1. Administering Oracle Directory Integration Platform
  2. Configuring Oracle Back-End Directory
  3. Configuring Oracle Internet Directory

6 Configuring Oracle Internet Directory

You can configure Oracle Internet Directory as the back-end directory for Oracle Directory Integration Platform synchronization or provisioning.

Topics:

6.1 Before You Configure Oracle Internet Directory as the Back-End Directory

Before configuring Oracle Internet Directory as the back-end directory, you must install Oracle Internet Directory and Oracle Directory Integration Platform.

  • Install Oracle Internet Directory either as a collocated configuration or as a standalone configuration. For more information, see Installing the Oracle Internet Directory Software in Installing and Configuring Oracle Internet Directory.

    Note:

    You can only configure Oracle Internet Directory with Oracle Directory Integration Platform in SSL mode. The Oracle Internet Directory SSL port must be configured in SSL No Authentication Mode or SSL Server Authentication Only Mode.

  • Configure Oracle Directory Integration Platform after you install Oracle Internet Directory binaries as described in Configuring Oracle Directory Integration Platform in Installing and Configuring Oracle Internet Directory.

6.2 Configuring the Oracle WebLogic Server Domain for Oracle Directory Integration Platform with Oracle Internet Directory

You must configure Oracle Directory Integration Platform with Oracle Internet Directory either in an existing or in a new WebLogic server Domain.

6.2.1 Configuring Oracle Directory Integration Platform with Oracle Internet Directory in an Existing WebLogic Domain

Perform the following steps to configure Oracle Directory Integration Platform with Oracle Internet Directory in an existing WebLogic administration domain:

Note:

  • During the Oracle Internet Directory domain configuration, if you have already selected the Oracle Directory Integration Platform - 12.2.1.3.0[dip] option in the Templates screen then you can skip this section.

    See Selecting the Configuration Templates for Oracle Internet Directory in Oracle Fusion Middleware Installing and Configuring Oracle Internet Directory.

  • You must stop the Administration Server, Managed Servers, and Node Manager before updating the existing WebLogic domain.

  1. Run the ORACLE_HOME/oracle_common/common/bin/config.sh script (UNIX) or ORACLE_HOME\oracle_common\common\bin\config.cmd (Windows).

    The Configuration Type screen is displayed.

  2. Select Update an existing domain, and click Next.

    The Templates screen is displayed.

  3. On the Templates screen, select Update Domain Using Product Templates and then select Oracle Directory Integration Platform - 12.2.1.3.0[dip] domain configuration option.

    Note:

    When you select the Oracle Directory Integration Platform - 12.2.1.3.0 [dip] option, Oracle Enterprise Manager 12.2.1.3.0 [em] is automatically selected.

    Click Next.

    The JDBC Data Sources screen is displayed.

  4. Make changes if required and then click Next

    The JDBC Data Sources Test screen is displayed.

  5. Select the data sources to test, and click Test Selected Connections.

    Click Next.

    The Database Configuration Type screen is displayed.

  6. Make changes if required and then click Get RCU Configuration to retrieve the schema information. After successfully retrieving the schema information, click Next to continue.

    The JDBC Component Schema screen is displayed.

  7. Verify that the values populated are correct for all schemas and click Next.

    The JDBC Component Schema Test screen is displayed.

  8. You can select the component schema to test, and click Test Selected Connections. Wait for one or more connection tests to complete. If you do not want to test connections, deselect all data sources.

    Note:

    In order to test connections, the database to which you are trying to connect must be running.

    Click Next.

    The Advanced Configuration screen is displayed.

  9. Select Managed Servers, Clusters, and Machines option. Click Next.

    The Managed Servers screen is displayed.

  10. Specify the Managed Server name and click Next.

    The Clusters screen is displayed.

  11. Configure Clusters as required and click Next.

    The Machines screen is displayed.

  12. Select the Machine tab (for Windows) or Unix Machine tab. Click on Add and specify the machine name. Click Next.
  13. If you added a machine on the Configure Machines screen, then the Assign Servers to Machines screen appears. On the Assign Servers to Machines screen, assign the Administration Server and the Managed server to the specified machine. Click Next.
  14. On the Configuration Summary screen, review the domain configuration, and click Update to start extending the domain.
  15. Click Finish, once the domain is extended.

    Your existing Oracle Internet Directory domain is extended to support Oracle Directory Integration Platform.

6.2.2 Configuring Oracle Directory Integration Platform and Oracle Internet Directory in a New Oracle WebLogic Server Domain

Perform the configuration steps in this section only if you want to configure Oracle Directory Integration Platform and Oracle Internet Directory in a new Oracle WebLogic Server domain.

To configure Oracle Directory Integration Platform and Oracle Internet Directory in a new WebLogic domain:
  1. Run the ORACLE_HOME/oracle_common/common/bin/config.sh script (UNIX) or ORACLE_HOME\oracle_common\common\bin\config.cmd (Windows).

    The Configuration Type screen is displayed.

  2. On the Configuration Type screen, select Create a new domain and enter the full path for the domain or use the Browse button to navigate to the directory in which your domains are located. Click Next.

    The Templates screen is displayed.

  3. On the Templates screen, make sure Create Domain Using Product Templates is selected, and then select the following templates:
    • Oracle Directory Integration Platform - 12.2.1.3.0 [dip]

    • Oracle Internet Directory (Collocated) - 12.2.1.3.0 [oid] (optional)

    Note:

    When you select Oracle Directory Integration Platform - 12.2.1.3.0 [dip] option, the following components are automatically selected:

    • Oracle Enterprise Manager 12.2.1.3.0 [em]

    • Oracle JRF - 12.2.1.3.0 [oracle_common]

    • Weblogic Coherence Cluster Extension 12.2.1.3 [wlserver]

    When you select Oracle Internet Directory (Collocated) - 12.2.1.3.0 option, then Oracle Directory Services Manager - 12.2.1.3.0 [oid] component is automatically selected.

    Click Next.

    Click The Application Location screen is displayed.

  4. Click Browse and specify the full path to the directory in which you want to store the applications that are associated with the domain.

    Click Next.

    The Administrator Account screen is displayed.

  5. Specify the user name and password for the default WebLogic Administrator account for the domain.
    The password must be at least eight characters and must contain at least one number or special character. Confirm the password and click Next.
    Make a note of these details as you will need them to start or restart the WebLogic domain in the following procedure.
    The Domain Mode and JDK screen is displayed.
  6. Specify the domain mode and Java Development Kit (JDK).
    1. Select Production in the Domain Mode field.

      Note:

      If you select Production mode as the domain, the node manager has a random username and password assigned to it. Use the WebLogic Server Administration Console to reset the password.

    2. Accept Oracle Hotspot as a default JDK location.
    3. Click Next.
    The Database Configuration Type screen is displayed.
  7. Select RCU Data. This option instructs the Configuration Wizard to connect to the database’s Service Table (STB) schema to automatically retrieve schema information for schemas needed to configure the domain.

    Note:

    Ensure that you have created the database schemas required for Oracle Internet Directory. See Creating the Database Schemas in Oracle Fusion Middleware Installing and Configuring Oracle Internet Directory.

    After selecting RCU Data:

    1. Enter the name of the server hosting the database in the Host Name field.

      Note:

      Ensure that you do not specify localhost in the Host Name field.
    2. Enter the database DBMS name, or service name if you selected a service type driver in the DBMS/Service field.
    3. Enter the port number on which the database listens.
    4. Enter the username and password for connecting to the database's Service Table schema.
    5. Click Get RCU Configuration to retrieve the schema information. After successfully retrieving the schema information, click Next to continue.
    The JDBC Component Schema screen is displayed.
  8. Verify that the values populated are correct for all schemas, and Click Next.
    The JDBC Component Schema Test screen is displayed.
  9. Test datasource connections that you just configured.
    A green check mark in the Status column indicates a successful test. If you encounter issues, see the error message in the Connection Result Log section of the screen, fix the problem, then test the connection again.

    The Advanced Configuration screen is displayed.

  10. To complete domain configuration, select any of these options:
    • Administration Server: Required to properly configure the Administration Server’s listen address.
    • Node Manager: Required to configure Node Manager.
    • Topology: Required to configure the Managed Servers and cluster, and for configuring the machine and targeting Managed Servers to the machine.
    • Deployments and Services: Required to target to servers or clusters.
    Click Next.
  11. Review each item on the Configuration Summary screen and verify that the information is correct.
    To make any changes, go back to a screen by clicking the Back button or selecting the screen in the navigation pane. Domain creation does not start until you click Create.
    A new WebLogic domain (for example: base_domain) is created to support Oracle Directory Integration Platform and Fusion Middleware Control in the <ORACLE_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <ORACLE_HOME>/user_projects/domains directory.

6.3 Configuring Oracle Internet Directory (SSL) for Oracle Directory Integration Platform

Use the steps in the following order to configure Oracle Internet Directory (back-end directory) SSL communication for Oracle Directory Integration Platform.

6.3.1 Configuring Oracle Internet Directory for SSL

Configure Oracle Internet Directory (back-end directory) in SSL mode. You can use the SSL No Authentication Mode or SSL Server Authentication Only Mode options to configure the SSL port.

Note:

  • Oracle recommends that you use SSL Server Authentication Only Mode option configured on an LDAPS port for Oracle Internet Directory.

  • If Java Development Kit (JDK) 1.8.0_201 or higher is installed on your system then the anonymous ciphers are disabled by default. If Oracle Internet Directory SSL is configured in SSL No Authentication Mode then you must enable the anonymous ciphers in the JDK by editing the java.security file (JAVA_HOME/lib/security) and removing anon, NULL, DES, and 3DES_EDE_CBC from the jdk.tls.disabledAlgorithms security property.

See Configuring Secure Sockets Layer (SSL) in Oracle Fusion Middleware Administering Oracle Internet Directory.

6.3.2 Configuring Oracle Directory Integration Platform for Oracle Internet Directory SSL Authentication

After configuring the Oracle Internet Directory (back-end directory) SSL communication, you must configure Oracle Directory Integration Platform.

Topics:

6.3.2.1 Configuring Oracle Directory Integration Platform for Oracle Internet Directory SSL Server Authentication Only Mode
Complete the following steps to configure Oracle Directory Integration Platform to use Oracle Internet Directory SSL Server Authentication Only Mode:

Note:

If you change the configuration from Oracle Internet Directory No Authentication Mode to SSL Server Authentication Only Mode, then you must delete the TLS_DH_anon_WITH_AES_128_GCM_SHA256 and SSL_DH_anon_WITH_3DES_EDE_CBC_SHA cipher suites from Oracle Directory Integration Platform using the Oracle Fusion Middleware System MBean Browser.

This ensures that all the ciphers supported in Oracle Directory Integration Platform for the Java Development Kit (JDK) 1.8.0_201 or higher are enabled.

  1. Ensure that the Oracle WebLogic Administration Server and Oracle Directory Integration Platform managed server is running. If they are not running, then start as follows:
    Administration Server:
    DOMAIN_NAME/bin/startWebLogic.sh

    Note:

    Where DOMAIN_NAME is the root directory of the domain. (The name of this directory is the name of the domain.). By default, this directory is ORACLE_HOME\user_projects\domains\DOMAIN_NAME.
    Managed Server:
    DOMAIN_NAME/bin/startManagedWebLogic.sh managed_server_name admin_url
  2. You must export the trusted certificate from the Oracle Internet Directory wallet using the orapki utility:
    1. Ensure that the environment variables JAVA_HOME points to the Java installation directory.
      JAVA_HOME=/usr/lang/JAVA/jdk1.8.0_131
export JAVA_HOME
    2. Ensure that the environment variables ORACLE_HOME for Oracle Internet Directory is set properly.
      SETENV ORACLE_HOME <path to Oracle home location>
    3. Run the following command to export the trusted certificate from the Oracle Internet Directory wallet.
      orapki wallet export -wallet Path_to_OID_wallet -dn Subject_DN_of_trusted_certificate -cert path_to_certificate_file
      The Oracle Internet Directory wallet is available in the following location when created using the Fusion Middleware user interface: $ORACLE_INSTANCE/OID/admin/wallet_name
      For example:
      $ORACLE_HOME/bin/orapki wallet export -wallet /home/Middleware/Oracle_Home/oid/admin/oidwallet -dn "cn=oidhost.example.com,OU=My Dept,O=My Company,L=Redwood City,ST=California,C=US " -cert oidcert.cer
  3. Import the trusted certificate that you have exported to the oidcert.cer file into the Oracle Directory Integration Platform wallet:
    keytool -importcert -trustcacerts -alias Some_alias_name -file Path_to_certificate_file

    For example:

    keytool -importcert -trustcacerts -alias OID -file /home/Middleware/oidcert.cer -keystore /home/Middleware/dip.jks

    The system will prompt for a keystore password. Type the password for this keystore.

  4. Run the following command to update the Java Keystore location in Oracle Directory Integration Platform.
    manageDIPServerConfig set -attribute keystorelocation -val full_path_to_keystore -h weblogic_host -p weblogic_managed_server_port -D weblogic_user

    Note:

    full_path_to_keystore represents the absolute path to the Java Keystore (JKS) based on the host where Oracle Directory Integration Platform is deployed. When you specify the absolute path to the JKS, use the appropriate path separators (that is, / for UNIX and Linux platforms, and \ for Windows platforms).

    For example:

    $ORACLE_HOME/bin/manageDIPServerConfig set -h localhost -p 7005 -D wlsuser -attribute keystorelocation -val /home/Middleware/dip.jks

    The system will prompt for the WebLogic password.

  5. Run the following commands to create a CSF credential and update the Java Keystore password:
    1. Open the WLST prompt by running the following command:

      $ORACLE_HOME/oracle_common/common/bin/wlst.sh (UNIX) or ORACLE_HOME\oracle_common\common\bin\wlst.cmd (Windows)

    2. Connect to the WebLogic Admin Server:
      connect('Weblogic_User', 'Weblogic_password', 't3://Weblogic_Host:Weblogic_AdminServer_Port')
    3. Create the credential and update the Java Keystore password:
      createCred(map="dip", key="jksKey", user="jksuser", password="JKS_password")
  6. Update the Oracle Directory Integration Platform SSL configuration, by running the following command:

    Unix

    $ORACLE_HOME/bin/manageDIPServerConfig set -attribute sslmode -val 2 -h localhost -p 7005 -D "weblogic"
    $ORACLE_HOME/bin/manageDIPServerConfig set -attribute backendhostport -val oidhost:3131 -h example.com -p 7005 -D "weblogic"

    Windows

    ORACLE_HOME\bin\manageDIPServerConfig set -attribute sslmode -val 2 -h localhost -p 7005 -D "weblogic"
    ORACLE_HOME\bin\manageDIPServerConfig set -attribute backendhostport -val oidhost:3131 -h example.com -p 7005 -D "weblogic"

    For more information, see Arguments for manageDIPServerConfig.

    You can also Log in to the Enterprise Manager and update the Oracle Directory Integration Platform SSL configuration.

    Choose DIP > Server Properties, then set SSL Mode to 2 and the port value to the Oracle Internet Directory SSL port.

6.3.2.2 Configuring Oracle Directory Integration Platform for Oracle Internet Directory SSL No Authentication Mode
Complete the following steps to configure Oracle Directory Integration Platform to use Oracle Internet Directory No Authentication (SSL Mode 1) Mode:

Note:

Oracle does not recommend using No Authentication (SSL Mode 1).

  1. Ensure that the Oracle WebLogic Administration Server and Oracle Directory Integration Platform managed server is running. If they are not running, then start as follows:

    Administration Server:

    DOMAIN_NAME/bin/startWebLogic.sh

    Note:

    Where DOMAIN_NAME is the root directory of the domain. (The name of this directory is the name of the domain.). By default, this directory is ORACLE_HOME\user_projects\domains\DOMAIN_NAME.

    Managed Server:

    DOMAIN_NAME/bin/startManagedWebLogic.sh managed_server_name admin_url

    See Starting the Stack.

  2. Run the manageDIPServerConfig utility to update the Oracle Directory Integration Platform SSL configuration to use the Oracle Internet Directory SSL No Authentication Mode:

    Unix

    $ORACLE_HOME/bin/manageDIPServerConfig set -attribute sslmode -val 1 -h localhost -p 7005 -D "weblogic"
    Windows
    ORACLE_HOME\bin\manageDIPServerConfig set -attribute sslmode -val 1 -h localhost -p 7005 -D "weblogic"

    For more information, see Arguments for manageDIPServerConfig.

    You can also Log in to the Enterprise Manager and update the Oracle Directory Integration Platform SSL configuration.

    Choose DIP > Server Properties, then set SSL Mode to 1 and the port value to the Oracle Internet Directory SSL port.

6.3.3 Adding Cipher Suites Configured for Oracle Internet Directory into Oracle Directory Integration Platform

If the cipher suites configured for Oracle Internet Directory are not available or recognized in Oracle Directory Integration Platform then you must add those suites into Oracle Directory Integration Platform using the Oracle Fusion Middleware System MBean Browser.

For example, if Oracle Internet Directory SSL is configured in No Authentication Mode then by default anonymous ciphers are not recognized by Oracle Directory Integration Platform. Add the TLS_DH_anon_WITH_AES_128_GCM_SHA256 and SSL_DH_anon_WITH_3DES_EDE_CBC_SHA cipher suites into Oracle Directory Integration Platform using the Oracle Fusion Middleware System MBean Browser.

To add cipher suites into Oracle Directory Integration Platform, complete the following steps:

Note:

In a cluster environment, you must repeat the below steps for all of the Oracle Directory Integration Platform managed servers in the cluster.
  1. Open a browser, and access the Fusion Middleware Control Console using the following URL format:
    http://host1.example.com:7001/em
  2. Enter the Oracle Fusion Middleware administrator user name and password and click Login.
  3. From the target navigation pane, expand the domain.
  4. From the domain home page, select the Managed Server (wls_ods1).

    Note:

    The default value for Oracle Directory Integration Platform Managed Server is wls_ods1.
  5. From the WebLogic Server menu, choose System MBean Browser. The System MBean Browser page is displayed.

    Note:

    You can also click the Find icon to perform a search for an MBean, attribute. For example com.bea:Name=wls_ods1,Type=Server.
  6. Expand Configuration MBeans in the MBean navigation tree and then select com.bea > Server.
  7. Expand the Server node and then expand the Managed Server node (wls_ods1).
  8. From the Managed Server node, expand SSL and then select the Managed Server MBEAN.
    The Configuration MBEAN page is displayed.
  9. Select Attributes tab and then select CipherSuites.
    The Attribute: Ciphersuites page is displayed.
  10. Click Add and then add the following clipers:

    • TLS_DH_anon_WITH_AES_128_GCM_SHA256

    • SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

    Note:

    If Oracle Internet Directory is configured in No Authentication Mode, then you do not need to add any additional ciphers to Oracle Directory Integration Platform. However, if you have added other ciphers to Oracle Directory Integration Platform and also require the default ciphers for the JDK to be enabled, you can add those using the Oracle Fusion Middleware System MBean Browser.

    For more information about cipher suites supported by Oracle Directory Integration Platform, see Supported Out-of-Box Cipher Suites.

  11. Click Apply.
  12. Click Activate Changes in the Change Center.

    Note:

    If you change the configuration from Oracle Internet Directory No Authentication Mode to SSL Server Authentication Only Mode, then you must delete the TLS_DH_anon_WITH_AES_128_GCM_SHA256 and SSL_DH_anon_WITH_3DES_EDE_CBC_SHA cipher suites from Oracle Directory Integration Platform using the Oracle Fusion Middleware System MBean Browser.

    This ensures that all the ciphers supported in Oracle Directory Integration Platform for the Java Development Kit (JDK) 1.8.0_201 or higher are enabled.

6.4 Configuring Oracle Directory Integration Platform for Oracle Internet Directory

Use the dipConfigurator command to configure Oracle Directory Integration Platform for Oracle Internet Directory.

Note:

Before running dipConfigurator to configure Oracle Internet Directory as the back-end directory, ensure that you have completed the following configuration based on the SSL implementation modes:

Complete the following steps:
  1. Set the WL_HOME and ORACLE_HOME environment variables for Oracle Directory Integration Platform.
  2. Create the dbconfigfile file and name it as db.properties file.

    The following shows an example of the db.properties file. 

    DRIVER_NAME:oracle.jdbc.OracleDriver
DRIVER_TYPE:thin
DB_HOST:myhost.us.example.com
DB_PORT:1521
DB_SID:orclpdb
DB_SERVICENAME: ORCLPDB.EXAMPLE.COM
  3. Run the dipConfigurator setup (<ORACLE_HOME>/bin) command on the command line and enter the following arguments:

    Note:

    Table 6-1 dipConfigurator Properties for Oracle Internet Directory

    Properties Description

    wlshost

    Oracle WebLogic Server host name where Oracle Directory Integration Platform is deployed. The default host name is localhost.

    wlsport

    Listening port number of the Oracle WebLogic Administration Server where Oracle Directory Integration Platform is deployed. The default port number is 7001.

    wlsuser

    Oracle WebLogic Server login user name.

    ldaphost

    Oracle Internet Directory host name. The default host name is localhost.

    ldapport

    Oracle Internet Directory server port number. The default value is 636.

    isldapssl

    Accept the default value true for the Oracle Internet Directory configured as the back-end directory.

    ldapuser

    The bind DN to connect to the directory. The default value is true.

    isclustered <BOOLEAN>

    Specify if the Oracle Directory Integration Platform instance is in a cluster environment. The default value is false.

    dbconfigfile

    The following property should be specified in the dbconfigfile file, and absolute path should be specified before running dipConfigurator setup.

    Note:

    For the database connection details and schemas, ensure that you provide the same value specified for the back-end Oracle Internet Directory installation and configuration. See Creating the Database Schemas in Oracle Fusion Middleware Installing and Configuring Oracle Internet Directory.

    • DRIVER_NAME: Enter oracle.jdbc.OracleDriver.

    • DRIVER_TYPE: Enter thin.

    • DB_HOST: Host name of the machine on which the database is running. For example, exampledomain.com.

    • DB_PORT: Enter the port number for your database. The default port number for Oracle databases is 1521.

    • DB_SID: Specify the database SID. For example orcl.

    • DB_SERVICENAME: Enter the database service name . Example: orcl.exampledomain.com

    • URL: Enter the value only if you are using a Oracle RAC database.

      You must enter the Oracle RAC database connect string information in the short format:

      hostname1:port1:instanceName1^hostName2:port2:instanceName2@serviceName

      Example: example1.com:1521:orcl1^example2.com:1521:orcl2@orcl.exampledomain.com

    clustercheckininterval <INT>

    Specify the frequency (milliseconds) at which an instance checks for server status (For example, detecting failed instances) with the other instances of the cluster. The default value is 120000 milliseconds.

    Example:

    Unix

    $ORACLE_HOME/bin/dipConfigurator setup -wlshost localhost -wlsport 7001 -wlsuser weblogic -ldaphost oidhost -ldapport 3131 -ldapuser "cn=orcladmin" -isldapssl true -dbconfigfile $ORACLE_HOME/db.properties

    Windows

    ORACLE_HOME/bin/dipConfigurator setup  -wlshost localhost -wlsport 7001 -wlsuser weblogic -ldaphost oidhost -ldapport 3131 -ldapuser "cn=orcladmin" -isldapssl true -dbconfigfile ORACLE_HOME/db.properties

6.5 Verifying Oracle Directory Integration Platform

Verify the Oracle Directory Integration Platform installation using the dipStatus and dipConfigurator commands, located in the $ORACLE_HOME/bin/ directory.

Note:

You must set the WL_HOME and ORACLE_HOME environment variables before executing the dipStatus and dipConfigurator commands.

The following is the syntax for the dipStatus command: 

$ORACLE_HOME/bin/dipStatus -h <hostName> -p <port> -D <wlsuser> [-ssl -keyStorePath <path> -keyStoreType <type>] [-help]

  • -h | -host identifies the Oracle WebLogic Server where Oracle Directory Integration Platform is deployed.

  • -p | -port identifies the listening port of the Oracle Directory Integration Platform Managed Server.

  • -D | -wlsuser identifies the Oracle WebLogic Server login ID.

  • -ssl executes the command in SSL mode.

  • keystorePath identifies the full path to the keystore.

  • keyStoreType identifies the type of the keystore identified by -keystorePath. For example: -keystorePath jks or -keystorePath PKCS12. The default value is jks.

  • -help provides usage help for the command.

Note:

You will be prompted for the Oracle WebLogic Server login password. You cannot provide the password as a command-line argument.

Best security practice is to provide a password only in response to a prompt from the command. If you must execute dipStatus from a script, you can redirect input from a file containing the Oracle WebLogic Server password. Use file permissions to protect the file and delete it when it is no longer necessary.

After you install and configure Oracle Directory Integration Platform , refer to the Getting Started with Oracle Directory Integration Platform.

After configuring Oracle Internet Directory (back-end directory) SSL communication for Oracle Directory Integration Platform, you can synchronize or provision it with a connected directory, as described in Synchronization Using Oracle Directory Integration Platform or Provisioning with the Oracle Directory Integration Platform.