Configuring LDAP Integration

To interface the LDAP based security repository with the authorization component of the Oracle Utilities Application Framework product the following must be performed:

• The location and port number of the LDAP based security repository must be defined to in the JNDI Server.

• • The LDAP based security repository must be mapped to the Oracle Utilities Application Framework security model. This mapping is expressed as an XML file containing the LDAP query, rules and defaults used in the transformation.

• • The mapping file must be configured on the F1-LDAP batch job.

Define the JNDI Server

The first step in the configuration process is to define the location of the LDAP based security repository server so that the interface can connect to the physical attributes of the interface. This is done by creating a JNDI Server.

Note:
The LDAP server is strictly not a JDNI source but is treated as a JNDI source for the integration.

Enter a reasonable JNDI Server name and description.

Populate the Provider URL using the format ldap://<hostname>:<portnumber> where <hostname> is the host of the LDAP server and <portnumber> is the port used for the interface.

For the Initial Context Factory, the interface uses the standard com.sun.jndi.ldap.LdapCtxFactory provided with java for the LDAP interface. If your vendor supplies a custom context factory it may be used. Refer to the documentation provided with your LDAP based security repository for further information.

Define Mapping

The critical component of the interface is a file that describes the mapping between the LDAP based security repository and the system’s security model. This file contains the mapping, rules and queries used by the LDAP batch program to provide the interface. The LDAP batch job includes the reference to the mapping file as a parameter. Refer to LDAP Mapping for more information on defining the mapping file.

Configure LDAP Batch Process

At this point, many parameters for the F1–LDAP batch control can be updated with system wide configuration.

• JDNI Server, User and Password may all be configured appropriately. Note that it is recommended that the Security setting for the Password be set to Encrypt.

• The LDAP Configuration File should be populated with the name and location of the LDAP Mapping file.

• If the LDAP service has any limitation to the number of objects that may be imported, configure the LDAP Query Page Size parameter to enable querying.

Note:Group and User Parameters. The assumption is that the Group or User input parameters are specific to a given import request and as such would not be populated as part of a configuration step.

Note:L2 Cache. The LDAP Import batch process requires the L2 Cache to be disabled since it needs to perform some updates in the outside of the worker threads. Any environment using LDAP Import must set spl.runtime.batch.L2CacheMode=OFF in the threadpoolworker.properties file. It is recommended to run the LDAP import in its own dedicated threadpoolworker.

LDAP Mapping

Parent topic

LDAP Integration