OID 11g Replication Concepts

In this post I would like to explain the concepts of Oracle Internet Directory 11g replication.

What is replication?

Replication is the process of copying the data from one environment to the other environments by maintaining the same naming contexts. In LDAP, the data is stored in DIT. A DIT can have multiple realms say




In the above diagram the source OID server (left hand side) has 3 realms in DIT. These 3 realms can be copied over to another OID server using replication.

Why do we need replication?

One will opt for replication for following reasons:

  • System availability
  • Load balancing
  • Local availability

Content to be replicated:

Data in DIT can be replicated in full or partial modes. The above diagram shows full replication where copying few realms say dc=uk and dc=us is partial replication.

Full replication can be based on either LDAP or Oracle Database Advanced Replication.

Partial replication is most often LDAP based.

Replication Direction:

Replication can be performed in one-way, two-way or peer-peer directions.

One-way: One node is the supplier and the other as the consumer. The consumer is read-only.

Two-way: Both nodes are Supplier and Consumer. Therefore both nodes are read/write enabled. Changes made in Consumer node can be replicated to Supplier node.

Peer-peer: All the nodes in replication group are both Supplier and Consumer to all other nodes.

Transport Mechanism: OID supports two protocols for data replication LDAP and Oracle Database Advanced Replication. LDAP type replication is recommended. However if the environment has Oracle SSO product then choose Oracle Database Advanced Replication. Oracle SSO needs Database Replication.

LDAP replication can be configured as One-way, two-way and peer-peer types. However the Oracle Database Advanced Replication is used only for peer-peer direction.

Directory Replication Group (DRG): All the directory servers that are involved in replication for a naming context are called as Directory Replication Group. The relationship among directory servers in Directory Replication Group is identified by a different directory entry called Replication Agreement.

Peer-peer direction is usually referred as Multimaster replication.

So the type of DRGs are:

  1. Single Master: In a DRG only one node acts as supplier and other nodes acts as consumers. In general this type of replication is performed by using LDAP protocol. Data updates happen only to one node and clients can read the node only from consumers.
  2. MultiMaster: Each node acts as both supplier and consumer. Multimaster replication can either be using LDAP or Oracle Database transport mechanism. Full DIT is replicated on each node. Multi master replication is always peer-peer. Multi-master replication is the only mechanism supported by Oracle SSO.
  3. Fan-Out: One Supplier will replicate directly to a consumer. That consumer will in-turn replicates to other consumers. It uses LDAP transport mechanism. It supports both Full or Partial replications and one-way or two-way directions.

Finally the below table will provide both the supported replication types with various replication concepts:

Concept LDAP-Based Replication Oracle Database Advanced Replication-Based Replication
Content replicated Full replica/Partial replica Full replica (usually)
Direction of replication Peer-to-peer/One-way/Two-way Peer-to-peer
DRG Type Multimaster replication/Single-master replication/Fan-out replication Multimaster replication/Single-master replication, by switching all masters in a multimaster configuration except one to read-only mode.

Replication implementation details are coming soon.

Share This Post with Your Friends over Social Media!

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

» How to setup Multi-master LDAP based replication in OID 11g? Online Apps DBA: One Stop Shop for Apps DBA’s says August 21, 2012

[…] in OID 11g? Posted in August 21st, 2012 byMahendra in idm, oid Read my previous post to get familiarized with OID replication concepts. In this post I would to highlight some […]

Azhar A M says August 27, 2012

Hello Mahenda,

We were setting up High availability of OID using the below link for configuration.


We have a RAC for OID and we have two OID instances in two machines and both instances pointing to the same RAC.
So i assume there is no need for replication since the instances are pointing to the same DB. From the replication document what i assumed is, replication is needed only when the instance are pointing to Different DB’s . Is my assumption correct ?

    Atul Kumar says August 28, 2012

    @ Azhar A M,
    The way you have implemented OID is good for failover within site (I am assuming both your RAC nodes are with in same data centre). For disaster recovery (with sites located miles apart you have two options

    a) Implement RAC nodes cross sites (costly implementation for clusterware across sites)
    b) Implement multi master replication across sites.

    Option b is common for LDAP(OID) cross site replication (Disaster Recovery with minimum downtime)

Mahendra says August 27, 2012


That is correct. If both OIDs are pointing to RAC then replication is not required.


Add Your Reply