Transition Guide from DSEE to OUD just published

Transition Guide from (O)DSEE to Oracle Unified Directory (OUD) was just added to the OUD doc set.
It is available at http://docs.oracle.com/cd/E49437_01/doc.111220/e51265.pdf

Other OUD documents are available at http://docs.oracle.com/cd/E49437_01/index.htm

Comments:

Hi Sylvain, Let me start with thank you for all of your articles; they are treasure trove.
We are currently planning to migrate from ODSEE to OUD using the guidance in the Transition guide. We were using Non-Standard Roles ( nsRole) in ODSEE i.e. end applications use the nsRoles for coarse grained access control at application server level. having said that, we have the following questions:
1. We want to go with the Replication Gateway approach to keep data in synch (between ODSEE and OUD) during the transition phase.
2. From the documentation we understand the Role replication is currently not supported. What is the recommended way to transition the roles over to OUD ? Do we just manually migrate the roles into groups and let Replication Gateway take care of other objects - is that possible or do we have to go with the manual replication route?
3. Also we noticed that the password policies on ODSEE are DS5-mode. WOuld changing it to DS6-mode have impact on any user password data?

Posted by dsee2oud on June 16, 2014 at 10:59 PM CEST #

Thanks for your interest in my blog and in OUD.
Blog comments are not very convenient for having a discussion so I would encourage to post your comments directly to the OUD Forum at https://community.oracle.com/community/developer/english/fusion_middleware/identity_management/oracle_directory_server_enterprise_edition_sun_dsee

Replication gateway is indeed used in general during transiting phases.
It provides strong consistency replication between DSEE and OUD. On the OUD side, Roles are replaced by groups, so technically, the simplest way t o migrate would be to transition from roles to groups on the odsee side before the actual transition. Complexity of this task depends on how roles are used.

Regarding password policy state migration, the replication gateway (and OUD) understand password policy state in DS6 mode only. The replication gateway can work with a DSEE in DS5 mode, however locked accounts on the DSEE side wont be replicated as locked accounts automatically to OUD. This might be an option only if you do not rely on global (cross DSEE/OUD) account lockout features during the transition period.

Switching to DS6 mode enables storage of account lock status in a standard way. however storage of the actual attributes is done when user password is changed only. The gateway and OUD requires presence of the standard lock status in all the user entries to provide global account lock. In ODSEE 11.1.1.7, there is a administrative tasks you can run on your existing data to generate the appropriate internal state.

Hope this helps.
Looking forward to hearing from you on the OUD Forums

-Sylvain

Posted by guest on June 23, 2014 at 04:53 PM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
About


I am Sylvain Duloutre, I work as a Software Architect in the Oracle Directory Integration Team, the customer-facing part of Directory Services & Identity Management Product Development, working on Technical Field Enablement.

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Archives
« September 2015
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today