During the year 2004, I worked on an Enterprise Directory implementation for one of our customers with Peoplesoft Directory Interface. Because of the importance of the project, I took the exam “Sun Certified Engineer for Sun ONE Directory Server 5.x” and passed. It is a LDAP Directory Certification with emphasis on Iplanet Directory Server.  I am not sure whether this certification is still valid, However I still try to keep myself informed about latest happenings in these areas.

Now-a-days, LDAP Directories are getting increasingly popular. Most of the Organizations with IT infrastructure has a Windows Domain Contoller (with Active Directory – Which is a LDAP Directory). Some other Organizations do not want to use their Active Directory for LDAP Directory purposes because of interoperability issues. They build a seperate Enterprise Directory infrastructure to keep their user’s Authentication related information.

In this blog entry, I am planning to write a consolidated LDAP Directory related information for the latest Peopletools Version 8.50. As you are all aware, Peopletools provided an abstract layer for the application to run. Peoplesoft has many applications such as Human Capital Management (HCM), Financials and Supply Chain Management (FSCM), Campus Solutions etc. All these applications run with Peopletools internally. Peopletools provides an Abstract layer for these applications to run on top of it.

Introduction to LDAP Directories

Many People  get confused with LDAP terminologies. Just to be clear, LDAP is a protocol – Lightweight Directory Access Protocol. If you are using the term LDAP, make sure, you are refering to a Protocol or a standard, created for accessing LDAP Directories over the network. A LDAP Directory is a software that stores information or data in a tree like format for easy access. As per my experience with LDAP Directories, these are the major LDAP directories:

  • Sun Java System Directory Server (earlier Iplanet Directory Server)
  • Novell’s NDS eDirectory
  • Microsoft’s Active Directory (AD)
  • Oracle Internet Directory (OID)

Now that Oracle and Sun got merged as Oracle, Oracle corporation may standardize their LDAP Directory offerings with Sun Java System Directory Server. It is just my prediction because Sun Java/Iplanet Directory server is used in many organizations, Oracle corp may standardize their LDAP Directory offerings for their customers.

Directory Information Tree (DIT)

In any LDAP Directory server, information/data is stored in Directory information Tree called DIT. It has a Tree like format with many parent and child leaves. A LDAP Directory’s DIT can be accessed using a standard LDAPSEARCH Utility.

LDAPBIND and LDAPSEARCH Utilities

LDAPBIND Utility is used for checking the authentication with LDAP Directory. An Exam command usage is shown below. A “bind successful” means that you have valid authentication details for this directory server.

$ ldapbind  -h 192.168.1.11 -p 389 -D “CN=testuser,CN=Users,DC=tserver,DC=com”  -w “mypassword”
bind successful
$

LDAPSEARCH Utility can be found in many Oracle installations, I always use the one under $ORACLE_HOME/bin directory if I dont have the utility (and I have some version of Oracle Server or Client installed under $ORACLE_HOME).

Here is an example:

ldapsearch -h 192.168.1.11 -p 389 -D “CN=testuser,CN=Users,DC=tserver,DC=com”  -w “mypassword” -b “” -s base “objectclass=*” defaultnamingcontext

Result:

defaultNamingContext=DC=tserver,DC=com

-h -> Hostname or IP Address of the LDAP Directory Server

-p -> Port Number for the LDAP Directory, defaut LDAP port is 389, LDAPS port is 636.

-D -> Bind DN – LDAP DN for connecting to LDAP Directory

-w -> Password for the Bind DN.

-b -> Base DN for the search – here it starts from the top.

-s base -> Search Scope is base (other values are sub and one)

This above command provides the value of default naming context of the top level domain where all the objects are referred to. similarly you can query a lot of other parameters or atttibues as well.

LDAP Directories supported with Peopletools Version 8.50

As far as I understand, there are two scenarios for Peoplesoft Applications requiring an LDAP Directory. One for using Single Sign On (majority of the cases). The other one is for supporting Enterprise Directory for a organization-wide database for user authentication information.

For HCM, Peoplesoft has a product called Directory Interface – I assume it is an additional product and needs to be purchased seperately – that supports major LDAP Directories listed above. Earlier this product used to be called PDI (Peoplesoft Directory Interface). Now they call it just “Directory Interface”. HCM’s Directory interface allows building an Enterprise Directory for your organization. Using Directory Interface, you can populate and push Directory information from HRMS System.

For Single Sign On, major LDAP Directories are supported as well. Additionally, there is a support for Active Directory Application Mode (ADAM) in Peopletools 8.50. For a complete list, I would recommend to search the Oracle Web site for Product Certifications.

Please post your comments. We will meet soon with another topic.

Until then

Vijay Chinnasamy

Posted by Vijayakumar Chinnasamy
Comments (3)
February 25th, 2010

Comments (3)

Aditya Aggarwal - April 27th, 2010

Where can I get the documentation on the LDAP support in PeopleTools 8.50. We are running into random problems where users are not able to log in after implementing the People Ditectory Interface? We think there is problem in the custom code and unclosed LDAP connections. How do we close the LDAP connection in PeopleSoft? Looking at the out of the box PeopleSoft Code and we see Clear() method called on at some places. Does Clear() close or cleans up the LDAP connection? Thanks Aditya

Kayal - April 7th, 2010

Hi, I am working on People Tools 8.50 and PeopleSoft Enterprise Portal 9.1 I am trying to configure the directory for LDAP and I was successfully able to get success on SSL ports. But When i see the test connectivity - Running Search tests, i see fail while reading schema. Could you please tell me what is the reason behind that? Thanks in advance

Subbu Mahadevan - March 2nd, 2010

hey! I am the development manager for LDAP in PeoplTools. In PT850, we have completely re-written the back-end code (moved to Java from C++). This would elimimate the need for the dependence on C/C++ LDAP libraries (Sun or Oracle) that were required in Pre PT8.50. I would be happy to answer any question you may have on LDAP support in PeopleTools 8.50. thanks, Subbu

Comments are closed.