Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 E-mail Us
 Oracle Articles
New Oracle Articles

 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog

 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Oracle Support

 SQL Tuning

 Oracle UNIX
 Oracle Linux
 Remote s
 Remote plans
 Application Server

 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S


 Consulting Staff
 Consulting Prices
 Help Wanted!


 Oracle Posters
 Oracle Books

 Oracle Scripts

Don Burleson Blog 







Oracle LDAP tips

Expert Oracle Database Tips by Donald BurlesonNovember 19, 2015

What does a Lightweight Directory Access Protocol (LDAP) do?  As the name infers, LDAP is a directory access protocol.  It is language commonly used by LDAP clients and servers for communication.

At its conception, LDAP was an Internet-ready implementation of an ISO standard for directory services.  Directory services, in this context, refer primarily to specialized databases for the storage and retrieval of distributed information not requiring a large number of updates.  Online merchandise catalogs and human resource information such as employee name, telephone number and email address are two examples of information suited for LDAP applications.

The "Lightweight" component of LDAP comes from the fact that it was designed to require a minimal amount of networking software on the client side, making it particularly attractive for use with online directories because it reduces the need for entering and coordinating redundant information in multiple services.

In the real world, LDAP offered a solution to the classic challenges facing an increasingly distributed society:

  • Administrative costs reduced by LDAP: Administrators were required to maintain what added up to be essentially identical information in multiple places. For example, the addition of corporate new hires required the creation of a new user identity on the network, a new e-mail account, addition of the user to the HR database and issuance of individual credentials for all applications to be used by the new employee, such as user accounts on development, testing and production database systems. Of course, when an employee left the company, all of those steps had to be reversed.

  •  Data Inconsistencies reduced by LDAP: The above administrative burden created the high potential for data inconsistencies cause by multiple administrators entering redundant information in multiple systems.  It became difficult, if not impossible, to synchronize this distributed information across all systems. The result was data that was inconsistent across the enterprise.
  • Security issues reduced by LDAP:  A necessary evil associated with the administrative burden mentioned above was the inevitable problem of each separate directory having its own password policy forcing users to struggle with multiple user names and passwords in order to access all the different system.

The LDAP standard greatly simplified management of directory information in three ways:

  • LDAP provides all users and applications with a single, well-defined interface to an extensible directory service. This makes it easier to rapidly develop and deploy directory-enabled applications.
  • LDAP reduces the need to enter and coordinate redundant information in multiple services scattered across the enterprise.
  • LDAP makes it easier and more practical to deploy Internet-ready applications that leverage the directory.

And then along comes Oracle.  LDAP has been incorporated by Oracle in a variety of ways:

Bulk Loading Users for Single Sign-on (SSO)

Oracle Internet Directory (OID)

As far as connecting to LDAP via PL/SQL via DBMS_LDAP, Rampant author Dr. Timothy Hall has provided the following tips:

Running the following script as SYS will install the DBMS_LDAP package, which is not installed by default:\

SQL> @$ORACLE_HOME/rdbms/admin/catldap.sql

Then use the init and simple_bind_s functions to connect to the LDAP server and authenticate yourself:

l_session := DBMS_LDAP.init(hostname => l_ldap_host,
                             portnum => l_ldap_port);

l_retval := DBMS_LDAP.simple_bind_s(ld => l_session,
                                    dn => l_ldap_user,
                                passwd => l_ldap_passwd);

The next step is to search the directory.  The following is a base query that can be modified for more complex searches:

l_attrs(1) := '*'; -- retrieve all attributes
l_retval := DBMS_LDAP.search_s(ld => l_session,
                             base => l_ldap_base,
                             scope => DBMS_LDAP.SCOPE_SUBTREE,
                             filter => 'objectclass=*',
                             attrs => l_attrs, attronly
                             => 0, res => l_message);

The above search yields a list of entries.  To loop through the entries:

IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
    -- Get all the entries returned by our search.
    l_entry := DBMS_LDAP.first_entry(ld => l_session,
                                    msg => l_message);

    << entry_loop >>
    l_entry := DBMS_LDAP.next_entry(ld => l_session,
                                   msg => l_entry);
    END LOOP entry_loop;

Similarly, you can loop through the entries to find their attributes:

l_attr_name := DBMS_LDAP.first_attribute(ld => l_session,
                                  ldapentry => l_entry,
                                   ber_elem => l_ber_element);

   << attributes_loop >>
   WHILE l_attr_name IS NOT NULL LOOP
   l_attr_name := DBMS_LDAP.next_attribute(ld => l_session,
                                    ldapentry => l_entry,
                                     ber_elem => l_ber_element);
   END LOOP attibutes_loop;

Likewise, you are able to loop through the attributes returned by the above query to find their values.  The values loop looks like this:

<< values_loop >>
FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
  DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i)    ,1,200));
END LOOP values_loop;

To see a full example of all of these loops combined, you can find the full article HERE.

Get the Complete
Oracle SQL Tuning Information 

The landmark book "Advanced Oracle SQL Tuning  The Definitive Reference"  is filled with valuable information on Oracle SQL Tuning. This book includes scripts and tools to hypercharge Oracle 11g performance and you can buy it for 30% off directly from the publisher.



Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


Copyright © 1996 -  2020

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.



Oracle Training at Sea
oracle dba poster

Follow us on Twitter 
Oracle performance tuning software 
Oracle Linux poster