• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


  • Categories

  • Archive

  • Server Chaining in OID

    Posted by "" in "oid" on 2007-12-29

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    Server Chaining in OID

    1. Server chaining feature in OID is introduced in version

    2. You use server chaining feature to map user/group/entries sitting in third party LDAP directory (AD, iPlanet) and access them through OID. This way you can avoid synchronization of entry (identity data) between OID and third party LDAP Server.

    3. Currently (as of version only Microsoft Active Directory & Sun iPlanet are supported for OID server chaining (as shown in figure above)
    4. Currently only bind, compare(only for userpasswd attribute), modify and search ldap operation are supported

    5. You can configure server chaining either from command line (ldap commands) or using OIDADMIN (gui tool to administer OID)
    6. If attribute name in OID is same as attribute name in third party ldap server (iPlanet, AD) then mapping is not required (some attributes are mapped by default – orclguid, krbprincipalname)

    7. Operation attributes, objects classes and OID specific attributes (starting with orcl) cannot be mapped using server chaining framework

    Related Doc
    OID Server Chaining guide from Oracle

    Related Posts for OID

    1. Oracle Internet Directory OID
    2. Oracle Internet Directory – Basics II
    3. OID to OID/Active Directory/iPlanet other LDAP Server Integration
    4. Multi Master OID Replication
    5. OID Architecture
    6. Oracle Internet Directory , OID Troubleshooting
    7. Server Chaining in OID
    8. OID Quesries/ Scripts FAQ
    9. OIDADMIN Client
    10. Oracle Identity Management (OID) 11g installation Issues on Linux
    11. OID 11g – Oracle Directory Services Manager (ODSM)
    12. DIP : Synchronization, Provisioing, Connectors, DSS in Oracle Directory Services (ODS) 11g
    13. OID Replication – Suppliers, Consumers, DRG, ASR/LDAP based replication
    14. ASR setup has failed – Error occurred while dropping database link : ORA-02084 : database name is missing a component while Configuring Multi Master OID replication using “remtool -asrsetup”
    15. OID 11g Down : Unable to Start OID 11g using OPMN (ODS schema locked ORA-28002)
    16. OID/Directory Services 11g – Schema, Object Class, Attributes
    17. OID 11g Distributed Install : DIP/ODSM (Java Component) & OID (LDAP/REPLD) on different machine
    18. OID Server Mode R, RW, RM: LDAP: error code 53 – Server currently in read only mode
    19. How to change OID 11g database schema (ODS) password
    20. How to add custom attribute, Object Classe in OID from command line or GUI
    21. Oracle Internet Directory (OID) and Real Application Cluster (RAC) database : Things you must know
    22. How to Update User Password in OID (single account or bulk) – command line or GUI
    23. Error starting OID 11g during configuration stage of OID installation on Windows Server “ProvisionException: Failed to start the component”
    24. How to delete Entries in OID 11g in Bulk – Delete Failed : Ldap Error Code 66 Not allowed on Non-Leaf
    25. How to find latest changelog number (or changes) in OID ?
    26. Context Initialization Error on running ldapsearch commands on OID Server
    27. How to find OID version and patches applied on OID Home ?
    28. How to change OID 11g LDAP/LDAPS listen port
    29. How to find/audit Failed Login Attempts in OID 11g
    30. Step by Step configuration of OID Multi Master Replication – LDAP based in OID 11g
    31. OID 11g LDAP based Multi Master replication : Configuration Entries you must know
    32. Configure SSL for Oracle Internet Directory (OID)
    33. How to backup Oracle Internet Directory (OID) 11g – Data : Full / Partial
    34. SSL / Wallets in OID/OHS : How to manage certificates in Wallet using command line ?? ORAPKI
    35. How to debug OID : LDAP Error code 50 – Insufficient Access Rights
    36. What Hashing Algorithm OID uses to store user Password : SSHA or MD5

    10 Responses to “Server Chaining in OID”

    1. vamshi says:

      hi Atul,
      this topic is very minimal can you be much more detailed on this on how to sync different AD to OID and how to check if the OID is connected to AD and in sync

      Vamshi D

    2. ali-Salmiah says:

      hi kuman

      We install the OID with EBS R12.3, But the OID in other domain extgernal the main branch is not working, if doable with Oracle OID to help more than differnet domain


    3. ali-Salmiah says:

      hi kuman

      I have question on Oracle OID, can you give me you mobile please


    4. Sam says:

      Hi Atul,

      As a project requirement we have synchronized users from AD to OID ( using DIP.
      OID is configured as a User Identity Store for Oracle Access Manager. We have setup pass-through authentication (Server chaining) for the users which are synchronized from AD to OID.

      It is observed that the performance(Auth/sec) is low through server chaining authentication.

      Could you please suggest any performance tuning required to be done for server chaining.

      Currently tuning done on OID is:
      1. Orclmaxcc:10
      2. Orclserverprocs:2
      3. Orclskiprefinsql:1

      Thanks in Advance.


    5. Sam says:

      Hi Atul,

      Thanks for your reply.

      I have referred: http://docs.oracle.com/cd/E21043_01/oid.1111/e10029/serverchain.htm

      (36.2.1 Configuring Server Chaining by Using Oracle Directory Services Manager)

      There is no firewall in between OID and AD

      We ran a performance benchmarking tool “SLAMD” to get the “Authentications Completed Avg/Second” against OID and AD with following scenario.
      1. Local OID Authentication
      2. Active Directory Authentication
      3. OID authentication for the user`s synchronized from Active Directory (Pass-through AuthN)

      The test was executed for 25 Threads for 10 min, below are the test result:

      1. Local OID User (Authentications Completed Avg/Second) : 3326.908
      2. AD (Authentications Completed Avg/Second): 6458.750
      3. OID users Syncd from AD: (Authentications Completed Avg/Second): 102.350

      CPU and memory utilization for this entire test were 0% and 1.5% respectively


    6. Atul Kumar says:

      @ Sam,
      I would like to understand requirement of server chaining if you are syncing AD users to OID via DIP . If users password are only in AD and you wish to validate users password via AD then my view is that you don’t need server chaining, what you need is External Authentication Plug-In in OID so that OID authenticate user against AD .

      More on OID Authentication Plug-in http://docs.oracle.com/cd/E17904_01/oid.1111/e10029/authentication.htm#i1022418

    7. Sam says:


      The requirement to have DIP for user sync and Server Chaining for password is due to the fact that we integrting EBS with OAM, with OID as User Identity store and AD as a source of trust.


    8. Atul Kumar says:

      Sam, Drop me a mail with your phone number and timezone and I’ll share my phone number and we can chat. I don’t see any requirement for server chaining here as user is alreday in OID.

      My email Address atul [at] onlineAppsDBA.com

    9. Sam says:


      I have configured External Authentication plugin in my environment and could see raise in Auth Rate with Server chaining it was ~102. AuthN/Sec and with EAP its ~360 AuthN/Sec.

      Appreciate your help.


    Leave a Reply

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP