OVD Local Store Authentication For OAM - Can Users From One Backend LDAP Server Still Authenticate If The Other Backend LDAP Server Goes Down?
(Doc ID 1351059.1)
Last updated on OCTOBER 30, 2019
Applies to:Oracle Virtual Directory - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Active Directory (AD) users only exists in AD, and LDAP users only exists in LDAP server.
Two separate Oracle Virtual Directory (OVD) 11g adapters, AD and LDAP, plus one Local Store Adapter (LSA) configured for these two (AD and LDAP).
Oracle Access Manager (OAM) uses the DN provided in local store adapter to authenticate the users.
AD Adapter namespace - dc=<AD_USERS>,dc=<COMPANY>,dc=com
LDAP Adapter namespace - dc=<LDAP_USERS>,dc=<COMPANY>,dc=com
Local Store Adapter namespace - dc=<COMPANY>,dc=com (AD & LDAP Users)
For authentication, it refers to dc=<COMPANY>,dc=com which is internally routed to LDAP and AD. OAM sees the local store store adapter as one directory server.
Will OAM still be able to authenticate AD users if the other LDAP server is down?
And vice versa; will the LDAP users be authenticated if the AD server is down?
Note that disabling one particular adapter in OVD, for e.g., if two adapters are configured with LSA and one of them is disabled, OVD is able to authenticate the other adapter users and vice versa. However the scenario desired is when one of the backend ldap servers goes down, while all the adapters are still enabled.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document