Directory Integration Platform (DIP) : integrates LDAP-enabled applications (Portal, EBS) and LDAP directories (MS-AD, ADAM/MS-LDS, IBM Tivoli Directory Server) with Oracle Internet Directory (OID)
1. DIP provides two type of services : Synchronization and Provisioning
a) Synchronization: keeps third party directory server (MS-AD, MS-ADAM/MS-LDS, iPlanet, Tivoli DS) consistent with Oracle Internet Directory (OID). Synchronization Service uses synchronization profile to sync directories and profile is managed by “manageSyncProfiles” or FMW Control (/em)
b) Provisioning : User and group information is updated from OID to LDAP-enabled applications (Portal, EBS, OCS). Provisioning service uses provisioning profile to synchronize data between OID and LDAP-enabled applications and profile is managed by “oidprovtool”
Connectors : OID server connects to other directory stores (MS-AD, iPlanet, IBM Tivoli DS) using connector. Connector is prepackaged connectivity solution that exchanges data between OID server and connected Directory server. Connectors use one of following interfaces LDAP, DB, tagged or LDIF.
- If third party directory server supports one of above interfaces (LDAP, DB, tagged or LDIF) then it just requires Integration Profile.
- If third party directory server cannot NOT use one of above interfaces (LDAP, DB, tagged or LDIF) then it requires Integration Profile + an Agent.
Agent :Synchronization agent transforms data from one of formats supported by DIP in to one supported by third party directory server (eg HR).
Directory Integration Profile: This profile contains all configuration information that is required to synchronize data between OID server and other directories. There is at least one profile per directory per direction. Directorty Integration Profile contains following information –
a) Direction of Synchronization – export only, import only or both
b) Type of interface – LDAP, tagged, DB and LDIF
c) Mapping rules and formats– attribute mapping and conversion between attributes of OID and third party directory server. (orclodipAttributeMappingRules)
d) Connection details of third party directory server – Third party directory server host, port, SSL/non-SSL, credentials
Directory Synchronization Service (DSS) – DSS periodically checks directory synchronization profiles and compares the last successful update time and change number with the contents of the chnage log. If there are any new changes to be synchronized, DSS initiates the synchronization process.
Installation and Configuration of DIP
1. DIP can be configured with OID or as stand-alone component (OID is prereq for DIP) on different machine.
2. DIP is J2EE application deployed on WebLogic Server (in 11g OID) or 10g Application Server (in 10g OID)
3. In 11g Identity Management, DIP is deployed on Weblogic and managed server wls_ods1 by default. DIP J2EE application consists of EJB Module dipejb.jar and WebModule dipweb.war.
4.You can start Managed server on which DIP is deployed (wls_ods1) via command line startManagedXXXX , from console (Node Manager must be running and Machine should be setup in weblogic) or via FMW control (/em)
To start wls_ods1 managed server, Admin server should be running during first time start; after that Admin server could be down (or up) during wls_ods1 start/stop. More on starting stopping weblogic server here
5. Default DIP web module URL is http://hostname:port/dipapp(where port is port for managed server wls_ods1 – 7005 by default)
6. Utilities related to DIP are $ORACLE_HOME/bin/ dipStatus, manageSyncProfiles, manageSyncProfiles
7. You can also use Fusion Middleware control (/em) or WLST (WebLogic Scripting Tool) to manage DIP .
8. DIP related information is stored in cn=odisrv, cn=Registered Instances, cn=Directory Integration Platform, cn=Products, cn=OracleContext
Note* You can use ldapsearch or ODSM to find DIP registration information under this ldap leaf (Oracle Directory Services Management (ODSM) is another java application to manage OID (replacement of ODM – Oracle Directory Manager)). More on ODSM here