6 Setting up Oracle Directory Integration Platform Synchronization and Attribute Mapping

In this tutorial, you use Fusion Middleware Control to set up an Active Directory synchronization profile and add a customized attribute mapping. Then you enable and test synchronization.

6.1 Before you Begin

The prerequisites for setting up Oracle Directory Integration Platform synchronization with Active Directory are as follows:

  • An Oracle Enterprise Manager Fusion Middleware Control environment with an Oracle Directory Integration Platform component instance.

  • A container in the Oracle Internet Directory instance associated with the Oracle Directory Integration Platform instance, for example: cn=adusers,cn=users,dc=example,dc=com.

  • An Active Directory server. You will need to supply the following information about the server:

    • Hostname

    • Port

    • Administrator's name

    • Password

    • Host container, usuallycn=users, dc=domain. For example: cn=users,dc=example,dc=com.

6.2 Set up Synchronization

Perform the following steps to create a profile using Oracle Enterprise Manager Fusion Middleware Control:

  1. Access Oracle Directory Services Manager, as described in "Accessing Oracle Directory Services Manager".

  2. Log in to the domain that is running the Oracle Directory Integration Platform instance you want to manage.

  3. Locate and select the Oracle Directory Integration Platform instance that you want to manage, for example, DIP1.

  4. Click the DIP Server menu, point to Administration, and then click Synchronization Profiles. The Manage Synchronization Profiles page appears.

  5. Click Create. The Create Synchronization Profile page appears with tabs for the various types of profile settings.

  6. Click the General tab to configure the general settings for the profile.

    1. Choose a Profile Name

    2. Select Destination for DIP-OID.

    3. Select Active Directory for Type.

    4. Enter the host and port of the Active Directory server.

    5. Do not enable SSL.

    6. For User Name and Password, enter the administrator name and password on the Active Directory server.

  7. Click Test Connection. It should return Test Passed. Authentication Successful.

  8. Click the Mapping tab to configure Domain and Attribute Mapping Rules.

    1. Click Create in the Domain Mapping Rules section to create mapping rules for the domain or container from which objects are synchronized into Oracle Internet Directory. The Add Domain Mapping Rule dialog box appears.

      You can use the Lookup button or enter the values directly.

    2. For Source Container enter the source container in AD, for example: cn=users,dc=example,dc=com.

    3. For DIP-OID Container enter the DIP-OID container on the Oracle Internet Directory instance, for example: cn=adusers,cn=users,dc=example,dc=com.

    4. Leave the Mapping Rule box empty

    5. Click OK

    6. Keep the default set for the Attribute Mapping Rules section.

    7. Click OK.

    8. Use the Validate All Mapping Rules button to test your mapping rules after you create them. You can ignore warnings, but not errors.

  9. Click the Filtering tab to configure the filter settings for the profile. Do not make any changes.

  10. Click the Advanced tab to configure the advanced settings for the profile. Set the following values

    1. Scheduling Interval MM:SS: 1 Minute

    2. Maximum Number of Retries: 1

    3. Log Level: Error

  11. Click OK to return to the Manage Synchronization Profile page and create the profile. The profile appears, along with a confirmation that the profile was saved successfully.

6.3 Customize Attribute Mappings

In this exercise, you will add an attribute mapping rule to the synchronization profile you created in Set up Synchronization.

  1. Access Oracle Enterprise Manager Fusion Middleware Control as described in "Accessing Fusion Middleware Control".

  2. Click the DIP Server menu, point to Administration, and then click Synchronization Profiles. The Manage Synchronization Profiles appears.

  3. Click the Profile that you created in Set up Synchronization.

  4. Click the Edit icon

  5. Verify that Profile Name is correct.

  6. Click the Mapping tab

  7. In the Attribute Mapping Rules section select the Create icon

  8. In the Mapping Rule window:

    1. From the Source ObjectClass drop down list select: user

    2. Select Source Attribute: Single Attribute

    3. From the Source Attribute drop down list select: telephonenumber

    4. From the DIP-OID ObjectClass drop down list select: inetorgperson

    5. From the DIP-OID Attribute drop down list select: inetorgperson

    6. From the DIP-OID Attribute type drop down list select: telephonenumber

    7. Click OK

  9. Use the Validate All Mapping Rules button to test your mapping rules after you create them.

6.4 Enable and Test Synchronization

  1. On the Manage Synchronization Profile page, click Enable. A confirmation that the profile was enabled appears.

  2. Add an entry to Active Directory and wait a few minutes.

  3. Using Oracle Directory Services Manager, verify that the entry now exists in Oracle Internet Directory.