OID (Oracle Internet Directory) is LDAP (Lightweight Directory Access Protocol) Server from Oracle where as AD (Active Directory) is LDAP server from Microsoft. Almost all oracle products (E-Business Suite 11i/R12, Portal, Application Server, Forms & Reports … ) integration with Active Directory is done via OID (OAS component).
For more information on OID click here .
Few things to note in Integration of OID with Active Directory
1. Users can be created in AD and propagated to OID or Vice Versa or can
be created in both and then synched.
2. Password for users
—-2.a) can be stored in AD and not OID(You can authenticate against AD) via External Authentication Plug-in (created in OID)
—2.b) Can be stored at both places AD & OID and synhced regularly
3. User synchronization between OID and AD (from OID side, both import & export) is done via DIP (Directory Integration & Provisioning ) component of OID
4. Synchronization of user (to & from) between OID and AD is done by predefined connector (shipped with OIDwhich you can modify/configure as per your need)
5. Synchronization between AD-OID via above mentioned connector can be one way (import only or export only) or two way (both import and export)
6. You can synch all or particular attributes of user entry which you wish to configure (this is done via mapping file- More on mapping files coming soon..)
1. Synchronization of users between OID & AD happens via synchronization profile (including connect detail, direction of synch, attribute and source & target domain) created during installation of OID.
—ActiveImport : Importing Changes from MS-AD to OID (DirSyn approach for tracking changes in AD)
—ActiveChgImp : Importing Changes from MS-AD to OID (USNChanged approach for tracking changes in AD )
—ActiveExport : Exporting changes from OID to MS-AD
(More on DirSyn & USNChanged coming soon with practical examples on which one to choose depending on requirement)
3. These provisioning profiles can be customized using dipassitant
(dipassistant –gui) or using LDAP commands (ldapadd or ldapmodify)
4. If you are synchronizing from AD to OID where AD is multi-domain and global catalog is not configured againt Multi domain AD, then you need
one synchronization profile per domain for AD but if global catalogue is
configured you create only one provisioning profile against GC (global
catalog and not garbage collector); If synchronization is from OID to AD
(with multiple domain) you need provisioning profile for each domain
irrespective of global catalog (GC doesn’t play a role in synch for
Export from OID to AD)
5. Decide on what information to synchronize and at what location in
directory information tree to synchronize.
More on Integrating/synchronizing Oracle Internet Directory (OID) to Microsoft Active Directory (AD) with demo setup coming soon ….
Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.