Tuesday Mar 10, 2015
Tuesday Apr 08, 2014
By Sylvain Duloutre-Oracle on Apr 08, 2014
Some LDAP client applications perform subtree searches with search base set to the rootDSE (empty DN).
Oracle Unified Directory (OUD) nicely routes the search to every top level suffix automatically.
When the replication is enabled, OUD automatically publicizes all changes that have occurred in a directory server database in the cn=changelog suffix. This is particularly useful for synchronizing the LDAP directory with other subsystems. The cn=changelog suffix may contains millions of changes depending on the modification rate on the replication topology and the change retention policy (purge delay).
Subtree searches with search base set to the rootDSE are routed to the cn=changelog suffix as well as long as the replication is enabled. In general, this is not a problem in testing/stagging area, because the changelog is almost empty. However, in production, this may have big impact on performances as this suffix may contain many entries. Furthermore, custom indexes corresponding to client access pattern do not exist on that suffix, so they can't be used to speed up entry processing.
In order to address that problem, you can disable the so-called external changelog, without disabling the underlying replication changelog used by the replication. To do so, run the following command on the OUD servers for each user suffixes:
dsconfig -h <hostname> -p <admin port> -D "cn=directory manager" -w <admin password> -n \
--provider-name "Multimaster Synchronization" --domain-name <your suffix> \
Note: some provisoning apps may require the external changelog to synchronize with external systems. If so, keep the external changelog enabled on a couple of OUD servers and reserve them for these apps.
Monday Mar 24, 2014
By Sylvain Duloutre-Oracle on Mar 24, 2014
Identity & Access Management suite R2 PS2 (22.214.171.124.0) ships with a new deployment tool to automate the installation and configuration of products related to the IAM suite. This tool is named Oracle Identity and Access Management Deployment Wizard.
This tools automates the installation, configuration and integration of WebLogic Server, SOA Suite, Oracle Identity Manager, Oracle Access Management, Oracle Unified Directory, Oracle HTTP Server and Webgates. The tool allows you to select one of three deployment topologies: OIM, OAM or OIM integrated with OAM and OUD.
More details about this wizard on Idm.guru at http://idm.guru/access-governance/deploying-the-iam-suite-with-the-deployment-wizard/
Thursday Apr 11, 2013
By Sylvain Duloutre-Oracle on Apr 11, 2013
- Oracle Identity and Access Management
- Oracle Entitlements Server Security Module
- Oracle Access Manager OHS 11g WebGates
- Oracle Access Manager IHS 7.0 WebGates
- Oracle Access Manager Access SDK
- Oracle Access Manager JBoss 5 Agent
- Oracle Unified Directory
- Oracle Enterprise Single Sign-On
- Oracle Access Management Mobile and Social SDK
To download OUD,go to https://edelivery.oracle.com/ , select "Oracle Fusion MiddleWare" and the target platform, select "Oracle Fusion Middleware Identity Management 11gR2 Media Pack" then "Oracle Unified DIrectory 11g (126.96.36.199.0)"
Documentation is avilable at http://docs.oracle.com/cd/E37116_01/index.htm
Certification Matric is available at http://www.oracle.com/technetwork/middleware/id-mgmt/identity-accessmgmt-11gr2certmatrix-1714221.xls
Tuesday Aug 21, 2012
By Sylvain Duloutre-Oracle on Aug 21, 2012
Oracle Identity Management 11g R2 is now available for download from Oracle edelivery. It is sometimes a bit difficult to quickly find the right link to OUD R2, so here is the 7-steps procedure:
- Go to the edelivery portal , login and accept the legal aggrements if any
- Select "Oracle Fusion Middleware" from the Product Pack menu
- Select Linux x86-64 from the Platform menu (no matter what target platform you plan to use, as the OUD link does not appear yet for some supported platforms)
- Click GO
- In the search result table, select "Oracle Fusion Middleware Identity Management 11g R2 Media Pack"
- Click on Continue.
- Locate "Oracle Unified Directory 11g (188.8.131.52.0)" in the list (close to the end) then download the 152M file (V33641-01.zip)
I am Sylvain Duloutre, I work as a Software Architect in the Oracle Directory Integration Team, the customer-facing part of Directory Services & Identity Management Product Development, working on Technical Field Enablement.
The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.
- Support Dates for ODSEE have been updated
- Sudden SSLv3-related errors in OUD explained
- How to lock every account in a LDAP subtree with OUD
- Global Administrators with a subset of Admin Privileges
- ODSEE 184.108.40.206.2 bundle patch available for download
- How to get OUD to start on Linux/UNIX boot
- Configuring OUD to Support Multiple Enterprise User Security Domains
- OUD and Referral Management with AD
- Troubleshooting OUD/EUS integration: Invalid username/password; logon denied
- Data Adaptation again
- /Oracle Unified Directory Services (OUD)
- /Sun Campus Ambassadors
- /Virtual Directory & Sun Directory Proxy Server