This appendix compares the implementation of fundamental items in Oracle Directory Integration Platform between 11g Release 1 (11.1.1) and legacy 10g Releases (10.1.4.x). The information in this appendix is provided to give you an overview of implementation changes between the releases and to provide orientation after you upgrade to 11g Release 1 (11.1.1).
This appendix contains the following topics:
Start, stop, restart, and other processes were controlled using the
oidctl command. Oracle Directory Integration Platform was a J2SE application performing synchronization and provisioning using its own scheduler.
Multiple Oracle Directory Integration Platform server instances could be started to process different profile groups.
The instance with configset 0 processed the provisioning profiles. The instance with different configset and groupid processed groups of synchronization profiles.
Oracle Directory Integration Platform is a J2EE application deployed on an Oracle WebLogic Managed Server with Oracle Directory Services Manager. The default name of the managed server is wls_ods1. Start, stop, restart, and other processes are controlled by starting and stopping the Oracle WebLogic Managed Server.
Oracle Directory Integration Platform server is deployed and undeployed using WLST commands or the Oracle WebLogic Server Administrative (Admin) console.
The Quartz Scheduler is used for scheduling processing.
One instance of Oracle Directory Integration Platform schedules all synchronization and provisioning profiles.
No concept of configset and profile groups. All enabled profiles are scheduled.
The $ORACLE_HOME/ldap/odi/conf/odi.properties file contained the Oracle Directory Integration Platform server password used to connect to Oracle Internet Directory. It also contained the Oracle Wallet location and password.
The connection details for the Oracle Internet Directory associated with Oracle Directory Integration Platform were specified as part of command to start Oracle Directory Integration Platform.
Oracle Wallet was used for storing certificates.
The associated Oracle Internet Directory host and port details are stored in the dip-config.xml file in dipapps.ear.
Java Keystore is used for storing the SSL certificates.
The password Oracle Directory Integration Platform uses to connect to Oracle Internet Directory is stored in the Credential Store Framework. The JKS passwords are also stored in the Credential Store Framework.
All parameters required for Oracle Directory Integration Platform to start are specified in the dip-config.xml file.
Templates for mapping and configuration files for all connected directories were located in the $ORACLE_HOME/ldap/odi/conf directory.
Templates for mapping, configuration, and properties files for LDIF, Tagged directories were located in the $ORACLE_HOME/ldap/odi/samples directory.
Templates for bootstrapping files were located in the $ORACLE_HOME/ldap/odi/samples directory.
Templates for mapping and configuration files for all connected directories are located in the $ORACLE_HOME/ldap/odi/conf directory.
Templates for mapping, configuration, and properties files for LDIF, Tagged directories are located in the $ORACLE_HOME/ldap/odi/samples directory. Refer to Appendix B, "Example Properties File for Synchronization Profiles" for more information.
Templates for bootstrapping files are located in the $ORACLE_HOME/ldap/odi/samples directory. Refer to "Bootstrapping Using a Parameter File" for more information.
Oracle Directory Integration Platform server log file was located in the $ORACLE_HOME/ldap/log directory.
Individual logs for each profile were located in the $ORACLE_HOME/ldap/odi/log/ directory. Logs used a file naming convention of PROFILE_NAME.log.
Log files are located at:
Note:This log file contains the logs for the Oracle Directory Integration Platform server and all profiles.
DIPAssistant -gui was the Graphical User Interface (GUI) tool for managing synchronization profiles.
Use Oracle Enterprise Manager Fusion Middleware Control to manage synchronization and provisioning profiles. Refer to "Using Fusion Middleware Control" for more information.
dipassistant: Was used to manage synchronization profiles.
oidprovtool: Was used to manage provisioning profiles.
dipStatus: Allows you to check the status of Oracle Directory Integration Platform and whether or not it is registered. Refer to "Viewing the Status of Oracle Directory Integration Platform Using the dipStatus Utility" for more information.
manageDIPServerConfig: Manages Oracle Directory Integration Platform configuration settings including refresh interval, Oracle Internet Directory port number, keystore location and password, and the number of scheduler threads. Refer to "Managing Oracle Directory Integration Platform Using manageDIPServerConfig" for more information.
manageSyncProfiles: Manages Oracle Directory Integration Platform synchronization profiles. Refer to "Managing Synchronization Profiles Using manageSyncProfiles" for more information.
syncProfileBootstrap: Performs the initial migration of data between a connected target directory and Oracle Internet Directory based on a synchronization profile or LDIF file. Refer to "Directory Bootstrapping Using syncProfileBootstrap" for more information.
expressSyncSetup: Creates profiles for standard LDAP directories using prepackaged templates based on the directory type. Refer to "Creating Import and Export Synchronization Profiles Using expressSyncSetup" for more information.
provProfileBulkProv: Performs initial migration of data from an LDIF file to Oracle Internet Directory for a provisioning profile. Refer to "Bulk Provisioning Using the provProfileBulkProv Tool" for more information.
oidprovtool: Administers provisioning profile entries in the directory by enabling you to perform tasks such as:
Create new provisioning profiles
Enable or disable existing provisioning profiles
Modify existing provisioning profiles
Delete existing provisioning profiles
Get the current status of a provisioning profile
Clear all errors in an existing provisioning profile
Refer to "Managing Provisioning Profiles Using oidprovtool" for more information.
schemasync: Directory Integration Platform does not support the synchronization of schema and ACLs. You can use the
schemasync tool to identify differences in schema, specifically attributes and object classes, between Oracle Internet Directory and connected directories. After identifying the differences, you can make the appropriate changes to the LDIF file containing the schema and then use the
ldapmodify tools to upload the schema differences.
schemasync is located in the ORACLE_HOME/bin directory.
See:Oracle Fusion Middleware User Reference for Oracle Identity Management for more information.
Audit details were available in the $ORACLE_HOME/ldap/odi/log directory. Details were maintained individually for each profile and stored in profile-specific files, such as PROFILE_NAME.aud.
Auditing did not require any specific configuration.
By default, audit was enabled and events were logged.
Oracle Directory Integration Platform uses the Oracle Fusion Middleware common audit framework. You can enable audit using WLST and Oracle Enterprise Manager Fusion Middleware Control.