Directory Integration Platform (DIP) : integrates LDAP-enabled applications (Portal, EBS) and LDAP directories (MS-AD, ADAM/MS-LDS, IBM Tivoli Directory Server) with Oracle Internet Directory (OID)
1. DIP provides two type of services : Synchronization and Provisioning
a) Synchronization: keeps third party directory server (MS-AD, MS-ADAM/MS-LDS, iPlanet, Tivoli DS) consistent with Oracle Internet Directory (OID). Synchronization Service uses synchronization profile to sync directories and profile is managed by “manageSyncProfiles” or FMW Control (/em)
b) Provisioning : User and group information is updated from OID to LDAP-enabled applications (Portal, EBS, OCS). Provisioning service uses provisioning profile to synchronize data between OID and LDAP-enabled applications and profile is managed by “oidprovtool”
Connectors : OID server connects to other directory stores (MS-AD, iPlanet, IBM Tivoli DS) using connector. Connector is prepackaged connectivity solution that exchanges data between OID server and connected Directory server. Connectors use one of following interfaces LDAP, DB, tagged or LDIF.
- If third party directory server supports one of above interfaces (LDAP, DB, tagged or LDIF) then it just requires Integration Profile.
- If third party directory server cannot NOT use one of above interfaces (LDAP, DB, tagged or LDIF) then it requires Integration Profile + an Agent.
Agent :Synchronization agent transforms data from one of formats supported by DIP in to one supported by third party directory server (eg HR).
Directory Integration Profile: This profile contains all configuration information that is required to synchronize data between OID server and other directories. There is at least one profile per directory per direction. Directorty Integration Profile contains following information -
a) Direction of Synchronization – export only, import only or both
b) Type of interface – LDAP, tagged, DB and LDIF
c) Mapping rules and formats- attribute mapping and conversion between attributes of OID and third party directory server. (orclodipAttributeMappingRules)
d) Connection details of third party directory server – Third party directory server host, port, SSL/non-SSL, credentials
Directory Synchronization Service (DSS) - DSS periodically checks directory synchronization profiles and compares the last successful update time and change number with the contents of the chnage log. If there are any new changes to be synchronized, DSS initiates the synchronization process.
Installation and Configuration of DIP
1. DIP can be configured with OID or as stand-alone component (OID is prereq for DIP) on different machine.
2. DIP is J2EE application deployed on WebLogic Server (in 11g OID) or 10g Application Server (in 10g OID)
3. In 11g Identity Management, DIP is deployed on Weblogic and managed server wls_ods1 by default. DIP J2EE application consists of EJB Module dipejb.jar and WebModule dipweb.war.
4.You can start Managed server on which DIP is deployed (wls_ods1) via command line startManagedXXXX , from console (Node Manager must be running and Machine should be setup in weblogic) or via FMW control (/em)
To start wls_ods1 managed server, Admin server should be running during first time start; after that Admin server could be down (or up) during wls_ods1 start/stop. More on starting stopping weblogic server here
5. Default DIP web module URL is http://hostname:port/dipapp(where port is port for managed server wls_ods1 – 7005 by default)
6. Utilities related to DIP are $ORACLE_HOME/bin/ dipStatus, manageSyncProfiles, manageSyncProfiles
7. You can also use Fusion Middleware control (/em) or WLST (WebLogic Scripting Tool) to manage DIP .
8. DIP related information is stored in cn=odisrv, cn=Registered Instances, cn=Directory Integration Platform, cn=Products, cn=OracleContext
Note* You can use ldapsearch or ODSM to find DIP registration information under this ldap leaf (Oracle Directory Services Management (ODSM) is another java application to manage OID (replacement of ODM – Oracle Directory Manager)). More on ODSM here
Related Posts for OID
- Oracle Internet Directory OID
- Oracle Internet Directory – Basics II
- OID to OID/Active Directory/iPlanet other LDAP Server Integration
- Multi Master OID Replication
- OID Architecture
- Oracle Internet Directory , OID Troubleshooting
- Server Chaining in OID
- OID Quesries/ Scripts FAQ
- OIDADMIN Client
- Oracle Identity Management (OID) 11g installation Issues on Linux
- OID 11g – Oracle Directory Services Manager (ODSM)
- DIP : Synchronization, Provisioing, Connectors, DSS in Oracle Directory Services (ODS) 11g
- OID Replication – Suppliers, Consumers, DRG, ASR/LDAP based replication
- ASR setup has failed – Error occurred while dropping database link : ORA-02084 : database name is missing a component while Configuring Multi Master OID replication using “remtool -asrsetup”
- OID 11g Down : Unable to Start OID 11g using OPMN (ODS schema locked ORA-28002)
- OID/Directory Services 11g – Schema, Object Class, Attributes
- OID 11g Distributed Install : DIP/ODSM (Java Component) & OID (LDAP/REPLD) on different machine
- OID Server Mode R, RW, RM: LDAP: error code 53 – Server currently in read only mode
- How to change OID 11g database schema (ODS) password
- How to add custom attribute, Object Classe in OID from command line or GUI
- Oracle Internet Directory (OID) and Real Application Cluster (RAC) database : Things you must know
- How to Update User Password in OID (single account or bulk) – command line or GUI
- Error starting OID 11g during configuration stage of OID installation on Windows Server “ProvisionException: Failed to start the component”
- How to delete Entries in OID 11g in Bulk – Delete Failed : Ldap Error Code 66 Not allowed on Non-Leaf
- How to find latest changelog number (or changes) in OID ?
- Context Initialization Error on running ldapsearch commands on OID Server
- How to find OID version and patches applied on OID Home ?
- How to change OID 11g LDAP/LDAPS listen port
- How to find/audit Failed Login Attempts in OID 11g
- Step by Step configuration of OID Multi Master Replication – LDAP based in OID 11g
- OID 11g LDAP based Multi Master replication : Configuration Entries you must know
- Configure SSL for Oracle Internet Directory (OID)
- How to backup Oracle Internet Directory (OID) 11g – Data : Full / Partial
- SSL / Wallets in OID/OHS : How to manage certificates in Wallet using command line ?? ORAPKI
- How to debug OID : LDAP Error code 50 – Insufficient Access Rights
- What Hashing Algorithm OID uses to store user Password : SSHA or MD5