26 Managing Integration with a Connected Directory
Understand the post-configuration and ongoing administration tasks after integration with a connected directory.
Topics:
26.1 Performing Tasks After Configuring with a Connected Directory
This section describes the task you must complete after configuring with a connected directory.
Complete the following:
26.2 Typical Management of Integration with a Connected Directory
Know more about the management tasks, after integration with a Connected Directory.
Topics:
26.2.1 Overview of Management Task for after Integration with a Connected Directory
Management tasks typically include:
-
Managing synchronization profiles and mapping rules:
-
Creating new profiles. You create new profiles if you need to synchronize with an additional domain controller in a multiple domain environment. You can create new profiles by using existing profiles as templates.
-
Changing configurations (attributes) in the profile.
-
Disabling profiles to allow maintenance and then reenabling them. Disabling profiles stops synchronization related to that profile.
-
-
Managing mapping rules:
-
Creating new rules when additional attributes need to be synchronized.
-
Changing existing rules when the way attributes are synchronized needs to change.
-
Deleting or commenting out rules not required when a particular attribute is not required to be synchronized.
-
-
Managing access control.
-
Starting and stopping the Oracle directory server and the Oracle Directory Integration Platform.
26.2.2 Bootstrapping Data Between Directories
Bootstrapping is sometimes called data migration. You must bootstrap data after the third-party directory connector and plug-in configurations are complete.
To bootstrap data, perform the following steps after the third-party directory connector and plug-in configurations are complete:
26.2.3 Managing a Third-Party Directory External Authentication Plug-in
This topic explains how to delete, disable, and re-enable a third-party external authentication plug-in.
Topics:
Oracle Unified Directory and Oracle Directory Server Enterprise Edition back-end directories uses pass-through authentication for passing authentication through to a connected directory like Microsoft Active Directory for users coming from Oracle Unified Directory or Oracle Directory Server Enterprise Edition. For more information, see:
-
The section "Understanding Pass-Through Authentication" in the Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.
-
The section "Pass-Through Authentication" in the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Server Enterprise Edition.
26.2.3.1 Deleting a Third-Party Directory External Authentication Plug-in
To delete a third-party external authentication plug-in, enter the following commands. After executing the commands, you will be prompted for a password.
ldapdelete -h host -p port -D binddn -q \ "cn=adwhencompare,cn=plugin,cn=subconfigsubentry" ldapdelete -h host -p port -D binddn -q \ "cn=adwhenbind,cn=plugin,cn=subconfigsubentry"
26.2.3.2 Disabling a Third-Party External Authentication Plug-in
To disable a third-party external authentication plug-in:
26.2.4 Granting Password Privilege for Oracle Unified Directory Acting As Connected Directory
Use the ldapmodify
command to grant the password-reset privilege for Oracle Unified Directory (Connected Directory).
If Oracle Unified Directory is the connected directory then you must grant the password-reset privilege to the export profiles by running the following command:
$ ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password
dn: <your user DN>
changetype: modify
add: ds-privilege-name
ds-privilege-name: password-reset