libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)

This post covers steps to view and edit libOVD configuration like change binddn and password in adapter configuration.

In OIM 11.1.1.5+ libOVD is alternative to OVD for LDAPSync (integrating OIM with LDAP server like AD or OID)

In OIM 11.1.1.3, If you wish to configure LDAPSync then OVD is mandatory. From 11.1.1.5 OIM onwards, OVD is not mandatory (libOVD is used to sync data between OIM and OID).

  • libOVD configuration is created during OIM configuration stage ($ORACLE_HOME/bin/config.sh) when you select LDAPsync and LDAP server is OID, AD, or ODSEE (earlier Sun directory server).
  • LibOVD configuration is stored in directory $DOMAIN_HOME/ config/ fmwconfig/ ovd/ oim and contains information like LDAP server host, port, binddn (user to connect from OIM to OID for synchronisation).
  • By default configuration tool creates two OVD adapters (oid1 and CHANGELOG_oid1) of type LDAP. To view and change you can use WebLogic Scripting Tool (WLST) or through MBeans in FMW enterprise manager control (/em).

 

During configuration binddn used is cn=orcladmin and modifierDNFilter is set to cn=orcladmin (i.e. If DN of modifier in LDAP server is orcladmin then don’t synchronise user) because of which users updated/created in OID by cn=orcladmin are not being synchronised to OIM (If LDAPSync is configured then users created/updated/deleted in OID/AD should automatically be synchronised to OIM using scheduled Jobs “LDAP User Create and Update Reconciliation and LDAP User Delete Reconciliation” in OIM. More on issues around recon jobs in OIM in future post)

 

Managing libOVD Adapter via WLST

1. Start WLST

cd $MW_HOME/oracle_common/common/bin
./wlst.sh

2. Connect to Admin Server

connect(‘weblogic’,’welcome1′,’t3://innowave12.com:7001′)  — Here weblogic is admin user name of weblogic domain, innowave12.com is server name on which Admin Server is running and 7001 is admin server port is running

3. To list adapters for OIM

listAdapters(contextName=’oim’)

You should see output like

_______
Adapter Name : oid1
Adapter Type : LDAP 

Adapter Name : CHANGELOG_oid1
Adapter Type : LDAP

_______

 

4.  To get adapter details for adapter oid1

 getAdapterDetails(adapterName=’oid1′, contextName=’oim’)

______
wls:/ohsdomain/domainRuntime> getAdapterDetails(adapterName=’oid1′, contextName=’oim’)

DETAILS OF ADAPTER :  oid1
Adapter Type                : LDAP
Name                        : oid1

Virtual NameSpace           : dc=com
Remote NameSpace            : dc=com

LDAP Host                   : [innowave12.com : 3060] Secure                      : false
Bind DN                     : cn=orcladmin
Pass Credentials            : Always
Max size of Connection Pool : 10

________

5. To modify BindDN to oimLDAP user created during OIM-OAM integration

Update username and password in adapter oid1

modifyLDAPAdapter(adapterName=’oid1′,attribute=’BindDN’, value=’cn=oimLDAP,cn=SystemUsers,dc=com’, contextName=’oim’)

modifyLDAPAdapter(adapterName=’oid1′,attribute=’BindPassword’, value=’welcome1′, contextName=’oim’)

Update username and password in adapter CHANGELOG_oid1

modifyLDAPAdapter(adapterName=’CHANGELOG_oid1′,attribute=’BindDN’, value=’cn=oimLDAP,cn=SystemUsers,dc=com’, contextName=’oim’)

modifyLDAPAdapter(adapterName=’CHANGELOG_oid1′,attribute=’BindPassword’, value=’welcome1′, contextName=’oim’)

 Note: Realm (Domain Name) in OID in above command is “dc=com” , change this value as per your setting.

6. To modify modifierDNFilter in libOVD, open file $DOMAIN_HOME/ config/ fmwconfig/ ovd/ oim/ adapter.os_.xml and search for modifierDNFilter

Change from
!(modifiersname=cn=orcladmin)

to
!(modifiersname=cn=oimLDAP,cn=SystemUsers,dc=com)

Note: OID domain or Realm in this case is dc=com

 

Reference

About the Author Masroof Ahmad

Leave a Comment:

17 comments
Add Your Reply