Tuesday, June 14, 2011

Switching LDAP users to and from Oracle database with Passwords (includes encrypted passwords)


You can use "ldapsearch" command to retrieve the user information. But, there is no direct way to import this data into DB table. You have to format this data in such a way that you can load this information into the table

Another option is to write a custom PL/SQL program which can retrieve the user details from OID and insert into the table. Oracle does nor provide any readily available code for this purpose, but you can refer some sample codes listed below to understand the use of DBMS_LDAP APIs

- How to achieve the user's email and other details using DBMS_LDAP ( Doc ID 333222.1)
- Example of Using DBMS_LDAP to Delete A User and UniqueMember from a Group (Doc ID 334939.1)
- How To Retrieve RAD Information Using DBMS_LDAP API (Doc ID 359397.1)
- How to list all OID groups that a user is a member of using the programmatic interfaces (Doc ID 277777.1)

For more information on using DBMS_LDAP, please refer to the following documentation:

Oracle® Identity Management Application Developer's Guide 10g (
2 Developing Applications with Standard LDAP APIs

Regarding the password value, you can get the encrypted password from OID (stored in "userpassword" attribute). How you can make use of this in the database table is completely upto you.

For example, if the userpassword value is:

It means, it is using SHA encryption.


Getting the users from an RDBMS table to OID is possible by using DIP synchronization. Please refer the following documentation.

Oracle® Identity Management Integration Guide 10g (
9 Synchronization with Relational Database Tables

No comments:

Post a Comment