• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • OIM LDAP Sync : Overview and Key Points

    Posted by "" in "identity_manager, OIM" on 2011-10-31

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    OIM LDAP synchronisation (LDAP sync) is process to integrate OIM with LDAP server (OID, AD, ODSEE ..) so that users/groups/roles created in OIM are synchronised automatically with LDAP server.

    • LDAP sync can be configured during OIM configuration phase or later.
    • In OIM 11.1.1.3,  OVD (Oracle Virtual Directory) is mandatory to integrate OIM ldap synchronisation where as from OIM 11.1.1.5 onwards OVD is optional component for OIM LDAP sync. If you don’t want to use OVD then from version 11.1.1.5, OIM comes with identity virtualization Library (libOVD). If libOVD is not used then OIM should use an instance of OVD for LDAP synchronisation.
    • When LDAP sync is enabled in OIM, four default jobs are enabled
      a) LDAPSync Post Enable Provision Users to LDAP
      b) LDAPSync Post Enable Provision Roles to LDAP
      c) LDAPSync Post Enable Provision Role Membership to LDAP
      d) LDAPSync Post Enable Provision Role Hierarchy to LDAP
    • To enable LDAP Sync post OIM configuration use steps mentioned here
    • To disable LDAP Sync in OIM, delete EventHandlers.xml from MDS and disable Jobs (mentioned above). For steps click here
    • OIM LDAP Sync creates OIM users in LDAP server under default user container configured during LDAP Sync configuration. If you wish to change user container based on user/role attributes (for example users with attribute value country=US should go to container cn=US,cn=User,dc=domain and users with attribute value country=UK should go to cn=UK,cn=User,dc=domain ) then modify /db/ldapContainerRules.xml in MDS. More information here
    • OIM calls plug-in that implements interface oracle.iam.ldapsync.LDAPContainerMapper . This plug-in is defined by OIM system property LDAPContainerMapperPlugin. The plug-in reads user/group container value (location where it needs to sync data in LDAP server) from XML file stored on MDS schema in OIM database (/db/LDAPContainerRules.xml) .
    • You can enable logging for LDAP using logger “oracle.iam.ldap-sync” from Fusion Middleware Enterprise Manager Console. More on Logging & Auditing in OIM in chapter 13 of my book Oracle Identity and Access Manager 11g for Administrators at Amazon  or Packtpub

    Related Posts for Identity Manager


    1. Oracle Identity Manager (User Provisioning – Thor)
    2. Installing Oracle Identity Manager (Thor Xellerate)
    3. Oracle Identity Manager 9.1 released
    4. Oracle Identity Manager (Thor Xellerate) Architecture
    5. Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
    6. Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
    7. Step by Step Installation of OIM Design Console 9.1.0
    8. Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
    9. Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
    10. PurgeCache in OIM 11g : CategoryName
    11. OIM LDAP Sync : Overview and Key Points
    12. OIM 11g : How to export/import/delete Files from MDS
    13. Where are OAM details stored in OIM (account unlock, password reset)
    14. libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
    15. Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
    16. OIM 11g Challenge Questions (PCQ) for forgot password
    17. Oracle EBS Integration with OIM (Identity Manager) : Things you should know
    18. Users not synced from OID to OIM : Debug Scheduled Job
    19. OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
    20. Connector Server for OIM connectors : .NET or JAVA
    21. OIM 11g Challenge Questions – Everything you must know
    22. OIM 11g How to add Challenge Questions
    23. OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
    24. OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
    25. OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
    26. Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
    27. Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
    28. Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
    29. 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
    30. Your account is locked. You can unlock your account by going to Forgot Password
    31. OIM 11g : How to find User and Manager details : USR table
    32. OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
    33. OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
    34. Oracle Identity Manager BP07 for 11gR1 PS1 11.1.1.5.7 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
    35. OIM 11g : SQL to List User’s Manager
    36. OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked
    37. OIM 11g: Beware if you are applying WebLogic patch !
    38. Help Me : Microsoft Active Directory Password Sync version and latest patch for Oracle Identity Manager 9.1.1.5
    39. Upgrade OIM connector for Microsoft Exchange to 11.1.1.6 Part I
    40. OIM Administrators : Is your OIM database Growing ? Do you purge enough ?
    41. EBS Integration with OIM : Employee Reconciliation : NumberFormatException: “BUSINESS_GROUP_ID”
    42. OIM EBS User Management : eBusiness UM Lookup Definition Reconciliation failed with Invalid Schedule Task Parameter

    13 Responses to “OIM LDAP Sync : Overview and Key Points”

    1. […] Identity Manager (OIM) configured with LDAPSych also uses change log to reconcile data from […]

    2. […] oimadmin user is used to synchronise users from OIM to OID ( LDAPSync ) Note: xelsysadmin created here is used to logon to OIM as […]

    3. […] between OIM 11g and OID (or other LDAP Servers) can be synchronised either using LDAPSync  (For LDAPsync with OVD check here ) or using OIM connectors (For OID connector click […]

    4. vin says:

      hi,

      I am trying to modify LDAPContainerrules.xml according to the organizations i.e using act_key . When organization=org1 (i.e act_key=21) provision the user in “l=amer,dc=oracle,dc=com” container.
      We have mapped OID attribute “o” to OIM act_key and this mapping works. When we create a user, the “o” in OID gets updated to 21.

      act_key=21 l=amer,dc=oracle,dc=com

      act_key=21 l=apac,dc=oracle,dc=com

      Default l=users,dc=oracle,dc=com

      Default
      Default l=roles,dc=oracle,dc=com

      Also when we do it using attribute “First Name” it worked as shown below.
      But it is not working for act_key.
      Can you suggest how can we provision users based on organization using LDAPcontainerrules.xml

      First Name=user1 l=amer,dc=oracle,dc=com

      First Name=user2 l=apac,dc=oracle,dc=com

      Default l=users,dc=oracle,dc=com

      Default
      Default l=roles,dc=oracle,dc=com

    5. vin says:

      Sorry, the act_key rule is as below –

      act_key=21 l=amer,dc=oracle,dc=com

      act_key=22 l=apac,dc=oracle,dc=com

      act_key=23 l=ajac,dc=oracle,dc=com

      Default l=users,dc=oracle,dc=com

      Default
      Default l=roles,dc=oracle,dc=com

    6. vin says:

      Sorry, the act_key rule is as below –

      act_key=21 l=amer,dc=oracle,dc=com

      act_key=22 l=apac,dc=oracle,dc=com

      act_key=23 l=ajac,dc=oracle,dc=com

      Default l=users,dc=oracle,dc=com

      Default
      Default l=roles,dc=oracle,dc=com

    7. […] OAM & OAAM. Users between OIM & OID are synced using libOVD or OVD . More on libOVD in OIM here and here d) OIM is used for password reset and account unlock More on How lock/unlock should […]

    8. […] installation or later can be integrated with LDAP server using LDAPSync . More on LDAP Sync here, here, […]

    9. […] this case) using LDAPSync (OIM should be configured with LDAPSync enabled. More on LDAPSync here, here, and here). This process will also clear two attributes obLockoutTime, and obLoginTryCount (OAM […]

    10. […] 5th, 2012 byAtul Kumar in oam, oid, OIM When you enable LDAPSync (More on LDAPSYnc here, here, and here ) in OIM 11g (LDAPSync is mandatory to integrate OIM with OAM for SSO), users […]

    11. […] LDAP Server (If OIM is configured with LDAP SYNC) to know more about LDAP SYNC with OIM 11g click here, here, […]

    12. […] will see error in OIM logs as ‘<user> No Such User‘): Make sure LDAPSync (more here and here) is enabled between OIM and LDAP (configured as Identity Store in OAM) . More on […]

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP