Using DIP 12c (Configured Without a Database) to Synchronize Passwords from Active Directory to ODSEE 11.1.1.7.x With Bi-Directional (On-Demand & Password Translate) Synchronization
(Doc ID 2543849.1)
Last updated on OCTOBER 04, 2024
Applies to:
Oracle Internet Directory - Version 12.2.1.3.0 and laterOracle Directory Server Enterprise Edition - Version 11.1.1.7.0 and later
Information in this document applies to any platform.
Goal
This document goes over the steps to configure password synchronization between Active Directory and Oracle Directory Server Enterprise Edition (ODSEE) using Directory Integration Platform (DIP) 12c with On-Demand configuration (AD to ODSEE) and Password Translate configuration (ODSEE to AD).
This KM doc can be used to configure synchronization from either -
- AD to ODSEE (On-Demand),
-- or --
- ODSEE to AD (Password Translate),
-- or --
- Bi-Directionally using both On-Demand and Password Translate.
Since an Oracle database is not needed for DIP 12c or ODSEE, the example in this KM doc goes over the steps to synchronize passwords between AD and ODSEE using DIP 12c without a database.
If an Oracle database is already installed or if wanting to use an Oracle Database for the DIP 12c installation, refer to -
Configuring the Oracle WebLogic Server Domain for Oracle Directory Integration Platform with Oracle Directory Server Enterprise Edition
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
= Prerequisites = |
= Infrastructure Installation = |
= DIP Installation = |
= OUD Installation = ** To create a DIP WLS domain without an Oracle DB using OUDSM ** |
= Creation of DIP Domain (Without a Database) = |
Example - Create DIP domain within a WLST session |
Example - Create DIP domain using a Python script |
= Verify DIP Domain Created = |
= Start the Admin Server = |
= Start the DIP Managed Server = |
= Create an ODSEE Instance (optional, if already exists) = |
= Configure the ODSEE instance for DIP = |
= Configure ACIs in ODSEE for DIP = |
= Add the DIP Plugin to ODSEE = |
= Use dipConfigurator to Configure DIP for ODSEE = |
= Check DIP Status = |
= Using Windows Powershell to Export the AD CA Certificate = |
= Add the AD CA Certificate to the ODSEE Certificate Database = |
= Add the ODSEE Certificate to the DIP Java Keystore = |
= Add the AD Certificate to the DIP Java Keystore = |
= Verify ODSEE and AD Certificates are in the DIP Java Keystore = |
= Configure the SSL Parameters in DIP = |
- Modify keystorelocation, sslmode, and backendhostport |
- Configure JKS for DIP |
- Modify DIP to true for isldapssl - For ADtoODSEE Sync only |
= Using Enterprise Manager (EM) to Test the Connection to ODSEE = |
= Creating the Synchronization Profile to Import From AD to ODSEE = |
- Using the manageSyncProfiles Command to Create Synchronization Profiles |
- Creating Synchronization Profiles Using EM |
= Test Synchronization From AD to ODSEE = |
Example - user3 Exists in AD and Password Changed |
Example - user2 exists in AD / Password Reset / Audit Log Examination of Changes |
Example - user test - New user added to AD |
= Translate Password Synchronization - ODSEE to AD = |
= Test Synchronization - ODSEE to AD = |
Troubleshooting ODSEE to AD Synchronization |
= Bi-Directional Password Synchronization = |
Test Bi-Directional Synchronization |
References |