1 package fnd_ldap_wrapper as
2 /* $Header: AFSCOLWS.pls 120.23.12010000.1 2008/07/25 14:21:25 appldev ship $ */
3 --
4 /*****************************************************************************/
5
6 -- Start of Package Globals
7
8 G_SUCCESS constant pls_integer := 1;
9 G_FAILURE constant pls_integer := 0;
10 G_TRUE constant pls_integer := 1;
11 G_FALSE constant pls_integer := 0;
12
13 G_CREATE constant pls_integer := 2;
14 G_UPDATE constant pls_integer := 3;
15 G_DELETE constant pls_integer := 4;
16 G_NO_REGISTRATION constant pls_integer := 5;
17 G_VALID_REGISTRATION constant pls_integer := 6;
18 G_INVALID_REGISTRATION constant pls_integer := 7;
19
20 G_EBIZ_TO_OID constant pls_integer := 8;
21 G_OID_TO_EBIZ constant pls_integer := 9;
22
23 G_IDENTITY constant pls_integer := 10;
24 G_SUBSCRIPTION constant pls_integer := 11;
25
26 G_ADD constant pls_integer := 12;
27 G_MODIFY constant pls_integer := 13;
28
29 registration_failure_exception exception;
30 -- End of Package Globals
31 --
32 -------------------------------------------------------------------------------
33 /*
34 ** Name : change_user_name
35 ** Type : Public, FND Internal
36 ** Desc : This procedure changes a user name in OID
37 ** If the user doesn't exist, it
38 ** returns with G_FAILURE. If application is not SSO enabled, it
39 ** simply returns G_SUCCESS without doing anything.
40 ** Pre-Reqs :
41 ** Parameters: x_result:
42 ** FND_LDAP_WRAPPER.G_SUCCESS if
43 ** - the user name is successfully changed in OID
44 ** - or application is not SSO enabled
45 ** FND_LDAP_WRAPPER.G_FAILURE if
46 ** - application is SSO enabled and user name change fails
47 ** Notes :
48 */
49 procedure change_user_name(p_user_guid in raw,
50 p_old_user_name in varchar2,
51 p_new_user_name in varchar2,
52 x_result out nocopy pls_integer);
53 --
54 -------------------------------------------------------------------------------
55 /*
56 ** Name : synch_user_from_LDAP
57 ** Type : Public, FND Internal
58 ** Desc : This procedure takes a fnd_user username as input. It retrieves
59 ** the user attributes from OID and tries to create a new TCA record. If
60 ** one already exists then it simply updates the existing record.
61 ** If application is not SSO enabled, it simply returns FND_LDAP_WRAPPER. G_SUCCESS
62 ** without updating or creating a record in TCA.
63 ** Pre-Reqs :
64 ** Parameters: USER_NAME WHOSE ATTRIBUTES NEED TO BE SYNCH WITH TCA
65 ** p_result:
66 ** FND_LDAP_WRAPPER.G_SUCCESS if a TCA record is successfully
67 ** created/updated or if the application is not SSO enabled.
68 ** It retunrns FND_LDAP_WRAPPER.G_FAILURE if
69 ** - application is SSO enabled and TCA update/creation fails.
70 ** Notes :
71 */
72 procedure synch_user_from_LDAP(p_user_name in fnd_user.user_name%type
73 , p_result out nocopy pls_integer);
74 --
75 -------------------------------------------------------------------------------
76 /*
77 ** Name : create_user
78 ** Type : Public, FND Internal
79 ** Desc : This procedure creates a user in OID for the application it is
80 ** invoked from. If a user already exists with the same name, it
81 ** checks whether the profile APPS_SSO_LINK_SAME_NAMES is enabled.
82 *8 If the profile is enabled, it simply links the users and returns
83 ** G_SUCCESS with appropriate x_user_guid and x_password. If the
84 ** profile is disabled, it returns with G_FAILURE. If application is
85 ** not SSO enabled, it simply returns G_SUCCESS without creaing a
86 ** user in OID so that caller of the API (FND_USER_PKG) can proceed.
87 ** Pre-Reqs :
88 ** Parameters:
89 ** p_user_name: user name
90 ** p_password: unencrypted password
91 ** p_start_date: start date of the user, default sysdate
92 ** p_end_date: end date of the user, default null
93 ** p_description: description of the user, default null
94 ** p_email_address: email address, default null
95 ** p_fax: fax, default null
96 ** p_expire_password:
97 ** - fnd_ldap_wrapper.G_TRUE if
98 ** password to be expired on first login (for example when
99 ** admin creates a user)
100 ** - fnd_ldap_wrapper.G_FALSE if
101 ** password NOT to be expired on first login (for example when
102 ** cerated via self service)
103 ** - default is fnd_ldap_wrapper.G_TRUE
104 ** x_user_guid:
105 ** GUID of the user created
106 ** x_password:
107 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
108 ** x_result:
109 ** FND_LDAP_WRAPPER.G_SUCCESS if
110 ** - a user is successfully created in OID
111 ** - or application is not SSO enabled
112 ** FND_LDAP_WRAPPER.G_FAILURE if
113 ** - application is SSO enabled and user creation fails
114 ** Notes :
115 */
116 procedure create_user(p_user_name in varchar2,
117 p_password in varchar2,
118 p_start_date in date default sysdate,
119 p_end_date in date default null,
120 p_description in varchar2 default null,
121 p_email_address in varchar2 default null,
122 p_fax in varchar2 default null,
123 p_expire_password in pls_integer default G_TRUE,
124 x_user_guid out nocopy raw,
125 x_password out nocopy varchar2,
126 x_result out nocopy pls_integer);
127 --
128 -------------------------------------------------------------------------------
129 /*
130 ** Name : delete_user
131 ** Type : Public, FND Internal
132 ** Desc : If the OID user was created from the same instance where the
133 ** fnd_user is now being rejected/released, *and* the OID user is
134 ** still inactive, then we will delete it.If either of these
135 ** criteria is not fulfilled, we can't touch the OID user even if
136 ** we delete the pending FND_USER record.
137 ** If application is not SSO enabled, it simply returns G_SUCCESS
138 ** without deleting the user in OID
139 ** Pre-Reqs :
140 ** Parameters: p_user_name : user name to be deleted
141 ** p_result :
142 ** FND_LDAP_WRAPPER.G_SUCCESS if
143 ** - the user is successfully deleted in OID
144 ** - or application is not SSO enabled
145 ** FND_LDAP_WRAPPER.G_FAILURE if
146 ** - application is SSO enabled and user deletion fails
147 ** Notes :
148 */
149 procedure delete_user(p_user_guid in fnd_user.user_guid%type,
150 x_result out nocopy pls_integer);
151 --
152 -------------------------------------------------------------------------------
153 /*
154 ** Name : change_password
155 ** Type : Public, FND Internal
156 ** Desc : This function changes OID password for a user in OID.
157 ** If application is not SSO enabled, it simply returns
158 ** G_SUCCESS without changing password in OID
159 ** Pre-Reqs : User is already in FND_USER table
160 ** Parameters: p_user_guid: user GUID
161 ** p_user_name : user name
162 ** p_expire_password :
163 ** - fnd_ldap_wrapper.G_TRUE if
164 ** password to be expired on next login (for example when
165 ** admin updates a user password)
166 ** - fnd_ldap_wrapper.G_FALSE if
167 ** password NOT to be expired on next login (for example when
168 ** a user updates his/her own password)
169 ** - default is fnd_ldap_wrapper.G_TRUE
170 ** x_password:
171 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
172 ** x_result :
173 ** fnd_ldap_wrapper.G_SUCCESS if
174 ** - a password is successfully changed in OID
175 ** - or application is not SSO enabled
176 ** fnd_ldap_wrapper.G_FAILURE if
177 ** - application is SSO enabled and password change fails
178 ** Notes :
179 */
180 procedure change_password(p_user_guid in raw,
181 p_user_name in varchar2,
182 p_new_pwd in varchar2,
183 p_expire_password in pls_integer default G_TRUE,
184 x_password out nocopy varchar2,
185 x_result out nocopy pls_integer);
186 --
187 -------------------------------------------------------------------------------
188 /*
189 ** Name : user_exists
190 ** Type : Public, FND Internal
191 ** Desc : This function creates a user in OID for the application it is
192 ** invoked from
193 ** Notes : This API doesn't check for profile values. Use fnd_ldap_wrapper
194 ** Pre-Reqs :
195 ** Parameters: user_name : user name
196 ** Returns : FND_LDAP_WRAPPER.G_SUCCESS if
197 ** - the user exists
198 ** FND_LDAP_WRAPPER.G_FAILURE if
199 ** - application is SSO enabled and the user doesn't exist
200 ** - or application is not SSO enabled
201 */
202 function user_exists(p_user_name in varchar2) return pls_integer;
203 --
204 -------------------------------------------------------------------------------
205 /*
206 ** Name : get_orcl_nickname
207 ** Type : Public, FND Internal
208 ** Desc : This procedure gets the attribute of the OID user linked to FND_USER
209 ** which is specified as the nickname attribute.
210 ** If the fnd user is not linked to OID user or if the application is not SSO enabled,
211 ** it returns null.
212 ** Pre-Reqs :
213 ** Parameters:
214 **
215 ** Notes :
216 */
217 function get_ldap_user_name(p_user_name in fnd_user.user_name%type) return varchar2;
218 --
219 -------------------------------------------------------------------------------
220 /*
221 ** Name : get_orclappname
222 ** Type : Public, FND Internal
223 ** Desc : This function returns orclAppName from Workflow
224 ** Pre-Reqs :
225 ** Parameters :
226 ** Notes :
227 */
228 function get_orclappname return varchar2;
229 --
230 -------------------------------------------------------------------------------
231 /*
232 ** Name : link_user
233 ** Type : Public, FND Internal
234 ** Desc : This procedure links the user with a user with same name in OID.
235 ** If no user exists with the same name, it returns with G_FAILURE.
236 ** If application is not SSO enabled, it
237 ** simply returns G_SUCCESS without linking the user in OID
238 ** Pre-Reqs :
239 ** Parameters: x_user_guid:
240 ** GUID of the user linked
241 ** x_password:
242 ** EXTERNAL or null
243 ** x_result:
244 ** FND_LDAP_WRAPPER.G_SUCCESS if
245 ** - a user is successfully linked to user in OID
246 ** - or application is not SSO enabled
247 ** FND_LDAP_WRAPPER.G_FAILURE if
248 ** - application is SSO enabled and user linking fails
249 ** Notes :
250 */
251 procedure link_user(p_user_name in varchar2,
252 x_user_guid out nocopy raw,
253 x_password out nocopy varchar2,
254 x_result out nocopy pls_integer);
255 --
256 -------------------------------------------------------------------------------
257 /*
258 ** Name : unlink_user
259 ** Type : Public, FND Internal
260 ** Desc : This procedure unsubscribes the user in OID if there is no other FND user linked
261 ** to the same OID user
262 ** If no user exists with the same name, it returns with G_FAILURE.
263 ** If application is not SSO enabled, it
264 ** simply returns G_SUCCESS without unlinking the user in OID
265 ** Pre-Reqs :
266 ** Parameters: p_user_name:
267 ** Name of the user to be unlinked
268 ** x_password:
269 ** EXTERNAL or null
270 ** x_result:
271 ** FND_LDAP_WRAPPER.G_SUCCESS if
272 ** - a user is successfully unlinked
273 ** - or application is not SSO enabled
274 ** FND_LDAP_WRAPPER.G_FAILURE if
275 ** - application is SSO enabled and user unlinking fails
276 ** Notes :
277 */
278 procedure unlink_user(p_user_guid in fnd_user.user_guid%type,
279 p_user_name in varchar2,
280 x_result out nocopy pls_integer);
281 --
282 -------------------------------------------------------------------------------
283 /*
284 ** Name : update_user
285 ** Type : Public, FND Internal
286 ** Desc : This procedure updates a user in OID for the application it is
287 ** invoked from. If the user doesn't exist, it
288 ** returns with G_FAILURE. If application is not SSO enabled, it
289 ** simply returns G_SUCCESS without doing anything.
290 ** Pre-Reqs : User is already in FND_USER table
291 ** Parameters:
292 ** p_user_guid: user GUID
293 ** p_user_name: user name
294 ** p_password: unencrypted password
295 ** p_start_date: start date of the user, default sysdate
296 ** p_end_date: end date of the user, default null
297 ** p_description: description of the user, default null
298 ** p_email_address: email address, default null
299 ** p_fax: fax, default null
300 ** p_expire_password:
301 ** - fnd_ldap_wrapper.G_TRUE if
302 ** password to be expired on next login (for example when
303 ** admin updates a user password)
304 ** - fnd_ldap_wrapper.G_FALSE if
305 ** password NOT to be expired on next login (for example when
306 ** a user updates his/her own password)
307 ** - default is fnd_ldap_wrapper.G_TRUE
308 ** x_password:
309 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
310 ** x_result:
311 ** FND_LDAP_WRAPPER.G_SUCCESS if
312 ** - the user is successfully updated in OID
313 ** - or application is not SSO enabled
314 ** FND_LDAP_WRAPPER.G_FAILURE if
315 ** - application is SSO enabled and user update fails
316 ** Notes :
317 */
318 procedure update_user(p_user_guid in raw,
319 p_user_name in varchar2,
320 p_password in varchar2 default null,
321 p_start_date in date default null,
322 p_end_date in date default null,
323 p_description in varchar2 default null,
324 p_email_address in varchar2 default null,
325 p_fax in varchar2 default null,
326 p_expire_password in pls_integer default G_TRUE,
327 x_password out nocopy varchar2,
331 /*
328 x_result out nocopy pls_integer);
329 --
330 -------------------------------------------------------------------------------
332 ** Name : validate_login
333 ** Type : Public, FND Internal
334 ** Desc : This procedure validates a user for a given password
335 ** If application is not SSO enabled, it simply returns false.
336 ** Pre-Reqs :
337 ** Parameters: p_user_name: user name
338 ** p_password: password
339 ** Notes :
340 */
341 function validate_login(p_user_name in varchar2, p_password in varchar2) return boolean;
342 --
343 -------------------------------------------------------------------------------
344 /*
345 ** Name : is_operation_allowed
346 ** Type : Public, FND Internal
347 ** Desc : This procedure looks up the OID registration in
348 ** order to determine if the requested operation is allowed
349 ** Pre-Reqs :
350 ** Parameters:
351 ** p_direction The direction in which the operation is being performed. Can be
352 ** fnd_ldap_wrapper.G_EBIZ_TO_OID or fnd_ldap_wrapper.G_OID_TO_EBIZ.
353 ** If not provided then defaulted to fnd_ldap_wrapper.G_EBIZ_TO_OID.
354 ** p_entity The entity on which the operation is being performed. Has to be
355 ** fnd_ldap_wrapper.G_IDENTITY or fnd_ldap_wrapper.G_SUBSCRIPTION
356 ** p_operation The operation which is being performed. Has to be fnd_ldap_wrapper.G_ADD
357 ** fnd_ldap_wrapper.G_MODIFY, fnd_ldap_wrapper.G_DELETE
358 ** x_attribute The attribute on which operation is being performed. If not passed then
359 ** result will be positive even if a single attribute is allowed.
360 ** x_fnd_user fnd_ldap_wrapper.G_SUCCESS if FND operations is allowed else fnd_ldap_wrapper.G_FAILURE
361 ** x_oid fnd_ldap_wrapper.G_SUCCESS if OID operations is allowed else fnd_ldap_wrapper.G_FAILURE
362 **
363 ** Notes :
364 */
365 procedure is_operation_allowed(p_realm in varchar2, p_direction in pls_integer default G_EBIZ_TO_OID,
366 p_entity in pls_integer,
367 p_operation in pls_integer,
368 x_attribute in out nocopy varchar2,
369 x_fnd_user out nocopy pls_integer,
370 x_oid out nocopy pls_integer);
371 --
372 -------------------------------------------------------------------------------
373 /*
374 To do
375 */
376 procedure is_operation_allowed(p_realm in varchar2, p_operation in pls_integer,
377 x_fnd_user out nocopy pls_integer,
378 x_oid out nocopy pls_integer);
379 --
380 -------------------------------------------------------------------------------
381 /*
382 ** Name : get_registration
383 ** Type : Public, FND Internal
384 ** Desc : This procedure verifies if the deployment is registered with SSO and OID.
385 ** In addition it verifies that conditions for LDAP synchronization are valid.
386 **
387 ** Pre-Reqs :
388 ** Parameters: pls_integer x_registration return value.
389 **
390 ** Notes :
391 */
392
393 procedure get_registration(x_registration out nocopy pls_integer);
394 --
395 -------------------------------------------------------------------------------
396
397
398 function is_present(p_attribute in varchar2, p_template_attr_list in varchar2) return boolean;
399
400 --
401 -------------------------------------------------------------------------------
402 /*
403 ** Name : get_realm_dn
404 ** Type : Public, FND SSO Internal
405 ** Desc : Wrapper for FND_OID_PLUG.get_realm_dn.
406 ** Retreives the realm of a user, given the guid or the username.
407 ** Guid has precedence
408 **
409 ** Pre-Reqs :
410 ** Parameters: pls_integer x_registration return value.
411 **
412 ** Notes : OiD connection problems may raise exceptions.
413 ** Non existent users or guids raises NO_DATA_FOUND
414 ** For non SSO deployments returns alwas NULL.
415 */
416 function get_realm_dn( p_user_guid in raw default null, p_user_name in varchar2 default null)
417 return varchar2;
418
419 --
420 -------------------------------------------------------------------------------
421 /*
422 ** Name : oid_synchronization_enabled
423 ** Type : Public, FND SSO Internal
424 ** Desc : Indicates if instance is configured for provisioning and
425 ** synchronization.
426 ** If returns false, not attempt should be made to contact OiD.
427 **
428 ** Pre-Reqs :
429 ** Parameters:
430 **
431 ** Notes : Simply looks for the SITE profile APPS_SSO_LDAP_SYNC.
432 ** But this may change in the future.
433 */
434 function oid_synchronization_enabled return boolean;
435
436 end fnd_ldap_wrapper;