Oracle Internet Directory (OID) Synchronization with Active Directory for Enterprise User Security – Part 1

This blog post outlines the step-by-step configurations to be made at Active Directory (AD) side and on the Oracle Internet Directory (OID) for the synchronization of identities from Active Directory to OID. Intentionally I split it into multiple blog posts for the configuration…

Following are the salient features of this integration:

• Synchronization is only from Active Directory to OID i.e. changes made at OID will not be reflected on Active Directory
• Create of a new user in the Active Directory would be reflected on to OID
• For the synchronization to start, Administrator has to trigger a change password request for all the users of interest

High-Level Configurations to be made on Active Directory:

• Install Oracle Password Filter, with comes with Oracle Identity Management 11gR2 Patch.
• If AD machine is 64 bit then go into Utils –> adpwdfilter –> 64 bit –>setup.exe
• If AD machine is 32 bit then go into Utils –> adpwdfilter –> setup.exe
• Create SSL connection between OID and AD, with OID as server and AD as client. Add certificate of OID into AD’s trust store

High-Level Configuration to be made on OID:

• Configure a new OID instance (don’t disturb the default OID instance that runs on 3060)
• Configure SSL Authentication Server Mode:2 for the newly created OID instance
• Configure synchronization profile using Oracle Directory Integration Platform
• Test the synchronization profile to see that uid and userpassword attributes are replicated at OID

High-Level design diagram for Active Directory – Oracle Internet Directory one-way synchronization:

Next blog post is about how to configure new OID Instance

Advertisements