Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2)
This section contains these topics:
To synchronize between Oracle Internet Directory and a connected directory, Oracle Directory Integration and Provisioning relies on a prepackaged connectivity solution called a connector. Minimally, this connector consists of a directory integration profile containing all the configuration information required for synchronization.
When synchronizing between Oracle Internet Directory and a connected directory, Directory Integration and Provisioning uses one of these interfaces: DB, LDAP, tagged, or LDIF. If the connected directory uses one of these interfaces, then the connector requires only a directory integration profile for synchronization to occur. For example, the SunONE connector provided with Oracle Internet Directory uses the LDAP interface to read the changes from the SunONE Directory Server. The changes are in the format specific to SunONE Directory Server and can be determined by doing an ldapsearch in the SunONE Directory Server.
If a connected directory cannot use one of the interfaces supported by Directory Integration and Provisioning, then, in addition to the directory integration profile, it requires an agent. The agent transforms the data from one of the formats supported by Directory Integration and Provisioning into one supported by the connected directory. An example is the Oracle Human Resources connector. It has both a prepackaged integration profile and an Oracle Human Resources agent. To communicate with Oracle Internet Directory, the agent uses the tagged file format supported by Directory Integration and Provisioning. To communicate with the Oracle Human Resources system, it uses SQL (through an OCI interface).
A directory integration profile for synchronization, called a directory synchronization profile, contains all the configuration information required for synchronization including:
Direction of Synchronization
Some connected directories only receive data from Oracle Internet Directory—that is, they participate in export operations only. Others only supply data to Oracle Internet Directory—that is, they participate in import operations only. Still others participate in both import and export operations.
A separate profile is used for each direction—that is, one profile for information coming into Oracle Internet Directory, and another for information going from Oracle Internet Directory to connected directories.
Type of Interface
Some connected directories can receive data in any of the interfaces built into Directory Integration and Provisioning. These interfaces include LDAP, tagged, DB (for read-only), and LDIF. For these connected directories, the Oracle Directory Synchronization Service performs the synchronization itself directly, using the information stored in the profile.
In a directory synchronization environment, a typical set of entries from one domain can be moved to another domain. Similarly, a set of attributes can be mapped to another set of attributes.
Mapping rules govern the conversion of attributes between a connected directory and Oracle Internet Directory. Each connector stores a set of these rules in the
orclodipAttributeMappingRules attribute of its synchronization profile. The Oracle directory integration and provisioning server uses these rules to map attributes as needed when exporting from the directory and interpreting data imported from a connected directory or file. When the Oracle directory integration and provisioning server imports changes into Oracle Internet Directory, it converts the connected directory's change record into an LDAP change record following the mapping rules. Similarly, during export, the connector translates Oracle Internet Directory changes to the format understood by the connected directory.
Connection details of the connected directory
These details include such information about the connected directory as host, port, mode of connection—that is, either SSL or non-SSL—and the connected directory credentials.
Although the synchronization profile stores most of the information needed by a connector to synchronize Oracle Internet Directory with connected directories, some connectors may need more. This is because some operations might require additional configuration information at runtime.
You can store such additional connector configuration information wherever and however you want. However, Directory Integration and Provisioning enables you to store it in the synchronization profile as an attribute called
orclODIPAgentConfigInfo. Its use is optional—that is, if a connector does not require such information, then simply leave this attribute empty.
This configuration information can pertain to the connector, the connected directory, or both. Oracle Internet Directory and Oracle directory integration and provisioning server do not modify this information. When the connector is invoked, the Oracle directory integration and provisioning server simply provides it with the information in this attribute as a temporary file.
See Also:The attribute reference chapter of the Oracle Identity Management User Reference for a list and descriptions of the attributes in a directory integration profile