14 Synchronizing with Third-Party Metadirectory Solutions
This chapter describes how change log information is generated and how supporting solutions use that information. It tells you how to enable third-party metadirectory solutions to synchronize with the Oracle back-end directory.
To enable synchronization with supported third-party metadirectory solutions, the Oracle back-end directory uses change logs. The Oracle Directory Integration Platform does not provide mapping or scheduling services for third-party metadirectory solutions.
Topics:
14.1 About Change Logs
The Oracle back-end directory records each change as an entry in the change log container. A third-party metadirectory solution retrieves changes from the change log container and applies them to the third-party directory. To retrieve these changes, the third-party metadirectory solution must subscribe to the Oracle back-end directory change logs.
Each entry in the change log has a change number. The third-party metadirectory solution keeps track of the number of the last change it applied, and it retrieves from the Oracle back-end directory only those changes with numbers greater than the last change it applied. For example, if the last change a third-party metadirectory solution retrieved was a number of 250, then subsequent changes it retrieves would be greater than 250.
Note:
If a third-party metadirectory solution is not subscribed to the Oracle back-end directory change logs, and the first change it retrieves is more than one number higher than the last change it last applied, then some of the changes in the Oracle back-end directory change log have been purged. In this case, the third-party metadirectory solution must read the entire Oracle back-end directory to synchronize its copy with that in the Oracle back-end directory.
See Also:
"Components Involved in Oracle Directory Synchronization" for a conceptual discussion of directory integration profiles
14.2 Enabling Third-Party Metadirectory Solutions to Synchronize with the Oracle Back-end Directory
Perform the tasks described in this section to enable third-party metadirectory solutions to retrieve changes from the Oracle back-end directory.
14.2.1 Performing Initial Bootstrapping
This section explains how to bootstrap a directory to synchronize data between a local directory and the Oracle back-end directory.
To do so, complete the following steps:
14.2.2 Understand How to Change Subscription Object in the Oracle Back-end Directory for the Third-Party Metadirectory Solution
To enable a third-party metadirectory solution to synchronize with the Oracle back-end directory, you must create a change subscription object for it in the Oracle back-end directory. This gives the third-party metadirectory solution access to change log objects stored in the Oracle back-end directory.
14.2.2.1 About the Change Subscription Object
If Oracle Internet Directory is the Oracle back-end directory, the change subscription object is an entry located under the following container:
cn=Subscriber Profile,cn=ChangeLog Subscriber,cn=Oracle Internet Directory
If Oracle Unified Directory or Oracle Directory Server Enterprise Edition is the Oracle back-end directory, the change subscription object is an entry located under the following container:
cn=Subscriber Profile,cn=ChangeLog Subscriber,cn=Directory Integration Platform, <suffix>
This change subscription object provides a unique credential for a third-party metadirectory solution to bind with the Oracle back-end directory and to retrieve changes from it. You associate the change subscription object with the auxiliary object class orclChangeSubscriber
. This object class has several attributes, of which the following are mandatory:
-
userPassword
Password to be used by the directory when accessing the change log object in the Oracle back-end directory.
-
orclLastAppliedChangeNumber
Number of the change applied during the last synchronization. This attribute allows the directory to retrieve only the changes in the Oracle back-end directory it has not already applied.
14.2.2.2 Creating a Change Subscription Object
To create a change subscription object, use the ldapadd
command. The following example uses an input file, named add.ldif
, to create and enable a change subscription object, named my_change_subscription_object
, under the following container:
-
If Oracle Internet Directory is the Oracle back-end directory:
cn=Subscriber Profile,cn=ChangeLog Subscriber,cn=Oracle Internet Directory
-
If Oracle Unified Directory or Oracle Directory Server Enterprise Edition is the Oracle back-end directory:
cn=Subscriber Profile,cn=ChangeLog Subscriber,cn=Directory Integration Platform, <suffix>
The orclLastAppliedChangeNumber
attribute is the current change number in the directory before initial bootstrapping—in this example, 250.
-
Edit the
add.ldif
file (in this example Oracle Internet Directory is the back-end directory):dn: cn=my_change_subscription_object,cn=Subscriber Profile, cn=ChangeLog Subscriber,cn=Oracle Internet Directory userpassword: my_password orclLastAppliedChangeNumber: 250 orclSubscriberDisable: 0 objectclass: orclChangeSubscriber objectclass: top
-
Add the entry:
ldapadd -h my_host -D binddn -q -p PORT -f add.ldif
See Also:
"Disabling and Deleting Change Subscription Objects" for instructions about temporarily disabling or deleting change subscription objects
14.3 Understanding Synchronization Process
Learn more about the synchronization process with supported third-party metadirectory solutions.
Topics:
14.3.1 Retrieving Changes the First Time from the Oracle Back-end Directory
The following example illustrates how a connected directory with a change subscription object named my_change_subscription_object
acquires changes from the Oracle back-end directory.
ldapsearch -h my_host -D binddn -q -p PORT -b "cn=changeLog" -s one (&(objectclass=changeLogEntry) (changeNumber >= orclLastAppliedChangeNumber ) ( ! (modifiersname =cn=my_change_subscription_object,cn=Subscriber Profile, cn=ChangeLog Subscriber,cn=Oracle Internet Directory ) ) )
When the directory is retrieving changes for the first time, the value for orclLastAppliedChangeNumber
is the number you set in "Understand How to Change Subscription Object in the Oracle Back-end Directory for the Third-Party Metadirectory Solution".
The (!(modifiersname=
client_bind_dn))
argument in the filter ensures that the Oracle back-end directory does not return changes made by the connected directory itself.
14.3.2 Updating the orclLastAppliedChangeNumber Attribute in the Oracle Back-end Directory
After retrieving changes from the Oracle back-end directory, the connected directory updates the orclLastAppliedChangeNumber
attribute in its change subscription object in the Oracle back-end directory. This allows the Oracle back-end directory to purge changes that connected directories have already applied. It also enables the connected directory to retrieve only the most recent changes, ignoring those it has already applied.
This example uses an input file, mod.ldif
, in which the connected directory has a change subscription object named my_change_subscription_object
, and the last applied change number is 121. The connected directory updates orclLastAppliedChangeNumber
in its change subscription object in the Oracle back-end directory as follows:
14.4 Disabling and Deleting Change Subscription Objects
You can temporarily disable or delete an existing change subscription object.
Topics:
14.4.1 Disabling a Change Subscription Object
If a change subscription object already exists for a third-party metadirectory solution, but you want to disable it temporarily, then set the orclSubscriberDisable
attribute to 1
.
The following example uses an input file, mod.ldif
, to disable a change subscription object.
-
Edit the
mod.ldif
file (in this example Oracle Internet Directory is the back-end directory):dn: cn=my_change_subscription_object,cn=Subscriber Profile, cn=ChangeLog Subscriber,cn=Oracle Internet Directory changetype: modify replace: orclSubscriberDisable orclSubscriberDisable: 1
-
Modify the entry:
ldapmodify -h my_ldap_host -D binddn -q -p PORT -v -f mod.ldif
14.4.2 Deleting a Change Subscription Object
Run the ldapdelete
command to delete a change subscription object.
Enter the following command (in this example Oracle Internet Directory is the back-end directory):
ldapdelete -h ldap_host -D binddn -q -p ldap_port "cn=my_change_subscription_object,cn=Subscriber Profile, cn=ChangeLog Subscriber,cn=Oracle Internet Directory"