Since the first OIM 11g release, one of the frequently asked questions about OIM 11g is: • Should I configure OIM with LDAP synchronization or should I deploy a LDAP connector? Since earlier versions, OIM provides connectors for the most popular LDAP systems: Oracle Internet Directory (OID), Oracle Directory Server EE (formerly Sun Java Directory/iPlanet), Novell eDirectory and Microsoft Active Directory (AD). With OIM 11g, a new feature called LDAP synchronization was introduced. OIM uses this feature to synchronize its users and roles base to a LDAP system. This synchronization is bidirectional and it uses scheduled jobs/reconciliation engine to pull changes from LDAP and event handlers to push data to LDAP.

But if OIM already provides a connector for most of the industry LDAP servers, why provide a feature like LDAP Synch? Different customer’s business requirements, customer feedbacks and also some technical reasons led Oracle to develop this feature and make it available out-of-the-box in the product. Going back to the fundamental question of this post: which one should I use?

AD to OID Synchronization of Users. OID 11g and Microsoft Active Directory. Free Download Pokemon For Nokia N73 Games Software on this page. From the DIP Server drop down list select Logs ->Logs Configuration and set to. While Microsoft Active Directory is pervasive within enterprises. Including virtualization, storage and synchronization. Oracle Virtual Directory (OVD) provides identity aggregation and transformation without synchronization while Oracle Unified Directory (OUD), Oracle Internet Directory (OID), and Oracle Directory Server Enterprise.

And the answer is, as usual, IT DEPENDS. It really depends upon the project requirements and their alignment with the different approaches functionalities and technical details. Control 4 Composer Pro Software Download there.

But before you start saying “I do have my requirements, but I still don’t know which one to use”, let’s review the main differences between these two implementation approaches. With some knowledge about the main differences and the project requirements in hands, certainly it will be easier to make a decision. • LDAP Synchronization is a mandatory piece for the OIM-OAM integration (in the current 11.1.1.x releases). So if you are planning to integrate these products and make full use of the password lifecycle management features provided by the integration, LDAP Synch is a MUST. • LDAP Synchronization is data oriented approach. Although it is possible to configure attribute mapping, basic synchronization rules and some other minor things, in the end, it is all about data: users and roles being synched behind the scenes from/to the LDAP server. The synchronized LDAP account is NOT in the users’ accounts list in OIM.

• Connector is a process oriented approach. In this approach, one can make full use of OIM features like request/approvals based provisioning, access policy based provisioning, modification requests. A user will see, among his/her accounts, the LDAP account and he/she can take actions from there. • Reporting and auditing will contain information about the LDAP account only if a LDAP connector is implemented.

There are other technical details and functionalities that may be considered, but the topics above are the basics and first ones that you can use to help on the decision. All site content is the property of Oracle Corp. Redistribution not allowed without written permission. Hi Daniel, While I understand if using LDAPSync and Connector against the same OID instance can lead to a lot of headaches, but if LDAPSYnc is used for Identity against OID and say configured for sync at the top level ou of say ou=Users, dc=oracle,dc=com but we configure another OID connector(against same OID server as LDAP Sync) for account level recon against completely different top level OU say OU=Accounts,dc=oracle,dc=com, and if there these two OUs have nothing in common, then it should be okey to use? In an environment where OIM+OAM are integrated and yet want to use the connector functionality then there should be no issue using LDAPSync and connector against same OID but completely exclusive OUs? Any issue you see here?