OIM LDAP Sync : Overview and Key Points

OIM LDAP synchronisation (LDAP sync) is process to integrate OIM with LDAP server (OID, AD, ODSEE ..) so that users/groups/roles created in OIM are synchronised automatically with LDAP server.

  • LDAP sync can be configured during OIM configuration phase or later.
  • In OIM 11.1.1.3,  OVD (Oracle Virtual Directory) is mandatory to integrate OIM ldap synchronisation where as from OIM 11.1.1.5 onwards OVD is optional component for OIM LDAP sync. If you don’t want to use OVD then from version 11.1.1.5, OIM comes with identity virtualization Library (libOVD). If libOVD is not used then OIM should use an instance of OVD for LDAP synchronisation.
  • When LDAP sync is enabled in OIM, four default jobs are enabled
    a) LDAPSync Post Enable Provision Users to LDAP
    b) LDAPSync Post Enable Provision Roles to LDAP
    c) LDAPSync Post Enable Provision Role Membership to LDAP
    d) LDAPSync Post Enable Provision Role Hierarchy to LDAP
  • To enable LDAP Sync post OIM configuration use steps mentioned here
  • To disable LDAP Sync in OIM, delete EventHandlers.xml from MDS and disable Jobs (mentioned above). For steps click here
  • OIM LDAP Sync creates OIM users in LDAP server under default user container configured during LDAP Sync configuration. If you wish to change user container based on user/role attributes (for example users with attribute value country=US should go to container cn=US,cn=User,dc=domain and users with attribute value country=UK should go to cn=UK,cn=User,dc=domain ) then modify /db/ldapContainerRules.xml in MDS. More information here
  • OIM calls plug-in that implements interface oracle.iam.ldapsync.LDAPContainerMapper . This plug-in is defined by OIM system property LDAPContainerMapperPlugin. The plug-in reads user/group container value (location where it needs to sync data in LDAP server) from XML file stored on MDS schema in OIM database (/db/LDAPContainerRules.xml) .
  • You can enable logging for LDAP using logger “oracle.iam.ldap-sync” from Fusion Middleware Enterprise Manager Console. More on Logging & Auditing in OIM in chapter 13 of my book Oracle Identity and Access Manager 11g for Administrators at Amazon  or Packtpub

About the Author Masroof Ahmad

Leave a Comment:

13 comments
Add Your Reply