A customer wants their Oracle IAMS deployment to be the only place that stores information about user accounts, roles, policies, etc. This is considered sensitive data, and Oracle is trusted to store it, while other systems should not have their replicas but rather make queries into IAMS repository services whenever they want to process data for some user account, determine assigned roles to authorize some activity, etc.
One of these other systems is Oracle Unified Communications Suite, which relies on Sun/Oracle DSEE as the LDAP server to store its "user-group" data and lots of configuration data. IIRC the CommSuite documentation implied that other LDAP servers are not guaranteed to work, at least not for all types of data. For example, it was required to replicate data from MSAD into DSEE (with an IDM or with ISW), or set up pass-through auth via DSEE into MSAD, or maybe glue the two systems into a virtual LDAP service with DPS, etc.
So, the questions are:
Can any of the LDAP services in IAMS be used directly by OUCS components?
Can IAMS replace the OUCS Delegated Admin for management of users (creation of accounts and the myriad of email/calendar/instmsg/addressbook LDAP properties, setup of quotas and allowed "service packages", etc.)
If not, what sort of OUCS data can be stored outside its own LDAP service? In this context I'm interested in storing users' names, passwords/certs, physical addresses, phones, preferably address-books, etc. in IAMS repositories for "sensitive data", while configuration stuff like mail filters, quotas, etc. and "un-individualized" UIDs might be stored in OUCS DSEE catalogs if they must.
Ultimately, some mix of DSEE and IAMS data might be representable by DSEE DPS as well, and seem enough like a DSEE instance for the OUCS components...
What is doable and possible in this scenario? What more might you suggest?