|
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) B14085-02 |
|
 Previous |
 Next |
|
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) B14085-02 |
|
|
Previous |
Next |
Depending on where the changes are made, synchronization can occur:
From a connected directory to Oracle Internet Directory
From Oracle Internet Directory to a connected directory
In both directions
Regardless of the direction in which the data flows, it is assumed that:
During synchronization, incremental changes made on one directory are propagated to the other
Once synchronization is complete, the information maintained on both directories is the same
This section contains these topics:
Synchronizing from Oracle Internet Directory to a Connected Directory
Synchronizing from a Connected Directory to Oracle Internet Directory
Synchronizing with Directories with Interfaces Not Supported by Oracle Internet Directory
Oracle Internet Directory maintains a change log in which it stores incremental changes made to directory objects. It stores these changes sequentially based on the change log number.
Synchronization from Oracle Internet Directory to a connected directory makes use of this change log. Consequently, when running the Oracle directory integration and provisioning server, you must start Oracle Internet Directory with the default setting in which change logging is enabled. If change logging is disabled, you can enable it by using the -l flag in the OID Control Utility (oidctl) as described in the Oracle Identity Management User Reference.
Each time the Oracle Directory Synchronization Service processes a synchronization profile, it:
Retrieves the latest change log number up to which all changes have been applied
Checks each change log entry more recent than that number
Selects changes to be synchronized with the connected directory by using the filtering rules in the profile
Applies the mapping rules to the entry and makes the corresponding changes in the connected directory
The appropriate entries or attributes are then updated in that connected directory. If the connected directory does not use DB, LDAP, tagged, or LDIF formats directly, then the agent identified in its profile is invoked. The number of the last change successfully used is then stored in the profile.
Periodically, Oracle Internet Directory purges the change log after all profiles have used what they need, and identifies where subsequent synchronization should begin.
When a connected directory uses DB, LDAP, tagged, or LDIF formats directly, changes to its entries or attributes can be automatically synchronized by the Oracle Directory Synchronization Service. Otherwise, the connector has an agent in its synchronization profile, which writes the changes to a file in the LDIF or tagged format. The Oracle Directory Synchronization Service then uses this file of connected directory data to update Oracle Internet Directory.
Some connected directories cannot receive data by using any of the interfaces supported by Oracle Internet Directory. Profiles for this type of directory contain an attribute identifying a separate program for synchronization, called an agent. The agent translates between the connected directory's unique format and a DB, LDAP, tagged, or LDIF file containing the synchronization data. The agent, as identified in the profile, is invoked by the Oracle Directory Synchronization Service.
When exporting data from Oracle Internet Directory to this type of connected directory, the Oracle Directory Synchronization Service creates the necessary file in the tagged or LDIF format. The agent then reads that file, translates it into the correct format for the receiving connected directory, and stores the data in that directory.
When importing data from this type of connected directory to Oracle Internet Directory, the agent creates the necessary tagged or LDIF format file. The Oracle Directory Synchronization Service then uses this file data to update the Oracle Internet Directory.
