Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
ID 1263918.1 Active Directory OID 11g Synch Quick Start Guide

ID 1263918.1 Active Directory OID 11g Synch Quick Start Guide

Ratings: (0)|Views: 271|Likes:
Published by virtualmemory

More info:

Published by: virtualmemory on Mar 04, 2013
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





 Active Directory OID 11g Synchronization Quick Start Guide [ID 1263918.1]
Modified: Aug 20, 2012Type:REFERENCEStatus:PUBLISHEDPriority:3
In this Document
Applies to:
Oracle Internet Directory - Version to [Release 11g]Information in this document applies to any platform.
Detailed steps to implement synchronization between Microsoft Active Directory and OID 11g.
It is assumed that you have a successfully installed OID 11g and it's running, and that there is an existing Microsoft Active Directory already running.If OID11g hasbeen succesfully installed with the DIP component, you should see DIP listed in Enterprise Manager under Identity and Access.This Procedure will setup the synchronization process to do the proper mapping so that users created in Active Directory will be added to the OID Realm.Typical components in such an environment would be as follows:FMW 10.3.3FORMS
Step By Step Procedure To Setup Active Directory / OID Synchronization:-----------------------------------------------------------------------------
==========================1.If you are doing the import sync i.e from Active Directory to OID ,Grant the user account read access privileges to the sub tree root.The user account must be able to read all objects under the source container (sub tree root) in the Active directory that are to be synchronized with theOID.Also provide read access to DELETED Objects in ADTo verify whether a third-party directory user account has the necessary privileges to all objects to be synchronized with OID, use the command-lineldapsearch utility to perform a sub tree search, as follows:
$ORACLE_HOME/bin/ldapsearch -h <ADhost> -p <ADport> -D <bind dn>; -w <password> -b <DN of sub tree> -s sub"objectclass=*"
$ORACLE_HOME/bin/ldapsearch -h ADhost -p 389 -D "cn=Administrator,cn=users,dc=msad,dc=oracle,dc=com" -wwelcome1 -b "cn=users,dc=msad,dc=oracle,dc=com" -s sub "objectclass=*"
Microsoft Active Directory also allows an alternate syntax for credentials.For example:$ORACLE_HOME/bin/ldapsearch -h ADhost -p port -D "Administrator@msad.oracle.com" -w welcome1 -b "cn=users,dc=msad,dc=oracle,dc=com" -s sub"objectclass=*"The return results from the ldapsearch utility should include all objects of interest, including all attributes and values that will be synchronized.If you are doing a export or bi-directional synch, you will need an account with full READ/WRITE privileges on the container which you are synchronizing.11g DIP supported only with below Active Directory servers.1. Active Directory 2003, 2008,2008R12. ADAM - Version 1 with SP1 on Win2k3Click Hereto get Supported LDAP versions with 11g OID.
==================If you are doing a one-to-one mapping of the entries in Active Directory and OID, prepare the OID DIT to match the Active Directory using the Oracle DirectoryService Manager to create the necessary containers.
Any source and destination containers / domains that are listed under the profile's domain rules need to exist prior to bootstrap or sync sincebootstrap cannot create them on the fly and can only create additional domains/container underneath the listed domain/container.To manually create the AD OID integration profile and setup the synchronization perform the below steps.2.1.Launch the FMW Enterprise Manager console and login with weblogic user.2.2.Expand your domain and Navigate to Identity and Access2.3.Select DIP2.4.From the DIP Server drop down list select Administration , then Synchronization Profiles2.5.Using the navigation path, create a new DIP Sync profile with a name , you can give your name.For Example take it as AD2OID is the integration profilename , in this window you'll be asked to enter the AD details.Check the Profile.gif under attachements section of this note to see the screen shot of profile creation .For the attribute Use DIP-OID as Source or Destination , you need to select the option Destination if you are using import (AD to OID) sync or select Sourceoption if you are using Export (OID to AD) sync. Also source type you need to select Active Directory(MS) from the drop down next type.2.6.After Providing the above mentioned details in the general tab click on Test Connection Tab, If the provided values are correct you'll see the Informationdialogue saying that "Test Passed.Connection Successful"If the values provided for AD are wrong in the General tab , when you click on the Test Connection, you will get an Error dialogue saying Authentication Failure,Make sure that you provide the correct values and get connection Successful to move Further.2.7.Then Click on OK to Save the profile.Now select the AD2OID profile from the list of available profiles and click on Edit.
Do not enable the profile at this stage.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->