This is part VIII of step by step installation of Oracle Identity Management (OAM, OIM, OAAM, OAPM & OIN) which covers configuring  LDAP Sync with OIM 11g.

LDAP Sync with OIM 11g  :  OIM will sync users to LDAP (OID in this case) . OIM LDAP Synchronization will use OVD/OID to synchronize users from OIM to OID. LDAP Sync is mandatory for integration of Oracle Identity Manager (OIM) with Oracle Access Manager (OAM) .

  • For Part I Download Software and create Schema click here
  • For Part II Install WebLogic Server 10.3.3  click here
  • For Part III Install SOA Server and Upgrade to click here
  • For Part IV Install IDAM click he
  • For Part V Create Domain for OIM, OAM, OAAM, OAPM & OIN here
  • For Part VI Configure Identity Manager click here
  • For Part VII Configure OIM Design Console click here

Requirement : OIM (11g R1) LDAP Sync requires Oracle Virtual Directory (OVD) and Oracle Internet Directory.  (In this release of OIM, LDAP sync is limited to OID server)

What happens when you configure LDAP Sync in OIM 11g ? – Configuration process creates schema (objectclass) in OID for OIM & OAM. It also creates a IT Resource in OIM which will automatically synchronize user in OID when you create/modify/delete user in OIM.


High Level steps for LDAP Sync configuration with OIM

1. Run LDAP Pre Configuration Setup (on OIM Server)
2. Create two adapters in OVD (on OVD via ODSM)
3. Run LDAP Post Configuration Setup (on OIM Server)


OIM LDAP Sync configuration

1. Run LDAP Preconfiguration Utility

Edit $OIM_ORACLE_HOME/server/ldap_config_util/ldapconfig.props and add OIMProviderURL, OIDURL, OIDAdminUsername, OIDSearchBase, UserContainerName, RoleContainerName, ReservationContainerName

ReservationContainerName This is container name in OID in which users will stay who are created but not approved in OIM (once they are approved they will be moved to container represented by UserContainerName)

1.3 Run $ORACLE_HOME/server/ldap_config_util/ (when prompted enter password of orcladmin)

Above command will
a) Extend OID schema using (More on OID Schema here )
i) oimadminuser.ldif, oimcontainers.ldif from $ORACLE_HOME/server/ldap_config_util
ii)  OID_oblix_schema_add.ldif, OID_oblix_schema_index_add.ldif, OID_oblix_pwd_schema_add.ldif from $ORACLE_HOME/oam/server/oim-intg/schema/  (Oblix Schema extenstion is required for OIM integration with OAM)

b) Create user oimadmin under cn=oim,cn=products,cn=oracleContext


2. Create two LDAP adapters in OVD

To know more about adapters in OVD click here

2.2 Create adapter of type user_OID

2.2.1 Login to ODSM to connect to OVD (If you have installed OVD with default settings then use SSL port 8899 for OVD). More on ODSM here
2.2.2 Select Adapter tab in ODSM
2.2.3 Click Create Adapter button
2.2.4 In new Adapter Wizard select
Adapter Type : LDAP
Adapter Name : userOID
Adapter Template : user_OID

Add OID details under connection details (3060 is OID Port and is OID Server IP)

Naming Space : dc=com (Realm Name aka OID domain in my case is com – Change this as per your OID settings)
2.3 Create Adapter of type changelog_OID
2.3.1 Select Adapter tab in ODSM
2.3.2 Click Create Adapter button

2.3 Change plug-in value (oamEnabled) of userOID adapter from false to true

2.3.1 From ODSM login to OVD -> Select Adapter -> select userOID -> Select tab Plug-ins -> Select UserManagement -> Select Edit Plug-in/Mapping -> Change value of oamEnabled from false to true -> click OK -> Click Apply


2.4 Add/Modify plug-in parameter for changelogOID adapter

2.4.1 From ODSM login to OVD -> Select Adapter -> select changlogOID -> Select tab Plug-ins -> Select UserManagement -> Select Edit Plug-in/Mapping -> Change/Add value of parameter as shown below -> click OK -> Click Apply

directoryType – oid
mapAttribute – targetGUID=orclGUID
requiredAttribute – orclGUID
addAttribute – orclContainerOC,changelogSupported=1
modifierDNFilter – cn=oimadmin,cn=users,cn=OIM,cn=Products,cn=OracleContext
sizeLimit – 1000
targetDNFilter – dc=com   (Change this value as per your OID realm/domain)
mapUserState – true
oamEnabled – true

3. Configure OIM for LDAP Synch
3.1 Run $ORACLE_HOME/bin/
3.2 Select OIM Server, follow post here  with exception of step 6 of 9


6501 is OVD’s non SSL LDAP Port .


Realm/domain for OID in my case is dc=com  (change this value as per your OID realm)


4. Run LDAP Post-Configuration Utility

4.2 Run $ORACLE_HOME/server/ldap_config_util/ (when prompted enter password of orcladmin & OIM Administrator i.e. XELSYSADM – OIM Managed Server oim_server1 should be running)

You should see message like “Succesfully Update Changelog based schedule jobs with change number : XXXX”

5. Test LDAP Sync configuration
5.1 Login to OIM Administration Console (http://oimserver:14000/oim) and create a user
5.2 Login to OID via ODSM and check if this user is synchronized to OID
I encountered two issues while running

Error 1 :

____________ unable to find LoginModule class:        at        at$000(        at$        at

Fix 1 : Create wlfullclient.jar  . More information here

Error 2:
at oracle.iam.platformservice.utils.
at oracle.iam.platformservice.utils.LDAPConfig

Fix 2 : Make sure that OIM is configured with LDAP Sync option (Follow step 3) before running