Directory Integration Platform (DIP) 11g is a java application deployed on WebLogic server and used for user synchronization between OID and other LDAP Servers (AD, IBM Directory Server..) or provisioning between OID and applications (Portal, Collaboration Suite …).
In this post I am going to cover steps to integrate Oracle Internet Directory with Microsoft Active Directory using DIP.
Assumptions:
1. OID & DIP are already installed and configured (OID 11g LDAP Port 3060, LDAPS Port 3131, wls_ods1 (DIP & ODSM) is running on 7005 and WebLogic Admin Server is running on Port 7001)
2. Microsoft Active Directory is installed and listening on 389 (non ssl) port.
You can use either command line tool (expressSyncSetup) or Graphical User Interface (Fusion Middleware Control /em)
.
Integrate OID & AD (User/Group synchronization) via DIP using GUI
1. Login to Enterprise Middleware Control http://server:weblogic_admin_port/em (Admin Server on WebLogic should be running)
2. From left panel, expand Farm_[domain_name] -> Identity And Access -> DIP (11.1.1.X) (wls_ods1 managed server on WebLogic should be running to access this)
3. From DIP Server drop down menu (on right panel) -> Administration -> Synchronization Profiles
4. Click on Create button and enter
Profile Name : Name of this synchronization profile
Direction of Synchronization – Use DIP-OID as? Source (for OID to AD ) or Destination (AD to OID)
Type : Active Directory (MS) – Select different LDAP server if you want to synchronization OID from different LDAP server.
Host: Hostname or IP of machine where Active Directory is running.
Port: LDAP server port (636 in my case as AD port)
SSL Settings: Check enabled if you are using SSL ldap port (JKS & CSF should be configured – more on this coming soon)
User Name : username of AD server
Password : password of AD user to connect
5. Click on Test Connection to check if DIP can connect to Active Directory (AD) Server
6. Once test is successful click on OK to save synchronization profile.
Click on
7. Click on Enable Profile to enable this profile.
.
Key points for OID-AD integration using DIP
1. Synchronization profile is executed every one minute (configurable option) via Quartz scheduler (DIP component).
2. By default AD to OID synchronization uses uSNChanged . More information on uSNChanged or DirSync here
3. To change synchronization profile from uSNChanged to DirSync click here
manageSyncProfiles update -h host -p port -D WLS_login_ID -pf Profile_Name
-params “odip.profile.configfile $ORACLE_HOME/ldap/odi/conf/activeimp.cfg.master”
4. If you planning to configure Filtering in DIP check Bug 9294314: SEARCHFILTER NOT WORKING ON 11.1.1.1.0 AND 11.1.1.2.
Workaround:
a. For synchronization , use filter in format of searchfilter=”abc” (double quotes)
b. For bootstrap, user filter in format of searchfilter=abc (without double quotes)
5. Logs of DIP are available at $DOMAIN_HOME/servers/wls_ods1/logs (Where domain_home is location of WebLogic Domain) and at
$ORACLE_INSTANCE/diagnostics/logs/OID/oid1 (Where ORACLE_INSTANCE is OID instance directory)
References/Related
Did you get a chance to download Free Guide related to EBS-LOAM? If not, download it here http://k21academy.com/ebs-oam-integration-free-guide