OID (Oracle Internet Directory) is LDAP (Lightweight Directory Access Protocol) Server from Oracle where as AD (Active Directory) is LDAP server from Microsoft. Almost all oracle products (E-Business Suite 11i/R12, Portal, Application Server, Forms & Reports … ) integration with Active Directory is done via OID (OAS component).
For more information on OID click here .
http://becomeappsdba.blogspot.com/2007/02/oid-to-oidactive-directoryiplanet-other.html
Few things to note in Integration of OID with Active Directory
————————————————————————
1. Users can be created in AD and propagated to OID or Vice Versa or can
be created in both and then synched.
2. Password for users
—-2.a) can be stored in AD and not OID(You can authenticate against AD) via External Authentication Plug-in (created in OID)
—2.b) Can be stored at both places AD & OID and synhced regularly
3. User synchronization between OID and AD (from OID side, both import & export) is done via DIP (Directory Integration & Provisioning ) component of OID
4. Synchronization of user (to & from) between OID and AD is done by predefined connector (shipped with OIDwhich you can modify/configure as per your need)
5. Synchronization between AD-OID via above mentioned connector can be one way (import only or export only) or two way (both import and export)
6. You can synch all or particular attributes of user entry which you wish to configure (this is done via mapping file- More on mapping files coming soon..)
Configuration Highlights
————————————–
1. Synchronization of users between OID & AD happens via synchronization profile (including connect detail, direction of synch, attribute and source & target domain) created during installation of OID.
2. Three provisioning profile created by default are
—ActiveImport : Importing Changes from MS-AD to OID (DirSyn approach for tracking changes in AD)
—ActiveChgImp : Importing Changes from MS-AD to OID (USNChanged approach for tracking changes in AD )
—ActiveExport : Exporting changes from OID to MS-AD
(More on DirSyn & USNChanged coming soon with practical examples on which one to choose depending on requirement)
3. These provisioning profiles can be customized using dipassitant
(dipassistant -gui) or using LDAP commands (ldapadd or ldapmodify)
4. If you are synchronizing from AD to OID where AD is multi-domain and global catalog is not configured againt Multi domain AD, then you need
one synchronization profile per domain for AD but if global catalogue is
configured you create only one provisioning profile against GC (global
catalog and not garbage collector); If synchronization is from OID to AD
(with multiple domain) you need provisioning profile for each domain
irrespective of global catalog (GC doesn’t play a role in synch for
Export from OID to AD)
5. Decide on what information to synchronize and at what location in
directory information tree to synchronize.
More on Integrating/synchronizing Oracle Internet Directory (OID) to Microsoft Active Directory (AD) with demo setup coming soon ….
Related Posts for OID
- Oracle Internet Directory OID
- Oracle Internet Directory - Basics II
- Integrate OID with AD Part I
- OID to OID/Active Directory/iPlanet other LDAP Server Integration
- Multi Master OID Replication
- OID Architecture
- Oracle Internet Directory , OID Troubleshooting
- Server Chaining in OID
- OID Quesries/ Scripts FAQ
- OIDADMIN Client
- Oracle Identity Management (OID) 11g installation Issues on Linux
- OID 11g - Oracle Directory Services Manager (ODSM)
Popularity: 10% [?]
Download R12 VMware Documentation
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth for Money 
7 users commented in " Integrate OID with AD Part I "
Follow-up comment rss or Leave a TrackbackThis can be a pretty daunting task at first (especially if you don’t have a good grasp of basic LDAP syntax) but it is extremely beneficial in certain environments. For instance, we use our institution’s AD for authentication but have our authorization rules set up on the OID and Oracle accounts for the end-users, giving the ma “single sign-on” experience. Very much worth the effort.
Thanks for sharing your experience with readers. Its true that its worth knowing LDAP syntax and basics.
Hi I feel integrating OID with AD is not a easy task.It is mentioned EAP (External Authentication plugin) can be used for AD-OID sync but I have few issues on this. In my environment I want to establish a single password concept for both thin client and thick client. EAP works good for thin client but does not support thick client. Hence it looks like password filter and server chaining are few options to resolve thick cient issue. Could you please give me an idea whether EAP can be used for both thick and thin client. In my environment the password is in AD and no where. IF EAP can be used then How it can be done?
Sisir,
EAP can be used in OID so that OID on user behalf will do ldapbind and ldapcompare for password in AD or third party directory server.
Do let me know what kind of think clients (give me an example) you are trying to use for EAP.
Server chaining for Directory server is available from 10.1.4 OID and not 10.1.2
I’ll cover EAP in my coming post on this site
Hi Atul,
can u guide me configuration for OID and AD integration for our Portal.
Bilal,
Check this OID-AD INtegration Guide here
http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14085/odip_actdir.htm#sthref612
Hi,
I am having a portal with a numberic login.
For example : user( 010999)/pass
I would like to make the username alphanumeric
( amolchawathe/password)
Can you guide me how it can take place either through a change in OID or some kind of a portal API.
Your inputs would be appreciated.
Thanks
Amol
Hi Atual,
Want to understand what could be the use of integrating AD with OID without the use of SSO?
thanks
Pravin
Leave A Reply