Originally published by TriCore: May 11, 2017
There are many Lightweight Directory Access Protocol (LDAP) solutions available for organizational single sign-on (SSO) and user management, including Oracle® Internet Directory (OID), Microsoft® Active Directory (AD), and many other systems. When you have multiple implementations, it can be difficult to manage and use them all. In this blog post, you’ll learn how to create a view that you can use to manage all of your enterprise’s LDAP implementations.
This blog post shares a cost-effective way to access and manage all of your existing LDAP solutions through a view-like object. The following image illustrates how to use Oracle Virtual Directory (OVD) to create a view of all of the LDAP applications that an organization uses.
Image Source: Oracle Fusion Middleware Administrator’s Guide for Oracle Virtual Directory, 11g Release 1 (11.1.1)
OVD simplifies management of multiple LDAP systems by creating a single virtual view for accessing all enterprise sources. The main advantage of using OVD is that it doesn’t require any changes to an existing structure on a source. It also supports a diverse set of clients such as web applications and portals. In addition, OVD can connect to directories, databases, and web services, as shown in the following image.
Image Source: Oracle Fusion Middleware Administrator’s Guide for Oracle Virtual Directory, 11g Release 1 (11.1.1)
OVD provides Internet and industry-standard LDAP and Extensible Markup Language (XML) views of existing enterprise identity information. It generates these views without synchronizing or moving data from its native locations. This capability accelerates application deployment and reduces costs by eliminating the need to continually adapt those applications to a changing identity landscape as user populations are added, changed, or removed.
OVD is a virtual directory that provides a view of several OIDs or ADs. All of the data used through OVD is transparent to users. It appears as though the data is coming from a single OID, which simplifies the management of multiple OIDs and ADs in programs or other software such as Oracle Access Manager (OAM).
OVD generates views by creating adapters and using them to access the underlying information from various original locations. OVD needs the following information to create an adapter:
Note: You can define as many adapters as you want and connect them to multiple OIDs and ADs simultaneously.
The following image provides an example of a common name (CN) definition for the different organization units (OUs) that originate from different LDAP sources.
To define an adapter, use the following steps:
https://<Hostname>:7005/odsm
in your browser.<Hostname>:8899
. (The default port for OVD is 8899
.)127.0.0.1
is provided
because both OID and OVD reside on the same host.When you use the adapter ou=OIDUsers,dc=***,dc=ovd
, it automatically makes a
call to cn=Users, dc=***,dc=oid
from the screen shown in the following image.
You can define these adapters for different versions of OIDs and ADs in a similar way. This capability enables you to use the OVD as a single source of data for different web services. As a result, OVD gives you a “virtual view” without you having to program differently for each source of underlying data.
OVD can help you use all of your existing LDAP solutions in a cost-effective way. It creates a view-like structure that doesn’t require any changes to the existing layout of technologies that your organization uses. It easily connects to diverse applications and databases.
Have you used OVD? Use the Feedback tab to make any comments or ask questions.