); -- establish connection
l_retval :=
DBMS_LDAP.simple_BIND_S (LD => l_session,
dn => l_user,
passwd => l_password); --authenticate
l_retval :=
DBMS_LDAP.search_S (LD => l_session,
BASE => l_ldap_base, --the dn of the entry at which to start the search.
SCOPE => DBMS_LDAP.scope_subtree, --scope of search
FILTER => p_string_dig,
ATTRS => l_attrs,
ATTRONLY => 0, -- zero if both attribute values and type required. 1 if only type required (boolean)
RES => l_message); --search in ldap server
IF DBMS_LDAP.count_entries (LD => l_session, MSG => l_message) > 0
THEN
l_entry := DBMS_LDAP.first_entry (LD => l_session, MSG => l_message);
<<entry_loop>>
l_entry_id := l_entry_id + 1;
WHILE l_entry IS NOT NULL
LOOP
l_attr_name :=
DBMS_LDAP.first_attribute (ld => l_session,
LDAPENTRY => l_entry,
BER_ELEM => l_ber_element /* handle to the currently read attribute*/
);
<<attribute_loop>>
WHILE l_attr_name IS NOT NULL
LOOP
l_vals :=
DBMS_LDAP.GET_VALUES (ld => l_session,
LDAPENTRY => l_entry,
ATTR => l_attr_name);
<<values_loop>>
FOR i IN l_vals.FIRST .. l_vals.LAST
LOOP
attr_rec.id := l_entry_id;
attr_rec.attr := l_attr_name;
attr_rec.val := l_vals (i);
counter := counter + 1;
attr_tab.EXTEND ();
attr_tab (counter) := attr_rec;
PIPE ROW (attr_tab (counter));
END LOOP values_loop;
l_attr_name :=
DBMS_LDAP.next_attribute (ld => l_session,
LDAPENTRY => l_entry,
BER_ELEM => l_ber_element);
END LOOP attribute_loop;
l_entry := DBMS_LDAP.next_entry (ld => l_session, MSG => l_entry);
END LOOP entry_loop;
END IF;
l_retval := DBMS_LDAP.unbind_s (ld => l_session); --disconnect ldap
END get_user_data;
现在有些组包含组,即。团体内部有团体 当我使用
调用函数get_user_data时select * from get_user_data('cn=nested_group');
我只获得有关组名nested_group的详细信息。我想获取此嵌套组的所有成员的详细信息。
例如,层次结构可以是
http://i.imgur.com/MKfbWBe.png
图像中的M1,M2,M3代表成员。
任何人都可以告诉我该怎么做。 谢谢..
