.
Directory Integration Platform (DIP) : integrates LDAP-enabled applications (Portal, EBS) and LDAP directories (MS-AD, ADAM/MS-LDS, IBM Tivoli Directory Server) with Oracle Internet Directory (OID)
1. DIP provides two type of services : Synchronization and Provisioning
a) Synchronization: keeps third party directory server (MS-AD, MS-ADAM/MS-LDS, iPlanet, Tivoli DS) consistent with Oracle Internet Directory (OID). Synchronization Service uses synchronization profile to sync directories and profile is managed by “manageSyncProfiles” or FMW Control (/em)
b) Provisioning : User and group information is updated from OID to LDAP-enabled applications (Portal, EBS, OCS). Provisioning service uses provisioning profile to synchronize data between OID and LDAP-enabled applications and profile is managed by “oidprovtool”
.
Connectors : OID server connects to other directory stores (MS-AD, iPlanet, IBM Tivoli DS) using connector. Connector is prepackaged connectivity solution that exchanges data between OID server and connected Directory server. Connectors use one of following interfaces LDAP, DB, tagged or LDIF.
- If third party directory server supports one of above interfaces (LDAP, DB, tagged or LDIF) then it just requires Integration Profile.
- If third party directory server cannot NOT use one of above interfaces (LDAP, DB, tagged or LDIF) then it requires Integration Profile + an Agent.
Agent :Synchronization agent transforms data from one of formats supported by DIP in to one supported by third party directory server (eg HR).
Directory Integration Profile: This profile contains all configuration information that is required to synchronize data between OID server and other directories. There is at least one profile per directory per direction. Directorty Integration Profile contains following information -
a) Direction of Synchronization – export only, import only or both
b) Type of interface – LDAP, tagged, DB and LDIF
c) Mapping rules and formats- attribute mapping and conversion between attributes of OID and third party directory server. (orclodipAttributeMappingRules)
d) Connection details of third party directory server – Third party directory server host, port, SSL/non-SSL, credentials
Directory Synchronization Service (DSS) - DSS periodically checks directory synchronization profiles and compares the last successful update time and change number with the contents of the chnage log. If there are any new changes to be synchronized, DSS initiates the synchronization process.
.
Installation and Configuration of DIP
1. DIP can be configured with OID or as stand-alone component (OID is prereq for DIP) on different machine.
2. DIP is J2EE application deployed on WebLogic Server (in 11g OID) or 10g Application Server (in 10g OID)
3. In 11g Identity Management, DIP is deployed on Weblogic and managed server wls_ods1 by default. DIP J2EE application consists of EJB Module dipejb.jar and WebModule dipweb.war.
4.You can start Managed server on which DIP is deployed (wls_ods1) via command line startManagedXXXX , from console (Node Manager must be running and Machine should be setup in weblogic) or via FMW control (/em)
To start wls_ods1 managed server, Admin server should be running during first time start; after that Admin server could be down (or up) during wls_ods1 start/stop. More on starting stopping weblogic server here
5. Default DIP web module URL is http://hostname:port/dipapp(where port is port for managed server wls_ods1 – 7005 by default)
6. Utilities related to DIP are $ORACLE_HOME/bin/ dipStatus, manageSyncProfiles, manageSyncProfiles
7. You can also use Fusion Middleware control (/em) or WLST (WebLogic Scripting Tool) to manage DIP .
8. DIP related information is stored in cn=odisrv, cn=Registered Instances, cn=Directory Integration Platform, cn=Products, cn=OracleContext
Note* You can use ldapsearch or ODSM to find DIP registration information under this ldap leaf (Oracle Directory Services Management (ODSM) is another java application to manage OID (replacement of ODM – Oracle Directory Manager)). More on ODSM here
.
Related/References
Related Posts for OID
- Oracle Internet Directory OID
- Oracle Internet Directory – Basics II
- OID to OID/Active Directory/iPlanet other LDAP Server Integration
- Multi Master OID Replication
- OID Architecture
- Oracle Internet Directory , OID Troubleshooting
- Server Chaining in OID
- OID Quesries/ Scripts FAQ
- OIDADMIN Client
- Oracle Identity Management (OID) 11g installation Issues on Linux
- OID 11g – Oracle Directory Services Manager (ODSM)
- DIP : Synchronization, Provisioing, Connectors, DSS in Oracle Directory Services (ODS) 11g
- OID Replication – Suppliers, Consumers, DRG, ASR/LDAP based replication
- ASR setup has failed – Error occurred while dropping database link : ORA-02084 : database name is missing a component while Configuring Multi Master OID replication using “remtool -asrsetup”
- OID 11g Down : Unable to Start OID 11g using OPMN (ODS schema locked ORA-28002)
- OID/Directory Services 11g – Schema, Object Class, Attributes
- OID 11g Distributed Install : DIP/ODSM (Java Component) & OID (LDAP/REPLD) on different machine
- OID Server Mode R, RW, RM: LDAP: error code 53 – Server currently in read only mode
- How to change OID 11g database schema (ODS) password
- How to add custom attribute, Object Classe in OID from command line or GUI
- Oracle Internet Directory (OID) and Real Application Cluster (RAC) database : Things you must know
- How to Update User Password in OID (single account or bulk) – command line or GUI
- Error starting OID 11g during configuration stage of OID installation on Windows Server “ProvisionException: Failed to start the component”
- How to delete Entries in OID 11g in Bulk – Delete Failed : Ldap Error Code 66 Not allowed on Non-Leaf
- How to find latest changelog number (or changes) in OID ?
- Context Initialization Error on running ldapsearch commands on OID Server
- How to find OID version and patches applied on OID Home ?
- How to change OID 11g LDAP/LDAPS listen port
- How to find/audit Failed Login Attempts in OID 11g
- Step by Step configuration of OID Multi Master Replication – LDAP based in OID 11g
- OID 11g LDAP based Multi Master replication : Configuration Entries you must know
- Configure SSL for Oracle Internet Directory (OID)
- How to backup Oracle Internet Directory (OID) 11g – Data : Full / Partial
Oracle WebLogic Administrator [USD 399]- 03rd Dec, 2011
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth every penny 
20 users commented in " DIP : Synchronization, Provisioing, Connectors, DSS in Oracle Directory Services (ODS) 11g "
Follow-up comment rss or Leave a TrackbackHi,
where i can find the Provisioning console in OID 11g ?
i have to create a user with the provisioning services of DIP.
@ cristiano,
You can access it from Fusion Middleware control i.e. /em on admin server (port 7001)
http://download.oracle.com/docs/cd/E14571_01/oid.1111/e10031/odip_provisioning.htm#BABJCADE
[...] For more information on DIP Synchronization and provisioning click here [...]
the DIP provisioning profile can be created only with oidprovtool ?
Strange that i do not find any functionlaities as for DIP Syncronzation profile.
@ cristianoburgo
I am not clear with your query but to find for more information on oidprovtool check
http://download.oracle.com/docs/cd/E14571_01/oid.1111/e10031/odip_config_apps_prov.htm
oidprovtool is under $ORACLE_HOME(for OID)/bin
Hi!
This guide is excellent on 11g,
however… I need a similar guideline on Oracle OID 10g DIP.
My issue is integration with eBusiness Suite R12 & Novell eDirectory.
This is verrry urgent
@ Capitalist,
For OID 10g integration with eBusiness Suite R12 use commands at eBusiness Side (txkrun.pl)
http://onlineappsdba.com/index.php/2008/08/20/apps-11ir1212i-registrationderegistration-with-oidsso-internals/
Also use
•233436.1— Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
•261914.1—Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Application Server Single Sign-On
•233436.1—Oracle Application Server with Oracle E-Business Suite Release 11i Frequently Asked Questions
For OID 10g Integration with other LDAP servers like Novell eDirectory use link
http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14085/odip_int_cons.htm#i130063
and
http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14085/odip_int_cons009.htm
Hi Atul,
I am working on DIP 11g. Many times i have faced the issue that 2 components of DIP i.e MBeans and Quartz Scheduler are down but DIP status is up and running.
So can pleasetell why these components go down and how i can make them up.
I restarted DIP as well as wls_server but these 2 component still remains in down state.
Please help
Waiting for your reply.
Thanks in Advance
@ Tushar J,
This could be because of number of reasons , main one which I faced was because of wrong configuration in second managed server for DIP.
$DOMAIN_HOME/config/fmwconfig/ servers/wls_ods[n]/ applications/DIP_11.1.1.2.0/ configuration/ dip-config.xml (copy this file from first managed server)
To find root cause check wls_ods2 log file at $DOMAIN_HOME/ servers/ wls_ods2/logs
Hi Atul,
Actually i was trying external Authentication for which i changed server properties of OID. I checked External SASL Check box in SASL tab in Server properties of OID and then apply the changes.
Later on i tried to uncheck the External SASL check box but it was not allowing we to save the changes after unchecking the box .
After that i found that Quartz scheduler and MBeans component of DIP are down.
So later even after restart of dip those component were down.
Thanks!!
I’d like to configure DIP provisioning profiles to provision users from OID to EBS instances using policies based on group membership. In this way I can control who gets provisioned to what from OID groups.
I already have my policies created but they provision all users by default.
The question is how to do this? I can find nothing in the DIP Admin guide that helps with this?
Many thanks,
Bernie
@ berniej,
Did you look at filter tab in provisioning profile in EM ?
Hi Atul,
The profile is a version 2.0 created using txkrun.pl and I see only General, Event Configuration and Advanced tabs when I edit the profile using DIP.
There are App to OID Subscriptions, OID to App subscriptions and App to OID mapping rules but nothing to allow me to map OID to App rules it seems?
Thanks,
Bernie
@ Bernie,
Use oidrovtool , as per 13.2.1 see if event_mapping_rule can be used which has filter
event_mapping_rules=”OBJECT_TYPE:FILTER:DOMAIN”
http://download.oracle.com/docs/cd/E21764_01/oid.1111/e10031/odip_config_apps_prov.htm#CACIJGHC
Thanks Atul, I’ll give it a go and post back – I had read 13.2.2 and assumed that this only applied to INBOUND but maybe it means only REQUIRED for INBOUND….
event_mapping_rules=”OBJECT_TYPE:FILTER:DOMAIN”
Required for create and modify operations on INBOUND events only. This rule maps
the object type received from the application (using an optional filter condition) to a
domain in Oracle Internet Directory A provisioning profile can have multiple mapping
rules defined.
Hi Atul,
Seems that event_mapping_rules are indeed only applied to inbound events. Seems that outbound doesn’t support filter based rules…. back to the drawing board!
I have 11g IDM 11.1.1.4 configured with OAM for EBS 12.1.3 SSO. I have 2-way sync. The only users I create in EBS are iRec users. I am trying to add them in OID to their own cn to separate them with internal users. I have tried to change DIP Server>Provisioning Profiles and change Application to OID Mapping Rules and set FND to cn=Applicants,cn=users,dc=domain,dc=com but users still show up under cn=users. Any suggestions on how to get the users created in EBS to map to cn=Applicants?
I just like the valuable information you provide in your
articles. I will bookmark your weblog and check once more right here
regularly. I’m slightly sure I’ll learn many new stuff right here!
Good luck for the next!
Youre so cool! I dont suppose Ive read something like this before.
So nice to seek out any person with some authentic ideas on this
subject. realy thanks for starting this up. this web site is one thing that is wanted on the web, somebody with a bit originality.
useful job for bringing one thing new to the web!
The most likely way to make money gambling is to build up your winnings gradually.
You need to have a basic understanding of the strengths and weaknesses of different international teams so that
you can make more winning bets. On the other hand, there are also betting strategies
and books that are quite useful in order to win bets.
Leave A Reply