Can You Use The Shadow Join Adapter With OVD-EUS

This year (Oracle year's start in June) - I'm really trying to dedicate myself to saving keystrokes.

As a follow-up to my post on minimizing schema changes in AD when using OVD-EUS - a customer asked if you could use Shadow Join to eliminate schema changes with OVD-EUS.

The Shadow Join is a default join-type in OVD that allows OVD to redirect data updates for certain attributes to be sent to OID or ODSEE instead of the enterprise directory. It's different than a traditional join (like simple join) in that a simple join, you are linking existing data sources such as HR database and AD. But with Shadow Join - you have applications that need to extend schema but you don't want to extend the enterprise directory. OVD will then intercept the updates and create a special entry in OID/ODSEE (on demand) to store these extended attributes and link it with the entry in the enterprise directory.

Unfortunately with OVD-EUS - you cannot use shadow join to eliminate the schema changes.

Shadow Join however, works fine with most (all as far as I know) other Oracle applications that require schema changes on the user record such as Oracle Access Manager 10g.

The reason why Shadow Join doesn't work with OVD-EUS is that the user password hash must be stored in the AD user record and we use an extended attribute - orclCommonAttribute for this. If you wanted to store it in another directory - that is possible by using OID-EUS with DIP. This way DIP intercepts the password change and sends it to OID to be stored.

Posted via email from Virtual Identity Dialogue

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

bocadmin_ww

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today