3 Replies Latest reply on Apr 23, 2014 11:12 PM by Sylvain Duloutre-Oracle

    Migrating from ODSEE to OUD




      We are keen interest to migrate from ODSEE( to OUD(latest version) soon.But problem is, oracle confirmed they do not support password synchronization between AD and OUD using DIP.Currently we are on ODSEE version.


      In current environment we use SUN IDSYNC to synchronize passwords between AD and ODSEE. But as i said above oracle confirmed its not possible with current versions of password sync between OUD and AD using DIP.


      Can any of you provide then what approach we should follow to fullfill our needs ? We like to be with ORACLE FAMIL...


      Also i heard oracle soon stop supporting/upgrading OID versions is that true?

        • 1. Re: Migrating from ODSEE to OUD
          Sylvain Duloutre-Oracle



          Why do you need passwords stored on the OUD side ? Is it for EUS support ?

          Would authentication path through to AD work for you ?

          If not, it may be possible to deploy a DLL on the AD side to capture password changes and store password on another attribute. Then that attribute would be synchronized as an opaque string to OUD.

          In the near future, DIP will provide similar feature natively. What is the time frame for your project ? 





          When closing a thread as answered remember to mark the correct and helpful posts to make it easier for others to find them

          1 person found this helpful
          • 2. Re: Migrating from ODSEE to OUD



            We need passwords stored in OUD because we hvae unix authentication validates against LDAP directory servers.

            I'm not sure what is Authentication passthrough work for us to AD means..Can you provide some kind of knowledge document on it?

            We have another year of timeframe for our project.


            And can you also answer this..Also i heard oracle soon stop supporting/developing OID versions is that true?

            • 3. Re: Migrating from ODSEE to OUD
              Sylvain Duloutre-Oracle



              It is possible to configure OUD to forward bind operations to a remote server (e.g AD), so a bind can be successful to OUD even if the password is stored remotely.

              Other operations can be processed locally in OUD. Such deployment is in general used with DIP that sync all attr but passwords from AD to OUD.

              This would work as long as your client apps dont need to have (search/compare) access to the encrypted/hashed password.


              Oracle Lifetime Support policy (Lifetime Support Policy | Oracle Support | Oracle) applies to OID, so OID 11g is fully supported. See http://www.oracle.com/us/support/library/lsp-middleware-chart-069287.pdf as well.