Skip Headers
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2)
  Go To Documentation Library
Go To Product List
Solution Area
Go To Table Of Contents
Go To Index


5.1 Components Involved in Oracle Directory Synchronization

This section contains these topics:

5.1.1 Connectors for Directory Synchronization

To synchronize between Oracle Internet Directory and a connected directory, Oracle Directory Integration and Provisioning relies on a prepackaged connectivity solution called a connector. Minimally, this connector consists of a directory integration profile containing all the configuration information required for synchronization. Using Connectors with Supported Interfaces

When synchronizing between Oracle Internet Directory and a connected directory, Directory Integration and Provisioning uses one of these interfaces: DB, LDAP, tagged, or LDIF. If the connected directory uses one of these interfaces, then the connector requires only a directory integration profile for synchronization to occur. For example, the SunONE connector provided with Oracle Internet Directory uses the LDAP interface to read the changes from the SunONE Directory Server. The changes are in the format specific to SunONE Directory Server and can be determined by doing an ldapsearch in the SunONE Directory Server. Using Connectors Without Supported Interfaces

If a connected directory cannot use one of the interfaces supported by Directory Integration and Provisioning, then, in addition to the directory integration profile, it requires an agent. The agent transforms the data from one of the formats supported by Directory Integration and Provisioning into one supported by the connected directory. An example is the Oracle Human Resources connector. It has both a prepackaged integration profile and an Oracle Human Resources agent. To communicate with Oracle Internet Directory, the agent uses the tagged file format supported by Directory Integration and Provisioning. To communicate with the Oracle Human Resources system, it uses SQL (through an OCI interface).

5.1.2 Directory Synchronization Profiles

A directory integration profile for synchronization, called a directory synchronization profile, contains all the configuration information required for synchronization including:

  • Direction of Synchronization

    Some connected directories only receive data from Oracle Internet Directory—that is, they participate in export operations only. Others only supply data to Oracle Internet Directory—that is, they participate in import operations only. Still others participate in both import and export operations.

    A separate profile is used for each direction—that is, one profile for information coming into Oracle Internet Directory, and another for information going from Oracle Internet Directory to connected directories.

  • Type of Interface

    Some connected directories can receive data in any of the interfaces built into Directory Integration and Provisioning. These interfaces include LDAP, tagged, DB (for read-only), and LDIF. For these connected directories, the Oracle Directory Synchronization Service performs the synchronization itself directly, using the information stored in the profile.

  • Mapping Rules and Formats

    In a directory synchronization environment, a typical set of entries from one domain can be moved to another domain. Similarly, a set of attributes can be mapped to another set of attributes.

    Mapping rules govern the conversion of attributes between a connected directory and Oracle Internet Directory. Each connector stores a set of these rules in the orclodipAttributeMappingRules attribute of its synchronization profile. The Oracle directory integration and provisioning server uses these rules to map attributes as needed when exporting from the directory and interpreting data imported from a connected directory or file. When the Oracle directory integration and provisioning server imports changes into Oracle Internet Directory, it converts the connected directory's change record into an LDAP change record following the mapping rules. Similarly, during export, the connector translates Oracle Internet Directory changes to the format understood by the connected directory.

  • Connection details of the connected directory

    These details include such information about the connected directory as host, port, mode of connection—that is, either SSL or non-SSL—and the connected directory credentials.

  • Other Information

    Although the synchronization profile stores most of the information needed by a connector to synchronize Oracle Internet Directory with connected directories, some connectors may need more. This is because some operations might require additional configuration information at runtime.

    You can store such additional connector configuration information wherever and however you want. However, Directory Integration and Provisioning enables you to store it in the synchronization profile as an attribute called orclODIPAgentConfigInfo. Its use is optional—that is, if a connector does not require such information, then simply leave this attribute empty.

    This configuration information can pertain to the connector, the connected directory, or both. Oracle Internet Directory and Oracle directory integration and provisioning server do not modify this information. When the connector is invoked, the Oracle directory integration and provisioning server simply provides it with the information in this attribute as a temporary file.

    See Also:

    The attribute reference chapter of the Oracle Identity Management User Reference for a list and descriptions of the attributes in a directory integration profile