Oracle Directory Services Stories

We got a question from a customer via our comments:

We are looking to deploy OVD and the AD connector in our environment. Our environment contains several domains with various levels of trusts. We are looking for best practices on this type of deployment. Currently we have deployed OAM/OID and OIM.

This is a common deployment scenario - customer has multiple LDAP directories (in this case they are different Active Directory domains). The simplest approach is to have a common root such "dc=mydomain,dc=com". And then create an LDAP adapter for each domain. These adapters will be created as branches for example imagine you have one domain for HQ, one for Finance and one for Engineering you could configure OVD so that each become "virtual" children such as "ou=hq,dc=mydomain,dc=com" , "ou=finance,dc=mydomain,dc=com" and "ou=engineering,dc=mydoman.com". Each of these adapters can be mapped to the proper remote branch. OVD will take care of translating the directory names (aka Distinguished Names).

Then when configuring applications that use LDAP for authentication and authorization, you would set their search domain to "dc=mydomain,dc=com". When this is done - the application will be able to authenticate any user found in any of those domains, regardless of any trust relationships. This is because trusts don't really apply to LDAP operations (they are a relationship mechanism via Kerberos).

More information on configuring this kind of setup can be found on the OVD-OAM Oracle By Example.

Thank you for the question and let us know if you need any further clarification.

We have gone live with our resource kit on how to centrally manage Oracle database accounts in Active Directory and Sun Directory. The kit includes a webcast of a customer case study, a podcast discussing the technology and whitepapers.

The resource kit can be found here.

Oracle and State of Delaware released a joint press release on how the State of Delaware has used Oracle Identity & Access Management Suite to enable their eGovernment initiative. And Oracle Virtual Directory is key to enabling this solution.

If you are going to be at Oracle OpenWorld 2008 be sure to check out the presentation with State of Delaware and Oracle on their use of Oracle Virtual Directory.  Or if you can't make the presentation - be sure to at least visit our booth.

The presentation details:

Read our new white-paper on MKB Bank and how they used OVD to centralize database accounts in Active Directory. This solution was integrated with their existing 3rd party provisioning system and helped eliminate helpdesk calls about database passwords.

Welcome to the Oracle Directory Services Blog!

What’s your first reaction when you heard Directory Services?

Very likely, you may say: “oh, that is a mature technology and what can be interesting about that?” It is true that LDAP directory as a standard and technology is mature and widely adopted. It is also because of its wild success, LDAP directories were deployed at enterprise level, departmental level, and application level. As a result, you have too many directory silos with identities spreading everywhere. The identity silo issue is further compounded with database identity stores for similar reason. Now, you may have felt the pain points enterprises have.

The interesting and challenging question is how to enable on-demand identity services for applications in a way that is manageable. Directory consolidation is an obvious answer, but too costly, time consuming, and even impractical to do, while adding more identity stores with synchronization only further complicates the situation. Virtualization enables access to identity data anywhere and delivers quick ROI, but does not directly address the pain of managing existing infrastructure silos.

A practical approach is to architect them together – virtualization and consolidation, and that is what Oracle Directory Services offers for a complete solution. With Oracle Virtual Directory (OVD), you can unify identity data without consolidating, and reuse identity data without copying. With Oracle Internet Directory (OID), you can consolidate, store, and synchronize identity data with high scalability, availability, and security.

This blog will focus on information about Oracle Directory Services products, directory best practices, customer case studies, innovations, and industry trend.

Stay tuned.

Forest