13 January 2011

OID (Oracle Internet Directory)

Using Oracle Internet Directory you will find some profiles that you either need to change or use in order to synchronize from AD (Active Directory). Some of the default profiles are as follow:
  • ActiveImport—The profile for importing changes from Microsoft Active Directory to Oracle Internet Directory by using the DirSync approach
  • ActiveChgImp—The profile for importing changes from Microsoft Active Directory to Oracle Internet Directory by using the USN-Changed approach
  • ActiveExport—The profile for exporting changes from Oracle Internet Directory to Microsoft Active Directory
 
For synchronizing between AD and OID, you need to use Directory Integration and Provisioning Assistant. It can be done in two different way:
  • To invoke the Assistant as a command-line tool enter dipassistant.
  • To invoke the Assistant as a graphical interface tool, enter the following command:
    $ORACLE_HOME/bin/dipassistant -gui

 
Some mapping examples:
If you plan to synchronize only the cn=users container under dc=us,dc=mycompany,dc=com, then the domain mapping rule is: Distinguished Name Rules
cn=users,dc=us,dc=mycompany,dc=com:cn=users,dc=us,dc=mycompany,dc=com

This rule synchronizes every entry under cn=users,dc=us,dc=mycompany,dc=com. However, the type of object synchronized under this container is determined by the attribute-level mapping rules that follow the DN Mapping rules.

If you plan to synchronize the entry cn=groups,dc=us,dc=mycompany,dc=com under  cn=users,dc=us,dc=mycompany,dc=com then the domain mapping rule is as follows:
cn=groups,dc=us,dc=mycompany,dc=com: cn=users,dc=us,dc=mycompany,dc=com
 

Synchronizing Deletions from Microsoft Active Directory

Active Directory deletions can be synchronized with Oracle Internet Directory by querying for them in Active Directory. The way to do this depends on whether you are using the DirSync approach or the USN-Changed approach. (Section 18.3.2.7 of http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14085/odip_actdir003.htm)
 
Resources:

No comments:

Post a Comment