During the year 2004, I worked on an Enterprise Directory implementation for one of our customers with Peoplesoft Directory Interface. Because of the importance of the project, I took the exam “Sun Certified Engineer for Sun ONE Directory Server 5.x” and passed. It is a LDAP Directory Certification with emphasis on Iplanet Directory Server. I am not sure whether this certification is still valid, However I still try to keep myself informed about latest happenings in these areas.
Now-a-days, LDAP Directories are getting increasingly popular. Most of the Organizations with IT infrastructure has a Windows Domain Contoller (with Active Directory – Which is a LDAP Directory). Some other Organizations do not want to use their Active Directory for LDAP Directory purposes because of interoperability issues. They build a seperate Enterprise Directory infrastructure to keep their user’s Authentication related information.
In this blog entry, I am planning to write a consolidated LDAP Directory related information for the latest Peopletools Version 8.50. As you are all aware, Peopletools provided an abstract layer for the application to run. Peoplesoft has many applications such as Human Capital Management (HCM), Financials and Supply Chain Management (FSCM), Campus Solutions etc. All these applications run with Peopletools internally. Peopletools provides an Abstract layer for these applications to run on top of it.
Introduction to LDAP Directories
Many People get confused with LDAP terminologies. Just to be clear, LDAP is a protocol – Lightweight Directory Access Protocol. If you are using the term LDAP, make sure, you are refering to a Protocol or a standard, created for accessing LDAP Directories over the network. A LDAP Directory is a software that stores information or data in a tree like format for easy access. As per my experience with LDAP Directories, these are the major LDAP directories:
- Sun Java System Directory Server (earlier Iplanet Directory Server)
- Novell’s NDS eDirectory
- Microsoft’s Active Directory (AD)
- Oracle Internet Directory (OID)
Now that Oracle and Sun got merged as Oracle, Oracle corporation may standardize their LDAP Directory offerings with Sun Java System Directory Server. It is just my prediction because Sun Java/Iplanet Directory server is used in many organizations, Oracle corp may standardize their LDAP Directory offerings for their customers.
Directory Information Tree (DIT)
In any LDAP Directory server, information/data is stored in Directory information Tree called DIT. It has a Tree like format with many parent and child leaves. A LDAP Directory’s DIT can be accessed using a standard LDAPSEARCH Utility.
LDAPBIND and LDAPSEARCH Utilities
LDAPBIND Utility is used for checking the authentication with LDAP Directory. An Exam command usage is shown below. A “bind successful” means that you have valid authentication details for this directory server.
$ ldapbind -h 192.168.1.11 -p 389 -D “CN=testuser,CN=Users,DC=tserver,DC=com” -w “mypassword”
LDAPSEARCH Utility can be found in many Oracle installations, I always use the one under $ORACLE_HOME/bin directory if I dont have the utility (and I have some version of Oracle Server or Client installed under $ORACLE_HOME).
Here is an example:
ldapsearch -h 192.168.1.11 -p 389 -D “CN=testuser,CN=Users,DC=tserver,DC=com” -w “mypassword” -b “” -s base “objectclass=*” defaultnamingcontext
-h -> Hostname or IP Address of the LDAP Directory Server
-p -> Port Number for the LDAP Directory, defaut LDAP port is 389, LDAPS port is 636.
-D -> Bind DN – LDAP DN for connecting to LDAP Directory
-w -> Password for the Bind DN.
-b -> Base DN for the search – here it starts from the top.
-s base -> Search Scope is base (other values are sub and one)
This above command provides the value of default naming context of the top level domain where all the objects are referred to. similarly you can query a lot of other parameters or atttibues as well.
LDAP Directories supported with Peopletools Version 8.50
As far as I understand, there are two scenarios for Peoplesoft Applications requiring an LDAP Directory. One for using Single Sign On (majority of the cases). The other one is for supporting Enterprise Directory for a organization-wide database for user authentication information.
For HCM, Peoplesoft has a product called Directory Interface – I assume it is an additional product and needs to be purchased seperately – that supports major LDAP Directories listed above. Earlier this product used to be called PDI (Peoplesoft Directory Interface). Now they call it just “Directory Interface”. HCM’s Directory interface allows building an Enterprise Directory for your organization. Using Directory Interface, you can populate and push Directory information from HRMS System.
For Single Sign On, major LDAP Directories are supported as well. Additionally, there is a support for Active Directory Application Mode (ADAM) in Peopletools 8.50. For a complete list, I would recommend to search the Oracle Web site for Product Certifications.
Please post your comments. We will meet soon with another topic.