When I read the blog post
about the introduction of a new product Oracle Unified Directory, first
thing that came to my mind was, why another LDAP directory from Oracle?
Oracle already has two LDAP Directory offerings, ODSEE (Sun Directory) and OID. However my impression changed after attending this webcast from Oracle (which justified about the new product in general). You can find the Q & A from the webcast here. It looks like “unified” summarizes about the new product.
Personally, I have interests in all the
products that deal with LDAP Protocol and LDAP Directories. So, I was
interested to know more about the new product. I read about Oracle
Unified Directory (OUD) 11g release notes here. You can find the OUD documentation for 11g R1 release (11.1.1.5.0) here.
OUD
is one of a brand new directoty product from Oracle as part of the
Fusion Middleware Identity Management. OUD comes with Oracle Directory
Services Plus (ODS Plus) suite. So, if you already have a license for
ODS Plus, then you already have a license to use OUD in your enterprise
(Please check with Oracle Licensing before any major deployments to see
the existing license covers it).
There are too many TLAs (Three Letter
Acronyms) used in this post – I tried to use this minimally but that was
not easy. If you hate TLAs, here is a quick recap:
OUD – Oracle Unified Directory
OID – Oracle Internet Directory
ODS (ODSEE) – Oracle Directory Server (previously, Sun Java System Directory Server – also, iPlanet Directory)
DIP – Directory Integration Platform
A brand new LDAP v3 Implementation
LDAP Protocol is the standard way for
storing directory entries for an enterprise. With more than 5 years of
development (mentioned in the webcast), OUD is a LDAP v3 implementation
from Oracle. It was also mentioned that OUD was written in Java.
OUD comes with three main components. They are:
- Directory Server
- Proxy Server
- Replication Server
Directory Server provides the main LDAP
functionality. Proxy server can be used for proxy LDAP requests. And
Replication Server is used for replication from one OUD to another OUD
or even ODSEE server.
Embedded Berkeley DB
This is my favorite part of OUD. There
is no separate Oracle Database requirement for OUD (unlike Oracle
Internet Directory). Personally I like LDAP Directories embedded with an
attached database such as Berkeley DB for storing the data entries.
Some may argue that we can use Database features in the LDAP Directory.
However I feel that we can use file based storage features for the DB
files which can be better.
OUD Replication for ODSEE
Replication is one of the major
requirements for LDAP Directories now. To setup high availability
environments, we need replication to be setup in almost every LDAP
Directory deployment. We need to propagate changes from one OUD
directory to another using replication for High-Availability.
One of the important features I like about OUD is its replication gateway for ODSEE (also for OUD). Definitely this is aimed for deployments with ODSEE to migrate to the OUD easily.
Directory Integration Platform (DIP)
Oracle DIP provides functionality to
synchronize data from one LDAP Directory to another, such as Active
Directory (also from database to the LDAP Directory). Oracle DIP was
already available earlier. Now, DIP is supported in OUD as well.
Performance and Security
In existing LDAP Directories, we face
performance issues related to writing data entries. In OUD, it was
mentioned in the webcast that it provides “5 times write” and “3 times
read” performance.
OUD will be used for storing user
information for authentication and sometimes for authorization purposes.
Also, it can be used to store personnel information. So, security is
one of the major concerns during the deployment. I need to explore more
on this.
Some of the other features:
- dsconfig command – dsconfig command line is used to configure most of the system administration functions for OUD.
- ODSM – ODSM is a graphical utility for managing OUD.
So what’s next? Obviously it is time to download the new product and play around with its features.
Installation and Configuration
Installation is a simple task with
Oracle Installers. This is no exception for OUD too. OUD installation is
a simple process. We just need to download the software and run the
runInstaller utility (I have Oracle Linux in my laptop – All my examples
below is on Linux).
./runInstaller –jreloc /usr
[I have Oracle Linux 6.0 in my laptop. I
installed OUD in this laptop with jre 1.6.0_20 installed under /usr by
default. The Java executable is /usr/bin/java/]
OUD installation is a simple process with 7 step installation process:
- Welcome
- My Oracle Support Updates
- Prerequisite checks
- Installation Location
- Installation Summary
- Installation Progress
- Installation Complete
[Since the prerequisite checks failed in
my laptop (Issue with Linux Version), I have to tweak little bit for
the OUD installation, by editing /etc/redhat-release and
/etc/oracle-release files]
Once Installation is completed, then we need to configure OUD based on what components we want to deploy.
For each component, OUD comes with a GUI
utility for configuration. We can configure OUD for Directory Server,
Proxy Server and/or Replication Server. We can run these utilities using
command line options for configuration too. The utilities are located
under the install folder:
oud-setup
oud-proxy-setup
oud-replication-setup
Once configuration is completed using
these utilities, you can use the commands in bin folder to start or stop
the components. You can refer the installation guide for more details
on this.
Note:
I faced issues during the Server Startup
for using the jre in /usr (delivered with Oracle Linux). I will write
about it in my next post.
All right… that’s all for now. I will continue to write more on OUD
for advanced options for deployment. Also, I will be deploying the ODS
connector in OIM to integrate with OUD. We will meet in another post
with more details on them. Until then
