组内的组LDAP

时间:2015-09-01 13:54:14

标签: database oracle plsql ldap

我编写了以下函数来使用LDAP检索数据。

FUNCTION get_user_data (p_string_dig VARCHAR2)
  RETURN attr_tab_type
  PIPELINED
AS
  l_ber_element   DBMS_LDAP.BER_ELEMENT;
  l_retval        PLS_INTEGER; --dbms_ldap.success on successful       authentication..error otherwise
  l_message       DBMS_LDAP.MESSAGE; --contains result of the search on completion of search
  l_session       DBMS_LDAP.session; --handle to ldap session successfully returned by dbms_ldap.init
  l_entry         DBMS_LDAP.MESSAGE;
  l_attrs         DBMS_LDAP.string_collection;
  l_entry_id      INTEGER;
  l_vals          DBMS_LDAP.string_collection; --ldap string collection for attribute values
  counter         INTEGER := 0;
  l_attr_name     VARCHAR2 (1000 CHAR);
BEGIN
  l_attrs (37) := 'cn';
  l_attrs (2) := 'sn';
  l_attrs (3) := 'title';
  l_attrs (4) := 'description';
  l_attrs (5) := 'telephoneNumber';
  l_attrs (6) := 'givenName';
  l_attrs (7) := 'initials';
  l_attrs (8) := 'distinguishedName';
  l_attrs (12) := 'displayName';
  l_attrs (13) := 'uSNCreated';
  l_attrs (14) := 'memberOf';
  l_attrs (15) := 'uSNChanged';
  l_attrs (16) := 'department';
  l_attrs (17) := 'company';
  l_attrs (20) := 'name';
  l_attrs (25) := 'employeeID';
  l_attrs (36) := 'logonCount';
  l_attrs (1) := 'sAMAccountName';
  l_attrs (38) := 'sAMAccountType';
  l_attrs (39) := 'showInAddressBook';
  l_attrs (40) := 'managedObjects';
  l_attrs (42) := 'userPrincipalName';
  l_attrs (44) := 'ipPhone';
  l_attrs (45) := 'objectCategory';
  l_attrs (47) := 'lastLogonTimestamp';
  l_attrs (55) := 'mail';
  l_attrs (56) := 'manager';
  l_attrs (57) := 'mobile';
  l_attrs (83) := 'objectClass';              --give me all the attributes
  l_entry_id := 0;
  DBMS_LDAP.use_exception := TRUE;                   --use ldap exceptions
  DBMS_LDAP.utf8_conversion := FALSE; --expect the input data to be UTF8 character set data
  attr_tab := attr_tab_type ();
  l_session := DBMS_LDAP.init (hostname => 'something.com', portnum => 389); -- establish connection
  l_retval :=
     DBMS_LDAP.simple_BIND_S (LD       => l_session,
                              dn       => l_user,
                              passwd   => l_password);      --authenticate
  l_retval :=
     DBMS_LDAP.search_S (LD         => l_session,
                         BASE       => l_ldap_base, --the dn of the entry at which to start the search.
                         SCOPE      => DBMS_LDAP.scope_subtree, --scope of search
                         FILTER     => p_string_dig,
                         ATTRS      => l_attrs,
                         ATTRONLY   => 0, -- zero if both attribute values and type required. 1 if only type required (boolean)
                         RES        => l_message); --search in ldap server

  IF DBMS_LDAP.count_entries (LD => l_session, MSG => l_message) > 0
  THEN
     l_entry := DBMS_LDAP.first_entry (LD => l_session, MSG => l_message);

    <<entry_loop>>
     l_entry_id := l_entry_id + 1;

     WHILE l_entry IS NOT NULL
     LOOP
        l_attr_name :=
           DBMS_LDAP.first_attribute (ld          => l_session,
                                      LDAPENTRY   => l_entry,
                                      BER_ELEM    => l_ber_element /* handle to the currently read attribute*/
                                                                  );

       <<attribute_loop>>
        WHILE l_attr_name IS NOT NULL
        LOOP
           l_vals :=
              DBMS_LDAP.GET_VALUES (ld          => l_session,
                                    LDAPENTRY   => l_entry,
                                    ATTR        => l_attr_name);

          <<values_loop>>
           FOR i IN l_vals.FIRST .. l_vals.LAST
           LOOP
              attr_rec.id := l_entry_id;
              attr_rec.attr := l_attr_name;
              attr_rec.val := l_vals (i);
              counter := counter + 1;
              attr_tab.EXTEND ();
              attr_tab (counter) := attr_rec;
              PIPE ROW (attr_tab (counter));
           END LOOP values_loop;

           l_attr_name :=
              DBMS_LDAP.next_attribute (ld          => l_session,
                                        LDAPENTRY   => l_entry,
                                        BER_ELEM    => l_ber_element);
        END LOOP attribute_loop;

        l_entry := DBMS_LDAP.next_entry (ld => l_session, MSG => l_entry);
     END LOOP entry_loop;
  END IF;

  l_retval := DBMS_LDAP.unbind_s (ld => l_session);      --disconnect ldap
END get_user_data;

现在有些组包含组,即。团体内部有团体 当我使用

调用函数get_user_data时
select * from get_user_data('cn=nested_group');

我只获得有关组名nested_group的详细信息。我想获取此嵌套组的所有成员的详细信息。

例如,层次结构可以是

http://i.imgur.com/MKfbWBe.png

图像中的M1,M2,M3代表成员。

任何人都可以告诉我该怎么做。 谢谢..

0 个答案:

没有答案