As a follow-up to my post on minimizing schema changes in AD when using OVD-EUS - a customer asked if you could use Shadow Join to eliminate schema changes with OVD-EUS.
The Shadow Join is a default join-type in OVD that allows OVD to redirect data updates for certain attributes to be sent to OID or ODSEE instead of the enterprise directory. It's different than a traditional join (like simple join) in that a simple join, you are linking existing data sources such as HR database and AD. But with Shadow Join - you have applications that need to extend schema but you don't want to extend the enterprise directory. OVD will then intercept the updates and create a special entry in OID/ODSEE (on demand) to store these extended attributes and link it with the entry in the enterprise directory.
Unfortunately with OVD-EUS - you cannot use shadow join to eliminate the schema changes.
Shadow Join however, works fine with most (all as far as I know) other Oracle applications that require schema changes on the user record such as Oracle Access Manager 10g.
The reason why Shadow Join doesn't work with OVD-EUS is that the user password hash must be stored in the AD user record and we use an extended attribute - orclCommonAttribute for this. If you wanted to store it in another directory - that is possible by using OID-EUS with DIP. This way DIP intercepts the password change and sends it to OID to be stored.