Skip to main content

Oracle Virtual Directory (OVD) : LDAP Adapters

With Oracle Virtual Directory a LDAP adapter can be created which is mapped to either user container ("cn=users,dc=example,dc=com") or root value in LDAP server. It can also be mapped to the tree of the server (dc=example,dc=com). If two different LDAP adapters are created within OVD a user can be searched from both the directories or from a single directory based on the Mapped name space in the OVD.
Below is the use case scenarios depicting the same:
Create an Adapter with OID/OUD using remote base as “” and mapped name space to “dc=eus,dc=oracle,dc=com”. It can also be mapped to either tree (dc=oracle,dc=com) or user container (cn=Users,dc=oracle,dc=com).If we have to search the root values also from OID/OUD then map it to "".



 Now from the adapter browser even cn=”changelog” can be seen which doesn’t come under “dc=us,dc=oracle,dc=com” tree in OUD.


Create another adapter for Active directory mapping it to remote base as “dc=dev,dc=oracle,dc=com”.



Now mapping is as below:
OUD/OID:
Remote base: “”
Mapped Name Space: dc=eus,dc=oracle,dc=com
AD:
Remote Base: “dc=dev,dc=oracle,dc=com”
Mapped Name Space: dc=eus1,dc=oracle,dc=com
Now below use cases can be completed using ldapsearch through OVD.

Usecase:1 à Searching a user in both the directories.
If Ldapsearch is run against “dc=oracle,dc=com” then OVD will search the user in both the directories.
Searching an OUD user:

Now searching the above user “uid=user.0” through OVD.


Searching an AD user:


Searching the above user “cn=oam” using ldapserach.


Usecase:2 Searching a user in OUD.
A user can be searched in only OUD using mapped name space “dc=eus,dc=oracle,dc=com” while searching through OVD.


Usecase:3 Searching a user in AD.
A user can be searched in AD using the name space “dc=eus1,dc=oracle,dc=com” while searching through OVD.









Labels:

Comments

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c
5 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D
Post a Comment
Read more

What is Application Instance

Application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism) . Creating and managing application instances are performed by using the Oracle Identity System Administration. Once Created Application Instance can be requested from the catalog. Application instances can be connected or disconnected.  Connected application  instance -It has a connector defined for the provisioning of entities. Account is created in the target system real time in case of connected Application Instance. Disconnected  application instance - It is used for the provisioning of a disconnected resource, for which  a connector is not defined, and therefore, the provisioning is performed manually by the administrator. A mail trigger system can also be attached which sends the account creation/modification/deletion mails to the application owner.
Post a Comment
Read more