Oracle Internet Directory Integration with Microsoft Active Directory

Posted by Unknown on Sunday, April 17, 2011

Pre-requisites
 
1.Install Oracle Identity Management Suite 10.1.4.0.1-Choose Infrastructure and Metadata Repository option and choose components SSO,ODISRV,AND All the components except Certificate Authroity and HA).
 
2.Install Windows 2003 Server and Configure Microsoft Active Directory in that Server
 
3.Bring these Servers in the same network.

Step -I.
Login to the OID Server and invoke dipassistant(oracle directory integration and provisioning admin console) using the following options
$dipassistant -gui
login as dipadmin and password will be the same as of the orcladmin super user which you gave during the installation of OID.

In the dipadmin console from the left pane in System Objects choose Active Directory beneath the icon ConfigurationSet1 and In the right pane You will see the Express Configuration Wizard.
Enter the Active Directory Server information and in credentials enter the Superuser Account as administrator@ and in the connector name give any reasonable name and
if you press then the Import and export profile prepends the connector name and then
Click the check box Configure Access Control Policies if you want to enforce ACL.and then press OK to save this information which will start the actual integration.
On Successfull Integration dipadmin displays a success message which is given as below

Step II- Enable Bidirectional Synchronization in dipadmin for OID to AD
To achieve the bi-directional Synchronization — in dipadmin console choose the configured configset1 in the
left pane(system objects and in the right pane you will see the configured adImport and adExport(since i have given
the connector name as ad).choose those connector profile and edit and Enable those profiles for both export and Import.
If You enable both ,then synchronization of Users is bi-directional(both ways)(i.e from OID to AD and from AD to OID).
you can also note that bootstrap status(which has not started yet). I have given the screenshots below for editing
the connector profiles.

Enable AD Import connector Profile

Enable AD Export connector Profile

Step-III.
The initial migration of Users from Microsoft Active Directory to Oracle Internet Directory is called “bootstrap” process.
to do the bootstrap we need to execute the command as shown below..
Migrating initial Users from AD to OID
Confirm the bootstrap is successfull by choosing the adImport profile (connector) in the configset1(in the right pane and doing an edit and check the status) which will show you that bootstrap is successfull which i have shown below.
Check the bootstrap(migration of users from AD to OID) is successfull
Step IV:-
Now the initial Import of Users from AD to OID is complete.To start the synchronization of Users that are created both in AD and OID we need to start the odiserver(odisrv) with the configuration set 1(the one we have configured with dipadmin) we have use the following command
start the odisrv using configset1 to facilitate synchronization of Users bothways
You can also verify that synchronization has started by editing the profiles and checking the status or by checking odisrvlogs in $ORACLE_HOME/ldap/logs ,you can also find the trc and aud files for these connectors in $ORACLE_HOME/ldap/odi/logs.

Step 5:-
The final step in the configuration process is to deploy the Active Directory External Authentication Plug-in,
which validates user-supplied passwords with AD during a user login sequence.
The following steps involve execution of a Unix shell script.
$ cd $ORACLE_HOME/ldap/admin
$ sh oidspadi.sh
A series of messages and prompts will be displayed as the script executes. Sample prompt responses:
Please enter Active Directory host name: ad.vectorconsulting.co.uk
Do you want to use SSL to connect to Active Directory? (y/n) n
Please enter Active Directory port number [389]: 389
Please enter DB connect string: iasdb
Please enter ODS password: oracleadmin1
Please enter confirmed ODS password: admin01
Please enter OID host name: sso.vectorconsulting.co.uk
Please enter OID port number [389]: 13061
Please enter orcladmin password: oracleadmin01
Please enter confirmed orcladmin password: oracleadmin01
Please enter the subscriber common user search base [orclcommonusersearchbase]: cn=Users,dc=vectorconsulting,dc=co,dc=uk
Please enter the Plug-in Request Group DN:
Please enter the exception entry property [(!(objectclass=orcladuser))]:
Do you want to setup the backup Active Directory for failover? (y/n) n
Return to the Oracle Directory Manager console upon successful completion
of the plug-in deployment process and navigate to the click the Plug-In Management fork.
Make sure that the Plug-in Enable property is set for both adwhencompare and adwhenbind.
Testing
At this point, OID has been populated with an initial set of users and groups via bootstrap migration from Active directory,
and the Oracle Directory Integration and Provisioning tool has been configured such that it will use the Active Directory
Connector to keep this information synchronized. The Oracle Directory Server has been directed to authenticate users
migrated from Active Directory using the Oracle-supplied Active Directory External Authentication
Plug-in. It should now be possible to log in to Oracle SSO or any integrated applications like E-Business Suite using
one of the migrated Active Directory users with its corresponding password.
Note: The username must be of the form name@
Step VI:- open the Oracle Directory Manager and verify that Users are Imported from Active Directory by navigating
to defaut domain and cn=Users and find the users of Active Directory which i have shown below.
Verify Active Directory Users are imported in OID


More Here

Courtesy:http://vivekrajendran.wordpress.com/2011/02/23/oracle-internet-directory-integration-with-microsoft-active-directory/

{ 0 comments... read them below or add one }

Post a Comment