Oracle Virtual Directory

From theory to practice and beyond!

David Yahalom Senior Database Consultant davidy@xpert.com
www.davdyahalom.com

www.xpert.com

Agenda
• • • • • Introduction to LDAP for DBAs Oracle Directory Services overview Oracle Virtual Directory Demo! Q&A

LDAP for DBAs
The basics of LDAP

LDAP

LDAP
What is a directory service?

• A service that provides information about people and resources to a client requesting information
• Information may be name, telephone number, email address… • Client may be a persons and/or applications. • Most common example: phone books.

LDAP

LDAP
Lightweight Directory Access Protocol

• LDAP is a way to communicate with a directory service. • LDAP = protocol. • LDAP Information Directory = a database, just not a relational one. • LDAP Server – just like an RDBMS server:
• Stores data, Process queries, Update “records”.

.LDAP LDAP What LDAP is not? • LDAP is NOT a directory! • LDAP is a way to access a directory's contents like FTP is a way to access a file server's contents.

what. .LDAP LDAP So what is it? • An hierarchal database. • Similar to DNS trees and UNIX file systems. where. • • • • Optimized for extremely fast read operations. Use ACL to limit access based on: who. Standard compliant. Very easy to “talk” with.

Configuration information for software deployment. . Asset management. Public certificates and security keys.LDAP LDAP Information Directory • Typical usages: • • • • Store contact information (company phone book).

dc=xpert. Similar to DNS trees and UNIX file systems.LDAP LDAP Information Directory • LDAP presents a distributed. hierarchic tree of information. dc=com ou=DBAs ou=Peo ple ou=Car s ou=DEV s ou=Ven dors ou=Ven dor1 ou=Vend or2 .

. • Read DN backwards. up the entire LDAP tree.LDAP LDAP Information Directory • Record / data structure: • Each LDAP record is identified by a single-unique distinguished name (DN).

dc=com dc=xpert.dc=xpert. dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s .ou=DBAs.LDAP LDAP Information Directory • Sample LDAP record: Cn=DavidYahalom.

ou=DBAs. dc=com dc=xpert.LDAP LDAP Information Directory • Sample LDAP record: Cn=DavidYahalom. dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s .dc=xpert.

ou=DBAs.LDAP LDAP Information Directory • Sample LDAP record: Cn=DavidYahalom.dc=xpert. . dc=com • Composed from: • BASE_DN (root of the LDAP tree) • OU • RDN (left most part of the LDAP entry).

dc=com BASE DN dc=xpert.LDAP LDAP Information Directory • Example LDAP record: Cn=DavidYahalom.ou=DBAs.dc=xpert. dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s .

dc=xpert.ou=DBAs.LDAP LDAP Information Directory • Example LDAP record: Cn=DavidYahalom.dc=com BASE DN • Several BASE DN formats exist. .

dc=xpert.ou=DBAs.LDAP LDAP Information Directory • Example LDAP record: Cn=DavidYahalom. dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s .dc=com Organizational Unit dc=xpert.

dc=xpert.ou=DBAs.dc=com Organizational Unit • OUs (or Organizational Units) allow for more comfortable record management. .LDAP LDAP Information Directory • Example LDAP record: Cn=DavidYahalom. • Divide the LDAP information directory to different “folders”.

sort by position… • ou=oracle_consultants • ou=unix_consultants • ou=storage_consultants .LDAP LDAP Information Directory • OU examples.

LDAP LDAP Information Directory • Or for each type of entry… • ou=users • ou=computers • ou=cars .

LDAP LDAP Information Directory • Or both… • ou=oracle_consultants • ou=users • ou=computers • ou=cars • ou=unix_consultants • ou=users • ou=computers • ou=cars … .

dc=com .ou=users.dc=xpert.ou=DBAs.LDAP LDAP Information Directory • Example: Cn=DavidYahalom.

ou=DBAs. dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s .dc=xpert.LDAP LDAP Information Directory • Example LDAP record: Cn=DavidYahalom.dc=com RDN – Relative Distinguished Name dc=xpert.

dc=xpert. .LDAP LDAP Information Directory • Example LDAP record: Cn=DavidYahalom.ou=DBAs. • The leftmost set of information in the LDAP tree.dc=com RDN – Relative Distinguished Name • Portion of the LDAP record never related to the directory structure.

dc=com • Base DN: • Parent DN: • RDN: dc=xpert.dc=com ou=DBAs.LDAP LDAP Information Directory Cn=DavidYahalom.ou=DBAs.dc=xpert.dc=com Cn=DavidYahalom .dc=xpert.

dc=xpert.LDAP LDAP Information Directory Cn=DavidYahalom.dc=com ou=DBAs.dc=com • Base DN: • Parent DN: dc=xpert.ou=DBAs.dc=com RDN: Cn=DavidYahalom .dc=xpert.

LDAP LDAP Information Directory Cn=DavidYahalom.dc=com • Base DN: • Parent DN: RDN: Phone dc=xpert.ou=DBAs.dc=com Pager ou=DBAs.dc=xpert. Name Cn=DavidYahalom ? .dc=xpert.dc=com Email Employee ID Address Login name Cell no.

• Every LDAP directory entry has “attributes”.LDAP LDAP Schema • LDAP SCHEMA • A schema specifies the types of objects that a directory may have and the attributes of each object type. . • A template for the object.

LDAP LDAP Schema • LDAP SCHEMA • A schema specifies the types of objects that a directory may have and the attributes of each object type. • Every LDAP directory entry has “attributes”. . • A template for the object.

. • LDAP directory objects can also be hierarchal and inherit.LDAP LDAP Schema • Each type of LDAP entry is part of an LDAP directory object.

the primary contact's phone. email information… . mail server… • Customer contact lists: • company name. fax. employee number. login name.LDAP LDAP Information Directory • Username: • full name. Password.

LDAP LDAP Information Directory • Example of user object: • • • • • • • • • cn: username: city: department: phone: phone: phone: email_box_size: computer_sn .

com city: Tel_Aviv department: Oracle_Consultants phone:0524423233 phone:0522343222 phone:0343234433 email_box_size: 20m computer_sn: GHT3422 . ou=DBAs. dc=com • • • • • • • • • cn: DavidYahalom username: davidy@xpert.LDAP LDAP Information Directory dn: cn=DavidYahalom. dc=xpert.

• userpassword: User's encoded/hashed password .LDAP LDAP What are all these mambo-jumbos? • • • • • • • • • • DN: Distinguished Name DC: Domain Component O: Organization OU: Organizational Unit L: Locality (city) CN: Common Name UID: Unique Identifier (usually login name) MAIL: Email address SN: Surname (user's last name) sAMAccountName: Active Directory's Login Name (may also be CN). Case sensitive in MS AD.

Oracle Directory Services Oracle Fusion middleware .

Oracle Fusion Middleware .

. •content management.Oracle Fusion Middleware • A portfolio of: •J2EE and developer tools. •business intelligence. •Collaboration. •integration services.

•A rebranding of many of Oracle's products outside their core database and applications software offerings. .Oracle Fusion Middleware •Many of the products in Fusion are not middleware products.

Oracle Fusion Middleware .

Oracle Fusion Middleware Identity Management .

Oracle Directory Services Virtualization Synchronization Storage Oracle Virtual Directory Oracle Directory Integration Platform Oracle Internet Directory .

Oracle Directory Services Virtualization Synchronization Storage Oracle Virtual Directory Oracle Directory Integration Platform Oracle Internet Directory .

special-purpose distributed database designed to enable the storage and retrieval of entry-oriented information for a wide range of applications” Oracle Virtual Directory .Directory Service? “A flexible.

Virtual Directory? Library Oracle Virtual Directory Microsoft Active Directory Sun Java Directory Oracle Internet Directory .

Oracle Virtual Directory LDAP WEB SERVICES WEB GATEWAY Oracle Virtual Directory VIRTUALIZATION ENGINE JOIN VIEW Local Store LDAP DB NT Custom Oracle Virtual Directory Product Architecture .

• Directly accesses remote repositories.Oracle Virtual Directory • Normalize and Unify multiple directories. • Unifies multiple directories into a single access point • LDAP interface to relational databases and/or anything Java can connect to. Oracle Virtual Directory .

• Easy to setup and manage via our Management client . • Can act as an LDAP proxy and firewall.Oracle Virtual Directory Oracle Virtual Directory • Allows a unified view of an entry using data from multiple repositories.

Oracle Virtual Directory Employee Directory Portal Customer Directory Enterprise LDAP without synchronization! HR Database .

Oracle Virtual Directory .

Oracle Virtual Directory .

data integrity issues of sync solutions .Case Study – Coca Cola BUSINESS CHALLENGE • Minute Maid division was being positioned for spin-off. requiring separate IT infrastructure • SAP Portal required a single view of all users across both infrastructures ORACLE SOLUTION • Oracle Virtual Directory • 1 Day POC • Worked instantly and could be deployed in production quickly • Low TCO • Low/No cross-division political impact RESULTS • Customer self-installed in 1 day • SAP Portal went into production in under 30 days with all users • Almost no daily maintenance vs.

com www.Demo! David Yahalom davidy@xpert.davdyahalom.com www.com .xpert.

com www.com www.xpert.com .davdyahalom.Questions? David Yahalom davidy@xpert.

com www.Thank you! David Yahalom davidy@xpert.xpert.davdyahalom.com www.com .

Sign up to vote on this title
UsefulNot useful