OVD Local Store Authentication For OAM - Can Users From One Backend LDAP Server Still Authenticate If The Other Backend LDAP Server Goes Down? (Doc ID 1351059.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.3.0 and later
Information in this document applies to any platform.

Goal

Scenario:
Active Directory (AD) users only exists in AD, and LDAP users only exists in LDAP server.

Two separate Oracle Virtual Directory (OVD) 11g adapters, AD and LDAP, plus one Local Store Adapter (LSA) configured for these two (AD and LDAP).

Oracle Access Manager (OAM) uses the DN provided in local store adapter to authenticate the users.

AD Adapter namespace - dc=AD_Users,dc=company,dc=com
LDAP Adapter namespace - dc=LDAP_users,dc=company,dc=com
Local Store Adapter namespace - dc=company,dc=com (AD & LDAP Users)

For authentication, it refers to dc=company,dc=com which is internally routed to LDAP and AD.  OAM sees the local store store adapter as one directory server.

Question:
Will OAM still be able to authenticate AD users if the other LDAP server is down?
And vice versa; will the LDAP users be authenticated if the AD server is down?

Note that disabling one particular adapter in OVD, for e.g., if two adapters are configured with LSA and one of them is disabled, OVD is able to authenticate the other adapter users and vice versa.  However the scenario desired is when one of the backend ldap servers goes down, while all the adapters are still enabled.


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms