Skip Headers

Oracle® Internet Directory Administrator's Guide
10g (9.0.4)
Part Number B12118-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to beginning of chapter Go to next page

Considerations for Integrating with Third-Party Directories , 3 of 11

Choose Which Directory Is to Be the Central Enterprise Directory

The central enterprise directory is the source of truth for all user, group, and realm information in the enterprise. It can be either Oracle Internet Directory or a third-party directory.

This section contains these topics:

Oracle Internet Directory as the Central Enterprise Directory

If Oracle Internet Directory is the central directory, then, once user, group, and realm objects are created, Oracle Internet Directory becomes the source of provisioning information for all Oracle components and third-party directories. The user and group objects for the entire enterprise are then provisioned in various Oracle components and third-party directories from Oracle Internet Directory.

Figure 41-1 shows a typical deployment in which Oracle Internet Directory is the central enterprise directory.

Figure 41-1 Interaction Between Components with Oracle Internet Directory as the Central Directory

Text description of oidag105.gif follows

Text description of the illustration oidag105.gif

As Figure 41-1 shows, when Oracle Internet Directory is the central enterprise directory, typical provisioning of a user or group follows this process:

  1. The user or group entry is created in Oracle Internet Directory by using the Oracle Internet Directory Self-Service Console, Oracle Directory Manager, or the command-line tools.

  2. At the next scheduled interval, that entry creation event is read by the third-party directory connector in the Oracle Directory Integration and Provisioning platform.

  3. Following the mapping information in the integration profile, the user or group attributes in Oracle Internet Directory are appropriately mapped to the corresponding user or group attributes as required by the schema in the third-party directory.

  4. The user and group entry is created in the third-party directory.

A user entry is modified in Oracle Internet Directory, when:

When Oracle Internet Directory is the central enterprise directory, the sequence of events during modification of a user or group entry is as follows:

  1. The entry is modified by using the Oracle Internet Directory Self-Service Console, Oracle Directory Manager, or the command-line tools.

  2. At the next scheduled interval, that entry modification event is read by the third-party directory connector in the Oracle Directory Integration and Provisioning platform,

  3. Following the mapping information in the integration profile, the attribute in Oracle Internet Directory is appropriately mapped to the corresponding attribute in the connected directory

  4. The user entry is modified in the third-party directory.

Third-Party Directory as the Central Directory

If a third-party directory is the central directory, then, once user, group, and realm objects are created, the third-party directory becomes the source of provisioning information for all Oracle components and other directories. In this case, Oracle Internet Directory is deployed to support Oracle components. To provide this support, Oracle Internet Directory stores a footprint that enables it to identify entries in the third-party directory.

Figure 41-2 shows a typical deployment where a third-party directory is the central enterprise directory.

Figure 41-2 Interaction of Components with a Third-Party Directory as the Central Directory

Text description of oidag106.gif follows

Text description of the illustration oidag106.gif

Process for Provisioning of a User or Group

As Figure 41-2 shows, when a third-party directory is the central enterprise directory, typical provisioning of a user or group follows this process:

  1. The user or group entry is created in the third-party directory.

  2. At the next scheduled interval, the entry creation event is read by the third-party directory connector in the Oracle Directory Integration and Provisioning platform.

  3. Following the mapping information in the integration profile, the user or group attributes in the third-party directory are mapped to the corresponding attributes in Oracle Internet Directory.

  4. The user or group entry is created in Oracle Internet Directory.

Process for Modifying a User or Group Entry

An entry is modified in the third-party directory when:

When a third-party directory is the central enterprise directory, modification of a user or group entry follows this process:

  1. The entry is modified in the third-party directory.

  2. At the next scheduled interval, that entry modification event is read by the third-party directory connector in the Oracle Directory Integration and Provisioning platform,

  3. Following the mapping information in the integration profile, the attribute in the third-party directory is appropriately mapped to the corresponding attribute in Oracle Internet Directory.

  4. The user or group entry is modified in Oracle Internet Directory.

As Figure 41-2 shows, when a third-party directory is the central enterprise directory, modification of passwords happens asynchronously in the directory that serves as the password repository. This happens by using plug-ins.

Go to previous page Go to beginning of chapter Go to next page
Oracle
Copyright © 1999, 2003 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index