Copy of Oracle Internet Directory Integration With Microsoft Active DIRECTORY

8/2/2019 Copy of Oracle Internet Directory Integration With Microsoft Active DIRECTORY

1/4

Page 1 of4

Oracle Internet Directory Integration with Microsoft

Active Directory

In this post I will explain how to Integrate Oracle Internet Directory with Microsoft ActiveDirectory in DetailPre-requisites1.Install Oracle Identity Management Suite 10.1.4.0.1-Choose Infrastructure and MetadataRepository option and choose components SSO,ODISRV,AND All the components exceptCertificate Authroity and HA).2.Install Windows 2003 Server and Configure Microsoft Active Directory in that Server3.Bring these Servers in the same network.

Step -I.Login to the OID Server and invoke dipassistant(oracle directory integration and provisioningadmin console) using the following options

$dipassistant -guilogin as dipadmin and password will be the same as of the orcladmin super user which you gaveduring the installation of OID.

In the dipadmin console from the left pane in System Objects choose Active Directory beneaththe icon ConfigurationSet1 and In the right pane You will see the Express Configuration Wizard.

Enter the Active Directory Server information and in credentials enter the Superuser Accountas administrator@ and in the connector name give any reasonable name andif you press then the Import and export profile prepends the connector name and thenClick the check box Configure Access Control Policies if you want to enforce ACL.and thenpress OKto save this information which will start the actual integration.

On Successfull Integration dipadmin displays a success message which is given as below


2/4

Page 2 of4

Step II- Enable Bidirectional Synchronization in dipadmin for OID to ADTo achieve the bi-directional Synchronizationin dipadmin console choose the configuredconfigset1 in theleft pane(system objects and in the right pane you will see the configured adImport andadExport(since i have given

the connector name as ad).choose those connector profile and edit and Enable those profiles forboth export and Import.If You enable both ,then synchronization of Users is bi-directional(both ways)(i.e from OID toAD and from AD to OID).you can also note that bootstrap status(which has not started yet). I have given the screenshotsbelow for editingthe connector profiles.

Enable AD Import connector Profile

Enable AD Export connector Profile

Step-III.The initial migration of Users from Microsoft Active Directory to Oracle Internet Directory iscalled bootstrap process.to do the bootstrap we need to execute the command as shown below..

Migrating initial Users from AD to OID

Confirm the bootstrap is successfull by choosing the adImport profile (connector) in theconfigset1(in the right pane and doing an edit and check the status) which will show you thatbootstrap is successfull which i have shown below.

Check the bootstrap(migration of users from AD to OID) is successfull

Step IV:-Now the initial Import of Users from AD to OID is complete.To start the synchronization ofUsers that are created both in AD and OID we need to start the odiserver(odisrv) with theconfiguration set 1(the one we have configured with dipadmin) we have use the followingcommand

start the odisrv using configset1 to facilitate synchronization of Users bothways

You can also verify that synchronization has started by editing the profiles and checking thestatus or by checking odisrvlogs in $ORACLE_HOME/ldap/logs ,you can also find the trc andaud files for these connectors in $ORACLE_HOME/ldap/odi/logs.

Step 5:-The final step in the configuration process is to deploy the Active Directory ExternalAuthentication Plug-in,which validates user-supplied passwords with AD during a user login sequence.


3/4

Page 3 of4

The following steps involve execution of a Unix shell script.$ cd $ORACLE_HOME/ldap/admin$ sh oidspadi.shA series of messages and prompts will be displayed as the script executes. Sample promptresponses:

Please enter Active Directory host name: ad.vectorconsulting.co.ukDo you want to use SSL to connect to Active Directory? (y/n) nPlease enter Active Directory port number [389]: 389Please enter DB connect string: iasdbPlease enter ODS password: oracleadmin1Please enter confirmed ODS password: admin01Please enter OID host name: sso.vectorconsulting.co.ukPlease enter OID port number [389]: 13061Please enter orcladmin password: oracleadmin01Please enter confirmed orcladmin password: oracleadmin01Please enter the subscriber common user search base [orclcommonusersearchbase]:

cn=Users,dc=vectorconsulting,dc=co,dc=ukPlease enter the Plug-in Request Group DN:Please enter the exception entry property [(!(objectclass=orcladuser))]:Do you want to setup the backup Active Directory for failover? (y/n) n

Return to the Oracle Directory Manager console upon successful completionof the plug-in deployment process and navigate to the click the Plug-In Management fork.Make sure that the Plug-in Enable property is set for both adwhencompare and adwhenbind.TestingAt this point, OID has been populated with an initial set of users and groups via bootstrapmigration from Active directory,and the Oracle Directory Integration and Provisioning tool has been configured such that it willuse the Active DirectoryConnector to keep this information synchronized. The Oracle Directory Server has been directedto authenticate usersmigrated from Active Directory using the Oracle-supplied Active Directory ExternalAuthenticationPlug-in. It should now be possible to log in to Oracle SSO or any integrated applications like E-Business Suite usingone of the migrated Active Directory users with its corresponding password.

Note: The username must be of the form name@

Step VI:- open the Oracle Directory Manager and verify that Users are Imported from ActiveDirectory by navigatingto defaut domain and cn=Users and find the users of Active Directory which i have shownbelow.

Verify Active Directory Users are imported in OID


4/4

Page 4 of4

Now go to the Windows Active Directory Server and verify that OID users are migrated therewhich i have shown below

Active Directory Manage Users Screen

Verifying that orcladmin user(or whatever users in OID is populated in AD)

orcladmin user populated in AD

Step VII. create New Users in AD and verify that user is synchronized with OID.

Here For example i have created a user vivek rajendran in Active Directory domain and

verified its synchronizing in AD.

create a new user in active Directory

Verify the created User in AD is synchronized in OID

Step VIII.

Next Step is to create a test user in OID using oiddas self service webconsole .The screenshotsare as follows.

Final Step :

Verify that the user created in OID is reflected in AD

If you have any issues with the synchronization then you can view the aud,trc files above andalso verify the log files for the odisrv as shown below(ORACLE_HOME/ldap/odi/log)

ODISRV logs

I hope You all have understood the Integration of OID with AD and if you have integrated otherapplications like oracle E-Business suite and if bi-directional provisioning is enabled therethen when you create any user in the E-Business Suite ,they will be automatically enabled in Windows Active Directory and they will be able to log inas windows desktop Users.

Documents

Copy of Oracle Internet Directory Integration With Microsoft Active DIRECTORY