Oracle Virtual Directory – A View for Different LDAP Solutions

Start Here

Get in touch with a
TriCore Solutions specialist

Blog | May 11, 2017

Oracle Virtual Directory – A View for Different LDAP Solutions

OVD helps in utilizing all of the existing LDAP solutions in a cost effective manner. It creates a view like structure, which does not require change in an existing layout of technologies being used in organization. It connects to diverse applications and databases without any trouble and is very easy to implement.

Introduction:
With so many Lightweight Directory Access Protocol (LDAP) solutions increasingly
getting used for the organizational Single Sign On (SSO)/User Management needs, it becomes very hard to manage and utilize the different LDAP solutions (different versions of Oracle’s Internet Directory (OID), Microsoft’s Active Directory (AD) and many more). This blog will help you get an overview of a cost effective method for accessing all existing LDAP solutions and creating a view like object which can be used to get data from all the different LDAP sources. The image below shows one such example of putting Oracle Virtual Directory (OVD) as a view over different applications used in an organization.

oracle user access management
Image Source: Administrator's Guide for Oracle Virtual Directory

Oracle Virtual Directory as the name suggests it is a simple solution which can be used to simplify the use of multiple data source’s (OID, AD etc.) to create a single virtual view to access all these LDAP enterprise sources. The best thing about using OVD is that it doesn’t need any change in an existing structure on a source. It also supports a diverse set of clients, such as Web Applications and portals, and it can connect to directories, databases, and Web Services as shown in figure below:

oracle virtual directory

Image Source: Administrator's Guide for Oracle Virtual Directory

Oracle Virtual Directory provides Internet and industry-standard LDAP and XML views of existing enterprise identity information, without synchronizing or moving data from its native locations. This accelerates the deployment of applications and reduces costs by eliminating the need to constantly adapt those applications to a changing identity landscape as user populations are added, changed, or removed. As the name suggests, this is a virtual directory, which acts as a view of several OID’s or even AD’s (if needed). All of the data used through OVD is transparent to users and it will appear as though it is coming from a single OID,  hence simplify usage of multiple OID’s/AD’s in programs or in other software’s like OAM etc.

The view(s) type functionality of OVD is achieved by creating Adapters. It can be defined by using the following:

  • Name of the adapter (There is no naming convention to be adhered.)
  • Target Distinguished Name (DN), which needs to be kept in OVD
  • Source Hostname
  • Source OID/AD port
  • Source DN, which needs to be mapped to the target DN

*** Please note that you can define as many adapters as you would like and can connect them to multiple OID’s/AD’s simultaneously.

Fig: Example of defining a Common Name (CN) for different organization units (OU’s) coming from different LDAP sources.

oid adapter

Steps to define an adapter:

  • Launch ODSM ‘http://<Hostname>:7005/odsm’
  • Connect to OVD on ‘<Hostname>:8899’ (Default Port for OVD is 8899)
  • Select ‘Adapter’ tab 
  • Press new Adapter button and proceed (LDAP_4.png )
  • Create a new adapter named OIDUsers and ‘Adapter Type’ as ‘LDAP’ (We have DB Adapters and custom Adapters as well) , Leave rest of the fields as default 
  • Provide connection details of the source LDAP (In our case OID) like Host, port, Username (Server proxy Bind DN) & Password to access the source. In the below example 127.0.0.1 was provided as both OID and OVD resides on the same host. 
  • Test the connection on next screen 
  • Provide source OU (Remote Base) and counterpart of the same for OVD, by which the OU will be used when we use this OVD. Leave all other fields as default. 
  • Review all details on the summary page and press finish.
    new ldap adapter
    • Now after this adapter creation if you use the virtual directory container (Adapter) ‘ou=OIDUsers,dc=***,dc=ovd’, it automatically calls to ‘cn=Users, dc=***,dc=oid’ from the following screen.


    oracle connection details
  • Similar way we can define these adapters for different versions of OID’s, Microsoft AD’s etc. and utilize the OVD as a source of data for different Web services, which will erase the complexity to program differently for all the different source of information for which OVD is action like a virtual view. 

Conclusion:

OVD helps in utilizing all of the existing LDAP solutions in a cost effective manner. It creates a view like structure, which does not require change in an existing layout of technologies being used in organization. It connects to diverse applications and databases without any trouble and is very easy to implement. For any questions on the topic click below. You can also leave a comment in the field below:

Ask Amit