I am writing this article to make it clear then you can decide what 'the
best' option is the 'one' to follow into your solution:
1)Ldap Synch is a new feature
that allows synchronization between OIM and OID. So, basically we cannot see
all that tables into OIM Schema, but we can also follow some of them as 'Recon Events’
and 'Recon Errors' table to be populated.
For example:
•select a.RE_key,C.USR_LOGIN,C.USR_EMAIL,C.USR_FIRST_NAME,C.USR_LAST_NAME,B.USR_KEY,B.UGP_KEY,B.RE_ENTITY_TYPE,B.RE_CHANGE_TYPE,B.RE_LINK_SOURCE,B.RE_NOTE,B.RE_REASON,to_char(B.RE_CREATE,'DD/MM/YYYY HH24:MI:SS') RE_CREATE,to_char(B.RE_MODIFY,'DD/MM/YYYY HH24:MI:SS') RE_MODIFY,B.RE_KEYFIELD,A.RECON_ACT_KEY,A.RECON_USR_EMAIL,A.RECON_ORG_NAME,A.RECON_USR_TYPE,A.RECON_USR_EMP_TYPE,A.RECON_USR_PASSWORD,A.RECON_ORCLGUID,A.RECON_GIVENNAME,A.RECON_SN,A.RECON_DESCRIPTION,A.RECON_CN,A.RECON_DN,A.RECON_CHGLOGATTR_IDXLST,D.RJ_NAME,D.RJ_JOB_STATUS,to_char(D.RJ_END_TIME,'DD/MM/YYYY HH24:MI:SS') END_TIME,to_char(D.RJ_START_TIME,'DD/MM/YYYY HH24:MI:SS') START_TIME, D.RJ_TOTAL_TIME from OIM.RA_LDAPUSER A, OIM.RECON_EVENTS B, OIM.USR C,OIM.RECON_JOBS D where A.RE_KEY=B.RE_KEY and b.usr_key=c.usr_key and c.usr_email=‘Thiago.leoncio@server.com' and b.rj_key=d.rj_key order by RE_MODIFY desc
2)LDAP sync now is a mandatory
element for OIM11G-OAM11G integration. In the integrated scenario LDAP sync
provides complete password lifecycle management. Only Users and Roles (roles
details, hierarchy parts, membership attribute) are the main elements. LDAP
sync does not synchronize Organizations.
3)You can keep working with
OIM Audit part, but only the features related of UPA_* tables
For example:
•select b.usr_login,a.field_name,a.field_old_value,a.field_new_value,a.create_date,a.update_date
from OIM.usr b, OIM.upa_usr c, OIM.upa_fields a
where 1=1
and c.usr_key=b.usr_key
and a.upa_usr_key = c.upa_usr_key
and upper(b.usr_email) like upper('%thiago.leoncio%') and upper(b.usr_login) like upper('%thiago.leoncio%')
order by a.upa_fields_key desc
4) OID Ldap sync you don't need to worry about policies(eg: access) , Synch is very straight forward process. And for example: from OID doing reconciliation to OIM we have Ldap User,Role, Hierarchy and Membership that do their job to make this 'synch process' pretty and simple. Then, from OIM to OID we have bunch of EventHandlers related that goes and send info to OID update them. Also, from reconciliation perspective, full reconciliation here works as it shows: doing a full update on OIM. And incremental one reconciles based on last changelog into OID, for example, if you do a simple ldapmodify against any user into OID, it will change changelog there.
5)OID connector adds the LDAP
instance as a resource or target system in OIM. There are a number of actions
you can attach around your target systems such as: Workflows, provisioning
operations, approvals, requests etc.
6)OID LDAP sync can be setup while
installation of Oracle Identity Manager, or if you prefer, late.
I hope this helps,
Thiago Leoncio.
Very helpful. Can you suggest a good resource for configuring and deploying OID connector.
ReplyDeleteHey Oradb,
ReplyDeleteI did one video[OID connector installation] 1 year ago. Please let me know if it helps you:
http://www.youtube.com/watch?v=7MzeyCtk4IE
I hope it helps,
Thiago Leoncio.
Is there a following video available for IT resource and completing the connector installation?
ReplyDeleteUnfortunately not, oradb. I have couple of videos there. I am still working to create more helpful ones .
ReplyDeleteThiago Leoncio.
Ok, thanks. Do you have a email address that can send you email? Thanks.
ReplyDeleteThanks for the useful info.
ReplyDeleteDo you think that OID connector is not required
if you are using OIM/OID 11g. ? I am not sure could u tell
Also
with LDAP sync would reconcile users from OID to OIM 11g. also
Users created in OIM will always be in sync with OID ? right ?
IF the EBS instance which is integrated with OAM-OID-SSO 11g
Does it mean that by doing the LDAP SYNC OID-OIM that users created in EBS which is integrated with OID would automatically be synced with OIM or we 've to Use or install the EBS connectors in order to get it integerated with OIM.?
Thanks!
Priya
This comment has been removed by the author.
DeletePriya, III answer for you the question I know, as I am not expert EBS solutions, but from solution perspective it sounds good for me.
Delete1) OID connector is not required when you are using OIM and OID 11g for ldapsync.
2) yes, with ldapsynch there are some reconciliation process to reconcile, users, groups and their relationships to OIM.
3)You don't need EBS connector for that if the flow is this EBS-->OID-->OIM. So, once you create a user into EBS, it goes to OID and that place in OID is being reconciled with OIM.
I hope I answered all your questions.
thx,
THiago Leoncio.
Just to Add more to the above query
ReplyDeleteI 've implemented SSO with Oracle EBS R12. as i mentioned that EBS is already integrated with OAM-SSO-OID 11g using Accessgate 11g.
Also using LDAP sync feature I 've integrated OIM with same OID successfully which is already integrated with EBS & OAM.
As I wanna use User provisioning & responsibility assignment via OIM
so Need to Integrate OIM with OAM.
Could you tell how it could be done.
After searching many metalink note and Oracle Docs. like http://docs.oracle.com/cd/E23943_01/doc.1111/e15740/oim.htm
I could NOT find any Solution which is fitting this scanrio. Need Your Expert Advise,...
As to Reemphasize the query.
In Order to integarate OIM with OAM And both the server is already in sync with the Same OID. Irrespective of the authorization information
so how to Integrate them now i mean in this Scenario ?
Also The Mute Point is for each Partner application like EBS (Plz assume as of now this is the Only Partner application)
Do i 've to Install EBS Connectore to get It integrated it with OIM in this Scenario ?
Really Appreciate the Response.
Thanks!
Priya
What is exact importance of having LDAP sync enabled for oim and oam integrated scenario
ReplyDelete