Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) B14085-02 |
|
Previous |
Next |
This section contains these topics:
Synchronization Between Oracle Internet Directory and SunONE Directory Server
Synchronization of Deletions from SunONE Directory Server to Oracle Internet Directory
Synchronization with SunONE Directory Server is based on reading incremental changes from the source directory to the destination directory. If changes are to be made in both directories, then both directories need to have change logging enabled.
See Also:
|
If you want to synchronize deletions, and the mapping rules have mandatory attributes, then be sure that the tombstone is configured correctly.
To verify that the tombstone is configured in SunONE Directory Server, execute the following command:
$ORACLE_HOME/bin/ldapsearch -h connected_directory_host -p connected_directory_port -D connected_directory_account -w connected_directory_password -b source_domain -s sub "objectclass=nstombstone"
This returns information on all deleted entries.
See Also: SunONE documentation for details about configuring tombstones |
Note: Tombstones are automatically configured on the SunONE Directory Server if replication is enabled. |
Oracle components are clients of Oracle Internet Directory. However, in an integrated environment, you have the option of storing security credentials for those components in an external repository —in this case, SunONE Directory Server—rather than in Oracle Internet Directory. When security credentials are stored in an external repository, user authentication to an Oracle component happens in the external repository and not in Oracle Internet Directory.
To communicate with the external repository, the Oracle component relies on the Oracle directory server. The Oracle directory server, in turn, uses a plug-in that can access the external repository. The entire authentication process is transparent to the Oracle components, which perceive all the LDAP requests as being handled by the Oracle directory server.
To verify a user's security credentials, an Oracle component can, by way of the Oracle directory server, send to the external repository a simple bind with a request for one of the following:
Non-SSL ldapbind
SSL ldapbind
ldapcompare
When an Oracle directory server has the plug-in configured and enabled, the following process occurs to authenticate a user to an Oracle component.
The user seeks access to an Oracle component.
The Oracle component, which is a client of Oracle Internet Directory, receives the authentication request, and passes to the Oracle directory server either an ldapbind or ldapcompare request.
The Oracle directory server passes the control to the plug-in.
The plug-in issues the request to the external repository.
The plug-in obtains the results of that request and passes the results back to the Oracle directory server.
The Oracle directory server passes the results back to client application, which then grants or denies access to the user.