OVD Local Store Authentication For OAM - Can Users From One Backend LDAP Server Still Authenticate If The Other Backend LDAP Server Goes Down? (Doc ID 1351059.1)

Last updated on OCTOBER 30, 2019

Applies to:

Goal

Scenario:
Active Directory (AD) users only exists in AD, and LDAP users only exists in LDAP server.

Two separate Oracle Virtual Directory (OVD) 11g adapters, AD and LDAP, plus one Local Store Adapter (LSA) configured for these two (AD and LDAP).

Oracle Access Manager (OAM) uses the DN provided in local store adapter to authenticate the users.

AD Adapter namespace - dc=<AD_USERS>,dc=<COMPANY>,dc=com
LDAP Adapter namespace - dc=<LDAP_USERS>,dc=<COMPANY>,dc=com
Local Store Adapter namespace - dc=<COMPANY>,dc=com (AD & LDAP Users)

For authentication, it refers to dc=<COMPANY>,dc=com which is internally routed to LDAP and AD.  OAM sees the local store store adapter as one directory server.

Question:
Will OAM still be able to authenticate AD users if the other LDAP server is down?
And vice versa; will the LDAP users be authenticated if the AD server is down?

Note that disabling one particular adapter in OVD, for e.g., if two adapters are configured with LSA and one of them is disabled, OVD is able to authenticate the other adapter users and vice versa.  However the scenario desired is when one of the backend ldap servers goes down, while all the adapters are still enabled.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.