0 Replies Latest reply: Mar 17, 2013 9:54 PM by JimKlimov RSS

    Oracle IAMS and UCS (Communications Suite) interoperability - is there any?

    JimKlimov
      I am relatively new to Oracle IAMS, but had some experients with Sun IDM. It seems the two projects are quite different, with IDM being essentially a replicator of entered (or sucked-in) user metadata into slave repositories such as LDAP servers, databases, MSAD and automated human workflows. IAMS includes several LDAP servers of its own and relies on Oracle database for many of its components, and seems like a much more complex solution...

      So the first short question is thus: is IAMS just a replicator of user account data from some authoritative source(s) into other repositories, or is it something much more that that (and can it work as such a replicator at all)?

      Anyway, the bigger quest I'm facing is this: a customer wants the IAMS deployment to be the only place that stores information about user accounts, roles, policies, etc. This is considered sensitive data, and Oracle is trusted to store it, while other systems should not have their replicas but rather make queries into IAMS repository services whenever they want to process data for some user account, determine assigned roles to authorize some activity, etc.

      One of these other systems is Oracle Unified Communications Suite (nee Sun Java Communications Suite), which relies on Sun/Oracle DSEE as the LDAP server to store its "user-group" data and lots of configuration data. IIRC the CommSuite documentation implied that other LDAP servers are not guaranteed to work, at least not for all types of data. For example, it was required to replicate data from MSAD into DSEE (with an IDM or with ISW), or set up pass-through auth via DSEE into MSAD, or maybe glue the two systems into a virtual LDAP service with DPS, etc.

      So, the question is: can any of the LDAP services in IAMS be used directly by OUCS components? Can IAMS replace the OUCS Delegated Admin for management of users (creation of accounts and the myriad of email/calendar/instmsg/addressbook LDAP properties, setup of quotas and allowed "service packages", etc.)

      If not, what sort of OUCS data can be stored outside its own LDAP service? In this context I'm interested in storing users' names, physical addresses, phones, preferably address-books, etc. in IAMS repositories for "sensitive data", while configuration stuff like mail filters, quotas, etc. and "un-individualized" UIDs might be stored in OUCS DSEE catalogs if they must.

      Ultimately, some mix of DSEE and IAMS might be representable by DSEE DPS as well, and seem enough like a DSEE instance for the OUCS components...

      What is doable and possible in this scenario? What reasonable questions did I not know enough to ask? ;)

      Thanks in advance,
      //Jim Klimov