When I read the blog post about the introduction of a new product Oracle Unified Directory, first thing that came to my mind was, why another LDAP directory from Oracle? Oracle already has two LDAP Directory offerings, ODSEE (Sun Directory) and OID. However my impression changed after attending this webcast from Oracle (which justified about the new product in general). You can find the Q & A from the webcast here. It looks like “unified” summarizes about the new product.
Personally, I have interests in all the products that deal with LDAP Protocol and LDAP Directories. So, I was interested to know more about the new product. I read about Oracle Unified Directory (OUD) 11g release notes here. You can find the OUD documentation for 11g R1 release (18.104.22.168.0) here.
OUD is one of a brand new directoty product from Oracle as part of the Fusion Middleware Identity Management. OUD comes with Oracle Directory Services Plus (ODS Plus) suite. So, if you already have a license for ODS Plus, then you already have a license to use OUD in your enterprise (Please check with Oracle Licensing before any major deployments to see the existing license covers it).
There are too many TLAs (Three Letter Acronyms) used in this post – I tried to use this minimally but that was not easy. If you hate TLAs, here is a quick recap:
OUD – Oracle Unified Directory
OID – Oracle Internet Directory
ODS (ODSEE) – Oracle Directory Server (previously, Sun Java System Directory Server – also, iPlanet Directory)
DIP – Directory Integration Platform
A brand new LDAP v3 Implementation
LDAP Protocol is the standard way for storing directory entries for an enterprise. With more than 5 years of development (mentioned in the webcast), OUD is a LDAP v3 implementation from Oracle. It was also mentioned that OUD was written in Java.
OUD comes with three main components. They are:
- Directory Server
- Proxy Server
- Replication Server
Directory Server provides the main LDAP functionality. Proxy server can be used for proxy LDAP requests. And Replication Server is used for replication from one OUD to another OUD or even ODSEE server.
Embedded Berkeley DB
This is my favorite part of OUD. There is no separate Oracle Database requirement for OUD (unlike Oracle Internet Directory). Personally I like LDAP Directories embedded with an attached database such as Berkeley DB for storing the data entries. Some may argue that we can use Database features in the LDAP Directory. However I feel that we can use file based storage features for the DB files which can be better.
OUD Replication for ODSEE
Replication is one of the major requirements for LDAP Directories now. To setup high availability environments, we need replication to be setup in almost every LDAP Directory deployment. We need to propagate changes from one OUD directory to another using replication for High-Availability.
One of the important features I like about OUD is its replication gateway for ODSEE (also for OUD). Definitely this is aimed for deployments with ODSEE to migrate to the OUD easily.
Directory Integration Platform (DIP)
Oracle DIP provides functionality to synchronize data from one LDAP Directory to another, such as Active Directory (also from database to the LDAP Directory). Oracle DIP was already available earlier. Now, DIP is supported in OUD as well.
Performance and Security
In existing LDAP Directories, we face performance issues related to writing data entries. In OUD, it was mentioned in the webcast that it provides “5 times write” and “3 times read” performance.
OUD will be used for storing user information for authentication and sometimes for authorization purposes. Also, it can be used to store personnel information. So, security is one of the major concerns during the deployment. I need to explore more on this.
Some of the other features:
- dsconfig command – dsconfig command line is used to configure most of the system administration functions for OUD.
- ODSM – ODSM is a graphical utility for managing OUD.
So what’s next? Obviously it is time to download the new product and play around with its features.
Installation and Configuration
Installation is a simple task with Oracle Installers. This is no exception for OUD too. OUD installation is a simple process. We just need to download the software and run the runInstaller utility (I have Oracle Linux in my laptop – All my examples below is on Linux).
./runInstaller –jreloc /usr
[I have Oracle Linux 6.0 in my laptop. I installed OUD in this laptop with jre 1.6.0_20 installed under /usr by default. The Java executable is /usr/bin/java/]
OUD installation is a simple process with 7 step installation process:
- My Oracle Support Updates
- Prerequisite checks
- Installation Location
- Installation Summary
- Installation Progress
- Installation Complete
[Since the prerequisite checks failed in my laptop (Issue with Linux Version), I have to tweak little bit for the OUD installation, by editing /etc/redhat-release and /etc/oracle-release files]
Once Installation is completed, then we need to configure OUD based on what components we want to deploy.
For each component, OUD comes with a GUI utility for configuration. We can configure OUD for Directory Server, Proxy Server and/or Replication Server. We can run these utilities using command line options for configuration too. The utilities are located under the install folder:
Once configuration is completed using these utilities, you can use the commands in bin folder to start or stop the components. You can refer the installation guide for more details on this.
I faced issues during the Server Startup for using the jre in /usr (delivered with Oracle Linux). I will write about it in my next post.
All right… that’s all for now. I will continue to write more on OUD for advanced options for deployment. Also, I will be deploying the ODS connector in OIM to integrate with OUD. We will meet in another post with more details on them. Until then