Home > Identity Manager, Oracle MiddleWare > Oracle Internet Directory (OID) Synchronization with Active Directory for Enterprise User Security – Part 4

Oracle Internet Directory (OID) Synchronization with Active Directory for Enterprise User Security – Part 4


1          To install the Oracle Password Filter for Microsoft Active Directory

  • Locate the setup.exe file in the <Oracle IDM Patch>/utils/testwdfilter directory on the Oracle Application Server CD-ROM (Disk 1). Run the setup.exe command to extract the installation files to a directory on your domain controller. Use setup.exe from 64-bit folder if Active Directory is 64 bit or else use setup.exe that is outside of 64-bit folder or at utils/testwdfilter
  • If AD is 64 bit then set the following environment variable: Righ-click on system–>Administrative Properties–>Path
    • Path=c:\windows\SysWOW64
  • Navigate to the directory where you extracted the installation files and double-click setup.exe. The Welcome page of the Oracle Password Filter for Microsoft Active Directory installation program displays, informing you that the program will install the Oracle Password Filter for Microsoft Active Directory.

  • On the Welcome page, click Next. The Installation Requirements page displays, notifying you that SSL must be enabled between Oracle Internet Directory and Microsoft Active Directory and that installing the Oracle Password Filter for Microsoft Active Directory must restart your computer at the end of the installation process.

On the Installation Requirements page, click Next. The Installation Options page displays

  • On the Installation Options page, select Typical (Recommended)

  • For AD, admin has to provide appropriate values. Below screenshot is only for reference, the values should be  Active Directory specific entries.

  • Click Next. The Microsoft Active Directory Domain Controller Information page displays. Provide Active Directory domain username and password. Also define a Log location appropriately.

  • Click Next to continue. The Oracle Internet Directory Configuration Parameters page displays. For TEST’s OID here are details:
    • Base DN: dc=<replace appropriately>,dc=com
    • Host: <oid server name>
    • SSL Port: 3132
    • Non-SSL Port: 3061
    • User: cn=orcladmin
    • User password: ****

  • Click Next to continue. The Oracle Password Filter Configuration Parameters page displays.

  • Click Next to continue. If you chose Advanced on the Installation Options page, the Specify Attributes page displays.

  • Next

  • When prompted whether or not to upload schema extensions to Oracle Internet Directory, always select No. You do not want to upload schema extensions to Oracle Internet Directory because it comes preloaded with the schema extension attributes required for the Microsoft Active Directory Password filter.

 

The Reboot Domain Controller page displays.

 

  • After the computer restarts, log in as an administrator.
  • For 64 bit Active Directory OS, following extra step need to be executed
    • Locate the following 2 dll files in C:\WINDOWS\syswow64 and copy them into C:\WINDOWS\system32
      • Oraidmpwf11.dll
      • Orclmessages.dll

 

  • Restart Active Directory again
  • Now verify whether SSL connection between AD and OID is correctly configured or not …
    • C:\oracle\adpasswordFilter>ldapbindssl -h  -p 3131 -D cn=orcladmin -w ****
    • Connecting server in SSL Mode
    • Checking if SSL is enabled
    • SSL not enabled
    • SSL being enabled…
    • Binding …
    • Bind Successful

 

  • If you see above message then the configuration is successful.
  • You are good to go into next step.
  • Oracle password filter installation is now complete.

 

 

NOTE:

GOALDoes the Oracle Password Filter installation on Microsoft Active Directory (AD) make any changes to the AD schema ?

FIX

No, neither the 32 nor the 64 bit Oracle Password Filter installation makes any changes to the Active Directory schema.

It just creates an OrganizationalUnit entry in AD (via the prepAD.ldif file) which is a retry container, i.e., a container to store the password changes that may have failed to get updated in OID, for later retry.

Next blog post on Configuring Oracle Directory Integration Platform

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: