1 package fnd_ldap_wrapper AUTHID CURRENT_USER as
2 /* $Header: AFSCOLWS.pls 120.25 2010/07/27 17:00:54 ctilley ship $ */
3 --
4 /*****************************************************************************/
5
6 -- Start of Package Globals
7
8 G_SUCCESS constant pls_integer := 1;
9 G_FAILURE constant pls_integer := 0;
10 G_TRUE constant pls_integer := 1;
11 G_FALSE constant pls_integer := 0;
12
13 G_CREATE constant pls_integer := 2;
14 G_UPDATE constant pls_integer := 3;
15 G_DELETE constant pls_integer := 4;
16 G_NO_REGISTRATION constant pls_integer := 5;
17 G_VALID_REGISTRATION constant pls_integer := 6;
18 G_INVALID_REGISTRATION constant pls_integer := 7;
19
20 G_EBIZ_TO_OID constant pls_integer := 8;
21 G_OID_TO_EBIZ constant pls_integer := 9;
22
23 G_IDENTITY constant pls_integer := 10;
24 G_SUBSCRIPTION constant pls_integer := 11;
25
26 G_ADD constant pls_integer := 12;
27 G_MODIFY constant pls_integer := 13;
28
29 registration_failure_exception exception;
30 -- End of Package Globals
31 --
32 -------------------------------------------------------------------------------
33 /*
34 ** Name : change_user_name
35 ** Type : Public, FND Internal
36 ** Desc : This procedure changes a user name in OID
37 ** If the user doesn't exist, it
38 ** returns with G_FAILURE. If application is not SSO enabled, it
39 ** simply returns G_SUCCESS without doing anything.
40 ** Pre-Reqs :
41 ** Parameters: x_result:
42 ** FND_LDAP_WRAPPER.G_SUCCESS if
43 ** - the user name is successfully changed in OID
44 ** - or application is not SSO enabled
45 ** FND_LDAP_WRAPPER.G_FAILURE if
46 ** - application is SSO enabled and user name change fails
47 ** Notes :
48 */
49 procedure change_user_name(p_user_guid in raw,
50 p_old_user_name in varchar2,
51 p_new_user_name in varchar2,
52 x_result out nocopy pls_integer);
53 --
54 -------------------------------------------------------------------------------
55 /*
56 ** Name : synch_user_from_LDAP
57 ** Type : Public, FND Internal
58 ** Desc : This procedure takes a fnd_user username as input. It retrieves
59 ** the user attributes from OID and tries to create a new TCA record. If
60 ** one already exists then it simply updates the existing record.
61 ** If application is not SSO enabled, it simply returns FND_LDAP_WRAPPER. G_SUCCESS
62 ** without updating or creating a record in TCA.
63 ** Pre-Reqs :
64 ** Parameters: USER_NAME WHOSE ATTRIBUTES NEED TO BE SYNCH WITH TCA
65 ** p_result:
66 ** FND_LDAP_WRAPPER.G_SUCCESS if a TCA record is successfully
67 ** created/updated or if the application is not SSO enabled.
68 ** It retunrns FND_LDAP_WRAPPER.G_FAILURE if
69 ** - application is SSO enabled and TCA update/creation fails.
70 ** Notes :
71 */
72 procedure synch_user_from_LDAP(p_user_name in fnd_user.user_name%type
73 , p_result out nocopy pls_integer);
74 --
75 -------------------------------------------------------------------------------
76 /*
77 ** Name : create_user
78 ** Type : Public, FND Internal
79 ** Desc : This procedure creates a user in OID for the application it is
80 ** invoked from. If a user already exists with the same name, it
81 ** checks whether the profile APPS_SSO_LINK_SAME_NAMES is enabled.
82 *8 If the profile is enabled, it simply links the users and returns
83 ** G_SUCCESS with appropriate x_user_guid and x_password. If the
84 ** profile is disabled, it returns with G_FAILURE. If application is
85 ** not SSO enabled, it simply returns G_SUCCESS without creaing a
86 ** user in OID so that caller of the API (FND_USER_PKG) can proceed.
87 ** Pre-Reqs :
88 ** Parameters:
89 ** p_user_name: user name
90 ** p_password: unencrypted password
91 ** p_start_date: start date of the user, default sysdate
92 ** p_end_date: end date of the user, default null
93 ** p_description: description of the user, default null
94 ** p_email_address: email address, default null
95 ** p_fax: fax, default null
96 ** p_expire_password:
97 ** - fnd_ldap_wrapper.G_TRUE if
98 ** password to be expired on first login (for example when
99 ** admin creates a user)
100 ** - fnd_ldap_wrapper.G_FALSE if
101 ** password NOT to be expired on first login (for example when
102 ** cerated via self service)
103 ** - default is fnd_ldap_wrapper.G_TRUE
104 ** x_user_guid:
105 ** GUID of the user created
106 ** x_password:
107 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
108 ** x_result:
109 ** FND_LDAP_WRAPPER.G_SUCCESS if
110 ** - a user is successfully created in OID
111 ** - or application is not SSO enabled
112 ** FND_LDAP_WRAPPER.G_FAILURE if
113 ** - application is SSO enabled and user creation fails
114 ** Notes :
115 */
116 procedure create_user(p_user_name in varchar2,
117 p_password in varchar2,
118 p_start_date in date default sysdate,
119 p_end_date in date default null,
120 p_description in varchar2 default null,
121 p_email_address in varchar2 default null,
122 p_fax in varchar2 default null,
123 p_expire_password in pls_integer default G_TRUE,
124 x_user_guid out nocopy raw,
125 x_password out nocopy varchar2,
126 x_result out nocopy pls_integer);
127 --
128 -------------------------------------------------------------------------------
129 /*
130 ** Name : delete_user
131 ** Type : Public, FND Internal
132 ** Desc : If the OID user was created from the same instance where the
133 ** fnd_user is now being rejected/released, *and* the OID user is
134 ** still inactive, then we will delete it.If either of these
135 ** criteria is not fulfilled, we can't touch the OID user even if
136 ** we delete the pending FND_USER record.
137 ** If application is not SSO enabled, it simply returns G_SUCCESS
138 ** without deleting the user in OID
139 ** Pre-Reqs :
140 ** Parameters: p_user_name : user name to be deleted
141 ** p_result :
142 ** FND_LDAP_WRAPPER.G_SUCCESS if
143 ** - the user is successfully deleted in OID
144 ** - or application is not SSO enabled
145 ** FND_LDAP_WRAPPER.G_FAILURE if
146 ** - application is SSO enabled and user deletion fails
147 ** Notes :
148 */
149 procedure delete_user(p_user_guid in fnd_user.user_guid%type,
150 x_result out nocopy pls_integer);
151 --
152 -------------------------------------------------------------------------------
153 /*
154 ** Name : change_password
155 ** Type : Public, FND Internal
156 ** Desc : This function changes OID password for a user in OID.
157 ** If application is not SSO enabled, it simply returns
158 ** G_SUCCESS without changing password in OID
159 ** Pre-Reqs : User is already in FND_USER table
160 ** Parameters: p_user_guid: user GUID
161 ** p_user_name : user name
162 ** p_expire_password :
163 ** - fnd_ldap_wrapper.G_TRUE if
164 ** password to be expired on next login (for example when
165 ** admin updates a user password)
166 ** - fnd_ldap_wrapper.G_FALSE if
167 ** password NOT to be expired on next login (for example when
168 ** a user updates his/her own password)
169 ** - default is fnd_ldap_wrapper.G_TRUE
170 ** x_password:
171 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
172 ** x_result :
173 ** fnd_ldap_wrapper.G_SUCCESS if
174 ** - a password is successfully changed in OID
175 ** - or application is not SSO enabled
176 ** fnd_ldap_wrapper.G_FAILURE if
177 ** - application is SSO enabled and password change fails
178 ** Notes :
179 */
180 procedure change_password(p_user_guid in raw,
181 p_user_name in varchar2,
182 p_new_pwd in varchar2,
183 p_expire_password in pls_integer default G_TRUE,
184 x_password out nocopy varchar2,
185 x_result out nocopy pls_integer);
186 --
187 -------------------------------------------------------------------------------
188 /*
189 ** Name : user_exists
190 ** Type : Public, FND Internal
191 ** Desc : This function creates a user in OID for the application it is
192 ** invoked from
193 ** Notes : This API doesn't check for profile values. Use fnd_ldap_wrapper
194 ** Pre-Reqs :
195 ** Parameters: user_name : user name
196 ** Returns : FND_LDAP_WRAPPER.G_SUCCESS if
197 ** - the user exists
198 ** FND_LDAP_WRAPPER.G_FAILURE if
199 ** - application is SSO enabled and the user doesn't exist
200 ** - or application is not SSO enabled
201 */
202 function user_exists(p_user_name in varchar2) return pls_integer;
203 --
204 -------------------------------------------------------------------------------
205 /*
206 ** Name : get_orcl_nickname
207 ** Type : Public, FND Internal
208 ** Desc : This procedure gets the attribute of the OID user linked to FND_USER
209 ** which is specified as the nickname attribute.
210 ** If the fnd user is not linked to OID user or if the application is not SSO enabled,
211 ** it returns null.
212 ** Pre-Reqs :
213 ** Parameters:
214 **
215 ** Notes :
216 */
217 function get_ldap_user_name(p_user_name in fnd_user.user_name%type) return varchar2;
218 --
219 -------------------------------------------------------------------------------
220 /*
221 ** Name : get_orclappname
222 ** Type : Public, FND Internal
223 ** Desc : This function returns orclAppName from Workflow
224 ** Pre-Reqs :
225 ** Parameters :
226 ** Notes :
227 */
228 function get_orclappname return varchar2;
229 --
230 -------------------------------------------------------------------------------
231 /*
232 ** Name : link_user
233 ** Type : Public, FND Internal
234 ** Desc : This procedure links the user with a user with same name in OID.
235 ** If no user exists with the same name, it returns with G_FAILURE.
236 ** If application is not SSO enabled, it
237 ** simply returns G_SUCCESS without linking the user in OID
238 ** Pre-Reqs :
239 ** Parameters: x_user_guid:
240 ** GUID of the user linked
241 ** x_password:
242 ** EXTERNAL or null
243 ** x_result:
244 ** FND_LDAP_WRAPPER.G_SUCCESS if
245 ** - a user is successfully linked to user in OID
246 ** - or application is not SSO enabled
247 ** FND_LDAP_WRAPPER.G_FAILURE if
248 ** - application is SSO enabled and user linking fails
249 ** Notes :
250 */
251 procedure link_user(p_user_name in varchar2,
252 x_user_guid out nocopy raw,
253 x_password out nocopy varchar2,
254 x_result out nocopy pls_integer);
255 --
256 -------------------------------------------------------------------------------
257 /*
258 ** Name : unlink_user
259 ** Type : Public, FND Internal
260 ** Desc : This procedure unsubscribes the user in OID if there is no other FND user linked
261 ** to the same OID user
262 ** If no user exists with the same name, it returns with G_FAILURE.
263 ** If application is not SSO enabled, it
264 ** simply returns G_SUCCESS without unlinking the user in OID
265 ** Pre-Reqs :
266 ** Parameters: p_user_name:
267 ** Name of the user to be unlinked
268 ** x_password:
269 ** EXTERNAL or null
270 ** x_result:
271 ** FND_LDAP_WRAPPER.G_SUCCESS if
272 ** - a user is successfully unlinked
273 ** - or application is not SSO enabled
274 ** FND_LDAP_WRAPPER.G_FAILURE if
275 ** - application is SSO enabled and user unlinking fails
276 ** Notes :
277 */
278 procedure unlink_user(p_user_guid in fnd_user.user_guid%type,
279 p_user_name in varchar2,
280 x_result out nocopy pls_integer);
281 --
282 -------------------------------------------------------------------------------
283 /*
284 ** Name : update_user
285 ** Type : Public, FND Internal
286 ** Desc : This procedure updates a user in OID for the application it is
287 ** invoked from. If the user doesn't exist, it
288 ** returns with G_FAILURE. If application is not SSO enabled, it
289 ** simply returns G_SUCCESS without doing anything.
290 ** Pre-Reqs : User is already in FND_USER table
291 ** Parameters:
292 ** p_user_guid: user GUID
293 ** p_user_name: user name
294 ** p_password: unencrypted password
295 ** p_start_date: start date of the user, default sysdate
296 ** p_end_date: end date of the user, default null
297 ** p_description: description of the user, default null
298 ** p_email_address: email address, default null
299 ** p_fax: fax, default null
300 ** p_expire_password:
301 ** - fnd_ldap_wrapper.G_TRUE if
302 ** password to be expired on next login (for example when
303 ** admin updates a user password)
304 ** - fnd_ldap_wrapper.G_FALSE if
305 ** password NOT to be expired on next login (for example when
306 ** a user updates his/her own password)
307 ** - default is fnd_ldap_wrapper.G_TRUE
308 ** x_password:
309 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
310 ** x_result:
311 ** FND_LDAP_WRAPPER.G_SUCCESS if
312 ** - the user is successfully updated in OID
313 ** - or application is not SSO enabled
314 ** FND_LDAP_WRAPPER.G_FAILURE if
315 ** - application is SSO enabled and user update fails
316 ** Notes :
317 */
318 procedure update_user(p_user_guid in raw,
319 p_user_name in varchar2,
320 p_password in varchar2 default null,
321 p_start_date in date default null,
322 p_end_date in date default null,
323 p_description in varchar2 default null,
324 p_email_address in varchar2 default null,
325 p_fax in varchar2 default null,
326 p_expire_password in pls_integer default G_TRUE,
327 x_password out nocopy varchar2,
328 x_result out nocopy pls_integer);
329 --
330 -------------------------------------------------------------------------------
331 /*
332 ** Name : validate_login
333 ** Type : Public, FND Internal
334 ** Desc : This procedure validates a user for a given password
335 ** If application is not SSO enabled, it simply returns false.
336 ** Pre-Reqs :
337 ** Parameters: p_user_name: user name
338 ** p_password: password
339 ** Notes :
340 */
344 /*
341 function validate_login(p_user_name in varchar2, p_password in varchar2) return boolean;
342 --
343 -------------------------------------------------------------------------------
345 ** Name : is_operation_allowed
346 ** Type : Public, FND Internal
347 ** Desc : This procedure looks up the OID registration in
348 ** order to determine if the requested operation is allowed
349 ** Pre-Reqs :
350 ** Parameters:
351 ** p_direction The direction in which the operation is being performed. Can be
352 ** fnd_ldap_wrapper.G_EBIZ_TO_OID or fnd_ldap_wrapper.G_OID_TO_EBIZ.
353 ** If not provided then defaulted to fnd_ldap_wrapper.G_EBIZ_TO_OID.
354 ** p_entity The entity on which the operation is being performed. Has to be
355 ** fnd_ldap_wrapper.G_IDENTITY or fnd_ldap_wrapper.G_SUBSCRIPTION
356 ** p_operation The operation which is being performed. Has to be fnd_ldap_wrapper.G_ADD
357 ** fnd_ldap_wrapper.G_MODIFY, fnd_ldap_wrapper.G_DELETE
358 ** p_user_name This represents the name of the user whose password is being changed.
359 ** If no username or userid use Site level profile
360 ** p_user_id This represents the user_id of the user whose password is being changed.
361 ** If none provided use Site level profile
362 ** x_attribute The attribute on which operation is being performed. If not passed then
363 ** result will be positive even if a single attribute is allowed.
364 ** x_fnd_user fnd_ldap_wrapper.G_SUCCESS if FND operations is allowed else fnd_ldap_wrapper.G_FAILURE
365 ** x_oid fnd_ldap_wrapper.G_SUCCESS if OID operations is allowed else fnd_ldap_wrapper.G_FAILURE
366 **
367 ** Notes :
368 */
369 procedure is_operation_allowed(p_realm in varchar2, p_direction in pls_integer default G_EBIZ_TO_OID,
370 p_entity in pls_integer,
371 p_operation in pls_integer,
372 p_user_name in varchar2 default NULL,
373 p_user_id in number default NULL,
374 x_attribute in out nocopy varchar2,
375 x_fnd_user out nocopy pls_integer,
376 x_oid out nocopy pls_integer);
377 --
378 -------------------------------------------------------------------------------
379 /*
380 To do
381 */
382 procedure is_operation_allowed(p_realm in varchar2, p_operation in pls_integer,
383 x_fnd_user out nocopy pls_integer,
384 x_oid out nocopy pls_integer);
385 --
386 -------------------------------------------------------------------------------
387 /*
388 ** Name : get_registration
389 ** Type : Public, FND Internal
390 ** Desc : This procedure verifies if the deployment is registered with SSO and OID.
391 ** In addition it verifies that conditions for LDAP synchronization are valid.
392 **
393 ** Pre-Reqs :
394 ** Parameters: pls_integer x_registration return value.
395 **
396 ** Notes :
397 */
398
399 procedure get_registration(x_registration out nocopy pls_integer);
400 --
401 -------------------------------------------------------------------------------
402
403
404 function is_present(p_attribute in varchar2, p_template_attr_list in varchar2) return boolean;
405
406 --
407 -------------------------------------------------------------------------------
408 /*
409 ** Name : get_realm_dn
410 ** Type : Public, FND SSO Internal
411 ** Desc : Wrapper for FND_OID_PLUG.get_realm_dn.
412 ** Retreives the realm of a user, given the guid or the username.
413 ** Guid has precedence
414 **
415 ** Pre-Reqs :
416 ** Parameters: pls_integer x_registration return value.
417 **
418 ** Notes : OiD connection problems may raise exceptions.
419 ** Non existent users or guids raises NO_DATA_FOUND
420 ** For non SSO deployments returns alwas NULL.
421 */
422 function get_realm_dn( p_user_guid in raw default null, p_user_name in varchar2 default null)
423 return varchar2;
424
425 --
426 -------------------------------------------------------------------------------
427 /*
428 ** Name : oid_synchronization_enabled
429 ** Type : Public, FND SSO Internal
430 ** Desc : Indicates if instance is configured for provisioning and
431 ** synchronization.
432 ** If returns false, not attempt should be made to contact OiD.
433 **
434 ** Pre-Reqs :
435 ** Parameters:
436 **
437 ** Notes : Simply looks for the SITE profile APPS_SSO_LDAP_SYNC.
441
438 ** But this may change in the future.
439 */
440 function oid_synchronization_enabled return boolean;
442 -------------------------------------------------------------------------------
443 /*
444 * ** Name : unlink_ebiz_user
445 * ** Type : Public, FND SSO Internal
446 * ** Desc : Used to unlink a specific E-Business Suite user or all users
447 * **
448 * ** Pre-Reqs :
449 * ** Parameters:
450 * **
451 * ** Notes : API unlinks the EBS user by removing the user_guid from
452 ** FND_USER and sets the profiles APPS_SSO_LOCAL_LOGIN and
453 ** APPS_SSO_LDAP_SYNC accordingly
454 * ** But this may change in the future.
455 * */
456 procedure unlink_ebiz_user(p_user_name in varchar2);
457
458 end fnd_ldap_wrapper;