Using OUD with Oracle Directory Integration Platform (DIP)

This post will guide you through configuring OUD as a DIP backend instead of OID.
Such deployment is supported since DIP 11.1.1.7.0  (PS6).

1- Install OUD and configure 1 suffix to be synchronized, e.g. dc=example,dc=com

HOST=beagle
PORT=1389
SPORT=1636
APORT=4444
ADMIN="cn=Directory Manager"
PASSWD=welcome1
PW_FILE=/tmp/pwd
echo $PASSWD > "$PW_FILE"
oud-setup --cli --hostName "$HOST" --ldapPort $PORT --ldapsPort $SPORT --adminConnectorPort 4444 --rootUserDN "$ADMIN" --rootUserPasswordFile "$PW_FILE" --generateSelfSignedCertificate --enableStartTLS --baseDN dc=example,dc=com --addBaseEntry --ldifFile /home/sylvain/lib/ldif/Example.ldif --no-prompt --noPropertiesFile

2- Configure a suffix holding DIP configuration

DIP stores its configuration in cn=Products,cn=oracleContext.
You must create and initialize a local backend holding the cn=oracleContext suffix with the commands below:

dsconfig create-workflow-element --set base-dn:cn=oraclecontext --set enabled:true --type db-local-backend --element-name myNewDb --hostname $HOST --port $APORT --bindDN "$ADMIN" --bindPasswordFile "$PW_FILE" --trustAll --no-prompt
 
dsconfig create-workflow  --set base-dn:cn=oraclecontext  --set enabled:true  --set workflow-element:myNewDb  --type generic  --workflow-name workFlowForMyNewDb  --hostname "$HOST"  --port $APORT --bindDN "$ADMIN" --bindPasswordFile "$PW_FILE" --trustAll  --no-prompt
dsconfig set-network-group-prop  --group-name network-group --add workflow:workFlowForMyNewDb --hostname $HOST --port $APORT --bindDN "$ADMIN" --bindPasswordFile "$PW_FILE" --trustAll --no-prompt

then create top entry and Products entry:

ldapmodify -a -p $PORT -h $HOST -D "$ADMIN" -w "$PASSWD" <<EOF
dn: cn=oraclecontext
objectClass: top
objectClass: container
dn: cn=Products,cn=oraclecontext
objectClass: top
objectClass: container
EOF

3- Enable changelogs

DIP stores its configuration in cn=Products,cn=oracleContext.OUD uses OUD changelogs for both data anc configuration to detect changes efficiently.

dsreplication enable-changelog --no-prompt --baseDN "dc=example,dc=com" --hostname "$HOST" --port $APORT --bindDN "$ADMIN" --adminPasswordFile "$PW_FILE" --trustAll

dsreplication enable-changelog --no-prompt --baseDN "cn=Products,cn=oraclecontext" --hostname "$HOST" --port $APORT --bindDN "$ADMIN" --adminPasswordFile "$PW_FILE" --trustAll

4- Grant access to synchronized data

ldapmodify -h localhost -p 1389 -D "$ADMIN" -w "$PASSWD" <<EOF
dn: dc=example,dc=com
changetype: modify
add: aci
aci: (target="ldap:///dc=example,dc=com")(version 3.0; acl "Entry-level DIP permissions"; allow (all,proxy) groupdn="ldap:///cn=dipadmingrp,cn=DIPadmins,cn=Directory Integration Platform,cn=Products,cn=oraclecontext"; allow (all,proxy) groupdn="ldap:///cn=odipigroup,cn=DIPadmins,cn=Directory Integration Platform,cn=Products,cn=oraclecontext"; )
-
add: aci
aci: (targetattr="*")(version 3.0; acl "Attribute-level DIP permissions"; allow (all,proxy) groupdn="ldap:///cn=dipadmingrp,cn=DIPadmins,cn=Directory Integration Platform,cn=Products,cn=oraclecontext"; allow (all,proxy) groupdn="ldap:///cn=odipigroup,cn=DIPadmins,cn=Directory Integration Platform,cn=Products,cn=oraclecontext";)
EOF

Note: Make sure to enable LDAPS port (LDAP over SSL) if you plan to synchronize userPassword with DIP as this is required for obvious security reasons.

5 – Install DIP

The procedure is described in http://docs.oracle.com/cd/E23943_01/install.1111/e12002/oud.htm#CHDEDHBG Make sure to Install DIP only (do not run the Configure procedure as it is OID specific)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s