Transition Guide from DSEE to OUD just published

Guest Author

Transition Guide from (O)DSEE to Oracle Unified Directory (OUD) was just added to the OUD doc set.
It is available at http://docs.oracle.com/cd/E49437_01/doc.111220/e51265.pdf

Other OUD documents are available at http://docs.oracle.com/cd/E49437_01/index.htm

Join the discussion

Comments ( 2 )
  • dsee2oud Monday, June 16, 2014

    Hi Sylvain, Let me start with thank you for all of your articles; they are treasure trove.

    We are currently planning to migrate from ODSEE to OUD using the guidance in the Transition guide. We were using Non-Standard Roles ( nsRole) in ODSEE i.e. end applications use the nsRoles for coarse grained access control at application server level. having said that, we have the following questions:

    1. We want to go with the Replication Gateway approach to keep data in synch (between ODSEE and OUD) during the transition phase.

    2. From the documentation we understand the Role replication is currently not supported. What is the recommended way to transition the roles over to OUD ? Do we just manually migrate the roles into groups and let Replication Gateway take care of other objects - is that possible or do we have to go with the manual replication route?

    3. Also we noticed that the password policies on ODSEE are DS5-mode. WOuld changing it to DS6-mode have impact on any user password data?

  • guest Monday, June 23, 2014

    Thanks for your interest in my blog and in OUD.

    Blog comments are not very convenient for having a discussion so I would encourage to post your comments directly to the OUD Forum at https://community.oracle.com/community/developer/english/fusion_middleware/identity_management/oracle_directory_server_enterprise_edition_sun_dsee

    Replication gateway is indeed used in general during transiting phases.

    It provides strong consistency replication between DSEE and OUD. On the OUD side, Roles are replaced by groups, so technically, the simplest way t o migrate would be to transition from roles to groups on the odsee side before the actual transition. Complexity of this task depends on how roles are used.

    Regarding password policy state migration, the replication gateway (and OUD) understand password policy state in DS6 mode only. The replication gateway can work with a DSEE in DS5 mode, however locked accounts on the DSEE side wont be replicated as locked accounts automatically to OUD. This might be an option only if you do not rely on global (cross DSEE/OUD) account lockout features during the transition period.

    Switching to DS6 mode enables storage of account lock status in a standard way. however storage of the actual attributes is done when user password is changed only. The gateway and OUD requires presence of the standard lock status in all the user entries to provide global account lock. In ODSEE, there is a administrative tasks you can run on your existing data to generate the appropriate internal state.

    Hope this helps.

    Looking forward to hearing from you on the OUD Forums


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.