OID to OID/Active Directory/iPlanet other LDAP Server Integration

In Today’s Post I am going to cover overview OID to other LDAP Server Integration. Other LDAP Server can be Oracle’s Internet Directory or Sun’s iPlanet or Microsoft Active Directory (These are standard directory Servers but you can integrate OID with other third party LDAP servers as well)

Two way / One way Integration
You can integrate to synch changes one way only i..e. from Other ldap server OID or both way i.e. OID to other ldap server & vice-versa. (For Two way Integration you should have access to Update other LDAP Server)

Various OID Server Instances
Under OID there three services
OIDLDAPD Server which is used for normal directory processing
OIDREPLD Replication Server (To replicate entire OID to other OID server)
ODISRV Directory Integration & Provision Server (This is the server/services used to integrate OID Users/Groups/objects with third party LDAP Servers)

By default OIDLDAPD & ODISRV Instances are started as you start OID using OPMN but you still need to start one more Instance of ODISRV for Integrating OID with other LDAP Servers

ODISRV is by default Up why I need additional ODISRV Server ?
Default ODISRV is used by Provisioning Services i.e. to povision users & groups from OID to Oracle Applications i.e. Portal/Workflow/Discoverer… So for Integrating OID with third party ldap server including OID we need another Instance of ODISRV.

How to start ODISRV & check related logs ?
You can start additional ODISRV instance using OIDCTL command

oidctl connect=[tns_alias] host=[oid_hostname] server=odisrv instance=2 configset=0 start

to stop it use

oidctl connect=[tns_alias] host=[oid_hostname] server=odisrv instance=2 stop

Logs related to above odisrv process will be in $ORACLE_HOME/ldap/log/odisrv0X.log where X is instance name.
Other log files will be at $ORACLE_HOME/ldap/odi/log/[profile_name].aud & [profile_name].trc

For Other things on OID to OID or other LDAP server Integration (iPlanet/AD) and significance of audit & trace log files mentioned above including Synchronization Profiles in OID..

Coming Soon ……

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

11 comments
Anonymous says February 7, 2007

Is there some reason you didn’t mention OpenLDAP?

Reply
Atul Kumar says February 10, 2007

Hi Anonymous,
No its just like I never worked on Integration of OID with openLdap (I worked on OID to OID,AD,iPlanet only).
You can very well integrate with openLdap but you have to tweak with provision profile and mapping file

Reply
Anonymous says May 9, 2007

Hi, i am trying to integrate the OID with the windows active directory! I actually managed to Import the AD users to OID by tweaking the profiles and mapping files! but the thing is i cant export them back! can u post somekind of a step by step help? please! thanks.

Reply
Atul Kumar says May 9, 2007

Can you explain what do you mean by export them back ?

Where to export back ?

Do you mean by synchronization with AD ?

Reply
Syed says July 19, 2008

Dear Atual,

1) I integrted 10gAS with R12 instance.
Well its working,when i use r12 url it diverting to sso page, i use orcladmin/oracle123 then its open diffrent r12 html page with login screen. i supply aman/google .
it connect to that user. then i logout.
next time when i use r12 url it diverting to sso page,when i use oracladmin/password it directly coonect r12 user ( aman )whihc i use first time. if i use other r12 user i cant login with sso.(error authentication fail)

2)no reponce from ldapsearch process cuntnously with no output, no error.

bash-3.00$ ldapsearch -h oradevweb2 -p 636 -D cn=orcladmin -w oracle123 -b “or
lApplicationCommonName=prod,cn=EBusiness,cn=Products,cn=OracleContext,dc=india
in.com” userpassword -v oracle123

Can u tell me, what is above userpassword ,i use orcladmin password.
and wht for its continulsy running with no output no error.

thanks atul.

Reply
Atul says July 19, 2008

Syed,
Im step 1, what you did is linked orcladmin user in OID with User aman in R12 (fnd_user). Since there is no user called orcladmin in R12 (FND_USER) hence it tried to manually link orcladmin with aman as you supplied aman as user.

So from now orcladmin in oid is linked to aman in apps and this user can login.

2) In this what you are trying to search ?
What are options userpassword -v oracle123 ?

Tell me what are you trying to search and I will give you right OID command.

Above you mentioned that when you login with other R12 user you get login error so first check if this user si available in OID or not. Use /oiddas screen to check if user is in OID or not.

In order to sso login user should be in apps FND_USER and OID both.

Try to go through guide mentioned in my post specially OID inetgration with apps to clear your doubts.

http://onlineappsdba.com/index.php/2008/03/17/notesdocs-to-integrate-apps-11i-with-10g-as-portaloidsso/

Reply
Iran Neves says November 4, 2008

Today did you have something with OpenLDAP?

Reply
sanjay says November 18, 2008

Do you have steps to do OID to OID integration. We are upgrading OID from 10.1.2 to 10.1.4 and also moving to different server. We have done one time data import to 10.1.4 envionment. We want to setup OID to OID sync from 10.1.2 to 10.1.4.
Do you steps to do this ? If you have OID to OID mapping file, that will also help.

Reply
Bernd says February 27, 2009

Hi Atul,

have you ever faced the challange to sync OID with IBM Directory Service? I tried it with the IPlanet connector and was able to bootstrap successfully. But, synchronization fails.

Looking forward for your thoughts.

Bernd

Reply
Kishore Repakula says June 6, 2011

Hi,

When i synced the PwdLastSet attribute from AD to OID it is not getting the actual time stamp.
Could you tell me how to do that.

Thanks,
Kishore Repakula

Reply
Vivek_blr says September 5, 2012

Hi,

When i try to start OC4J_SECURITY it show the foloowing error. Can u please provide suggestion to resolve.
————————————
An error occurred while starting “OC4J_SECURITY”.
The component was not started because it is already up.
For more information, look at the logs using the related link below.
Related Link Error Logs
————————————-

Reply
Add Your Reply

Not found