Skip Headers
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2)
B14085-02
  Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index
Previous
Previous 		Next
Next 		 

17.2 Choose Which Directory Is to Be the Central Enterprise Directory

The central enterprise directory is the source of truth for all user, group, and realm information in the enterprise. It can be either Oracle Internet Directory or a third-party directory.

This section contains these topics:

17.2.1 Oracle Internet Directory as the Central Enterprise Directory

If Oracle Internet Directory is the central directory, then, once user, group, and realm objects are created, Oracle Internet Directory becomes the source of provisioning information for all Oracle components and third-party directories. The user and group objects for the entire enterprise are then provisioned in various Oracle components and third-party directories from Oracle Internet Directory.

Figure 17-1 shows a typical deployment in which Oracle Internet Directory is the central enterprise directory.

Figure 17-1 Interaction Between Components with Oracle Internet Directory as the Central Directory

This illustration is described in the text.

As Figure 17-1 shows, when Oracle Internet Directory is the central enterprise directory, typical provisioning of a user or group follows this process:

  1. The user or group entry is created in Oracle Internet Directory by using the Oracle Internet Directory Self-Service Console, Oracle Directory Manager, or the command-line tools.

  2. At the next scheduled interval, that entry creation event is read by the third-party directory connector in Directory Integration and Provisioning.

  3. Following the mapping information in the integration profile, the user or group attributes in Oracle Internet Directory are appropriately mapped to the corresponding user or group attributes as required by the schema in the third-party directory.

  4. The user and group entry is created in the third-party directory.

A user entry is modified in Oracle Internet Directory, when:

  • A new attribute gets added to the entry

  • The value of an existing attribute is modified

  • An existing attribute is deleted

When Oracle Internet Directory is the central enterprise directory, the sequence of events during modification of a user or group entry is as follows:

  1. The entry is modified by using the Oracle Internet Directory Self-Service Console, Oracle Directory Manager, or the command-line tools.

  2. At the next scheduled interval, that entry modification event is read by the third-party directory connector in Directory Integration and Provisioning,

  3. Following the mapping information in the integration profile, the attribute in Oracle Internet Directory is appropriately mapped to the corresponding attribute in the connected directory

  4. The user entry is modified in the third-party directory.

17.2.2 Third-Party Directory as the Central Directory

If a third-party directory is the central directory, then, once user, group, and realm objects are created, the third-party directory becomes the source of provisioning information for all Oracle components and other directories. In this case, Oracle Internet Directory is deployed to support Oracle components. To provide this support, Oracle Internet Directory stores a footprint that enables it to identify entries in the third-party directory.

Figure 17-2 shows a typical deployment where a third-party directory is the central enterprise directory.

Figure 17-2 Interaction of Components with a Third-Party Directory as the Central Directory

This illustration is described in the text.

17.2.2.1 Process for Provisioning of a User or Group

As Figure 17-2 shows, when a third-party directory is the central enterprise directory, typical provisioning of a user or group follows this process:

  1. The user or group entry is created in the third-party directory.

  2. At the next scheduled interval, the entry creation event is read by the third-party directory connector in Directory Integration and Provisioning.

  3. Following the mapping information in the integration profile, the user or group attributes in the third-party directory are mapped to the corresponding attributes in Oracle Internet Directory.

  4. The user or group entry is created in Oracle Internet Directory.

17.2.2.2 Process for Modifying a User or Group Entry

An entry is modified in the third-party directory when:

  • A new attribute gets added to the entry

  • The value of an existing attribute is modified

  • An existing attribute is deleted

When a third-party directory is the central enterprise directory, modification of a user or group entry follows this process:

  1. The entry is modified in the third-party directory.

  2. At the next scheduled interval, that entry modification event is read by the third-party directory connector in Directory Integration and Provisioning,

  3. Following the mapping information in the integration profile, the attribute in the third-party directory is appropriately mapped to the corresponding attribute in Oracle Internet Directory.

  4. The user or group entry is modified in Oracle Internet Directory.

As Figure 17-2 shows, when a third-party directory is the central enterprise directory, modification of passwords happens asynchronously in the directory that serves as the password repository. This happens by using plug-ins.

  Previous
Previous 		Next
Next
  Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index