Table of Contents
- List of Examples
- List of Figures
- List of Tables
- Title and Copyright Information
- Preface
- What's New in Oracle Directory Integration Platform?
-
Part I Getting Started with Oracle Directory Integration Platform
-
1
Introduction to Oracle Directory Integration Platform
- 1.1 Why Oracle Directory Integration Platform?
- 1.2 Oracle Directory Integration Platform Installation Options
- 1.3 Understanding the Differences Between Synchronization and Provisioning
- 1.4 Understanding Components Involved in Oracle Directory Integration Platform Integration
-
2
Security Features in Oracle Directory Integration Platform
- 2.1 Overview of Authentication in Oracle Directory Integration Platform
- 2.2 About Access Control and Authorization and Oracle Directory Integration Platform
- 2.3 About Data Integrity and Oracle Directory Integration Platform
- 2.4 About Data Privacy and Oracle Directory Integration Platform
- 2.5 About Tools Security and Oracle Directory Integration Platform
- 2.6 Credential Store Framework for Oracle Directory Integration Platform
-
1
Introduction to Oracle Directory Integration Platform
-
Part II General Administration of Oracle Directory Integration Platform
-
3
Administering Oracle Directory Integration Platform
- 3.1 Graphical Tools for Administering Oracle Directory Integration Platform
- 3.2 Command-Line Tools for Administering Oracle Directory Integration Platform
-
4
Managing the Oracle Directory Integration Platform
- 4.1 Understanding Operational Information About the Oracle Directory Integration Platform
- 4.2 Viewing Oracle Directory Integration Platform Status and Registration Information
-
4.3
Managing Oracle Directory Integration Platform Using Fusion Middleware Control
- 4.3.1 Viewing Oracle Directory Integration Platform Runtime Information Using Fusion Middleware Control
- 4.3.2 Starting Oracle Directory Integration Platform with Fusion Middleware Control
- 4.3.3 Stopping Oracle Directory Integration Platform with Fusion Middleware Control
- 4.3.4 Managing the Oracle Directory Integration Platform Server Configuration
- 4.3.5 Managing Oracle Directory Integration Platform Logging Using Fusion Middleware Control
- 4.3.6 Auditing Oracle Directory Integration Platform Using Fusion Middleware Control
- 4.4 Starting and Stopping Oracle Directory Integration Platform Using WLST
- 4.5 Manage Oracle Directory Integration Platform Using manageDIPServerConfig
- 4.6 About Oracle Unified Directory Configuration for SSL Mode
- 4.7 About Oracle Directory Server Enterprise Edition Configuration for SSL Mode
- 4.8 About Oracle Internet Directory Configuration for SSL Mode
- 4.9 Managing the SSL Certificates of Back-End Directories and Connected Directories
- 4.10 About Oracle Directory Integration Platform in a High Availability Scenario
- 4.11 Understanding How to Manage Oracle Directory Integration Platform in a Replicated Environment
- 4.12 dipStatus Utility
- 4.13 manageDIPServerConfig Utility
-
3
Administering Oracle Directory Integration Platform
-
Part III Configuring Oracle Back-End Directory
-
5
Configuring Oracle Unified Directory
- 5.1 Before You Configure Oracle Unified Directory as the Back-End Directory
-
5.2
Configuring Oracle Unified Directory (Non-SSL) for Oracle Directory Integration Platform
- 5.2.1 Installing Oracle Unified Directory
- 5.2.2 Configuring Oracle Unified Directory
- 5.2.3 Creating Oracle Unified Directory Suffixes
- 5.2.4 Enabling External Change Log
- 5.2.5 Configuring the Oracle WebLogic Server Domain for Oracle Directory Integration Platform with Oracle Unified Directory
- 5.2.6 Starting the Servers
- 5.2.7 Configuring Oracle Directory Integration Platform for Oracle Unified Directory
- 5.2.8 Adding Access Control Instructions (ACIs) for Oracle Unified Directory
- 5.3 Configuring Oracle Unified Directory (SSL) for Oracle Directory Integration Platform
- 5.4 Verifying Oracle Directory Integration Platform
-
6
Configuring Oracle Internet Directory
- 6.1 Before You Configure Oracle Internet Directory as the Back-End Directory
- 6.2 Configuring the Oracle WebLogic Server Domain for Oracle Directory Integration Platform with Oracle Internet Directory
- 6.3 Configuring Oracle Internet Directory (SSL) for Oracle Directory Integration Platform
- 6.4 Configuring Oracle Directory Integration Platform for Oracle Internet Directory
- 6.5 Verifying Oracle Directory Integration Platform
-
7
Configuring Oracle Directory Server Enterprise Edition
- 7.1 Before You Configure Oracle Directory Server Enterprise Edition as the Back-End Directory
-
7.2
Configuring Oracle Directory Server Enterprise Edition (Non-SSL) for Oracle Directory Integration Platform
- 7.2.1 Installing and Configuring Oracle Directory Server Enterprise Edition
- 7.2.2 Installing Oracle Directory Server Enterprise Edition Plug-In
- 7.2.3 Creating Oracle Directory Server Enterprise Edition Suffixes
- 7.2.4 Enabling the Retro Change Log for Oracle Directory Server Enterprise Edition
- 7.2.5 Configuring the Oracle WebLogic Server Domain for Oracle Directory Integration Platform with Oracle Directory Server Enterprise Edition
- 7.2.6 Starting the Oracle WebLogic Server and the Oracle Directory Server Enterprise Edition Instance
- 7.2.7 Configuring Oracle Directory Integration Platform for Oracle Directory Server Enterprise Edition
- 7.2.8 Adding Access Control Instructions (ACIs) for Oracle Directory Server Enterprise Edition
- 7.3 Configuring Oracle Directory Server Enterprise Edition (SSL) for Oracle Directory Integration Platform
- 7.4 Verifying Oracle Directory Integration Platform
-
5
Configuring Oracle Unified Directory
-
Part IV Synchronization Using Oracle Directory Integration Platform
- 8 Understanding the Oracle Directory Synchronization Service
-
9
Configuring Directory Synchronization
- 9.1 Registering Connectors in Oracle Directory Integration Platform
- 9.2 About Synchronization Profile Templates
- 9.3 Configure Connection Details for a Third-Party Directory
-
9.4
Configuring Mapping Rules
- 9.4.1 About Mapping Rules Attribute
- 9.4.2 Distinguished Name Mapping
- 9.4.3 About Domain Mapping Rules
- 9.4.4 Domain Exclusion List
- 9.4.5 Attribute-Level Mapping
- 9.4.6 Attribute Exclusion List
- 9.4.7 Manually Creating New Mapping Files
- 9.4.8 Supported Attribute Mapping Rules and Examples
- 9.4.9 Configuring Account Locking Synchronization
- 9.4.10 Configuring Account Disabling Synchronization
- 9.4.11 Example: Mapping File for a Tagged-File Interface
- 9.4.12 Example: Mapping Files for an LDIF Interface
- 9.4.13 Updating Mapping Rules
- 9.5 Extending Mappings Using Custom Plug-ins
- 9.6 Configuring Matching Filters
- 9.7 Location and Naming of Files
- 9.8 Password Synchronization
-
10
Managing Directory Synchronization Profiles
- 10.1 Managing Synchronization Profiles Using Fusion Middleware Control
- 10.2 Managing Synchronization Profiles Using manageSyncProfiles
- 10.3 Modifying the Synchronization Status Attributes
- 10.4 Setting Null Values in Synchronization Profiles
- 10.5 manageSyncProfiles Utility
-
11
Bootstrapping a Directory in Oracle Directory Integration Platform
- 11.1 Overview of Directory Bootstrapping Using syncProfileBootstrap
- 11.2 Bootstrapping in SSL Mode
- 11.3 syncProfileBootstrap Utility
-
12
Synchronizing with Tables in Oracle Database
- 12.1 Overview of the Additional Configuration Information File
- 12.2 Updating the Configuration File
- 12.3 Preparing the Directory Integration Profile
-
12.4
Example: Synchronizing a Relational Database Table to the Back-end Directory
- 12.4.1 About the Example Scenario
- 12.4.2 Configure the Additional Configuration Information File
- 12.4.3 Configure the Mapping File
- 12.4.4 Configure the Directory Integration Profile
- 12.4.5 Uploading the Additional Configuration Information and Mapping Files
- 12.4.6 Understanding Synchronization Process for Relational Database Table with the Oracle Back-End Directory
- 12.4.7 Observations About the Synchronizing a Relational Database Table to the Back-End Directory Example
-
13
Synchronizing with Oracle Human Resources
- 13.1 Introduction to Synchronization with Oracle Human Resources
- 13.2 What are the Data you can Import from Oracle Human Resources?
-
13.3
Managing Synchronization Between Oracle Human Resources and the Oracle Back-end Directory
- 13.3.1 Configure a Directory Integration Profile for the Oracle Human Resources Connector
-
13.3.2
About Oracle Human Resources Attributes to be Synchronized with the Oracle Back-end Directory
- 13.3.2.1 Configure the List of Attributes to be Synchronized with the Oracle Back-end Directory
- 13.3.2.2 Modifying Additional Oracle Human Resources Attributes for Synchronization
- 13.3.2.3 Excluding Oracle Human Resources Attributes from Synchronization
- 13.3.2.4 Configure a SQL SELECT Statement in the Configuration File to Support Complex Selection Criteria
- 13.3.3 About Mapping Rules for the Oracle Human Resources Connector
- 13.3.4 Setting Up Synchronization from Oracle Human Resources to the Oracle Back-end Directory
- 13.4 Understanding the Synchronization Process between Oracle Human Resources and the Oracle Back-End directory
- 13.5 Bootstrapping the Oracle Back-end Directory from Oracle Human Resources
- 14 Synchronizing with Third-Party Metadirectory Solutions
-
Part V Provisioning with the Oracle Directory Integration Platform
-
15
Understanding the Oracle Directory Integration Platform for Provisioning
- 15.1 What Is Provisioning?
- 15.2 Understanding Oracle Provisioning Products
- 15.3 Oracle Directory Integration Platform Service Components
- 15.4 Understanding Provisioning Concepts
- 15.5 Overview of Provisioning Methodologies
- 15.6 About Organization of User Profiles in the Oracle Back-End Directory
- 15.7 Understanding Provisioning Flow
- 15.8 Understanding the Delegation of Administrative Privileges
- 15.9 provProfileBulkProv utility
- 16 Deploying Provisioning-Integrated Applications
- 17 Understanding the Oracle Provisioning Event Engine
- 18 Integration of Provisioning Data with Oracle E-Business Suite
-
15
Understanding the Oracle Directory Integration Platform for Provisioning
-
Part VI Integrating with Third-Party Directories
-
19
Connected Directory Integration Concepts and Considerations
- 19.1 Concepts and Architecture of Connected Directory Integration
-
19.2
Planning Your Integration Environment
- 19.2.1 Preliminary Considerations for Integrating with a Connected Directory
- 19.2.2 Choose the Directory for the Central Enterprise Directory
- 19.2.3 Understanding How to Customize the LDAP Schema
- 19.2.4 About Choosing Where to Store Passwords
- 19.2.5 About Choosing the Structure of the Directory Information Tree
- 19.2.6 Attribute for the Login Name
- 19.2.7 Selecting the User Search Base
- 19.2.8 What Group Search Base to Select?
- 19.2.9 Guidelines to Address Security Concerns
- 19.2.10 About How to Administer Your Deployment with Oracle Access Manager
-
19.3
Microsoft Active Directory Integration Concepts
- 19.3.1 Understanding How to Synchronize from Microsoft Active Directory to the Oracle Back-end Directory
- 19.3.2 Requirement for Using WebDAV Protocol
- 19.3.3 Oracle Back-end Directory Schema Elements for Microsoft Active Directory
- 19.3.4 About Integration with Multiple Microsoft Active Directory Domain Controllers
-
19.3.5
Synchronizing with a Multiple-Domain Microsoft Active Directory Environment
- 19.3.5.1 About Configuration Required for Importing from Microsoft Active Directory to the Oracle Back-end Directory
- 19.3.5.2 About Configuration Required for Importing from Microsoft Active Directory Lightweight Directory Service to the Oracle Back-end Directory
- 19.3.5.3 About Configuration Required for Exporting from the Oracle Back-end Directory to Microsoft Active Directory
- 19.3.5.4 Example: Integration with Multiple Connected Directory Domains
- 19.3.6 Understanding Foreign Security Principals
- 19.4 Oracle Directory Server Enterprise Edition (Sun Java System Directory Server) Integration Concepts
- 19.5 IBM Tivoli Directory Server Integration Concepts
- 19.6 Novell eDirectory and OpenLDAP Integration Concepts
- 19.7 Limitations of Connected Directory Integration in Oracle Directory Integration Platform
-
20
Configuring Synchronization with a Connected Directory
- 20.1 Verifying Synchronization Requirements
- 20.2 Creating Import and Export Synchronization Profiles Using expressSyncSetup
-
20.3
Configuring Advanced Integration Options
- 20.3.1 Configuring the Realm
- 20.3.2 Customizing Access Control Lists
- 20.3.3 Customizing Mapping Rules
- 20.3.4 Configuring the Connected Directory Connector for Synchronization in SSL Mode
- 20.3.5 Enable Password Synchronization from the Oracle Back-end Directory to a Connected Directory
- 20.3.6 Configuring External Authentication Plug-ins
- 20.3.7 Configuring External Authentication Against Multiple Domains
- 20.4 Writing Custom Synchronization Connectors
- 20.5 Sample Reader for Inbound Connectors
- 20.6 Sample Writer for Outbound Connectors
- 20.7 expressSyncSetup command
-
21
Integrating with Microsoft Active Directory
- 21.1 Verify Synchronization Requirements for Microsoft Active Directory
- 21.2 Configuring Basic Synchronization with Microsoft Active Directory
-
21.3
Configuring Advanced Integration with Microsoft Active Directory
- 21.3.1 Understanding How to Plan Integration with Microsoft Active Directory
- 21.3.2 Configure the Realm for Microsoft Active Directory
- 21.3.3 Customizing the Search Filter to Retrieve Information from Microsoft Active Directory
- 21.3.4 Understanding How to Customize the ACLs for Microsoft Active Directory
- 21.3.5 Customize Attribute Mappings for Integrating with Microsoft Active Directory
- 21.3.6 Synchronizing with Multiple Microsoft Active Directory Domains
- 21.3.7 About How to Synchronize Deletions from Microsoft Active Directory
- 21.3.8 About Synchronization in SSL Mode
- 21.3.9 Synchronizing Passwords from the Oracle back-End Directory to Microsoft Active Directory
- 21.3.10 About the Microsoft Active Directory External Authentication Plug-in Configuration
- 21.3.11 Perform Post-Configuration and Administrative Tasks
- 21.4 Using DirSync Change Tracking for Import Operations
- 21.5 Configuring Synchronization of Microsoft Active Directory Foreign Security Principal References with an Oracle Back-End Directory
- 21.6 Switching to a Different Microsoft Active Directory Domain Controller in the Same Domain
- 21.7 About Configuration for Microsoft Active Directory Connector with Microsoft Active Directory Lightweight Directory Service
- 21.8 Configuring the Microsoft Active Directory Connector for Microsoft Exchange Server
-
22
Deploying the Oracle Password Filter for Microsoft Active Directory
-
22.1
Overview of the Oracle Password Filter for Microsoft Active Directory
- 22.1.1 What is the Oracle Password Filter for Microsoft Active Directory?
-
22.1.2
Learn How the Oracle Password Filter for Microsoft Active Directory Work?
- 22.1.2.1 Understanding How Clear Text Password Changes are Captured
- 22.1.2.2 Understanding How Password Changes are Stored when the Oracle Back-end Directory is Unavailable
- 22.1.2.3 About Delay in Password Synchronization Until Microsoft Active Directory Users are Synchronized with Oracle Back-end Directory
- 22.1.2.4 Understanding Password Bootstrapping
- 22.1.3 Deploying the Oracle Password Filter for Microsoft Active Directory?
- 22.2 Understanding How to Configure and Test Oracle Back-end Directory with SSL Server-Side Authentication
- 22.3 Importing a Trusted Certificate into a Microsoft Active Directory Domain Controller
- 22.4 Testing SSL/TLS Communication Between Oracle Back-end directory and Microsoft Active Directory
- 22.5 Installing and Reconfiguring the Oracle Password Filter for Microsoft Active Directory
- 22.6 Removing the Oracle Password Filter for Microsoft Active Directory
-
22.1
Overview of the Oracle Password Filter for Microsoft Active Directory
-
23
Integrating with Oracle Directory Server Enterprise Edition (Connected Directory)
- 23.1 Verifying Synchronization Requirements for Oracle Directory Server Enterprise Edition
- 23.2 Configuring Basic Synchronization with Oracle Directory Server Enterprise Edition
-
23.3
Configuring Advanced Integration with Oracle Directory Server Enterprise Edition
- 23.3.1 Understanding How to Plan Integration with Oracle Directory Server Enterprise Edition
- 23.3.2 Configure the Realm for Oracle Directory Server Enterprise Edition
- 23.3.3 Understanding How to Customize the ACLs for Oracle Directory Server Enterprise Edition
- 23.3.4 Customize Attribute Mappings for Oracle Directory Server Enterprise Edition
- 23.3.5 About How to Customize the Oracle Directory Server Enterprise Edition Connector to Synchronize Deletions
- 23.3.6 Understanding How to Synchronize Passwords for Oracle Directory Server Enterprise Edition
- 23.3.7 Synchronizing in SSL Mode
- 23.3.8 Perform Post-Configuration and Administrative Tasks
-
24
Integrating with IBM Tivoli Directory Server
- 24.1 Verifying Synchronization Requirements for IBM Tivoli Directory Server
- 24.2 Configuring Basic Synchronization with IBM Tivoli Directory Server
-
24.3
Configuring Advanced Integration with IBM Tivoli Directory Server
- 24.3.1 Understanding How to Plan Integration with IBM Tivoli Directory
- 24.3.2 Configure the Realm for IBM Tivoli Directory
- 24.3.3 Understanding How to Customize the ACLs for IBM Tivoli Directory
- 24.3.4 Customize Attribute Mappings for IBM Tivoli Directory
- 24.3.5 Customizing the IBM Tivoli Directory Server Connector to Synchronize Deletions
- 24.3.6 Synchronize Passwords for IBM Tivoli Directory
- 24.3.7 Understand How to Synchronize IBM Tivoli Directory in SSL Mode
- 24.3.8 Configuring the IBM Tivoli Directory Server External Authentication Plug-in
- 24.3.9 Perform Post-Configuration and Administrative Tasks
-
25
Integrating with Novell eDirectory or OpenLDAP
- 25.1 Verify Synchronization Requirements for Novell eDirectory or OpenLDAP
- 25.2 Configuring Basic Synchronization with Novell eDirectory or OpenLDAP
- 25.3 Synchronizing Multiple Profiles from eDirectory or OpenLDAP to One Oracle Back-end Directory Container
-
25.4
Configuring Advanced Integration with Novell eDirectory or OpenLDAP
- 25.4.1 Understanding How to Plan Integration with Novell eDirectory or OpenLDAP
- 25.4.2 About Realm Configuration for Novell eDirectory or OpenLDAP
- 25.4.3 Customize the Search Filter to Retrieve Information from Novell eDirectory or OpenLDAP
- 25.4.4 Understanding the ACLs Customization for Novell eDirectory or OpenLDAP
- 25.4.5 Customize Attribute Mappings for Novell eDirectory
- 25.4.6 Customizing the Novell eDirectory or OpenLDAP Connector to Synchronize Deletions
- 25.4.7 About How to Define a Reconciliation Rule?
- 25.4.8 Reconciliation Rules Used to Synchronize Deletions?
- 25.4.9 Synchronization Parameters for the Advanced Configuration Information Attribute
- 25.4.10 Configuring the OpenLDAP Connector to Synchronize Passwords
- 25.4.11 Synchronize the Novell eDirectory or OpenLDAP connector in SSL Mode
- 25.4.12 Configure the Novell eDirectory or OpenLDAP External Authentication Plug-in
- 25.4.13 Perform Post-Configuration and Administrative Tasks
-
26
Managing Integration with a Connected Directory
- 26.1 Performing Tasks After Configuring with a Connected Directory
- 26.2 Typical Management of Integration with a Connected Directory
-
19
Connected Directory Integration Concepts and Considerations
- Part VII Appendixes
- A Example Properties File for Synchronization Profiles
-
B
Case Study: A Deployment of Oracle Directory Integration Platform
- B.1 Components in the MyCompany Enterprise
- B.2 Requirements of the MyCompany Enterprise
- B.3 Overall Deployment in the MyCompany Enterprise
- B.4 User Creation and Provisioning in the MyCompany Enterprise
- B.5 Modification of User Properties in the MyCompany Enterprise
- B.6 Deletion of Users in the MyCompany Enterprise
- C Starting and Stopping the Oracle Stack
-
D
Troubleshooting the Oracle Directory Integration Platform
- D.1 Checklist for Troubleshooting Oracle Directory Integration Platform
-
D.2
General Issues
- D.2.1 LDIF Files That Contain Non-ASCII Characters Will Cause the testProfile Command Option to Fail if the LDIF File has Native Encoding
- D.2.2 Some Changes May Not Get Synchronized Due to Race Condition in Heavily-Loaded Source Directory
- D.2.3 Synchronization Continues After Stopping Oracle Directory Integration Platform
- D.2.4 Synchronization of Deleted Objects Fails
- D.3 Configuration Issues
- D.4 Problems and Solutions
- D.5 Troubleshooting Synchronization
- D.6 Troubleshooting Integration with Microsoft Active Directory
- D.7 Troubleshooting SSL/TLS
- D.8 Need More Help?
- Glossary