An unknown secret with Oracle Directory Services is that we have two ways to virtualize data stored in a database as LDAP.
One of course is via Oracle Virtual Directory's Database adapter.
The other is Oracle Internet Directory.
My focus on this post is to help provide guidance on the purposes of each option.
OVD Database Adapter
The OVD Database adapter uses Java's JDBC specification to connect to databases. This basically means anything with a JDBC interface is fair-game to connect to.
The OVD adapter is best suited for cases where you have existing user identity information stored in a database that you need or wish to expose via LDAP without needing to copy the data from the database into another repository.
This simplifies the management and reduces the time needed to implement such a solution. We have several customers that use OVD for this including ones with million or more user entries.
Another reason to use the DB adapter is if you have large LDAP Groups to manage and you want a more efficient mechanism to manage group membership than LDAP updates. By storing groups (which effectively become name value pairs in a single table in the database) in the database, you can do updates via SQL statements, which when it comes to very large groups, can be more efficient than updating members (though OID's large group management is better than most other LDAP vendors).
OID
If you are familiar with OID - you might be wondering why I put OID into a post about virtualizing database as LDAP.
The reason is that OID stores all of its data into an Oracle database.
And occasionally we get requests from an OVD perspective like "I have new directory information to store and I wish to store it in a database". Usually this is because they have experienced DBAs and Database management practices around storage that they want to continue to use.
In this case - we recommend OID. This is because OID is optimized to store general purpose LDAP data (as opposed to exposing existing database data) within an Oracle database. General purpose LDAP data management in a database requires a specific optimized database schema and SQL. This is work we have done on OID over the past decade and it does it pretty well.
While in theory you could do the same thing with OVD's DB adapter - it's not going to be as optimized and require more work than if you just used OID.
Summary
Need to expose existing data in database as LDAP -- OVD
Need to store general purpose LDAP into database -- OID
« Get Your Hot Off the Grill Preview Release of Centralized Security and User Authentication Services for Linux | Main | A Question on OID as 'Virtualization of LDAP in DB' »
Virtualizing Databases as LDAP
Search All Blogs
Google Search
About This Entry
This page contains a single entry from the blog posted on September 11, 2007 6:37 AM.
The previous post in this blog was Get Your Hot Off the Grill Preview Release of Centralized Security and User Authentication Services for Linux.
The next post in this blog is A Question on OID as 'Virtualization of LDAP in DB'.
Many more can be found on the main index page or by looking through the archives.
Comments (2)
Hi,
Nice Blog!
I am a newbie to OIM. What I understood from your post is that
I am suprised to hear that OID can be used to virtualise LDAP data....
Is it similar to what we call integration of different LDAP directories?
If yes.. then how is it virtual? Because what ever changes you make to one like e-directory (when import is used to integrate with OID) the same changes are reflected in OID.
Posted by Rave | September 15, 2007 5:59 PM
Posted on September 15, 2007 17:59
Thank you
Posted by Rave | September 15, 2007 5:59 PM
Posted on September 15, 2007 17:59