Implementing Local Store Adapter in OVD 11g

I’ve had the opportunity to work on OVD 11.1.1.7 recently and I would like to share couple of experiences.

First comes first Local Store Adapter. Why we need this? The requirement is to  provide unified view of two different Active Directories (it could be of any other LDAP). I’ve created 2 AD Adapters and to get Root View I should create Local Store Adapter.

Lets assume the mapped Namespace of AD Adapter 1 is : ou=OrgA,ou=Users,dc=ovd,dc=dev

Lets assume the mapped Namespace of AD Adapter 2 is : ou=OrgB,ou=Users,dc=ovd,dc=dev

So the mapped namespace for Local Store Adapter is definitely dc=ovd,dc=dev. I’ve created the LSA adapter with dc=ovd,dc=dev Root Namespace. However I could see null entries under Root after expansion.

Here is why?

First we need to create an LDAP structure in OVD schema with LSA namespace say dc=ovd,dc=dev as shown below. ldapadd command can be used.

version: 1
dn: dc=ovd,dc=dev
objectclass: top
objectclass: domain
dc: ovd

That’s not all.

We also need to create structure ou=Users,dc=ovd,dc=dev in OVD LDAP schema with contents given below. Remember that contents of this file has changed because the objectclasses associated with entries are different. Since we are ou=Users, it belongs to OrganizationalUnit class and hence ou attribute needs to be defined. If you are using cn=Users,dc=ovd,dc=dev then container objectclass has to be used.

dn: ou=Users,dc=ovd,dc=dev
ou: Users
description: Users container
objectclass: top
objectclass: organizationalUnit

Use ldapadd command to upload the above ldif file.

It is all set now. Remember that you don’t have to create an LDAP entry ou=OrgA,ou=Users,dc=ovd,dc=dev because AD adapter has already created this entry. Refresh the LSA root node in ODSM client view and expand to see the entries.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

2 comments
Add Your Reply