1 package fnd_ldap_user AUTHID CURRENT_USER as
2 /* $Header: AFSCOLUS.pls 120.20.12010000.6 2009/09/23 20:43:19 rsantis ship $ */
3 --
4 /*****************************************************************************/
5
6 -- Start of Package Globals
7
8 -- TDAs
9
10 -- type user_record_type is table of dbms_ldap.STRING_COLLECTION index by varchar2(200);
11
12 type ldap_user_type is record
13 (
14 user_name FND_USER.USER_NAME%TYPE, -- may have many, we just peek one, any
15 user_guid FND_USER.USER_GUID%TYPE,
16 user_id FND_USER.USER_ID%TYPE,
17 RDN_ATT_NAME varchar2(80),
18 RDN_VALUE varchar2(4000),
19 NickName_ATT_NAME varchar2(80),
20 parent_DN varchar2(4000),
21 realmDN varchar2(4000),
22 dn varchar2(4000),
23 user_data FND_LDAP_UTIL.ldap_record_values
24 );
25
26 -- End of Package Globals
27 --
28 -------------------------------------------------------------------------------
29 /*
30 ** Name : change_password
31 ** Type : Public, FND Internal
32 ** Desc : This function changes OID password for a user in OID.
33 ** Pre-Reqs :
34 ** Parameters: p_user_guid: user GUID
35 ** p_user_name : user name
36 ** p_expire_password :
37 ** - fnd_ldap_wrapper.G_TRUE if
38 ** password to be expired on next login (for example when
39 ** admin updates a user password)
40 ** - fnd_ldap_wrapper.G_FALSE if
41 ** password NOT to be expired on next login (for example when
42 ** a user updates his/her own password)
43 ** x_password:
44 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
45 ** x_result :
46 ** fnd_ldap_wrapper.G_SUCCESS or
47 ** fnd_ldap_wrapper.G_FAILURE
48 ** Notes :
49 */
50 procedure change_password(p_user_guid in raw,
51 p_user_name in varchar2,
52 p_new_pwd in varchar2,
53 p_expire_password in pls_integer,
54 x_password out nocopy varchar2,
55 x_result out nocopy pls_integer);
56 --
57 -------------------------------------------------------------------------------
58 /*
59 ** Name : change_user_name
60 ** Type : Public, FND Internal
61 ** Desc : This function creates a user name in OID
62 ** Pre-Reqs :
63 ** Returns : FND_LDAP_UTIL.G_SUCCESS if
64 ** - a user name is successfully changed in OID
65 ** FND_LDAP_UTIL.G_FAILURE if
66 ** - user name change fails
67 */
68 procedure change_user_name(p_user_guid in raw,
69 p_old_user_name in varchar2,
70 p_new_user_name in varchar2,
71 x_result out nocopy pls_integer);
72 --
73 -------------------------------------------------------------------------------
74 /*
75 ** Name : create_user
76 ** Type : Public, FND Internal
77 ** Desc : This function creates a user in OID for the application it is
78 ** invoked from. It only creates a user if a user doesn't exists
79 ** already. If a user eixts with the same name, it will return
80 ** FND_LDAP_UTIL.G_FAILURE
81 ** Pre-Reqs :
82 ** Parameters:
83 **
84 ** Previous version:p_ldap_user : user record. See FND_LDAP_UTIL.ldap_user_type
85 ** for more details
86 ** Returns : FND_LDAP_UTIL.G_SUCCESS if
87 ** - a user is successfully created in OID
88 ** FND_LDAP_UTIL.G_FAILURE if
89 ** - user creation fails
90 */
91 --
92 -- DEPRECATED AND REMOVED
93 --function create_user(p_ldap_user in fnd_ldap_util.ldap_user_type) return pls_integer;
94 -- See private functio
95 --- function pvt_create_user(p_ldap_user in out nocopy fnd_ldap_user.ldap_user_type) return pls_integer;
96 --
97 -------------------------------------------------------------------------------
98 /*
99 ** Name : create_user
100 ** Type : Public, FND Internal
101 ** Desc : This procedure creates a user in OID for the application it is
102 ** invoked from. If a user already exists with the same name, it
103 ** checks whether the profile APPS_SSO_LINK_SAME_NAMES is enabled.
104 *8 If the profile is enabled, it simply links the users and returns
105 ** G_SUCCESS with appropriate x_user_guid and x_password. If the
106 ** profile is disabled, it throws an exception.
107 ** Pre-Reqs :
108 ** Parameters:
109 ** p_user_name: user name
110 ** p_password: unencrypted password
111 ** p_start_date: start date of the user, default sysdate
112 ** p_end_date: end date of the user, default null
113 ** p_description: description of the user, default null
114 ** p_email_address: email address, default null
115 ** p_fax: fax, default null
116 ** p_expire_password:
117 ** - fnd_ldap_wrapper.G_TRUE if
118 ** password to be expired on first login (for example when
119 ** admin creates a user)
120 ** - fnd_ldap_wrapper.G_FALSE if
121 ** password NOT to be expired on first login (for example when
122 ** cerated via self service)
123 ** x_user_guid:
124 ** GUID of the user created
125 ** x_password:
126 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
127 ** x_result: fnd_ldap_wrapper.G_SUCCESS
128 ** or fnd_ldap_wrapper.G_FAILURE
129 ** Pre-Reqs :
130 ** Throws : user_create_failure if user creation fails
131 */
132 procedure create_user(
133 p_realm in out nocopy varchar2,
134 p_user_name in varchar2,
135 p_password in varchar2,
136 p_start_date in date default sysdate,
137 p_end_date in date default null,
138 p_description in varchar2 default null,
139 p_email_address in varchar2 default null,
140 p_fax in varchar2 default null,
141 p_expire_password in pls_integer ,
142 x_user_guid out nocopy raw,
143 x_password out nocopy varchar2,
144 x_result out nocopy pls_integer);
145 --
146 -------------------------------------------------------------------------------
147 /*
148 ** Name : link_user
149 ** Type : Public, FND Internal
150 ** Desc : This procedure links the user with a user with same name in OID.
151 ** If no user exists with the same name, it returns with G_FAILURE.
152 ** If application is not SSO enabled, it
153 ** simply returns G_SUCCESS without linking the user in OID
154 ** Pre-Reqs :
155 ** Parameters: x_user_guid:
156 ** GUID of the user linked
157 ** x_password:
158 ** EXTERNAL or null
159 ** x_result:
160 ** FND_LDAP_WRAPPER.G_SUCCESS if
161 ** - a user is successfully linked to user in OID
162 ** - or application is not SSO enabled
163 ** FND_LDAP_WRAPPER.G_FAILURE if
164 ** - application is SSO enabled and user linking fails
165 ** Notes :
166 */
167 procedure link_user(p_user_name in varchar2,
168 x_user_guid out nocopy raw,
169 x_password out nocopy varchar2,
170 x_result out nocopy pls_integer);
171 --
172 -------------------------------------------------------------------------------
173 /*
174 ** Name : unlink_user
175 ** Type : Public, FND Internal
176 ** Desc : This procedure unsubscribes the user in OID if there is no other FND user linked
177 ** to the same OID user
178 ** If no user exists with the same name, it returns with G_FAILURE.
179 ** If application is not SSO enabled, it
180 ** simply returns G_SUCCESS without unlinking the user in OID
181 ** Pre-Reqs :
182 ** Parameters: p_user_guid:
183 ** GUID of the user to be unlinked
184 ** x_password:
185 ** EXTERNAL or null
186 ** x_result:
187 ** FND_LDAP_WRAPPER.G_SUCCESS if
188 ** - a user is successfully unlinked
189 ** - or application is not SSO enabled
190 ** FND_LDAP_WRAPPER.G_FAILURE if
191 ** - application is SSO enabled and user unlinking fails
192 ** Notes :
193 */
194 procedure unlink_user(p_user_guid in fnd_user.user_guid%type,
195 p_user_name in varchar2,
196 x_result out nocopy pls_integer);
197 --
198 -------------------------------------------------------------------------------
199 /*
200 ** Name : user_exists
201 ** Type : Public, FND Internal
202 ** Desc : This function creates a user in OID for the application it is
203 ** invoked from
204 ** Notes : This API doesn't check for profile values. Use fnd_ldap_wrapper
205 ** Pre-Reqs :
206 ** Parameters: user_name : user name
207 ** Returns : FND_LDAP_UTIL.G_SUCCESS if
208 ** - the user exists
209 ** FND_LDAP_UTIL.G_FAILURE if
210 ** - the user doesn't exist
211 */
212 function user_exists(p_user_name in varchar2) return pls_integer;
213 function user_exists(ldap in dbms_ldap.session,p_user_name in varchar2) return pls_integer;
214 --
215 -------------------------------------------------------------------------------
216 /*
217 ** Name : delete_user
218 ** Type : Public, FND Internal
219 ** Desc : If the OID user was created from the same instance where the
220 ** fnd_user is now being rejected/released, *and* the OID user is
221 ** still inactive, then we will delete it.If either of these
222 ** criteria is not fulfilled, we can't touch the OID user even if
223 ** we delete the pending FND_USER record.
224 ** Pre-Reqs :
225 ** Parameters: p_user_name : user name to be deleted
226 ** p_result :
227 ** FND_LDAP_UTIL.G_SUCCESS if
228 ** - the user is successfully deleted in OID
229 ** FND_LDAP_UTIL.G_FAILURE if
230 ** - if user deletion fails
231 ** Notes :
232 */
233 procedure delete_user(p_user_guid in fnd_user.user_guid%type,
234 x_result out nocopy pls_integer);
235 --
236 -------------------------------------------------------------------------------
237 /*
238 ** Name : update_user : RETIRED
239 ** Type : Public, FND Internal
240 ** Desc : This procedure updates a user in OID for the application it is
241 ** invoked from. If the user doesn't exist, it
242 ** returns with G_FAILURE.
243 ** Pre-Reqs :
244 ** Parameters: p_user_guid: user GUID
245 ** p_user_name: user name
246 ** p_password: unencrypted password
247 ** p_start_date: start date of the user, default sysdate
248 ** p_end_date: end date of the user, default null
249 ** p_description: description of the user, default null
250 ** p_email_address: email address, default null
251 ** p_fax: fax, default null
252 ** x_password:
253 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
254 ** x_result:
255 ** FND_LDAP_UTIL.G_SUCCESS if
256 ** - the user is successfully updated in OID
257 ** FND_LDAP_UTIL.G_FAILURE if
258 ** - user update fails
259 ** Notes :
260 ** This is an old siganture. mainly we always need to know if we expire the password or not.
261 ** THis supposed only to be called from FND_LDAP_WRAPPER.
262 procedure update_user(p_user_guid in raw,
263 p_user_name in varchar2,
264 p_password in varchar2 default null,
265 p_start_date in date default null,
266 p_end_date in date default null,
267 p_description in varchar2 default null,
268 p_email_address in varchar2 default null,
269 p_fax in varchar2 default null,
270 x_password out nocopy varchar2,
271 x_result out nocopy pls_integer);
272 */
273
274 --
275 -------------------------------------------------------------------------------
276 /*
277 ** Name : update_user
278 ** Type : Public, FND Internal
279 ** Desc : This procedure updates a user in OID for the application it is
280 ** invoked from. If the user doesn't exist, it
281 ** returns with G_FAILURE.
282 ** Pre-Reqs :
283 ** Parameters: p_user_guid: user GUID
284 ** p_user_name: user name
285 ** p_password: unencrypted password
286 ** p_start_date: start date of the user, default sysdate
287 ** p_end_date: end date of the user, default null
288 ** p_description: description of the user, default null
289 ** p_email_address: email address, default null
290 ** p_fax: fax, default null
291 ** p_expire_password:
292 ** - fnd_ldap_wrapper.G_TRUE if
293 ** password to be expired on next login (for example when
294 ** admin updates a user password)
295 ** - fnd_ldap_wrapper.G_FALSE if
296 ** password NOT to be expired on next login (for example when
297 ** a user updates his/her own password)
298 ** x_password:
299 ** EXTERNAL or null depending on APPS_SSO_LOCAL_LOGIN profile
300 ** x_result:
301 ** FND_LDAP_UTIL.G_SUCCESS if
302 ** - the user is successfully updated in OID
303 ** FND_LDAP_UTIL.G_FAILURE if
304 ** - user update fails
305 ** Notes :
306 */
307
308 procedure update_user(p_user_guid in raw,
309 p_user_name in varchar2,
310 p_password in varchar2 default null,
311 p_start_date in date default null,
312 p_end_date in date default null,
313 p_description in varchar2 default null,
314 p_email_address in varchar2 default null,
315 p_fax in varchar2 default null,
316 p_expire_password in pls_integer,
317 x_password out nocopy varchar2,
318 x_result out nocopy pls_integer) ;
319
320 -------------------------------------------------------------------------------
321 /*
322 ** Name : get_user_guid_and_count
323 ** Type : Public, FND Internal
324 ** Desc : This procedure retrieves GUID from OID for the given userid
325 ** Pre-Reqs :
326 ** Parameters: p_user_name: user name
327 ** Parameters: out the number of entries fuond
328 ** Notes :
329 */
330 function get_user_guid_and_count(p_user_name in varchar2, n out nocopy pls_integer) return varchar2;
331 --
332 --
333 -------------------------------------------------------------------------------
334 /*
335 ** Name : get_user_guid
336 ** Type : Public, FND Internal
337 ** Desc : This procedure retrieves GUID from OID for the given user
338 ** Pre-Reqs :
339 ** Parameters: p_user_name: user name
340 ** Notes :
341 */
342 --function get_user_guid(p_user_name in varchar2) return raw;
343 --function get_user_guid(p_ldap_session in dbms_ldap.session, p_user_name in varchar2) return raw ;
344 --function get_user_guid(p_ldap_session in dbms_ldap.session, p_user_name in varchar2, dn out nocopy varchar2) return raw ;
345
346 --
347 -------------------------------------------------------------------------------
348 /*
349 ** Name : get_attribute_value
350 ** Type : Public, FND Internal
351 ** Desc : This procedure retrieves value for an attribute from OID given a ** user name
352 ** Pre-Reqs :
353 ** Parameters: p_user_name: user name
354 ** p_attribute_name: attribute name
355 ** Notes : DEPRECATED, Reason: is to costly to located the user record using just the username
356 **
357 */
358 /*
359 function get_attribute_value(p_user_name in varchar2, p_attribute_name in varchar2) return varchar2;
360 */
361 --
365 ** Type : Public, FND Internal
362 -------------------------------------------------------------------------------
363 /*
364 ** Name : user_exists_with_filter
366 ** Desc : This function queries the the OID based on the search filter constructed from the
367 input attribute name and value pair.
368 ** Pre-Reqs :
369 ** Parameters : p_attr_name, p_attr_value
370 ** Notes : REMOVED
371 */
372 --function user_exists_with_filter(p_attr_name in varchar2, p_attr_value in varchar2) return pls_integer;
373 --
374 -------------------------------------------------------------------------------
375 /*
376 ** Name : validate_login
377 ** Type : Public, FND Internal
378 ** Desc : This procedure validates a user for a given password
379 ** Calling this API with invalid password will eventually LOCK the OiD Account.
380 ** It will return VALID only when the password is valid and the OiD Account is active and enabled.
381 ** When return INVALID will put on the FND Stack one of the following error codes
382 ** FND_SSO_USER_PASSWD_EMPTY: wrong call parameters
383 ** FND-9903: when OiD Setup is not correct
384 ** FND_SSO_INV_AUTH_MODE: OiD SSL setup is incorrect
385 ** FND_SSO_SYSTEM_NOT_AVAIL: Cannot connect to OiD
386 ** FND-9914: Unexpected error connecting to OiD
387 ** FND_SSO_NOT_LINKED: the given user name has no SSO associated
388 ** FND_SSO_USER_NOT_FOUND: FND_USER.USER_GUID is invalid or corrupted
389 ** FND_APPL_LOGIN_FAILED: Invalid Passowrd or unmanaged error validing password.
390 ** FND_SSO_LOCKED: SSO Account is locked
391 **
392 **
393 ** Only if the password is CORRECT , may fail with the following errors
394 **
395 ** FND_SSO_NOT_ACTIVE: end_date is before today or start date is in the future.
396 ** FND_SSO_PASSWORD_EXPIRED: SSO password is expired
397 ** FND_SSO_USER_DISABLED: SSO account is disabled
398 **
399 ** Pre-Reqs :
400 ** Parameters: p_user_name: user name
401 ** p_password: password
402 ** Notes :
403 */
404 function validate_login(p_user_name in varchar2, p_password in varchar2) return pls_integer;
405 --
409 --type ldap_attribute_name_length as varchar2(200);
406 -------------------------------------------------------------------------------
407
408
410 --type ldap_attribute_val_type is varchar2(32000);
411
412
413
414
415
416 /*
417 *
418 * API for intermediate LDAP_USER TDA
419 * INTERNAL ATG
420 */
421
422 PROCEDURE setAttribute( usr in out nocopy ldap_user_type,
423 attName in varchar2,
424 attVal in varchar2,
425 replaceIt in boolean default false );
426 PROCEDURE deleteAttribute( usr in out nocopy ldap_user_type,
427 attName in varchar2,
428 attVal in varchar2 );
429 PROCEDURE deleteAttribute( usr in out nocopy ldap_user_type,
430 attName in varchar2);
431
432 FUNCTION getAttribute( usr in out nocopy ldap_user_type,
433 attName in varchar2,
434 attValIdx in pls_integer default 0 ) return varchar2;
435
436 FUNCTION attributePresent( usr in out nocopy ldap_user_type,
437 attName in varchar2) return boolean;
438
439 /*
440 Record iteration: functions to traverse all the record ant its values,
441 , for example for printing.
442 */
443 FUNCTION firstValue(usr in out nocopy ldap_user_type,
444 attName in out nocopy varchar2,
445 attValue in out nocopy varchar2,
446 handle in out nocopy pls_integer ) return boolean; -- false when record is empty
447
448 /**
449 ** FND - ATG Internal : do not use
450 ** Used by : FND_LDAP_USER
451 */
452
453 FUNCTION nextValue(usr in out nocopy ldap_user_type,
454 attName in out nocopy varchar2,
455 attValue in out nocopy varchar2,
456 handle in out nocopy pls_integer ) return boolean; -- true if returned fields contains data
457
458
459 function get_username_from_guid(p_guid in fnd_user.user_guid%type)
460 return varchar2;
461
462
463 /**
464 ** FND - ATG Internal : do not use
465 ** Used by : FND_OID_PLUG
466 */
467 FUNCTION SearchUser ( username_z in varchar2,
468 p_ldap_user IN OUT nocopy fnd_ldap_user.ldap_user_type) return boolean;
469
470 -- LEGACY
471 ---- DO NOT USE IT UNLESS THERE IS NO OPTION
472 ---- MAY GENERATE UNNECESARY LDAP ACCESS.
473 /**
474 ** FND - ATG Internal : do not use
475 ** Used by : FND_OID_PLUG
476 */
477 FUNCTION getNickNameAttr( username_z in varchar2) return varchar2;
478
479
480 function CanSync ( p_user_id in pls_integer, p_user_name in varchar2 ) return boolean;
481
482 end fnd_ldap_user;